Merge branch 'yc-templates' into yolocolo

..to allow accessing config variables in the templates.

This removes the need for adding config variables manually to template
contexts.

.drone.yml

@@ -0,0 +1,14 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: latest
+

Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.8-alpine as build
+
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

capsulflask/__init__.py

@@ -26,12 +26,27 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE")
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(
-  
   BASE_URL=os.environ.get("BASE_URL", default="http://localhost:5000"),
   SECRET_KEY=os.environ.get("SECRET_KEY", default="dev"),
   HUB_MODE_ENABLED=os.environ.get("HUB_MODE_ENABLED", default="True").lower() in ['true', '1', 't', 'y', 'yes'],
@@ -219,6 +234,9 @@ def override_url_for():
   return dict(url_for=url_for_with_cache_bust)
 
 
+@app.context_processor
+def load_config_vars():
+  return dict(config=app.config)
 
 def url_for_with_cache_bust(endpoint, **values):
   """
@@ -244,7 +262,3 @@ def url_for_with_cache_bust(endpoint, **values):
       values['q'] = current_app.config['STATIC_FILE_HASH_CACHE'][filename]
 
   return url_for(endpoint, **values)
-
-
-
-  

capsulflask/hub_api.py

@@ -178,4 +178,4 @@ def on_create_claimed(payload, host_id):
     network_name=payload['network_name'],
     public_ipv4=payload['public_ipv4'],
     ssh_authorized_keys=list(map(lambda x: x["name"], payload['ssh_authorized_keys'])),
-  )
+  )

capsulflask/hub_model.py

@@ -214,12 +214,13 @@ class CapsulFlaskHub(VirtualizationInterface):
       except:
         # no need to do anything here since if it cant be parsed then generic_operation will handle it.
         pass
+
+    if error_message != "":
+      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
       
     if number_of_assigned != 1:
       assigned_hosts_string = ", ".join(assigned_hosts)
       raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
-    if error_message != "":
-      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
       
 
   def destroy(self, email: str, id: str):

capsulflask/payment.py

@@ -48,6 +48,10 @@ def validate_dollars():
 def btcpay_payment():
   errors = list()
 
+  if current_app.config['BTCPAY_PRIVATE_KEY'] == "":
+    flash("BTCPay is not enabled on this server")
+    return redirect(url_for("console.account_balance"))
+
   if request.method == "POST":
     result = validate_dollars()
     errors = result[0]
@@ -289,4 +293,4 @@ def success():
 #   except stripe.error.SignatureVerificationError:
 #     print("/payment/stripe/webhook returned 400: invalid signature")
 #     abort(400, "invalid signature")
-      
+      

capsulflask/shell_scripts/capacity-avaliable.sh

@@ -3,7 +3,7 @@
 # check available RAM and IPv4s
 
 ram_bytes_to_allocate="$1"
-ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
+ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
 ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
 
 if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
   exit 1
 fi
 
-# 20GB
-if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
+# 0.25GB
+if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
   echo "VM is requesting more RAM than $(hostname -f) has available."
   echo "Bytes requested: $ram_bytes_to_allocate"
   echo "Bytes available: $ram_bytes_available"

capsulflask/shell_scripts/create.sh

@@ -6,6 +6,7 @@
 
 vmname="$1"
 template_file="/tank/img/$2"
+qemu_tank_dir="/tank"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@@ -50,40 +51,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
   exit 1
 fi
 
-disk="/tank/vm/$vmname.qcow2"
-cdrom="/tank/vm/$vmname.iso"
-xml="/tank/vm/$vmname.xml"
+disk="$vmname.qcow2"
+cdrom="$vmname.iso"
+xml="$vmname.xml"
 
 if [ -f /tank/vm/$vmname.qcow2 ]; then
     echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
     exit 1
 fi
 
-cp "$template_file" "$disk"
+cp "$template_file" "/tank/vm/$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
   echo "      - $line" >> /tmp/cloudinit.yml
 done
 
-cloud-localds "$cdrom" /tmp/cloudinit.yml
+cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
 
-qemu-img resize "$disk" "$root_volume_size"
+qemu-img resize "/tank/vm/$disk" "$root_volume_size"
 virt-install \
     --memory "$memory" \
     --vcpus "$vcpus" \
     --name "$vmname" \
-    --disk "$disk",bus=virtio \
-    --disk "$cdrom",device=cdrom \
+    --disk "$qemu_tank_dir/vm/$disk",bus=virtio \
+    --disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
     --os-type Linux \
     --os-variant generic \
     --virt-type kvm \
     --graphics vnc,listen=127.0.0.1 \
-    --network network=$network_name,filterref=clean-traffic,model=virtio \
+    --network network=$network_name,model=virtio \
     --import \
-    --print-xml > "$xml"
+    --print-xml > "/tank/vm/$xml"
 
