Working nassella running on nassella!!

Makefile

@@ -10,6 +10,7 @@ $(wildcard all-apps/lb/*) \
 $(wildcard all-apps/nextcloud/*) \
 $(wildcard all-apps/wg-easy/*) \
 $(wildcard all-apps/ghost/*) \
+$(wildcard all-apps/nassella/*) \
 $(wildcard all-apps/dozzle/*)
 
 	rm -Rf app/
@@ -64,6 +65,10 @@ all-apps/nextcloud/postgres_user \
 all-apps/nextcloud/postgres_password \
 all-apps/nextcloud/redis_password \
 all-apps/nextcloud/nextcloud.env \
+all-apps/nassella/postgres_db \
+all-apps/nassella/postgres_user \
+all-apps/nassella/postgres_password \
+all-apps/nassella/nassella.env \
 all-apps/ghost/.compose-env \
 restic-env \
 restic-password \

all-apps/nassella/docker-compose.yaml

@@ -0,0 +1,51 @@
+version: '3'
+
+secrets:
+  nassella_postgres_db:
+    file: ./nassella/postgres_db
+  nassella_postgres_password:
+    file: ./nassella/postgres_password
+  nassella_postgres_user:
+    file: ./nassella/postgres_user
+
+services:
+  nassella_db:
+    image: postgres:17.6-trixie
+    env_file:
+      - ./nassella/nassella.env
+    shm_size: 128mb
+    restart: always
+    volumes:
+      - /nassella/nassella/var-lib-postgresql-data:/var/lib/postgresql/data
+    networks:
+      - nassella_internal
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -d `cat $$POSTGRES_DB_FILE` -U `cat $$POSTGRES_USER_FILE`"]
+      start_period: 15s
+      interval: 30s
+      retries: 3
+      timeout: 5s
+    secrets:
+      - nassella_postgres_db
+      - nassella_postgres_password
+      - nassella_postgres_user
+  nassella:
+    image: nassella/b0.0.1
+    depends_on:
+      nassella_db:
+        condition: service_healthy
+    env_file:
+      - ./nassella/nassella.env
+    secrets:
+      - nassella_postgres_db
+      - nassella_postgres_password
+      - nassella_postgres_user
+    networks:
+      - lb
+      - nassella_internal
+    restart: unless-stopped
+networks:
+  lb:
+  nassella_internal:
+    driver: bridge
+    internal: true

all-apps/nassella/nassella.env

@@ -0,0 +1,4 @@
+POSTGRES_HOST=nassella_db
+POSTGRES_DB_FILE=/run/secrets/nassella_postgres_db
+POSTGRES_USER_FILE=/run/secrets/nassella_postgres_user
+POSTGRES_PASSWORD_FILE=/run/secrets/nassella_postgres_password

all-apps/nassella/postgres_db

@@ -0,0 +1 @@
+nassella

all-apps/nassella/postgres_password

@@ -0,0 +1 @@
+password

all-apps/nassella/postgres_user

@@ -0,0 +1 @@
+nassella

make-caddyfile.sh

@@ -26,6 +26,7 @@ declare -A bodys
 bodys["nextcloud"]="  reverse_proxy http://nextcloud:80"
 bodys["wg-easy"]="  reverse_proxy http://wg-easy:80"
 bodys["ghost"]="  reverse_proxy http://ghost:2368"
+bodys["nassella"]="  reverse_proxy http://nassella:8080"
 bodys["dozzle"]=$(cat <<EOF
   basic_auth {
     $HOST_ADMIN_USER $host_admin_password_encoded

src/db-init.sql

@@ -39,6 +39,7 @@ create table user_selected_apps(
        instance_id integer not null references instances on delete cascade,
        wg_easy_version varchar(100),
        nextcloud_version varchar(100),
+       nassella_version varchar(100),
        log_viewer_version varchar(100),
        ghost_version varchar(100)
        );

src/db.scm

@@ -41,7 +41,10 @@
         crypto-tools
         spiffy)
 
