Merge branch 'yc-templates' into yolocolo

Disco updates for YOLOCOLO site
Merge branch 'optional-btcpay' into yolocolo
2021-07-21 01:15:51 +02:00 · 2021-07-21 01:13:52 +02:00 · 2021-07-21 00:30:34 +02:00 · 2021-07-21 00:22:58 +02:00 · 2021-07-21 00:20:38 +02:00 · 2021-07-21 00:19:38 +02:00
24 changed files with 224 additions and 398 deletions
--- a/24
+++ b/24
@ -1,8 +1,17 @@
 FROM python:3.8-alpine as build
-RUN apk add gettext git gcc python3-dev musl-dev \
+RUN apk add --no-cache \
-    libffi-dev zlib-dev jpeg-dev libjpeg postgresql-dev build-base \
+    build-base \
-    --virtual .build-dependencies
+    gcc \
    gettext \
    git \
    jpeg-dev \
    libffi-dev \
    libjpeg \
    musl-dev \
    postgresql-dev \
    python3-dev \
    zlib-dev
 RUN mkdir -p /app/{code,venv}
 WORKDIR /app/code
@ -17,7 +26,14 @@ RUN pipenv install --deploy --verbose
 FROM python:3.8-alpine
-RUN apk add --no-cache libpq libstdc++ libjpeg libvirt-client
+RUN apk add --no-cache \
    cloud-utils \
    libjpeg \
    libpq \
    libstdc++ \
    libvirt-client \
    openssh-client \
    virt-install
 COPY . /app/code/
 WORKDIR /app/code
--- a/capsulflask/init.py
+++ b/capsulflask/init.py
@ -26,12 +26,27 @@ class StdoutMockFlaskMail:
    def send(self, message: Message):
      current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 load_dotenv(find_dotenv())
 for var_name in [
  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
 ]:
  var = os.environ.get(f"{var_name}_FILE")
  if not var:
    continue
  if not os.path.isfile(var):
    continue
  with open(var) as secret_file:
    os.environ[var_name] = secret_file.read().rstrip('\n')
  del os.environ[f"{var_name}_FILE"]
 app = Flask(__name__)
 app.config.from_mapping(
  BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
  SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
  HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
@ -153,6 +168,7 @@ is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line
 app.logger.info(f"is_running_server: {is_running_server}")
 if app.config['HUB_MODE_ENABLED']:
  if app.config['HUB_MODEL'] == "capsul-flask":
    app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
@ -174,9 +190,7 @@ if app.config['HUB_MODE_ENABLED']:
  from capsulflask import db
  db.init_app(app, is_running_server)
-  from capsulflask import (
+  from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin
    auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
  )
  app.register_blueprint(landing.bp)
  app.register_blueprint(auth.bp)
@ -186,13 +200,13 @@ if app.config['HUB_MODE_ENABLED']:
  app.register_blueprint(cli.bp)
  app.register_blueprint(hub_api.bp)
  app.register_blueprint(admin.bp)
  app.register_blueprint(publicapi.bp)
  app.add_url_rule("/", endpoint="index")
 if app.config['SPOKE_MODE_ENABLED']:
  if app.config['SPOKE_MODEL'] == "shell-scripts":
    app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
  else:
@ -220,6 +234,10 @@ def override_url_for():
  return dict(url_for=url_for_with_cache_bust)
@app.context_processor
 def load_config_vars():
  return dict(config=app.config)
 def url_for_with_cache_bust(endpoint, **values):
  """
  Add a query parameter based on the hash of the file, this acts as a cache bust
--- a/capsulflask/auth.py
+++ b/capsulflask/auth.py
@ -1,4 +1,3 @@
 from base64 import b64decode
 import functools
 import re
@ -25,15 +24,6 @@ def account_required(view):
    @functools.wraps(view)
    def wrapped_view(**kwargs):
        api_token = request.headers.get('authorization', None)
        if api_token is not None:
            email = get_model().authenticate_token(b64decode(api_token).decode('utf-8'))
            if email is not None:
                session.clear()
                session["account"] = email
                session["csrf-token"] = generate()
        if session.get("account") is None or session.get("csrf-token") is None :
            return redirect(url_for("auth.login"))
--- a/capsulflask/console.py
+++ b/capsulflask/console.py
@ -1,9 +1,7 @@
 from base64 import b64encode
 from datetime import datetime, timedelta
 import json
 import re
 import sys
-
+import json
 from datetime import datetime, timedelta
 from flask import Blueprint
 from flask import flash
 from flask import current_app
@ -100,6 +98,7 @@ def index():
@bp.route("/<string:id>", methods=("GET", "POST"))
@account_required
 def detail(id):
  duration=request.args.get('duration')
  if not duration:
    duration = "5m"
@ -189,13 +188,23 @@ def detail(id):
      duration=duration
    )
-def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
+
@bp.route("/create", methods=("GET", "POST"))
@account_required
 def create():
  vm_sizes = get_model().vm_sizes_dict()
  operating_systems = get_model().operating_systems_dict()
  public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