-chmod 0600 "$xml" "$disk" "$cdrom"
-virsh define "$xml"
+chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
+virsh define "/tank/vm/$xml"
 virsh start "$vmname"
 
 echo "success"

capsulflask/templates/account-balance.html

@@ -46,7 +46,9 @@
             <a href="/payment/stripe">Add funds with Credit/Debit (stripe)</a>
             <ul><li>notice: stripe will load nonfree javascript </li></ul>
           </li>
+          {% if config['BTCPAY_PRIVATE_KEY'] != "" %}
           <li><a href="/payment/btcpay">Add funds with Bitcoin/Litecoin/Monero (btcpay)</a></li>
+          {% endif %}
     
           <li>Cash: email <a href="mailto:treasurer@cyberia.club">treasurer@cyberia.club</a></li>
         </ul>

capsulflask/templates/base.html

@@ -13,7 +13,7 @@
 <nav>
   <div class="row justify-space-between half-margin">
     <div>
-      <a href="/"><b>Capsul</b></a>💊
+      <a href="/"><b>YOLOCOLO</b></a>💊
     </div>
     <div>
       &nbsp;
@@ -27,7 +27,6 @@
   <div class="row justify-center half-margin wrap nav-links">
     <a href="/pricing">Pricing</a>
     <a href="/faq">FAQ</a>
-    <a href="/changelog">Changelog</a>
 
     {% if session["account"] %} 
       <a href="/console">Capsuls</a>
@@ -47,11 +46,12 @@
 </main>
 {% block subcontent %}{% endblock %}
 <footer>
-  (c) Attribution-ShareAlike 4.0 International <br/>
-  &nbsp;&nbsp;&nbsp;&nbsp;A service by Cyberia Computer Club 2020-<span class="bigtext">∞</span> <br/>
-  <br/>
-  <br/>
-  <a href="https://giit.cyberia.club/~forest/capsul-flask/tree/master/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
+  This server runs <a
+    href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
+  Cyberia Computer Club, available under the <a
+    href="https://creativecommons.org/licenses/by-sa/4.0/">Attribution-ShareAlike
+    4.0 International</a> licence.<br/><br/>
+  <a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
 </footer>
 </body>
 </html>

