Merge pull request 'Make the displayed SSH username configurable' (#13) from mirsal/capsul-flask:ssh-username into yolocolo

Reviewed-on: #12

.drone.yml

@@ -0,0 +1,13 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: ${DRONE_COMMIT_BRANCH}

.gitignore

@@ -1,5 +1,6 @@
 notes.txt
 .env
+.env.bak
 .vscode
 
 *.pyc

Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.8-alpine as build
+
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

capsulflask/__init__.py

@@ -2,6 +2,7 @@ import logging
 from logging.config import dictConfig as logging_dict_config
 
 import atexit
+import jinja2
 import os
 import hashlib
 import requests
@@ -26,8 +27,24 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE")
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(
@@ -41,6 +58,7 @@ app.config.from_mapping(
   LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
   SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
   SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
+  SSH_USERNAME=os.environ.get("SSH_USERNAME", default="cyberian"),
   HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
 
   # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
@@ -71,7 +89,9 @@ app.config.from_mapping(
   #STRIPE_WEBHOOK_SECRET=os.environ.get("STRIPE_WEBHOOK_SECRET", default="")
 
   BTCPAY_PRIVATE_KEY=os.environ.get("BTCPAY_PRIVATE_KEY", default="").replace("\\n", "\n"),
-  BTCPAY_URL=os.environ.get("BTCPAY_URL", default="")
+  BTCPAY_URL=os.environ.get("BTCPAY_URL", default=""),
+
+  THEME=os.environ.get("THEME", default="")
 )
 
 app.config['HUB_URL'] = os.environ.get("HUB_URL", default=app.config['BASE_URL'])
@@ -154,8 +174,15 @@ is_running_server = ('flask run' in command_line) or ('gunicorn' in command_line
 
 app.logger.info(f"is_running_server: {is_running_server}")
 
-if app.config['HUB_MODE_ENABLED']:
+if app.config['THEME'] != "":
+  my_loader = jinja2.ChoiceLoader([
+    jinja2.FileSystemLoader(
+      [os.path.join('capsulflask', 'theme', app.config['THEME']),
+       'capsulflask/templates']),
+  ])
+  app.jinja_loader = my_loader
 
+if app.config['HUB_MODE_ENABLED']:
   if app.config['HUB_MODEL'] == "capsul-flask":
     app.config['HUB_MODEL'] = hub_model.CapsulFlaskHub()
 
@@ -177,7 +204,9 @@ if app.config['HUB_MODE_ENABLED']:
   from capsulflask import db
   db.init_app(app, is_running_server)
 
-  from capsulflask import auth, landing, console, payment, metrics, cli, hub_api, admin
+  from capsulflask import (
+    auth, landing, console, payment, metrics, cli, hub_api, publicapi, admin
+  )
 
   app.register_blueprint(landing.bp)
   app.register_blueprint(auth.bp)
@@ -187,13 +216,13 @@ if app.config['HUB_MODE_ENABLED']:
   app.register_blueprint(cli.bp)
   app.register_blueprint(hub_api.bp)
   app.register_blueprint(admin.bp)
+  app.register_blueprint(publicapi.bp)
 
   app.add_url_rule("/", endpoint="index")
 
 
 
 if app.config['SPOKE_MODE_ENABLED']:
-
   if app.config['SPOKE_MODEL'] == "shell-scripts":
     app.config['SPOKE_MODEL'] = spoke_model.ShellScriptSpoke()
   else:

capsulflask/auth.py

@@ -1,3 +1,4 @@
+from base64 import b64decode
 import functools
 import re
 
@@ -24,6 +25,15 @@ def account_required(view):
 
     @functools.wraps(view)
     def wrapped_view(**kwargs):
+        api_token = request.headers.get('authorization', None)
+        if api_token is not None:
+            email = get_model().authenticate_token(b64decode(api_token).decode('utf-8'))
+
+            if email is not None:
+                session.clear()
+                session["account"] = email
+                session["csrf-token"] = generate()
+
         if session.get("account") is None or session.get("csrf-token") is None :
             return redirect(url_for("auth.login"))
 