  account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
  errors = list()
-  size = server_data.get("size")
+  if request.method == "POST":
-  os = server_data.get("os")
+    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
-  posted_keys_count = int(server_data.get("ssh_authorized_key_count"))
+      return abort(418, f"u want tea")
    size = request.form["size"]
    os = request.form["os"]
    if not size:
      errors.append("Size is required")
    elif size not in vm_sizes:
@ -206,14 +215,15 @@ def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
    elif os not in operating_systems:
      errors.append(f"Invalid os {os}")
    posted_keys_count = int(request.form["ssh_authorized_key_count"])
    posted_keys = list()
    if posted_keys_count > 1000:
      errors.append("something went wrong with ssh keys")
    else:
      for i in range(0, posted_keys_count):
-      if f"ssh_key_{i}" in server_data:
+        if f"ssh_key_{i}" in request.form:
-        posted_name = server_data.get(f"ssh_key_{i}")
+          posted_name = request.form[f"ssh_key_{i}"]
          key = None
          for x in public_keys_for_account:
            if x['name'] == posted_name:
@ -226,9 +236,7 @@ def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
    if len(posted_keys) == 0:
      errors.append("At least one SSH Public Key is required")
-  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(
+    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024)
    vm_sizes[size]['memory_mb']*1024*1024
  )
    if not capacity_avaliable:
      errors.append("""
@ -237,45 +245,19 @@ def _create(vm_sizes, operating_systems, public_keys_for_account, server_data):
    if len(errors) == 0:
      id = make_capsul_id()
-    get_model().create_vm(
+      # we can't create the vm record in the DB yet because its IP address needs to be allocated first.
-      email=session["account"], 
+      # so it will be created when the allocation happens inside the hub_api.
      id=id, 
      size=size, 
      os=os,
      ssh_authorized_keys=list(map(lambda x: x["name"], posted_keys))
    )
      current_app.config["HUB_MODEL"].create(
        email = session["account"],
        id=id,
        os=os,
        size=size,
        template_image_file_name=operating_systems[os]['template_image_file_name'],
        vcpus=vm_sizes[size]['vcpus'],
        memory_mb=vm_sizes[size]['memory_mb'],
-      ssh_authorized_keys=list(map(lambda x: x["content"], posted_keys))
+        ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys)) 
      )
    return id, errors
  return None, errors
@bp.route("/create", methods=("GET", "POST"))
@account_required
 def create():
  vm_sizes = get_model().vm_sizes_dict()
  operating_systems = get_model().operating_systems_dict()
  public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
  account_balance = get_account_balance(get_vms(), get_payments(), datetime.utcnow())
  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
  if request.method == "POST":
    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
      return abort(418, f"u want tea")
    id, errors = _create(
      vm_sizes, 
      operating_systems,
      public_keys_for_account,
      request.form)
    if len(errors) == 0: 
      for error in errors:
        flash(error)
      return redirect(f"{url_for('console.index')}?created={id}")
  affordable_vm_sizes = dict()
@ -286,6 +268,9 @@ def create():
    if vm_size["dollars_per_month"] <= account_balance+0.25:
      affordable_vm_sizes[key] = vm_size
  for error in errors:
    flash(error)
  if not capacity_avaliable:
    current_app.logger.warning(f"when capsul capacity is restored, send an email to {session['account']}")
@ -302,25 +287,23 @@ def create():
    vm_sizes=affordable_vm_sizes
  )
-@bp.route("/keys", methods=("GET", "POST"))
+@bp.route("/ssh", methods=("GET", "POST"))
@account_required
-def ssh_api_keys():
+def ssh_public_keys():
  errors = list()
  token = None
  if request.method == "POST":
    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
      return abort(418, f"u want tea")
-    action = request.form["action"]
+    method = request.form["method"]
    if action == 'upload_ssh_key':
    content = None
    if method == "POST":
      content = request.form["content"].replace("\r", " ").replace("\n", " ").strip()
    name = request.form["name"]
    if not name or len(name.strip()) < 1:
      if method == "POST":
        parts = re.split(" +", content)
        if len(parts) > 2 and len(parts[2].strip()) > 0:
          name = parts[2].strip()
@ -331,6 +314,7 @@ def ssh_api_keys():
    if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
      errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
    if method == "POST":
      if not content or len(content.strip()) < 1:
        errors.append("Content is required")
      else:
@ -343,36 +327,24 @@ def ssh_api_keys():
      if len(errors) == 0:
        get_model().create_ssh_public_key(session["account"], name, content)
-    elif action == "delete_ssh_key":
+    elif method == "DELETE":
      if len(errors) == 0:
        get_model().delete_ssh_public_key(session["account"], name)
    elif action == "generate_api_token":
      name = request.form["name"]
      if name == '':
          name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S')
      token = b64encode(
        get_model().generate_api_token(session["account"], name).encode('utf-8')
      ).decode('utf-8')
    elif action == "delete_api_token":
      get_model().delete_api_token(session["account"], request.form["id"])
  for error in errors:
    flash(error)
-  ssh_keys_list=list(map(
+  keys_list=list(map(
    lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"), 
    get_model().list_ssh_public_keys_for_account(session["account"])
  ))
  api_tokens_list = get_model().list_api_tokens(session["account"])
  return render_template(
-    "keys.html", 
+    "ssh-public-keys.html", 
    csrf_token = session["csrf-token"],
-    api_tokens=api_tokens_list, 
+    ssh_public_keys=keys_list, 
-    ssh_public_keys=ssh_keys_list,
+    has_ssh_public_keys=len(keys_list) > 0
    generated_api_token=token,
  )
 def get_vms():
@ -396,6 +368,7 @@ def get_vm_months_float(vm, as_of):
  return days / average_number_of_days_in_a_month
 def get_account_balance(vms, payments, as_of):
  vm_cost_dollars = 0.0
  for vm in vms:
    vm_months = get_vm_months_float(vm, as_of)
@ -408,6 +381,7 @@ def get_account_balance(vms, payments, as_of):
@bp.route("/account-balance")
@account_required
 def account_balance():
  payment_sessions = get_model().list_payment_sessions_for_account(session['account'])
  for payment_session in payment_sessions:
    if payment_session['type'] == 'btcpay':
--- a/capsulflask/db.py
+++ b/capsulflask/db.py
@ -33,7 +33,7 @@ def init_app(app, is_running_server):
    result = re.search(r"^\d+_(up|down)", filename)
    if not result:
      app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.")
-      continue
+      exit(1)
    key = result.group()
    with open(join(schemaMigrationsPath, filename), 'rb') as file:
      schemaMigrations[key] = file.read().decode("utf8")
@ -128,3 +128,4 @@ def close_db(e=None):
  if db_model is not None:
    db_model.cursor.close()
    current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection)
--- a/capsulflask/db_model.py
+++ b/capsulflask/db_model.py
@ -1,8 +1,8 @@
 import re
 # I was never able to get this type hinting to work correctly 
 # from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor
 import hashlib
 from nanoid import generate
 from flask import current_app
 from typing import List
@ -17,6 +17,7 @@ class DBModel:
    self.cursor = cursor
  #     ------    LOGIN     ---------     
@ -43,16 +44,6 @@ class DBModel:
    return (token, ignoreCaseMatches)
  def authenticate_token(self, token):
    m = hashlib.md5()
    m.update(token.encode('utf-8'))
    hash_token = m.hexdigest()
    self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, ))
    result = self.cursor.fetchall()
    if len(result) == 1:
      return result[0]
    return None
  def consume_token(self, token):
    self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
    row = self.cursor.fetchone()
@ -141,32 +132,6 @@ class DBModel:
    self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) )
    self.connection.commit()
  def list_api_tokens(self, email):
    self.cursor.execute(
      "SELECT id, token, name, created FROM api_tokens WHERE email = %s", 
      (email, )
    )
    return list(map(
      lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]), 
      self.cursor.fetchall()
    ))
  def generate_api_token(self, email, name):
    token = generate()
    m = hashlib.md5()
    m.update(token.encode('utf-8'))
    hash_token = m.hexdigest()
    self.cursor.execute(
      "INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)", 
      (email, name, hash_token)
    )
    self.connection.commit()
    return token
  def delete_api_token(self, email, id_):
    self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_))
    self.connection.commit()
  def list_vms_for_account(self, email):
    self.cursor.execute(""" 
      SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month
@ -514,3 +479,8 @@ class DBModel:
    #cursor.close()
    return to_return
--- a/capsulflask/hub_api.py
+++ b/capsulflask/hub_api.py
@ -160,7 +160,10 @@ def can_claim_create(payload, host_id) -> (str, str):
  if allocated_network_name is None or allocated_ipv4_address is None:
    return "", f"host \"{host_id}\" does not have any avaliable IP addresses on any of its networks."