-(define connection-spec (make-parameter '((dbname . "nassella") (user . "nassella") (password . "password") (host . "127.0.0.1"))))
+(define connection-spec (make-parameter '((dbname . "nassella") (user . "nassella") (password . "password")
+                                          ;; (host . "127.0.0.1")
+                                          (host . "nassella_db")
+                                          )))
 (define db-connection (make-parameter #f))
 
 (define (with-db proc)
@@ -274,6 +277,7 @@ returning users.user_id;"
   '((wg-easy . "wg_easy_version")
     (nextcloud . "nextcloud_version")
     (ghost . "ghost_version")
+    (nassella . "nassella_version")
     (log-viewer . "log_viewer_version")))
 
 (define *user-selected-apps-reverse-column-map*
@@ -469,7 +473,7 @@ returning users.user_id;"
                     (map-in-order (lambda (d) (string-append "d." (cdr d))) *deployments-column-map*)
                     ", ")
                    ", uac.root_domain, uac.config_enc, uac.instance_id, "
-                   "usa.wg_easy_version, usa.nextcloud_version, usa.log_viewer_version, usa.ghost_version "
+                   "usa.wg_easy_version, usa.nextcloud_version, usa.log_viewer_version, usa.ghost_version, usa.nassella_version "
                    "from instances as i "
                    "join (select instance_id, max(id) as id from deployments group by instance_id) d2 "
                    "on d2.instance_id = i.instance_id "
@@ -489,6 +493,7 @@ returning users.user_id;"
                                                 (wg_easy_version . wg-easy)
                                                 (nextcloud_version . nextcloud)
                                                 (ghost_version . ghost)
+                                                (nassella_version . nassella)
                                                 (log_viewer_version . log-viewer)
                                                 ,@*deployments-reverse-column-map*))))
                   `(,config . ,(if (sql-null? value)

src/nassella.scm

@@ -30,7 +30,8 @@
         intarweb
         nassella-db
         sql-null
-        openssl)
+        openssl
+        spiffy)
 
 (define app (schematra/make-app))
 
@@ -716,12 +717,15 @@ chmod -R 777 /opt/keys"))
                   (receive (wait-pid exit-normal status) (process-wait pid #t)
                     (if (= wait-pid 0) ;; wait-pid is 0 until the process has finished
                         (loop)
-                        (let ((priv-key (with-input-from-file (conc key-path "/key") read-string))
-                              (pub-key (with-input-from-file (conc key-path "/key.pub") read-string)))
-                          (with-input-from-port in-port read-string) ;; left here for debugging and to clear ports
-                          (with-input-from-port err-port read-string) ;; left here for debugging and to clear ports
-                          (delete-directory key-path #t)
-                          (list priv-key pub-key)))))))))
+                        (if exit-normal
+                            (begin
+                              (with-input-from-port in-port read-string) ;; left here for debugging and to clear ports
+                              (with-input-from-port err-port read-string) ;; left here for debugging and to clear ports
+                              (let ((priv-key (with-input-from-file (conc key-path "/key") read-string))
+                                    (pub-key (with-input-from-file (conc key-path "/key.pub") read-string)))
+                                (delete-directory key-path #t)
+                                (list priv-key pub-key)))
+                            (error "Generating ssh key docker command had abnormal exit")))))))))
         (thread-join! thread)))))
 
