Add libvirt-client to Docker image

Merge branch 'webapi' into docker-api
Merge branch 'docker' into docker-api
2021-07-12 23:40:34 +02:00 · 2021-07-12 22:29:08 +02:00 · 2021-07-12 22:28:19 +02:00 · 2021-07-12 22:25:06 +02:00 · 2021-07-12 22:10:23 +02:00 · 2021-07-12 22:09:25 +02:00
28 changed files with 427 additions and 238 deletions
--- a/24
+++ b/24
@ -1,17 +1,8 @@
 FROM python:3.8-alpine as build
-RUN apk add --no-cache \
+RUN apk add gettext git gcc python3-dev musl-dev \
-    build-base \
+    libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
-    gcc \
+    --virtual .build-dependencies
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev
 RUN mkdir -p /app/{code,venv}
 WORKDIR /app/code
@ -26,14 +17,7 @@ RUN pipenv install --deploy --verbose
 FROM python:3.8-alpine
-RUN apk add --no-cache \
+RUN apk add --no-cache libpq libstdc++ libjpeg libvirt-client
    cloud-utils \
    libjpeg \
    libpq \
    libstdc++ \
    libvirt-client \
    openssh-client \
    virt-install
 COPY . /app/code/
 WORKDIR /app/code
--- a/capsulflask/init.py
+++ b/capsulflask/init.py
@ -26,27 +26,12 @@ class StdoutMockFlaskMail:
    def send(self, message: Message):
      current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 load_dotenv(find_dotenv())
 for var_name in [
  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
 ]:
  var = os.environ.get(f"{var_name}_FILE")
  if not var:
    continue
  if not os.path.isfile(var):
    continue
  with open(var) as secret_file:
    os.environ[var_name] = secret_file.read().rstrip('\n')
  del os.environ[f"{var_name}_FILE"]
 app = Flask(__name__)
 app.config.from_mapping(
  BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
  SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
  HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
@ -168,7 +153,6 @@ is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line
 app.logger.info(f"is_running_server: {is_running_server}")
 if app.config['HUB_MODE_ENABLED']:
  if app.config['HUB_MODEL'] == "capsul-flask":
    app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
@ -190,7 +174,9 @@ if app.config['HUB_MODE_ENABLED']:
  from capsulflask import db
  db.init_app(app, is_running_server)
-  from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin
+  from capsulflask import (
    auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
  )
  app.register_blueprint(landing.bp)
  app.register_blueprint(auth.bp)
@ -200,13 +186,13 @@ if app.config['HUB_MODE_ENABLED']:
  app.register_blueprint(cli.bp)
  app.register_blueprint(hub_api.bp)
  app.register_blueprint(admin.bp)
  app.register_blueprint(publicapi.bp)
  app.add_url_rule("/", endpoint="index")
 if app.config['SPOKE_MODE_ENABLED']:
  if app.config['SPOKE_MODEL'] == "shell-scripts":
    app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
  else:
@ -234,10 +220,6 @@ def override_url_for():
  return dict(url_for=url_for_with_cache_bust)
@app.context_processor
 def load_config_vars():
  return dict(config=app.config)
 def url_for_with_cache_bust(endpoint, **values):
  """
  Add a query parameter based on the hash of the file, this acts as a cache bust
--- a/capsulflask/auth.py
+++ b/capsulflask/auth.py
@ -1,3 +1,4 @@
 from base64 import b64decode
 import functools
 import re
@ -24,6 +25,15 @@ def account_required(view):
    @functools.wraps(view)
    def wrapped_view(**kwargs):
        api_token = request.headers.get('authorization', None)
        if api_token is not None:
            email = get_model().authenticate_token(b64decode(api_token).decode('utf-8'))
            if email is not None:
                session.clear()
                session["account"] = email
                session["csrf-token"] = generate()
        if session.get("account") is None or session.get("csrf-token") is None :
            return redirect(url_for("auth.login"))
--- a/capsulflask/console.py
+++ b/capsulflask/console.py
@ -1,7 +1,9 @@
 from base64 import b64encode
 from datetime import datetime, timedelta
 import json
 import re
 import sys
-import json
+
 from datetime import datetime, timedelta
 from flask import Blueprint
 from flask import flash
 from flask import current_app
@ -98,7 +100,6 @@ def index():
@bp.route("/<string:id>", methods=("GET", "POST"))
@account_required
 def detail(id):
  duration=request.args.get('duration')
  if not duration:
    duration = "5m"
@ -188,23 +189,13 @@ def detail(id):
      duration=duration
    )
-
+def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
@bp.route("/create", methods=("GET", "POST"))
@account_required
 def create():
  vm_sizes = get_model().vm_sizes_dict()
  operating_systems = get_model().operating_systems_dict()
  public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
  account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
  errors = list()
-  if request.method == "POST":