-  payload["network_name"] = allocated_network_name
+  # payload["network_name"] = allocated_network_name
  # hard-code the network name for now until we can fix the phantom dhcp lease issues.
  payload["network_name"] = 'public3'
  payload["public_ipv4"] = allocated_ipv4_address
  return payload, ""
--- a/capsulflask/hub_model.py
+++ b/capsulflask/hub_model.py
@ -215,11 +215,12 @@ class CapsulFlaskHub(VirtualizationInterface):
        # no need to do anything here since if it cant be parsed then generic_operation will handle it.
        pass
    if error_message != "":
      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
    if number_of_assigned != 1:
      assigned_hosts_string = ", ".join(assigned_hosts)
      raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
    if error_message != "":
      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
  def destroy(self, email: str, id: str):
--- a/capsulflask/payment.py
+++ b/capsulflask/payment.py
@ -48,6 +48,10 @@ def validate_dollars():
 def btcpay_payment():
  errors = list()
  if current_app.config['BTCPAY_PRIVATE_KEY'] == "":
    flash("BTCPay is not enabled on this server")
    return redirect(url_for("console.account_balance"))
  if request.method == "POST":
    result = validate_dollars()
    errors = result[0]
--- a/capsulflask/publicapi.py
+++ b/capsulflask/publicapi.py
@ -1,40 +0,0 @@
 import datetime
 from flask import Blueprint
 from flask import current_app
 from flask import jsonify
 from flask import request
 from flask import session
 from nanoid import generate
 from capsulflask.auth import account_required
 from capsulflask.db import get_model
 bp = Blueprint("publicapi", __name__, url_prefix="/api")
@bp.route("/capsul/create", methods=["POST"])
@account_required
 def capsul_create():
    email = session["account"]
    from .console import _create,get_account_balance, get_payments, get_vms
    vm_sizes = get_model().vm_sizes_dict()
    operating_systems = get_model().operating_systems_dict()
    public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
    account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow())
    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
    request.json['ssh_authorized_key_count'] = 1
    id, errors = _create(
      vm_sizes, 
      operating_systems,
      public_keys_for_account,
      request.json)
    if id is not None:
        return jsonify(
            id=id,
        )
    return jsonify(errors=errors)
--- a/capsulflask/schema_migrations/17_down_api_tokens.py
+++ b/capsulflask/schema_migrations/17_down_api_tokens.py
@ -1,2 +0,0 @@
 DROP TABLE api_keys;
 UPDATE schemaversion SET version = 16;
--- a/capsulflask/schema_migrations/17_up_api_tokens.py
+++ b/capsulflask/schema_migrations/17_up_api_tokens.py
@ -1,9 +0,0 @@
 CREATE TABLE api_tokens (
  id                 SERIAL PRIMARY KEY,
  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
  name               TEXT NOT NULL,
  created            TIMESTAMP NOT NULL DEFAULT NOW(),
  token              TEXT NOT NULL
 );
 UPDATE schemaversion SET version = 17;
--- a/capsulflask/schema_migrations/19_down_api_tokens.py
+++ b/capsulflask/schema_migrations/19_down_api_tokens.py
@ -1,2 +0,0 @@
 DROP TABLE api_keys;
 UPDATE schemaversion SET version = 16;
--- a/capsulflask/schema_migrations/19_up_api_tokens.py
+++ b/capsulflask/schema_migrations/19_up_api_tokens.py
@ -1,9 +0,0 @@
 CREATE TABLE api_tokens (
  id                 SERIAL PRIMARY KEY,
  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
  name               TEXT NOT NULL,
  created            TIMESTAMP NOT NULL DEFAULT NOW(),
  token              TEXT NOT NULL
 );
 UPDATE schemaversion SET version = 17;
--- a/capsulflask/shell_scripts/capacity-avaliable.sh
+++ b/capsulflask/shell_scripts/capacity-avaliable.sh
@ -3,7 +3,7 @@
 # check available RAM and IPv4s
 ram_bytes_to_allocate="$1"
-ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
+ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
 ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
 if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
  exit 1
 fi
-# 20GB
+# 0.25GB
-if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
+if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
  echo "VM is requesting more RAM than $(hostname -f) has available."