@@ -56,7 +66,7 @@ def login():
         if not email:
             errors.append("email is required")
         elif len(email.strip()) < 6 or email.count('@') != 1 or email.count('.') == 0: 
-	        errors.append("enter a valid email address")
+            errors.append("enter a valid email address")
 
         if len(errors) == 0:
             result = get_model().login(email)

capsulflask/console.py

@@ -1,7 +1,9 @@
+from base64 import b64encode
+from datetime import datetime, timedelta
+import json
 import re
 import sys
-import json
+
-from datetime import datetime, timedelta
 from flask import Blueprint
 from flask import flash
 from flask import current_app
@@ -27,12 +29,14 @@ def make_capsul_id():
   letters_n_nummers = generate(alphabet="1234567890qwertyuiopasdfghjklzxcvbnm", size=10)
   return f"capsul-{letters_n_nummers}"
 
-def double_check_capsul_address(id, ipv4, get_ssh_host_keys):
+def double_check_capsul_address(id, ipv4, ipv6, get_ssh_host_keys):
   try:
     result = current_app.config["HUB_MODEL"].get(id, get_ssh_host_keys)
     if result != None and result.ipv4 != None and result.ipv4 != ipv4:
-      ipv4 = result.ipv4
+      get_model().update_vm_ipv4(email=session["account"], id=id, ipv4=result.ipv4)
-      get_model().update_vm_ip(email=session["account"], id=id, ipv4=result.ipv4)
+
+    if result != None and result.ipv6 != None and result.ipv6 != ipv6:
+      get_model().update_vm_ipv6(email=session["account"], id=id, ipv6=result.ipv6)
 
     if result != None and result.ssh_host_keys != None and get_ssh_host_keys:
       get_model().update_vm_ssh_host_keys(email=session["account"], id=id, ssh_host_keys=result.ssh_host_keys)
@@ -59,37 +63,38 @@ def index():
   # for now we are going to check the IP according to the virt model
   # on every request. this could be done by a background job and cached later on...
   for vm in vms:
-    result = double_check_capsul_address(vm["id"], vm["ipv4"], False)
+    result = double_check_capsul_address(vm["id"], vm["ipv4"], vm["ipv6"], False)
     if result is not None:
       vm["ipv4"] = result.ipv4
+      vm["ipv6"] = result.ipv6
       vm["state"] = result.state
     else:
       vm["state"] = "unknown"
 
-
   mappedVms = []
   for vm in vms:
-    ip_display = vm['ipv4']
+    ip_display = {}
-    if not ip_display:
+    ip_display_class = {}
-      if vm["state"] == "running":
+    for af in ['ipv4', 'ipv6']:
-        ip_display = "..booting.."
+      ip_display[af] = vm[af]
-      else:
+      ip_display_class[af] = "ok"
-        ip_display = "unknown"
+      if not ip_display[af]:
-
+        if vm["state"] == "running":
-    ip_display_class = "ok"
+          ip_display[af] = "..booting.."
-    if not vm['ipv4']:
+          ip_display_class[af] = "waiting-pulse"
-      if vm["state"] == "running":
+        else:
-        ip_display_class = "waiting-pulse"
+          ip_display[af] = "unknown"
-      else:
+          ip_display_class[af] = "yellow"
-        ip_display_class = "yellow"
 
     mappedVms.append(dict(
-      id=vm['id'], 
+      id=vm['id'],
-      size=vm['size'], 
+      size=vm['size'],
       state=vm['state'],
-      ipv4=ip_display, 
+      ipv4=ip_display['ipv4'],
-      ipv4_status=ip_display_class, 
+      ipv4_status=ip_display_class['ipv4'],
-      os=vm['os'], 
+      ipv6=ip_display['ipv6'],
+      ipv6_status=ip_display_class['ipv6'],
+      os=vm['os'],
       created=vm['created'].strftime("%b %d %Y")
     ))
 
@@ -98,7 +103,6 @@ def index():
 @bp.route("/<string:id>", methods=("GET", "POST"))
 @account_required
 def detail(id):
-
   duration=request.args.get('duration')
   if not duration:
     duration = "5m"
@@ -108,6 +112,8 @@ def detail(id):
   if vm is None:
     return abort(404, f"{id} doesn't exist.")
 