 (define (generate-restic-password)
@@ -885,6 +889,7 @@ chmod -R 777 /opt/keys"))
          (Field (@ (name "wg-easy") (type "checkbox") (label ("WG Easy")) (checked ,(member 'wg-easy (alist-ref 'selected-apps results)))))
          (Field (@ (name "nextcloud") (type "checkbox") (label ("NextCloud")) (checked ,(member 'nextcloud (alist-ref 'selected-apps results)))))
          (Field (@ (name "ghost") (type "checkbox") (label ("Ghost")) (checked ,(member 'ghost (alist-ref 'selected-apps results)))))
+         (Field (@ (name "nassella") (type "checkbox") (label ("Nassella")) (checked ,(member 'nassella (alist-ref 'selected-apps results)))))
          (Field (@ (name "log-viewer") (type "checkbox") (label ("Log Viewer")) (checked #t) (disabled "disabled"))))
         ;; TODO add config for when automatic upgrades are scheduled for?
         ;; TODO add config for server timezone?
@@ -900,7 +905,8 @@ chmod -R 777 /opt/keys"))
         instance-id
         `((wg-easy . ,(or (and (alist-ref 'wg-easy (current-params)) "15.1.0") (sql-null)))
           (nextcloud . ,(or (and (alist-ref 'nextcloud (current-params)) "31.0.8") (sql-null)))
-          (ghost . ,(or (and (alist-ref 'ghost (current-params)) "6.10.0") (sql-null)))))
+          (ghost . ,(or (and (alist-ref 'ghost (current-params)) "6.10.0") (sql-null)))
+          (nassella . ,(or (and (alist-ref 'nassella (current-params)) "b0.0.1") (sql-null)))))
        (update-root-domain db
                            (session-user-id)
                            instance-id
@@ -948,6 +954,11 @@ chmod -R 777 /opt/keys"))
                  (Field (@ (name "nextcloud-admin-password") (label ("Admin Password")) (type "password")
                            (value ,(alist-ref 'admin-password (alist-ref 'nextcloud app-config eq? '()) eq? ""))))))
               '())
+        ,@(if (member 'nassella selected-apps)
+              `((Fieldset
+                 (@ (title "Nassella"))
+                 (Field (@ (name "nassella-subdomain") (label ("Subdomain")) (value ,(alist-ref 'subdomain (alist-ref 'nassella app-config eq? '()) eq? "nassella"))))))
+              '())
         (Fieldset
          (@ (title "Log Viewer"))
          (Field (@ (name "log-viewer-subdomain") (label ("Subdomain"))
@@ -998,6 +1009,7 @@ chmod -R 777 /opt/keys"))
                          (redis-password . ,(or (alist-ref 'redis-password
                                                            (alist-ref 'nextcloud config eq? '()))
                                                 (generate-redis-password)))))
+           (nassella . ((subdomain . ,(alist-ref 'nassella-subdomain (current-params)))))
            (log-viewer . ((subdomain . ,(alist-ref 'log-viewer-subdomain (current-params)))
                           (user . ,(alist-ref 'log-viewer-user (current-params)))
                           (password . ,(alist-ref 'log-viewer-password (current-params)))))
@@ -1190,7 +1202,8 @@ chmod -R 777 /opt/keys"))
                    ("cloudflare_account_id" . ,(alist-ref 'cloudflare-account-id service-config))
                    ("cluster_name" . "mycluster")
                    ("datacenter" . ,(alist-ref 'digitalocean-region service-config))
-                   ("flatcar_stable_version" . "4459.2.1")))
+                   ;; (source <(curl -sSfL https://stable.release.flatcar-linux.net/amd64-usr/current/version.txt); echo "${FLATCAR_VERSION_ID}")
+                   ("flatcar_stable_version" . "4459.2.3")))
             ;; remove the newline that generating the ssh key adds
             (display "ssh_keys=[\"") (display (string-drop-right ssh-pub-key 1)) (print "\"]"))))
       (let* ((instance-id (alist-ref "id" (current-params) equal?))
@@ -1324,6 +1337,7 @@ chmod -R 777 /opt/keys"))
                                       '((wg-easy . "https://wg-easy.github.io/wg-easy/Pre-release/")
                                         (nextcloud . "https://nextcloud.com/support/")
                                         (ghost . "https://nextcloud.com/support/")
+                                        (nassella . "https://nextcloud.com/support/")
                                         (log-viewer . "https://nextcloud.com/support/")))))
                           (h3 "Actions")
                           (ul (li (a (@ (href "/config/wizard/services/"