capsulflask/templates/faq.html

@@ -10,81 +10,32 @@
 <p>
  <ul>
    <li>
-     Which instance type should I buy?
-     <p>There are no hard rules for this sort of thing, but here are some guidelines:</p>
-     <p>f1-xs: blog, vpn, bot, cgit</p>
-     <p>f1-s: a bot, owncloud, gitea, popular blog</p>
-     <p>f1-m: docker host, build system</p>
-     <p>f1-l: large webservice, rotund java app</p>
-     <p>f1-x: gitlab (wow such memory very devops</p>
-     <p>f1-xx: something gargantuan</p>
+     What is this?
+     <p>
+      This is a <strong>technical demo</strong> of <a
+       href="https://giit.cyberia.club/~forest/capsul-flask">Capsul</a>, for the
+      as-yet-untitled <a href="https://coops.tech">Cotech</a> server hosting
+      initiative, which you can <a
+      href="https://community.coops.tech/t/call-for-input-v2-co-op-vps-survey/2802/9">read
+     about on the Cotech forum</a>.
+     </p>
    </li>
    <li>
-     How do I log in?
-     <p>ssh to the ip provided to you using the cyberian user.</p>
-     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
+     What do you mean, "technical demo"?
+     <p>No backups</p>
+     <p>No service level agreement</p>
+     <p>"Best effort" support</p>
    </li>
    <li>
-     How do I change to the root user?
-     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
-     <pre class='code'>
-# Linux
-$ sudo su -
-
-# OpenBSD
-$ doas su -</pre>
+     Where can I get this, but, more reliable?
+     <p>Cyberia, the authors of this platform, run the canonical instance, <a
+      href="https://capsul.org">Capsul.org</a>, on hardware they own. Please
+     send them your money! (cash, crypto, or card accepted).</p>
    </li>
    <li>
-     Do you offer reverse DNS?
-     <p>We do, but right now it's a manual process. Shoot us an email and we'll get it done.</p>
-   </li>
-   <li>
-    What if I don't pay / don't maintain my payments?
-    <p>Your VM will eventually be deleted.
-       Capsul will send you a few inoffensive reminders as that termination date approaches.
-    </p>
-   </li>
-   <li>
-    Besides my virtual machines and payments, what information do you keep about me?
-     <p>We associate an email address with every VM so that we can track payment and respond to support requests.</p>
-     <p>If you pay with a credit card, Stripe stores some additional details about you that we literally cannot delete.</p>
-   </li>
-   <li>
-     What can I do with my VM?
-     <p>Make it into a mailserver, a tor relay, a VPN host, whatever you'd like - we do have one small request, though.</p>
-     <p>Crypto mining on capsul is currently considered obnoxious behavior, because the hashrates on our CPUs is so low and because mining crypto consumes entire processor cores that could have otherwise been shared between many dozens of other users.</p>
-     <p>In the future, if we have plentiful CPU resources, we may come out with a tier more suitable for mining - maybe a high cpu tier or similar, where each VM gets a full dedicated core and sharing them is not anticipated.</p>
-     <p>We will never snoop on your traffic or inspect what's going on inside of our customer virtual machines - we don't want to. We hope that you'll extend us a similar courtesy and try not to use too much of our shared CPU resources. Capsul is currently a shared (resource-wise) world, and we all must live in it together!</p>
-     <p>Also, mandatory: our systems exist within the USA, and as such those systems are bound by US law.</p>
-   </li>
-   <li>
-     Can you recover my passwords/insert new keys?
-     <p>Can we? Technically yes. Will we? No, never. It would violate the trust that our users have in us.
-     We have no interest in touching client VMs after they're running.
-     We promise to keep your machines running smoothly.
-     If you lose access to your VM, that's on you.</p>
-   </li>
-   <li>
-     Do you offer refunds?
-     <p>Not now, but email us and we can probably figure something out.</p>
-   </li>
-   <li>
-    Where do the VMs run? Is it on a machine that you guys own/control?
-     <p>Capsul runs on a server named Baikal which Cyberia built from scratch & mailed to a datacenter
-      in Georgia called CyberWurx. CyberWurx staff installed it for us in a rack space that
-      Cyberia pays for. </p>
-   </li>
-   <li>
-     Do you offer support?
-     <p>Yep, see <a href="/support">our support page</a>.</p>
-   </li>
-   <li>
-     Do you have an SLA?
-     <p>No, but we normally respond pretty quickly.</p>
-   </li>
-   <li>
-    Will you implement feature X?
-    <p>Maybe! Email <a href="mailto:ops@cyberia.club">ops@cyberia.club</a> and ask us about it.</p>
+     How do I use this system?
+     <p>Please see <a href="https://capsul.org/faq">the official Capsul FAQ
+       page</a>.</p>
    </li>
  </ul>
 </p>

capsulflask/templates/index.html

@@ -1,31 +1,26 @@
 {% extends 'base.html' %}
 
-
 {% block content %}
-  <h1>CAPSUL</h1>
+  <h1>
   <pre>
-       .-.  
-      /:::\ 
-     /::::/ 
-    / `-:/  
-   /    /   
-   \   /    
-    `"`     
+             _                 _
+ _   _  ___ | | ___   ___ ___ | | ___
+| | | |/ _ \| |/ _ \ / __/ _ \| |/ _ \
+| |_| | (_) | | (_) | (_| (_) | | (_) |
+ \__, |\___/|_|\___/ \___\___/|_|\___/
+ |___/
+
   </pre>
-  <span>Simple, fast, private compute by <a href="https://cyberia.club">cyberia.club</a></span>
+  <span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
 {% endblock %}
 
 {% block subcontent %}
 <p>
  <ul>
-   <li>Low friction: simply log in with your email address and fund your account with Credit/Debit or Cryptocurrency</li>
-   <li>All root disks are backed up at no charge</li>
-   <li>All storage is fast, local, and solid-state</li>
-   <li>All network connections are low latency</li>
-   <li>Supported by amazing volunteers from Cyberia</li>
-   <li>Upfront prices, no confusing billing</li>
-   <li>Operated by a Minnesota non-profit organization that will never exploit you</li>
-   <li>We donate a portion of our proceeds to likeminded hacker groups around the globe</li>
+   <li>Sign up for an account!</li>
+   <li>Add some funds!</li>
+   <li>Create a VPS!</li>
+   <li>Give your feedback!</li>
  </ul>           
 </p>
 {% endblock %}

docker-compose.yml

@@ -0,0 +1,38 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+      - "../tank:/tank"
+      - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+    devices:
+      - "/dev/kvm:/dev/kvm"
+  db:
+    image: "postgres:9.6.5-alpine"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres: