credential.redis

lib/install.sh

@@ -279,7 +279,8 @@ function check_credential {
 
     check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.username' &&
         check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.shadow' &&
-        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email'
+        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.email' &&
+        check_yaml_defined_value /etc/miaou/defaults.yaml 'credential.redis'
 }
 
 function check_target() {
@@ -313,7 +314,11 @@ function miaou_configfiles() {
     if [[ ! -f /etc/miaou/defaults.yaml ]]; then
         echo -n "building /etc/miaou/defaults.yaml for the first time..."
         shadow_passwd=$(sudo grep "$CURRENT_USER" /etc/shadow | cut -d ':' -f2)
-        env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
+        redis=$(
+            SIZE=12
+            tr -cd '[:alnum:]' </dev/urandom | fold -w $SIZE | head -n1
+        )
+        env current_user="$CURRENT_USER" shadow_passwd="$shadow_passwd" valid_email="$valid_email" redis="$redis" tera -e --env-key env --env-only -t "$MIAOU_BASEDIR/templates/etc/defaults.yaml.j2" -o /etc/miaou/defaults.yaml >/dev/null
         yq ".target=\"$TARGET\"" /etc/miaou/defaults.yaml -i
         PREFIX="" echoinfo DONE
     fi

recipes/discourse/crud.sh

@@ -17,8 +17,13 @@ function _create() {
     echo "creating discourse instance for <$shortname> ... "
     echo "initialize discourse $shortname $longname ... OK"
 
+    admin_username=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.username)
+    admin_email=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.email)
+    admin_password=$(load_yaml_from_expanded services[\""$domain"\"][\""$subdomain"\"].data.discourse.admin.password)
+    redis_password=$(load_yaml_from_expanded credential.redis)
+
     mkdir -p "$MIAOU_CONFIGDIR/apps/discourse"
-    APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
+    APP_REDIS_PASSWORD=$redis_password APP_DOMAIN=$domain APP_SUBDOMAIN=$subdomain APP_FQDN=$fqdn APP_PORT=$port APP_NAME=$longname tera -e --env-key env -t "$MIAOU_BASEDIR/templates/apps/discourse/forum.yml.j2" -o "$MIAOU_CONFIGDIR/apps/discourse/$longname.yml" "$MIAOU_CONFIGDIR/miaou.expanded.yaml"
     echo "creating templates ... OK"
 
     echo "copying files to container <$container> ... "
@@ -28,6 +33,8 @@ function _create() {
     if ! (db-psql list | grep -q "$longname"); then
         echo "create empty database <$longname> ... "
         db-psql create "$longname"
+        db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS hstore"
+        db-psql use "$longname" "CREATE EXTENSION IF NOT EXISTS pg_trgm"
         echo "create empty database <$longname> ... OK"
     else
         echo "database already exists!"
@@ -38,6 +45,8 @@ function _create() {
         set -Eeuo pipefail
         cd /var/discourse
         ./launcher rebuild $longname
+        command='u=User.create_with(email: "$admin_email", password: "$admin_password").find_or_initialize_by(username: "$admin_username"); u.save; u.activate'
+        ./launcher run $longname "rails runner '\$command'"
 EOF
     echo "initialize discourse $longname ... OK"
 }

recipes/redis/install.sh

@@ -0,0 +1,55 @@
+#!/bin/bash
+
+function check() {
+    PREFIX="recipe:redis:check"
+
+    container_running "$CONTAINER" || return 10
+    echo "checking redis regarding access to its ip address <$REDIS_IP>..."
+
+    lxc exec "$CONTAINER" -- bash <<EOF
+        set -Eeuo pipefail
+        systemctl is-active redis.service &>/dev/null
+        ss -tlnp | grep redis | grep -q $REDIS_IP:6379
+        test -f /etc/redis/redis.conf
+        grep -Eq "^protected-mode no" /etc/redis/redis.conf
+EOF
+    status="$?"
+    [[ $status -eq 0 ]] && echo "container <$CONTAINER> approved!"
+    return $status
+}
+
+function install() {
+    PREFIX="recipe:redis:install"
+    : "$PREFIX"
+
+    credential_redis=$(load_yaml_from_expanded credential.redis)
+    echowarn "initializing redis regarding access to its IP address <$REDIS_IP>..."
+
+    launch_container "$CONTAINER"
+    lxc exec "$CONTAINER" -- bash <<EOF
+        set -Eeuo pipefail
+
+        . /opt/miaou-bash/lib/functions.sh
+        /opt/miaou-bash/tools/idem_apt_install redis
+        /opt/miaou-bash/tools/append_or_replace "^bind .*$" "bind $REDIS_IP" /etc/redis/redis.conf
+        /opt/miaou-bash/tools/append_or_replace "^protected-mode .*$" "protected-mode no" /etc/redis/redis.conf
+        /opt/miaou-bash/tools/append_or_replace "^requirepass .*$" "requirepass $credential_redis" /etc/redis/redis.conf
+        systemctl restart redis.service
+EOF
+    PREFIX="" echo OK
+
+}
+
+# MAIN
+. "$MIAOU_BASEDIR/lib/init.sh"
+
+arg1_required "$@"
+
+CONTAINER="$1"
+REDIS_IP=$(lxc list "$CONTAINER" -c 4 -f csv | cut -d ' ' -f1)
+readonly CONTAINER REDIS_IP
+
+check || (
+    install
+    check
+)

templates/apps/discourse/forum.yml.j2

@@ -27,7 +27,7 @@ env:
   DISCOURSE_SMTP_USER_NAME: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.username }}
   DISCOURSE_SMTP_PASSWORD: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.smtp.password }}
 
-  DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin }}
+  DISCOURSE_DEVELOPER_EMAILS: {{ services[env.APP_DOMAIN][env.APP_SUBDOMAIN].data.discourse.admin.email }}
   DISCOURSE_NOTIFICATION_EMAIL: noreply@{{ env.APP_DOMAIN }}
  
   DISCOURSE_DB_NAME: {{ env.APP_NAME }}
@@ -36,6 +36,7 @@ env:
   DISCOURSE_DB_HOST: ct1.lxd
 
   DISCOURSE_REDIS_HOST: ct1.lxd
+  DISCOURSE_REDIS_PASSWORD: {{ env.APP_REDIS_PASSWORD }}
 
 volumes:
   - volume:
@@ -63,4 +64,3 @@ hooks:
 run:
   - exec: echo "Beginning of custom commands"
   - exec: echo "End of custom commands"
-  - exec: awk -F\# '{print $1;}' ~/.ssh/authorized_keys | awk 'BEGIN { print "Authorized SSH keys for this container:"; } NF>=2 {print $NF;}'

templates/etc/defaults.yaml.j2

@@ -1,8 +1,9 @@
 ---
 containers:
   dmz: [dmz]
-  ct1: [mariadb, postgresql]
+  ct1: [mariadb, postgresql, redis]
 credential:
   username: {{env.current_user}}
   shadow: {{env.shadow_passwd}}
   email: {{env.valid_email}}
+  redis: {{env.redis}}