+  vm['ssh_username'] = current_app.config['SSH_USERNAME']
+
   if vm['deleted']:
     return render_template("capsul-detail.html", vm=vm, delete=True, deleted=True)
 
@@ -167,10 +173,11 @@ def detail(id):
   else:
     needs_ssh_host_keys = "ssh_host_keys" not in vm or len(vm["ssh_host_keys"]) == 0
 
-    vm_from_virt_model = double_check_capsul_address(vm["id"], vm["ipv4"], needs_ssh_host_keys)
+    vm_from_virt_model = double_check_capsul_address(vm["id"], vm["ipv4"], vm['ipv6'], needs_ssh_host_keys)
     
     if vm_from_virt_model is not None:
       vm["ipv4"] = vm_from_virt_model.ipv4
+      vm["ipv6"] = vm_from_virt_model.ipv6
       vm["state"] = vm_from_virt_model.state
       if needs_ssh_host_keys:
         vm["ssh_host_keys"] = vm_from_virt_model.ssh_host_keys
@@ -188,6 +195,70 @@ def detail(id):
       duration=duration
     )
 
+def _create(email, vm_sizes, operating_systems, public_keys_for_account, affordable_vm_sizes, server_data):
+  errors = list()
+
+  size = server_data.get("size")
+  os = server_data.get("os")
+  posted_keys_count = int(server_data.get("ssh_authorized_key_count"))
+
+  if not size:
+    errors.append("Size is required")
+  elif size not in vm_sizes:
+    errors.append(f"Invalid size {size}")
+  elif size not in affordable_vm_sizes:
+    errors.append(f"Your account must have enough credit to run an {size} for 1 month before you will be allowed to create it")
+
+
+  if not os:
+    errors.append("OS is required")
+  elif os not in operating_systems:
+    errors.append(f"Invalid os {os}")
+
+  posted_keys = list()
+
+  if posted_keys_count > 1000:
+    errors.append("something went wrong with ssh keys")
+  else:
+    for i in range(0, posted_keys_count):
+      if f"ssh_key_{i}" in server_data:
+        posted_name = server_data.get(f"ssh_key_{i}")
+        key = None
+        for x in public_keys_for_account:
+          if x['name'] == posted_name:
+            key = x
+        if key:
+          posted_keys.append(key)
+        else:
+          errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
+
+  if len(posted_keys) == 0:
+    errors.append("At least one SSH Public Key is required")
+
+  capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(
+    vm_sizes[size]['memory_mb']*1024*1024
+  )
+
+  if not capacity_avaliable:
+    errors.append("""
+      host(s) at capacity. no capsuls can be created at this time. sorry. 
+    """)
+
+  if len(errors) == 0:
+    id = make_capsul_id()
+    current_app.config["HUB_MODEL"].create(
+      email = email,
+      id=id,
+      os=os,
+      size=size,
+      template_image_file_name=operating_systems[os]['template_image_file_name'],
+      vcpus=vm_sizes[size]['vcpus'],
+      memory_mb=vm_sizes[size]['memory_mb'],
+      ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys))
+    )
+    return id, errors
+
+  return None, errors
 
 @bp.route("/create", methods=("GET", "POST"))
 @account_required
@@ -199,67 +270,6 @@ def create():
   capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
   errors = list()
 