  echo "Bytes requested: $ram_bytes_to_allocate"
  echo "Bytes available: $ram_bytes_available"
--- a/capsulflask/shell_scripts/create.sh
+++ b/capsulflask/shell_scripts/create.sh
@ -6,6 +6,7 @@
 vmname="$1"
 template_file="/tank/img/$2"
 qemu_tank_dir="/tank"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@ -50,40 +51,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
  exit 1
 fi
-disk="/tank/vm/$vmname.qcow2"
+disk="$vmname.qcow2"
-cdrom="/tank/vm/$vmname.iso"
+cdrom="$vmname.iso"
-xml="/tank/vm/$vmname.xml"
+xml="$vmname.xml"
 if [ -f /tank/vm/$vmname.qcow2 ]; then
    echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
    exit 1
 fi
-cp "$template_file" "$disk"
+cp "$template_file" "/tank/vm/$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
  echo "      - $line" >> /tmp/cloudinit.yml
 done
-cloud-localds "$cdrom" /tmp/cloudinit.yml
+cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
-qemu-img resize "$disk" "$root_volume_size"
+qemu-img resize "/tank/vm/$disk" "$root_volume_size"
 virt-install \
    --memory "$memory" \
    --vcpus "$vcpus" \
    --name "$vmname" \
-    --disk "$disk",bus=virtio \
+    --disk "$qemu_tank_dir/vm/$disk",bus=virtio \
-    --disk "$cdrom",device=cdrom \
+    --disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
    --os-type Linux \
    --os-variant generic \
    --virt-type kvm \
    --graphics vnc,listen=127.0.0.1 \
-    --network network=$network_name,filterref=clean-traffic,model=virtio \
+    --network network=$network_name,model=virtio \
    --import \
-    --print-xml > "$xml"
+    --print-xml > "/tank/vm/$xml"
-chmod 0600 "$xml" "$disk" "$cdrom"
+chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
-virsh define "$xml"
+virsh define "/tank/vm/$xml"
 virsh start "$vmname"
 echo "success"
--- a/capsulflask/templates/account-balance.html
+++ b/capsulflask/templates/account-balance.html
@ -46,7 +46,9 @@
            <a href="/payment/stripe">Add funds with Credit/Debit (stripe)</a>
            <ul><li>notice: stripe will load nonfree javascript </li></ul>
          </li>
          {% if config['BTCPAY_PRIVATE_KEY'] != "" %}
          <li><a href="/payment/btcpay">Add funds with Bitcoin/Litecoin/Monero (btcpay)</a></li>
          {% endif %}
          <li>Cash: email <a href="mailto:treasurer@cyberia.club">treasurer@cyberia.club</a></li>
        </ul>
--- a/capsulflask/templates/base.html
+++ b/capsulflask/templates/base.html
@ -13,7 +13,7 @@
 <nav>
  <div class="row justify-space-between half-margin">
    <div>
-      <a href="/"><b>Capsul</b></a>💊
+      <a href="/"><b>YOLOCOLO</b></a>💊
    </div>
    <div>
      &nbsp;
@ -27,11 +27,10 @@
  <div class="row justify-center half-margin wrap nav-links">
    <a href="/pricing">Pricing</a>
    <a href="/faq">FAQ</a>
    <a href="/changelog">Changelog</a>
    {% if session["account"] %} 
      <a href="/console">Capsuls</a>
-      <a href="/console/keys">SSH &amp; API Keys</a>
+      <a href="/console/ssh">SSH Public Keys</a>
      <a href="/console/account-balance">Account Balance</a>
    {% endif %}
@ -47,11 +46,12 @@
 </main>
 {% block subcontent %}{% endblock %}
 <footer>
-  (c) Attribution-ShareAlike 4.0 International <br/>
+  This server runs <a
-  &nbsp;&nbsp;&nbsp;&nbsp;A service by Cyberia Computer Club 2020-<span class="bigtext">∞</span> <br/>
+    href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
-  <br/>
+  Cyberia Computer Club, available under the <a
-  <br/>
+    href="https://creativecommons.org/licenses/by-sa/4.0/">Attribution-ShareAlike
-  <a href="https://giit.cyberia.club/~forest/capsul-flask/tree/master/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
+    4.0 International</a> licence.<br/><br/>
  <a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
 </footer>
 </body>
 </html>
--- a/capsulflask/templates/capsul-detail.html
+++ b/capsulflask/templates/capsul-detail.html
@ -101,7 +101,7 @@
      </div>
      <div class="row justify-start">
        <label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>
-        <a id="ssh_authorized_keys" href="/console/keys">{{ vm['ssh_authorized_keys'] }}</a>
+        <a id="ssh_authorized_keys" href="/console/ssh">{{ vm['ssh_authorized_keys'] }}</a>
      </div>
    </div>
--- a/capsulflask/templates/create-capsul.html
+++ b/capsulflask/templates/create-capsul.html
@ -31,7 +31,7 @@
    <p>(At least one month of funding is required)</p>
  {% elif no_ssh_public_keys %}
    <p>You don't have any ssh public keys yet.</p> 
-    <p>You must <a href="/console/keys">upload one</a> before you can create a Capsul.</p>
+    <p>You must <a href="/console/ssh">upload one</a> before you can create a Capsul.</p>
  {% elif not capacity_avaliable %}
    <p>Host(s) at capacity. No capsuls can be created at this time. sorry. </p> 
  {% else %}
--- a/capsulflask/templates/faq.html
+++ b/capsulflask/templates/faq.html
@ -10,81 +10,32 @@
 <p>
 <ul>
   <li>
-     Which instance type should I buy?
+     What is this?
-     <p>There are no hard rules for this sort of thing, but here are some guidelines:</p>
+     <p>
-     <p>f1-xs: blog, vpn, bot, cgit</p>
+      This is a <strong>technical demo</strong> of <a
-     <p>f1-s: a bot, owncloud, gitea, popular blog</p>
+       href="https://giit.cyberia.club/~forest/capsul-flask">Capsul</a>, for the
-     <p>f1-m: docker host, build system</p>
+      as-yet-untitled <a href="https://coops.tech">Cotech</a> server hosting
-     <p>f1-l: large webservice, rotund java app</p>
+      initiative, which you can <a
-     <p>f1-x: gitlab (wow such memory very devops</p>
+      href="https://community.coops.tech/t/call-for-input-v2-co-op-vps-survey/2802/9">read
-     <p>f1-xx: something gargantuan</p>
+     about on the Cotech forum</a>.
   </li>
   <li>
     How do I log in?
     <p>ssh to the ip provided to you using the cyberian user.</p>
     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
   </li>
   <li>
     How do I change to the root user?
     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
     <pre class='code'>
 # Linux
 $ sudo su -
 # OpenBSD
 $ doas su -</pre>
   </li>
   <li>
     Do you offer reverse DNS?
     <p>We do, but right now it's a manual process. Shoot us an email and we'll get it done.</p>
   </li>
   <li>
    What if I don't pay / don't maintain my payments?
    <p>Your VM will eventually be deleted.
       Capsul will send you a few inoffensive reminders as that termination date approaches.
     </p>
   </li>
   <li>
-    Besides my virtual machines and payments, what information do you keep about me?
+     What do you mean, "technical demo"?
-     <p>We associate an email address with every VM so that we can track payment and respond to support requests.</p>
+     <p>No backups</p>
-     <p>If you pay with a credit card, Stripe stores some additional details about you that we literally cannot delete.</p>
+     <p>No service level agreement</p>
     <p>"Best effort" support</p>
   </li>
   <li>
-     What can I do with my VM?
+     Where can I get this, but, more reliable?
-     <p>Make it into a mailserver, a tor relay, a VPN host, whatever you'd like - we do have one small request, though.</p>
+     <p>Cyberia, the authors of this platform, run the canonical instance, <a
-     <p>Crypto mining on capsul is currently considered obnoxious behavior, because the hashrates on our CPUs is so low and because mining crypto consumes entire processor cores that could have otherwise been shared between many dozens of other users.</p>
+      href="https://capsul.org">Capsul.org</a>, on hardware they own. Please
-     <p>In the future, if we have plentiful CPU resources, we may come out with a tier more suitable for mining - maybe a high cpu tier or similar, where each VM gets a full dedicated core and sharing them is not anticipated.</p>
+     send them your money! (cash, crypto, or card accepted).</p>
     <p>We will never snoop on your traffic or inspect what's going on inside of our customer virtual machines - we don't want to. We hope that you'll extend us a similar courtesy and try not to use too much of our shared CPU resources. Capsul is currently a shared (resource-wise) world, and we all must live in it together!</p>
     <p>Also, mandatory: our systems exist within the USA, and as such those systems are bound by US law.</p>
   </li>
   <li>
-     Can you recover my passwords/insert new keys?
+     How do I use this system?
-     <p>Can we? Technically yes. Will we? No, never. It would violate the trust that our users have in us.
+     <p>Please see <a href="https://capsul.org/faq">the official Capsul FAQ
-     We have no interest in touching client VMs after they're running.
+       page</a>.</p>
     We promise to keep your machines running smoothly.
     If you lose access to your VM, that's on you.</p>
   </li>
   <li>
     Do you offer refunds?
     <p>Not now, but email us and we can probably figure something out.</p>
   </li>
   <li>
    Where do the VMs run? Is it on a machine that you guys own/control?
     <p>Capsul runs on a server named Baikal which Cyberia built from scratch & mailed to a datacenter
      in Georgia called CyberWurx. CyberWurx staff installed it for us in a rack space that
      Cyberia pays for. </p>
   </li>
   <li>
     Do you offer support?
     <p>Yep, see <a href="/support">our support page</a>.</p>
   </li>
   <li>
     Do you have an SLA?
     <p>No, but we normally respond pretty quickly.</p>
   </li>
   <li>
    Will you implement feature X?
    <p>Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.</p>
   </li>
 </ul>
 </p>
--- a/capsulflask/templates/index.html
+++ b/capsulflask/templates/index.html
@ -1,31 +1,26 @@
 {% extends 'base.html' %}
 {% block content %}
-  <h1>CAPSUL</h1>
+  <h1>
  <pre>
-       .-.  
+             _                 _
-      /:::\ 
+ _   _  ___ | | ___   ___ ___ | | ___
-     /::::/ 
+| | | |/ _ \| |/ _ \ / __/ _ \| |/ _ \
-    / `-:/  
+| |_| | (_) | | (_) | (_| (_) | | (_) |
-   /    /   
+ \__, |\___/|_|\___/ \___\___/|_|\___/
-   \   /    
+ |___/
-    `"`     
+
  </pre>
-  <span>Simple, fast, private compute by <a href="https://cyberia.club">cyberia.club</a></span>
+  <span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
 {% endblock %}
 {% block subcontent %}
 <p>
 <ul>
-   <li>Low friction: simply log in with your email address and fund your account with Credit/Debit or Cryptocurrency</li>
+   <li>Sign up for an account!</li>
-   <li>All root disks are backed up at no charge</li>
+   <li>Add some funds!</li>
-   <li>All storage is fast, local, and solid-state</li>
+   <li>Create a VPS!</li>
-   <li>All network connections are low latency</li>
+   <li>Give your feedback!</li>
   <li>Supported by amazing volunteers from Cyberia</li>
   <li>Upfront prices, no confusing billing</li>
   <li>Operated by a Minnesota non-profit organization that will never exploit you</li>
   <li>We donate a portion of our proceeds to likeminded hacker groups around the globe</li>
 </ul>           
 </p>
 {% endblock %}
--- a/capsulflask/templates/ssh-public-keys.html
+++ b/capsulflask/templates/ssh-public-keys.html
@ -1,18 +1,17 @@
 {% extends 'base.html' %}
-{% block title %}SSH &amp; API Keys{% endblock %}
+{% block title %}SSH Public Keys{% endblock %}
 {% block content %}
 <div class="row third-margin">
  <h1>SSH PUBLIC KEYS</h1>
 </div>
 <div class="row third-margin"><div>
-    {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
+  {% if has_ssh_public_keys %} <hr/> {% endif %}
  {% for ssh_public_key in ssh_public_keys %}
    <form method="post">
      <input type="hidden" name="method" value="DELETE"></input> 
      <input type="hidden" name="action" value="delete_ssh_key"></input>
      <input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input> 
      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
      <div class="row">
@ -23,14 +22,13 @@
    </form>
  {% endfor %}
-  {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
+  {% if has_ssh_public_keys %} <hr/> {% endif %}
  <div class="third-margin">
    <h1>UPLOAD A NEW SSH PUBLIC KEY</h1>
  </div>
  <form method="post">
    <input type="hidden" name="method" value="POST"></input>
    <input type="hidden" name="action" value="upload_ssh_key"></input>
    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
    <div class="row justify-start">
      <label class="align" for="content">File Contents</label>
@ -56,51 +54,6 @@
    </div>
  </form>
 </div></div>
 <hr/>
 <div class="row third-margin">
  <h1>API KEYS</h1>
 </div>
 <div class="row third-margin"><div>
  {% if generated_api_token %}
    <hr/>
    Generated key:
    <span class="code">{{ generated_api_token }}</span>
  {% endif %}
  {% if api_tokens|length >0 %} <hr/>{% endif %}
  {% for api_token in api_tokens %}
    <form method="post">
      <input type="hidden" name="method" value="DELETE"></input> 
      <input type="hidden" name="action" value="delete_api_token"></input>
      <input type="hidden" name="id" value="{{ api_token['id'] }}"></input> 
      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
      <div class="row">
        <span class="code">{{ api_token['name'] }}</span>
        created {{ api_token['created'].strftime("%b %d %Y") }}
        <input type="submit" value="Delete">
      </div>
    </form>
  {% endfor %}
  {% if api_tokens|length >0 %} <hr/>{% endif %}
  <div class="third-margin">
    <h1>GENERATE A NEW API KEY</h1>
  </div>
  <form method="post">
    <input type="hidden" name="method" value="POST"></input>
    <input type="hidden" name="action" value="generate_api_token"></input>
    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
    <div class="smalltext">
      <p>Generate a new API key, to integrate with other systems.</p>
    </div>
    <div class="row justify-start">
      <label class="align" for="name">Key Name</label>
      <input type="text" id="name" name="name"></input> (defaults to creation time)
    </div>
    <div class="row justify-end">
      <input type="submit" value="Generate">
    </div>
  </form>
 </div></div>
 {% endblock %}
 {% block pagesource %}/templates/ssh-public-keys.html{% endblock %}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -7,17 +7,26 @@ services:
    build: .