+  size = server_data.get("size")
-    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
+  os = server_data.get("os")
-      return abort(418, f"u want tea")
+  posted_keys_count = int(server_data.get("ssh_authorized_key_count"))
    size = request.form["size"]
    os = request.form["os"]
  if not size:
    errors.append("Size is required")
  elif size not in vm_sizes:
@ -215,15 +206,14 @@ def create():
  elif os not in operating_systems:
    errors.append(f"Invalid os {os}")
    posted_keys_count = int(request.form["ssh_authorized_key_count"])
  posted_keys = list()
  if posted_keys_count > 1000:
    errors.append("something went wrong with ssh keys")
  else:
    for i in range(0, posted_keys_count):
-        if f"ssh_key_{i}" in request.form:
+      if f"ssh_key_{i}" in server_data:
-          posted_name = request.form[f"ssh_key_{i}"]
+        posted_name = server_data.get(f"ssh_key_{i}")
        key = None
        for x in public_keys_for_account:
          if x['name'] == posted_name:
@ -236,7 +226,9 @@ def create():
  if len(posted_keys) == 0:
    errors.append("At least one SSH Public Key is required")
-    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024)
+  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(
    vm_sizes[size]['memory_mb']*1024*1024
  )
  if not capacity_avaliable:
    errors.append("""
@ -245,19 +237,45 @@ def create():
  if len(errors) == 0:
    id = make_capsul_id()
-      # we can't create the vm record in the DB yet because its IP address needs to be allocated first.
+    get_model().create_vm(
-      # so it will be created when the allocation happens inside the hub_api.
+      email=session["account"], 
      id=id, 
      size=size, 
      os=os,
      ssh_authorized_keys=list(map(lambda x: x["name"], posted_keys))
    )
    current_app.config["HUB_MODEL"].create(
      email = session["account"],
      id=id,
        os=os,
        size=size,
      template_image_file_name=operating_systems[os]['template_image_file_name'],
      vcpus=vm_sizes[size]['vcpus'],
      memory_mb=vm_sizes[size]['memory_mb'],
-        ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys)) 
+      ssh_authorized_keys=list(map(lambda x: x["content"], posted_keys))
    )
    return id, errors
  return None, errors
@bp.route("/create", methods=("GET", "POST"))
@account_required
 def create():
  vm_sizes = get_model().vm_sizes_dict()
  operating_systems = get_model().operating_systems_dict()
  public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
  account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
  if request.method == "POST":
    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
      return abort(418, f"u want tea")
    id, errors = _create(
      vm_sizes, 
      operating_systems,
      public_keys_for_account,
      request.form)
    if len(errors) == 0: 
      for error in errors:
        flash(error)
      return redirect(f"{url_for('console.index')}?created={id}")
  affordable_vm_sizes = dict()
@ -268,9 +286,6 @@ def create():
    if vm_size["dollars_per_month"] <= account_balance+0.25:
      affordable_vm_sizes[key] = vm_size
  for error in errors:
    flash(error)
  if not capacity_avaliable:
    current_app.logger.warning(f"when capsul capacity is restored, send an email to {session['account']}")
@ -287,23 +302,25 @@ def create():
    vm_sizes=affordable_vm_sizes
  )
-@bp.route("/ssh", methods=("GET", "POST"))
+@bp.route("/keys", methods=("GET", "POST"))
@account_required
-def ssh_public_keys():
+def ssh_api_keys():
  errors = list()
  token = None
  if request.method == "POST":
    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
      return abort(418, f"u want tea")
-    method = request.form["method"]
+    action = request.form["action"]
    if action == 'upload_ssh_key':
      content = None
    if method == "POST":
      content = request.form["content"].replace("\r", " ").replace("\n", " ").strip()
      name = request.form["name"]
      if not name or len(name.strip()) < 1:
      if method == "POST":
        parts = re.split(" +", content)
        if len(parts) > 2 and len(parts[2].strip()) > 0:
          name = parts[2].strip()
@ -314,7 +331,6 @@ def ssh_public_keys():
      if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
        errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
    if method == "POST":
      if not content or len(content.strip()) < 1:
        errors.append("Content is required")
      else:
@ -327,24 +343,36 @@ def ssh_public_keys():
      if len(errors) == 0:
        get_model().create_ssh_public_key(session["account"], name, content)
-    elif method == "DELETE":
+    elif action == "delete_ssh_key":
      if len(errors) == 0:
      get_model().delete_ssh_public_key(session["account"], name)
    elif action == "generate_api_token":