-  if request.method == "POST":
-    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
-      return abort(418, f"u want tea")
-
-    size = request.form["size"]
-    os = request.form["os"]
-    if not size:
-      errors.append("Size is required")
-    elif size not in vm_sizes:
-      errors.append(f"Invalid size {size}")
-
-    if not os:
-      errors.append("OS is required")
-    elif os not in operating_systems:
-      errors.append(f"Invalid os {os}")
-
-    posted_keys_count = int(request.form["ssh_authorized_key_count"])
-    posted_keys = list()
-
-    if posted_keys_count > 1000:
-      errors.append("something went wrong with ssh keys")
-    else:
-      for i in range(0, posted_keys_count):
-        if f"ssh_key_{i}" in request.form:
-          posted_name = request.form[f"ssh_key_{i}"]
-          key = None
-          for x in public_keys_for_account:
-            if x['name'] == posted_name:
-              key = x
-          if key:
-            posted_keys.append(key)
-          else:
-            errors.append(f"SSH Key \"{posted_name}\" doesn't exist")
-
-    if len(posted_keys) == 0:
-      errors.append("At least one SSH Public Key is required")
-
-    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(vm_sizes[size]['memory_mb']*1024*1024)
-
-    if not capacity_avaliable:
-      errors.append("""
-        host(s) at capacity. no capsuls can be created at this time. sorry. 
-      """)
-
-    if len(errors) == 0:
-      id = make_capsul_id()
-      # we can't create the vm record in the DB yet because its IP address needs to be allocated first.
-      # so it will be created when the allocation happens inside the hub_api.
-      current_app.config["HUB_MODEL"].create(
-        email = session["account"],
-        id=id,
-        os=os,
-        size=size,
-        template_image_file_name=operating_systems[os]['template_image_file_name'],
-        vcpus=vm_sizes[size]['vcpus'],
-        memory_mb=vm_sizes[size]['memory_mb'],
-        ssh_authorized_keys=list(map(lambda x: dict(name=x['name'], content=x['content']), posted_keys)) 
-      )
-      
-      return redirect(f"{url_for('console.index')}?created={id}")
-  
   affordable_vm_sizes = dict()
   for key, vm_size in vm_sizes.items():
     # if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month, 
@@ -268,6 +278,20 @@ def create():
     if vm_size["dollars_per_month"] <= account_balance+0.25:
       affordable_vm_sizes[key] = vm_size
 
+  if request.method == "POST":
+    if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
+      return abort(418, f"u want tea")
+    id, errors = _create(
+      session['account'],
+      vm_sizes, 
+      operating_systems,
+      public_keys_for_account,
+      affordable_vm_sizes,
+      request.form)
+    if len(errors) == 0: 
+      return redirect(f"{url_for('console.index')}?created={id}")
+  
+
   for error in errors:
     flash(error)
 
@@ -287,23 +311,25 @@ def create():
     vm_sizes=affordable_vm_sizes
   )
 
-@bp.route("/ssh", methods=("GET", "POST"))
+@bp.route("/keys", methods=("GET", "POST"))
 @account_required
-def ssh_public_keys():
+def ssh_api_keys():
   errors = list()
 
+  token = None
+
   if request.method == "POST":
     if "csrf-token" not in request.form or request.form['csrf-token'] != session['csrf-token']:
       return abort(418, f"u want tea")
       
-    method = request.form["method"]
+    action = request.form["action"]
-    content = None
+
-    if method == "POST":
+    if action == 'upload_ssh_key':
+      content = None
       content = request.form["content"].replace("\r", " ").replace("\n", " ").strip()
-      
+        
-    name = request.form["name"]
+      name = request.form["name"]
-    if not name or len(name.strip()) < 1:
+      if not name or len(name.strip()) < 1:
-      if method == "POST":
         parts = re.split(" +", content)
         if len(parts) > 2 and len(parts[2].strip()) > 0:
           name = parts[2].strip()
@@ -311,10 +337,9 @@ def ssh_public_keys():
           name = parts[0].strip()
       else:
         errors.append("Name is required")
-    if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
+      if not re.match(r"^[0-9A-Za-z_@:. -]+$", name):
-      errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
+        errors.append(f"Key name '{name}' must match \"^[0-9A-Za-z_@:. -]+$\"")
 
-    if method == "POST":
       if not content or len(content.strip()) < 1:
         errors.append("Content is required")
       else:
@@ -327,24 +352,36 @@ def ssh_public_keys():
       if len(errors) == 0:
         get_model().create_ssh_public_key(session["account"], name, content)
 
-    elif method == "DELETE":
+    elif action == "delete_ssh_key":
+      get_model().delete_ssh_public_key(session["account"], name)
 
-      if len(errors) == 0:
+    elif action == "generate_api_token":
-        get_model().delete_ssh_public_key(session["account"], name)
+      name = request.form["name"]
+      if name == '':
+          name = datetime.utcnow().strftime('%y-%m-%d %H:%M:%S')
+      token = b64encode(
+        get_model().generate_api_token(session["account"], name).encode('utf-8')
+      ).decode('utf-8')
+
+    elif action == "delete_api_token":
+      get_model().delete_api_token(session["account"], request.form["id"])
 
   for error in errors:
     flash(error)
 