    volumes:
      - "./:/app/code"
      - "../tank:/tank"
      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
    depends_on:
      - db
    ports:
      - "5000:5000"
    environment:
      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
      - SPOKE_MODEL=shell-scripts
        #- FLASK_DEBUG=1
      - BASE_URL=http://localhost:5000
      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
    # The image uses gunicorn by default, let's override it with Flask's
    # built-in development server
    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
    devices:
      - "/dev/kvm:/dev/kvm"
  db:
-    image: "postgres:9.6.5"
+    image: "postgres:9.6.5-alpine"
    volumes:
      - "postgres:/var/lib/postgresql/data"
    environment:
Author	SHA1	Message	Date
3wc	0f4ac8e444	Merge branch 'yc-templates' into yolocolo All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-21 01:15:51 +02:00
3wc	3cf501a393	Disco updates for YOLOCOLO site	2021-07-21 01:13:52 +02:00
3wc	180efa01af	Merge branch 'optional-btcpay' into yolocolo All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-21 00:30:34 +02:00
3wc	7ed847251f	Don't load /btcpay if BTCPAY_PRIVATE_KEY un-set	2021-07-21 00:22:58 +02:00
3wc	e3a4776a5d	Hide the BTCPay link if BTCPAY_PRIVATE_KEY un-set	2021-07-21 00:20:38 +02:00
3wc	357d99cb91	Add load_config_vars context processor.. ..to allow accessing config variables in the templates. This removes the need for adding config variables manually to template contexts.	2021-07-21 00:19:38 +02:00
3wc	f5c079ffc2	Un-hard-code SSH key name All checks were successful continuous-integration/drone/push Build is passing Details	2021-07-20 23:55:03 +02:00
3wc	0e5dfe6bde	Last re-hard-coding for "working" joy	2021-07-20 23:55:03 +02:00
3wc	2adbb8d94c	Further filthy fix for local libvirt	2021-07-20 23:55:03 +02:00
3wc	8446d11720	Revert hardcoded local path to tank dir	2021-07-20 23:55:03 +02:00
3wc	a580b04659	Bag of hacks to get local libvirt working	2021-07-20 23:55:03 +02:00
3wc	2e6894ad14	Changes from @decentral1se code review Some checks failed continuous-integration/drone/pr Build is failing Details continuous-integration/drone/push Build is passing Details	2021-07-20 23:48:23 +02:00
3wc	2e6c6517f3	Add openssh-cient to Dockerfile for ssh-keyscan Some checks reported errors continuous-integration/drone/pr Build encountered an error Details continuous-integration/drone/push Build is passing Details	2021-07-20 01:52:17 +02:00
3wc	be6c1b38b7	STRIPE_SECRET_KEY not STRIPE_PUBLISHABLE_KEY Some checks failed continuous-integration/drone/push Build is failing Details continuous-integration/drone/pr Build is failing Details	2021-07-19 01:17:18 +02:00
3wc	aa8e129913	Load secrets from files if _FILE vars are set	2021-07-19 00:24:22 +02:00
3wc	71e09807a7	Docker updates for libvirtd	2021-07-15 00:13:11 +02:00
3wc	4816170c03	Use Flask server in development	2021-07-15 00:13:11 +02:00
3wc	6af241e8be	Multi-stage build oh my!	2021-07-15 00:13:11 +02:00
3wc	c8ec53f207	Initial attempt at Docker	2021-07-15 00:13:11 +02:00
forest	908d02803f	move hardcoding public3 to the right place	2021-07-12 16:10:28 -05:00
forest	6e6bd2b143	fix syntax error	2021-07-12 16:00:37 -05:00
forest	47fbaab403	hardcode network_name=public3 to sidestep phantom dhcp lease issues	2021-07-12 15:59:20 -05:00
		`@ -1,2 +0,0 @@`
			`DROP TABLE api_keys;`
			`UPDATE schemaversion SET version = 16;`