      name = request.form["name"]
      if name == '':
          name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S')
      token = b64encode(
        get_model().generate_api_token(session["account"], name).encode('utf-8')
      ).decode('utf-8')
    elif action == "delete_api_token":
      get_model().delete_api_token(session["account"], request.form["id"])
  for error in errors:
    flash(error)
-  keys_list=list(map(
+  ssh_keys_list=list(map(
    lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"), 
    get_model().list_ssh_public_keys_for_account(session["account"])
  ))
  api_tokens_list = get_model().list_api_tokens(session["account"])
  return render_template(
-    "ssh-public-keys.html", 
+    "keys.html", 
    csrf_token = session["csrf-token"],
-    ssh_public_keys=keys_list, 
+    api_tokens=api_tokens_list, 
-    has_ssh_public_keys=len(keys_list) > 0
+    ssh_public_keys=ssh_keys_list,
    generated_api_token=token,
  )
 def get_vms():
@ -368,7 +396,6 @@ def get_vm_months_float(vm, as_of):
  return days / average_number_of_days_in_a_month
 def get_account_balance(vms, payments, as_of):
  vm_cost_dollars = 0.0
  for vm in vms:
    vm_months = get_vm_months_float(vm, as_of)
@ -381,7 +408,6 @@ def get_account_balance(vms, payments, as_of):
@bp.route("/account-balance")
@account_required
 def account_balance():
  payment_sessions = get_model().list_payment_sessions_for_account(session['account'])
  for payment_session in payment_sessions:
    if payment_session['type'] == 'btcpay':
--- a/capsulflask/db.py
+++ b/capsulflask/db.py
@ -33,7 +33,7 @@ def init_app(app, is_running_server):
    result = re.search(r"^\d+_(up|down)", filename)
    if not result:
      app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.")
-      exit(1)
+      continue
    key = result.group()
    with open(join(schemaMigrationsPath, filename), 'rb') as file:
      schemaMigrations[key] = file.read().decode("utf8")
@ -128,4 +128,3 @@ def close_db(e=None):
  if db_model is not None:
    db_model.cursor.close()
    current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection)
--- a/capsulflask/db_model.py
+++ b/capsulflask/db_model.py
@ -1,8 +1,8 @@
 import re
 # I was never able to get this type hinting to work correctly 
 # from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor
 import hashlib
 from nanoid import generate
 from flask import current_app
 from typing import List
@ -17,7 +17,6 @@ class DBModel:
    self.cursor = cursor
  #     ------    LOGIN     ---------     
@ -44,6 +43,16 @@ class DBModel:
    return (token, ignoreCaseMatches)
  def authenticate_token(self, token):
    m = hashlib.md5()
    m.update(token.encode('utf-8'))
    hash_token = m.hexdigest()
    self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, ))
    result = self.cursor.fetchall()
    if len(result) == 1:
      return result[0]
    return None
  def consume_token(self, token):
    self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
    row = self.cursor.fetchone()
@ -132,6 +141,32 @@ class DBModel:
    self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) )
    self.connection.commit()
  def list_api_tokens(self, email):
    self.cursor.execute(
      "SELECT id, token, name, created FROM api_tokens WHERE email = %s", 
      (email, )
    )
    return list(map(
      lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]), 
      self.cursor.fetchall()
    ))
  def generate_api_token(self, email, name):
    token = generate()
    m = hashlib.md5()
    m.update(token.encode('utf-8'))
    hash_token = m.hexdigest()
    self.cursor.execute(
      "INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)", 
      (email, name, hash_token)
    )
    self.connection.commit()
    return token
  def delete_api_token(self, email, id_):
    self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_))
    self.connection.commit()
  def list_vms_for_account(self, email):
    self.cursor.execute(""" 
      SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month
@ -479,8 +514,3 @@ class DBModel:
    #cursor.close()
    return to_return
--- a/capsulflask/hub_api.py
+++ b/capsulflask/hub_api.py
@ -160,10 +160,7 @@ def can_claim_create(payload, host_id) -> (str, str):
  if allocated_network_name is None or allocated_ipv4_address is None:
    return "", f"host \"{host_id}\" does not have any avaliable IP addresses on any of its networks."
-  # payload["network_name"] = allocated_network_name
+  payload["network_name"] = allocated_network_name
  # hard-code the network name for now until we can fix the phantom dhcp lease issues.
  payload["network_name"] = 'public3'
  payload["public_ipv4"] = allocated_ipv4_address
  return payload, ""
--- a/capsulflask/hub_model.py
+++ b/capsulflask/hub_model.py
@ -215,12 +215,11 @@ class CapsulFlaskHub(VirtualizationInterface):
        # no need to do anything here since if it cant be parsed then generic_operation will handle it.
        pass
    if error_message != "":
      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
    if number_of_assigned != 1:
      assigned_hosts_string = ", ".join(assigned_hosts)
      raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
    if error_message != "":
      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
  def destroy(self, email: str, id: str):
--- a/capsulflask/payment.py
+++ b/capsulflask/payment.py
@ -48,10 +48,6 @@ def validate_dollars():
 def btcpay_payment():
  errors = list()
  if current_app.config['BTCPAY_PRIVATE_KEY'] == "":
    flash("BTCPay is not enabled on this server")
    return redirect(url_for("console.account_balance"))
  if request.method == "POST":
    result = validate_dollars()
    errors = result[0]
--- a/capsulflask/publicapi.py
+++ b/capsulflask/publicapi.py
@ -0,0 +1,40 @@
 import datetime
 from flask import Blueprint
 from flask import current_app
 from flask import jsonify
 from flask import request
 from flask import session
 from nanoid import generate
 from capsulflask.auth import account_required
 from capsulflask.db import get_model
 bp = Blueprint("publicapi", __name__, url_prefix="/api")
@bp.route("/capsul/create", methods=["POST"])
@account_required
 def capsul_create():
    email = session["account"]
    from .console import _create,get_account_balance, get_payments, get_vms
    vm_sizes = get_model().vm_sizes_dict()
    operating_systems = get_model().operating_systems_dict()
    public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
    account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow())
    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
    request.json['ssh_authorized_key_count'] = 1
    id, errors = _create(
      vm_sizes, 
      operating_systems,
      public_keys_for_account,
      request.json)
    if id is not None:
        return jsonify(
            id=id,
        )
    return jsonify(errors=errors)
--- a/capsulflask/schema_migrations/17_down_api_tokens.py
+++ b/capsulflask/schema_migrations/17_down_api_tokens.py
@ -0,0 +1,2 @@
 DROP TABLE api_keys;
 UPDATE schemaversion SET version = 16;
--- a/capsulflask/schema_migrations/17_up_api_tokens.py
+++ b/capsulflask/schema_migrations/17_up_api_tokens.py
@ -0,0 +1,9 @@
 CREATE TABLE api_tokens (
  id                 SERIAL PRIMARY KEY,
  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
  name               TEXT NOT NULL,
  created            TIMESTAMP NOT NULL DEFAULT NOW(),
  token              TEXT NOT NULL
 );
 UPDATE schemaversion SET version = 17;
--- a/capsulflask/schema_migrations/19_down_api_tokens.py
+++ b/capsulflask/schema_migrations/19_down_api_tokens.py
@ -0,0 +1,2 @@
 DROP TABLE api_keys;
 UPDATE schemaversion SET version = 16;
--- a/capsulflask/schema_migrations/19_up_api_tokens.py
+++ b/capsulflask/schema_migrations/19_up_api_tokens.py
@ -0,0 +1,9 @@
 CREATE TABLE api_tokens (
  id                 SERIAL PRIMARY KEY,
  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
  name               TEXT NOT NULL,
  created            TIMESTAMP NOT NULL DEFAULT NOW(),
  token              TEXT NOT NULL
 );
 UPDATE schemaversion SET version = 17;
--- a/capsulflask/shell_scripts/capacity-avaliable.sh
+++ b/capsulflask/shell_scripts/capacity-avaliable.sh
@ -3,7 +3,7 @@
 # check available RAM and IPv4s
 ram_bytes_to_allocate="$1"
-ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
+ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
 ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
 if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
  exit 1
 fi
-# 0.25GB
+# 20GB
-if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
+if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
  echo "VM is requesting more RAM than $(hostname -f) has available."
  echo "Bytes requested: $ram_bytes_to_allocate"
  echo "Bytes available: $ram_bytes_available"
--- a/capsulflask/shell_scripts/create.sh
+++ b/capsulflask/shell_scripts/create.sh
@ -6,7 +6,6 @@
 vmname="$1"
 template_file="/tank/img/$2"
 qemu_tank_dir="/tank"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@ -51,40 +50,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
  exit 1
 fi
-disk="$vmname.qcow2"
+disk="/tank/vm/$vmname.qcow2"
-cdrom="$vmname.iso"
+cdrom="/tank/vm/$vmname.iso"
-xml="$vmname.xml"
+xml="/tank/vm/$vmname.xml"
 if [ -f /tank/vm/$vmname.qcow2 ]; then
    echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
    exit 1
 fi
-cp "$template_file" "/tank/vm/$disk"
+cp "$template_file" "$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
  echo "      - $line" >> /tmp/cloudinit.yml
 done
-cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
+cloud-localds "$cdrom" /tmp/cloudinit.yml
-qemu-img resize "/tank/vm/$disk" "$root_volume_size"
+qemu-img resize "$disk" "$root_volume_size"
 virt-install \
    --memory "$memory" \
    --vcpus "$vcpus" \
    --name "$vmname" \
-    --disk "$qemu_tank_dir/vm/$disk",bus=virtio \
+    --disk "$disk",bus=virtio \
-    --disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
+    --disk "$cdrom",device=cdrom \
    --os-type Linux \
    --os-variant generic \
    --virt-type kvm \
    --graphics vnc,listen=127.0.0.1 \
-    --network network=$network_name,model=virtio \
+    --network network=$network_name,filterref=clean-traffic,model=virtio \
    --import \
-    --print-xml > "/tank/vm/$xml"
+    --print-xml > "$xml"
-chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
+chmod 0600 "$xml" "$disk" "$cdrom"
-virsh define "/tank/vm/$xml"
+virsh define "$xml"
 virsh start "$vmname"
 echo "success"
--- a/capsulflask/static/favicon.ico
+++ b/capsulflask/static/favicon.ico
--- a/capsulflask/static/icon.png
+++ b/capsulflask/static/icon.png
--- a/capsulflask/templates/account-balance.html
+++ b/capsulflask/templates/account-balance.html
@ -46,9 +46,7 @@
            <a href="/payment/stripe">Add funds with Credit/Debit (stripe)</a>
            <ul><li>notice: stripe will load nonfree javascript </li></ul>
          </li>
          {% if config['BTCPAY_PRIVATE_KEY'] != "" %}
          <li><a href="/payment/btcpay">Add funds with Bitcoin/Litecoin/Monero (btcpay)</a></li>
          {% endif %}
          <li>Cash: email <a href="mailto:treasurer@cyberia.club">treasurer@cyberia.club</a></li>
        </ul>
--- a/capsulflask/templates/base.html
+++ b/capsulflask/templates/base.html
@ -13,7 +13,7 @@
 <nav>
  <div class="row justify-space-between half-margin">
    <div>
-      🦉 <a href="/"><b>YOLOCOLO</b></a>
+      <a href="/"><b>Capsul</b></a>💊
    </div>
    <div>
      &nbsp;
@ -27,10 +27,11 @@
  <div class="row justify-center half-margin wrap nav-links">
    <a href="/pricing">Pricing</a>
    <a href="/faq">FAQ</a>
    <a href="/changelog">Changelog</a>
    {% if session["account"] %} 
      <a href="/console">Capsuls</a>
-      <a href="/console/ssh">SSH Public Keys</a>
+      <a href="/console/keys">SSH &amp; API Keys</a>
      <a href="/console/account-balance">Account Balance</a>
    {% endif %}
@ -46,12 +47,11 @@
 </main>
 {% block subcontent %}{% endblock %}
 <footer>
-  This server runs <a
+  (c) Attribution-ShareAlike 4.0 International <br/>
-    href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
+  &nbsp;&nbsp;&nbsp;&nbsp;A service by Cyberia Computer Club 2020-<span class="bigtext">∞</span> <br/>
-  Cyberia Computer Club, available under the <a
+  <br/>
-    href="https://creativecommons.org/licenses/by-sa/4.0/">Attribution-ShareAlike
+  <br/>
-    4.0 International</a> licence.<br/><br/>
+  <a href="https://giit.cyberia.club/~forest/capsul-flask/tree/master/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
  <a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
 </footer>
 </body>
 </html>
--- a/capsulflask/templates/capsul-detail.html
+++ b/capsulflask/templates/capsul-detail.html
@ -101,7 +101,7 @@
      </div>
      <div class="row justify-start">
        <label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>
-        <a id="ssh_authorized_keys" href="/console/ssh">{{ vm['ssh_authorized_keys'] }}</a>
+        <a id="ssh_authorized_keys" href="/console/keys">{{ vm['ssh_authorized_keys'] }}</a>
      </div>
    </div>
--- a/capsulflask/templates/create-capsul.html
+++ b/capsulflask/templates/create-capsul.html
@ -31,7 +31,7 @@
    <p>(At least one month of funding is required)</p>
  {% elif no_ssh_public_keys %}
    <p>You don't have any ssh public keys yet.</p> 
-    <p>You must <a href="/console/ssh">upload one</a> before you can create a Capsul.</p>
+    <p>You must <a href="/console/keys">upload one</a> before you can create a Capsul.</p>
  {% elif not capacity_avaliable %}
    <p>Host(s) at capacity. No capsuls can be created at this time. sorry. </p> 
  {% else %}
--- a/capsulflask/templates/faq.html
+++ b/capsulflask/templates/faq.html
@ -10,32 +10,81 @@
 <p>
 <ul>
   <li>
-     What is this?
+     Which instance type should I buy?
-     <p>
+     <p>There are no hard rules for this sort of thing, but here are some guidelines:</p>
-      This is a <strong>technical demo</strong> of <a
+     <p>f1-xs: blog, vpn, bot, cgit</p>
-       href="https://giit.cyberia.club/~forest/capsul-flask">Capsul</a>, for the
+     <p>f1-s: a bot, owncloud, gitea, popular blog</p>
-      as-yet-untitled <a href="https://coops.tech">Cotech</a> server hosting
+     <p>f1-m: docker host, build system</p>
-      initiative, which you can <a
+     <p>f1-l: large webservice, rotund java app</p>
-      href="https://community.coops.tech/t/call-for-input-v2-co-op-vps-survey/2802/9">read
+     <p>f1-x: gitlab (wow such memory very devops</p>
-     about on the Cotech forum</a>.
+     <p>f1-xx: something gargantuan</p>
   </li>
   <li>
     How do I log in?
     <p>ssh to the ip provided to you using the cyberian user.</p>
     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
   </li>
   <li>
     How do I change to the root user?
     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
     <pre class='code'>
 # Linux
 $ sudo su -
 # OpenBSD
 $ doas su -</pre>
   </li>
   <li>
     Do you offer reverse DNS?
     <p>We do, but right now it's a manual process. Shoot us an email and we'll get it done.</p>
   </li>
   <li>
    What if I don't pay / don't maintain my payments?
    <p>Your VM will eventually be deleted.
       Capsul will send you a few inoffensive reminders as that termination date approaches.
    </p>
   </li>
   <li>
-     What do you mean, "technical demo"?
+    Besides my virtual machines and payments, what information do you keep about me?
-     <p>No backups</p>
+     <p>We associate an email address with every VM so that we can track payment and respond to support requests.</p>
-     <p>No service level agreement</p>
+     <p>If you pay with a credit card, Stripe stores some additional details about you that we literally cannot delete.</p>
     <p>"Best effort" support</p>
   </li>
   <li>
-     Where can I get this, but, more reliable?
+     What can I do with my VM?
-     <p>Cyberia, the authors of this platform, run the canonical instance, <a
+     <p>Make it into a mailserver, a tor relay, a VPN host, whatever you'd like - we do have one small request, though.</p>
-      href="https://capsul.org">Capsul.org</a>, on hardware they own. Please
+     <p>Crypto mining on capsul is currently considered obnoxious behavior, because the hashrates on our CPUs is so low and because mining crypto consumes entire processor cores that could have otherwise been shared between many dozens of other users.</p>
-     send them your money! (cash, crypto, or card accepted).</p>
+     <p>In the future, if we have plentiful CPU resources, we may come out with a tier more suitable for mining - maybe a high cpu tier or similar, where each VM gets a full dedicated core and sharing them is not anticipated.</p>
     <p>We will never snoop on your traffic or inspect what's going on inside of our customer virtual machines - we don't want to. We hope that you'll extend us a similar courtesy and try not to use too much of our shared CPU resources. Capsul is currently a shared (resource-wise) world, and we all must live in it together!</p>
     <p>Also, mandatory: our systems exist within the USA, and as such those systems are bound by US law.</p>
   </li>
   <li>
-     How do I use this system?
+     Can you recover my passwords/insert new keys?
-     <p>Please see <a href="https://capsul.org/faq">the official Capsul FAQ
+     <p>Can we? Technically yes. Will we? No, never. It would violate the trust that our users have in us.
-       page</a>.</p>
+     We have no interest in touching client VMs after they're running.
     We promise to keep your machines running smoothly.
     If you lose access to your VM, that's on you.</p>
   </li>
   <li>
     Do you offer refunds?
     <p>Not now, but email us and we can probably figure something out.</p>
   </li>
   <li>
    Where do the VMs run? Is it on a machine that you guys own/control?
     <p>Capsul runs on a server named Baikal which Cyberia built from scratch & mailed to a datacenter
      in Georgia called CyberWurx. CyberWurx staff installed it for us in a rack space that
      Cyberia pays for. </p>
   </li>
   <li>
     Do you offer support?
     <p>Yep, see <a href="/support">our support page</a>.</p>
   </li>
   <li>
     Do you have an SLA?
     <p>No, but we normally respond pretty quickly.</p>
   </li>
   <li>
    Will you implement feature X?
    <p>Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.</p>
   </li>
 </ul>
 </p>
--- a/capsulflask/templates/index.html
+++ b/capsulflask/templates/index.html
@ -1,26 +1,31 @@
 {% extends 'base.html' %}
 {% block content %}
  <h1>
  <pre>
             _                 _
 _   _  ___ | | ___   ___ ___ | | ___
 | | | |/ _ \| |/ _ \ / __/ _ \| |/ _ \
 | |_| | (_) | | (_) | (_| (_) | | (_) |
 \__, |\___/|_|\___/ \___\___/|_|\___/
 |___/
 {% block content %}
  <h1>CAPSUL</h1>
  <pre>
       .-.  
      /:::\ 
     /::::/ 
    / `-:/  
   /    /   
   \   /    
    `"`     
  </pre>
-  <span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
+  <span>Simple, fast, private compute by <a href="https://cyberia.club">cyberia.club</a></span>
 {% endblock %}
 {% block subcontent %}
 <p>
 <ul>
-   <li>Sign up for an account!</li>
+   <li>Low friction: simply log in with your email address and fund your account with Credit/Debit or Cryptocurrency</li>
-   <li>Add some funds!</li>
+   <li>All root disks are backed up at no charge</li>
-   <li>Create a VPS!</li>
+   <li>All storage is fast, local, and solid-state</li>
-   <li>Give your feedback!</li>
+   <li>All network connections are low latency</li>
   <li>Supported by amazing volunteers from Cyberia</li>
   <li>Upfront prices, no confusing billing</li>
   <li>Operated by a Minnesota non-profit organization that will never exploit you</li>
   <li>We donate a portion of our proceeds to likeminded hacker groups around the globe</li>
 </ul>           
 </p>
 {% endblock %}
--- a/capsulflask/templates/ssh-public-keys.html
+++ b/capsulflask/templates/ssh-public-keys.html
@ -1,17 +1,18 @@
 {% extends 'base.html' %}
-{% block title %}SSH Public Keys{% endblock %}
+{% block title %}SSH &amp; API Keys{% endblock %}
 {% block content %}
 <div class="row third-margin">
  <h1>SSH PUBLIC KEYS</h1>
 </div>
 <div class="row third-margin"><div>
-  {% if has_ssh_public_keys %} <hr/> {% endif %}
+    {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
  {% for ssh_public_key in ssh_public_keys %}
    <form method="post">
      <input type="hidden" name="method" value="DELETE"></input> 
      <input type="hidden" name="action" value="delete_ssh_key"></input>
      <input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input> 
      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
      <div class="row">
@ -22,13 +23,14 @@
    </form>
  {% endfor %}
-  {% if has_ssh_public_keys %} <hr/> {% endif %}
+  {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
  <div class="third-margin">
    <h1>UPLOAD A NEW SSH PUBLIC KEY</h1>
  </div>
  <form method="post">
    <input type="hidden" name="method" value="POST"></input>
    <input type="hidden" name="action" value="upload_ssh_key"></input>
    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
    <div class="row justify-start">
      <label class="align" for="content">File Contents</label>
@ -54,6 +56,51 @@
    </div>
  </form>
 </div></div>
 <hr/>
 <div class="row third-margin">
  <h1>API KEYS</h1>
 </div>
 <div class="row third-margin"><div>
  {% if generated_api_token %}
    <hr/>
    Generated key:
    <span class="code">{{ generated_api_token }}</span>
  {% endif %}
  {% if api_tokens|length >0 %} <hr/>{% endif %}
  {% for api_token in api_tokens %}
    <form method="post">
      <input type="hidden" name="method" value="DELETE"></input> 
      <input type="hidden" name="action" value="delete_api_token"></input>
      <input type="hidden" name="id" value="{{ api_token['id'] }}"></input> 
      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
      <div class="row">
        <span class="code">{{ api_token['name'] }}</span>
        created {{ api_token['created'].strftime("%b %d %Y") }}
        <input type="submit" value="Delete">
      </div>
    </form>
  {% endfor %}
  {% if api_tokens|length >0 %} <hr/>{% endif %}
  <div class="third-margin">
    <h1>GENERATE A NEW API KEY</h1>
  </div>
  <form method="post">
    <input type="hidden" name="method" value="POST"></input>
    <input type="hidden" name="action" value="generate_api_token"></input>
    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
    <div class="smalltext">
      <p>Generate a new API key, to integrate with other systems.</p>
    </div>
    <div class="row justify-start">
      <label class="align" for="name">Key Name</label>
      <input type="text" id="name" name="name"></input> (defaults to creation time)
    </div>
    <div class="row justify-end">
      <input type="submit" value="Generate">
    </div>
  </form>
 </div></div>
 {% endblock %}
 {% block pagesource %}/templates/ssh-public-keys.html{% endblock %}
--- a/capsulflask/templates/pricing.html
+++ b/capsulflask/templates/pricing.html
@ -7,15 +7,24 @@
    <h1>CAPSUL TYPES & PRICING</h1>
  </div>
  <div class="row half-margin">
    <p>
      Rates for this service isn't set yet. You can see Cyberia's Capsul pricing
      on <a href="https://capsul.org/pricing">their website</a>.
    </p>
  </div>
  <div>
    <pre>
    type     monthly*  cpus  mem     ssd   net*
    -----    -------   ----  ---     ---   ---
    f1-xs    $5.00     1     512M    25G   .5TB
    f1-s     $7.50     1     1024M   25G   1TB
    f1-m     $12.50    1     2048M   25G   2TB
    f1-l     $20.00    2     3072M   25G   3TB
    f1-x     $27.50    3     4096M   25G   4TB
    f1-xx    $50.00    4     8192M   25G   5TB
    * net is calculated as a per-month average
    * vms are billed for a minimum of 24 hours upon creation
    * all VMs come standard with one public IPv4 address
    SUPPORTED OPERATING SYSTEMS:
    {% for os_id, os in operating_systems.items() %}   - {{ os.description }} 
    {% endfor %}
  </pre>
--- a/capsulflask/templates/support.html
+++ b/capsulflask/templates/support.html
@ -7,14 +7,20 @@
    <h1>SUPPORT</h1>
  </div>
  <div class="row half-margin">
-    <a href="mailto:yolocolo@doesthisthing.work?subject=Please%20help!">yolocolo@doesthisthing.work</a> 
+    <a href="mailto:support@cyberia.club?subject=Please%20help!">support@cyberia.club</a> 
  </div>
 {% endblock %}
 {% block subcontent %}
 <p>
-  You can also find us on Matrix: <a
+  Note: We maintain a searchable archive of all support emails at 
-    href="https://matrix.to/#/#untitled-hosting.public:autonomic.zone">#untitled-hosting.public:autonomic.zone</a>.
+  <a href="https://lists.cyberia.club/~cyberia/support">https://lists.cyberia.club/~cyberia/support</a>
 </p>
 <p>
  If you do not want your mail to appear in a public archive, email <a href="mailto:capsul@cyberia.club?subject=Please%20help!">capsul@cyberia.club</a> instead.
 </p>
 <p>
  Please describe your problem or feature request, and we will do our best to get back to you promptly. Thank you very much.
 </p>
 {% endblock %}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,26 +7,17 @@ services:
    build: .
    volumes:
      - "./:/app/code"
      - "../tank:/tank"
      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
    depends_on:
      - db
    ports:
      - "5000:5000"
    environment:
      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
      - SPOKE_MODEL=shell-scripts
        #- FLASK_DEBUG=1
      - BASE_URL=http://localhost:5000
      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
    # The image uses gunicorn by default, let's override it with Flask's
    # built-in development server
    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
    devices:
      - "/dev/kvm:/dev/kvm"
  db:
-    image: "postgres:9.6.5-alpine"
+    image: "postgres:9.6.5"
    volumes:
      - "postgres:/var/lib/postgresql/data"
    environment:
Author	SHA1	Message	Date
3wc	43fb2f9ed3	Add libvirt-client to Docker image All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-12 23:40:34 +02:00
3wc	9e44f9be0c	Merge branch 'webapi' into docker-api All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-12 22:29:08 +02:00
3wc	64febaceb9	Merge branch 'docker' into docker-api	2021-07-12 22:28:19 +02:00
3wc	c4df5c238f	Rename migrations	2021-07-12 22:25:06 +02:00
3wc	44874b9056	Updates for upstream IP handling	2021-07-12 22:10:23 +02:00
3wc	630940c186	Add basic "create" API.. .. using server-side API tokens	2021-07-12 22:09:25 +02:00
3wc	e9934a8a6b	Use Flask server in development	2021-07-12 21:56:14 +02:00
3wc	6db163365c	Multi-stage build oh my!	2021-07-12 21:56:14 +02:00
3wc	6b53c80a71	Initial attempt at Docker	2021-07-12 21:56:14 +02:00
3wc	76ec57689f	Fix 500 error on Capsuls page All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-11 23:47:12 +02:00
3wc	49dca12719	Merge branch 'webapi' into docker-api All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-11 12:36:38 +02:00
3wc	692d936f4a	Merge branch 'docker' into docker-api	2021-07-11 12:36:30 +02:00
3wc	8a70e497d1	Use Flask server in development	2021-07-11 12:36:10 +02:00
3wc	6041306a2a	Updates for upstream IP handling	2021-07-11 12:35:35 +02:00
3wc	0d9d51c780	Merge branch 'docker' into docker-api All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-11 00:57:58 +02:00
3wc	647a19bfa7	Multi-stage build oh my!	2021-07-11 00:57:40 +02:00
3wc	541bf7d2d7	Initial attempt at Docker	2021-07-11 00:57:40 +02:00
3wc	3b978b781f	Add basic "create" API.. .. using server-side API tokens	2021-07-11 00:57:27 +02:00
		`@ -0,0 +1,2 @@`
							`DROP TABLE api_keys;`
							`UPDATE schemaversion SET version = 16;`