-  keys_list=list(map(
+  ssh_keys_list=list(map(
     lambda x: dict(name=x['name'], content=f"{x['content'][:20]}...{x['content'][len(x['content'])-20:]}"), 
     get_model().list_ssh_public_keys_for_account(session["account"])
   ))
 
+  api_tokens_list = get_model().list_api_tokens(session["account"])
+
   return render_template(
-    "ssh-public-keys.html", 
+    "keys.html", 
     csrf_token = session["csrf-token"],
-    ssh_public_keys=keys_list, 
+    api_tokens=api_tokens_list, 
-    has_ssh_public_keys=len(keys_list) > 0
+    ssh_public_keys=ssh_keys_list,
+    generated_api_token=token,
   )
 
 def get_vms():
@@ -368,7 +405,6 @@ def get_vm_months_float(vm, as_of):
   return days / average_number_of_days_in_a_month
 
 def get_account_balance(vms, payments, as_of):
-
   vm_cost_dollars = 0.0
   for vm in vms:
     vm_months = get_vm_months_float(vm, as_of)
@@ -381,7 +417,6 @@ def get_account_balance(vms, payments, as_of):
 @bp.route("/account-balance")
 @account_required
 def account_balance():
-
   payment_sessions = get_model().list_payment_sessions_for_account(session['account'])
   for payment_session in payment_sessions:
     if payment_session['type'] == 'btcpay':

capsulflask/db.py

@@ -33,7 +33,7 @@ def init_app(app, is_running_server):
     result = re.search(r"^\d+_(up|down)", filename)
     if not result:
       app.logger.error(f"schemaVersion {filename} must match ^\\d+_(up|down). exiting.")
-      exit(1)
+      continue
     key = result.group()
     with open(join(schemaMigrationsPath, filename), 'rb') as file:
       schemaMigrations[key] = file.read().decode("utf8")
@@ -43,7 +43,7 @@ def init_app(app, is_running_server):
   hasSchemaVersionTable = False
   actionWasTaken = False
   schemaVersion = 0
-  desiredSchemaVersion = 18
+  desiredSchemaVersion = 19
 
   cursor = connection.cursor()
 
@@ -128,4 +128,3 @@ def close_db(e=None):
   if db_model is not None:
     db_model.cursor.close()
     current_app.config['PSYCOPG2_CONNECTION_POOL'].putconn(db_model.connection)
-

capsulflask/db_model.py

@@ -1,8 +1,8 @@
-
 import re
 
 # I was never able to get this type hinting to work correctly 
 # from psycopg2.extensions import connection as Psycopg2Connection, cursor as Psycopg2Cursor
+import hashlib
 from nanoid import generate
 from flask import current_app
 from typing import List
@@ -17,7 +17,6 @@ class DBModel:
     self.cursor = cursor
 
 
-
   #     ------    LOGIN     ---------     
 
 
@@ -43,6 +42,16 @@ class DBModel:
     self.connection.commit()
 
     return (token, ignoreCaseMatches)
+
+  def authenticate_token(self, token):
+    m = hashlib.md5()
+    m.update(token.encode('utf-8'))
+    hash_token = m.hexdigest()
+    self.cursor.execute("SELECT email FROM api_tokens WHERE token = %s", (hash_token, ))
+    result = self.cursor.fetchall()
+    if len(result) == 1:
+      return result[0]
+    return None
     
   def consume_token(self, token):
     self.cursor.execute("SELECT email FROM login_tokens WHERE token = %s and created > (NOW() - INTERVAL '20 min')", (token, ))
@@ -132,6 +141,32 @@ class DBModel:
     self.cursor.execute( "DELETE FROM ssh_public_keys where email = %s AND name = %s", (email, name) )
     self.connection.commit()
 
+  def list_api_tokens(self, email):
+    self.cursor.execute(
+      "SELECT id, token, name, created FROM api_tokens WHERE email = %s", 
+      (email, )
+    )
+    return list(map(
+      lambda x: dict(id=x[0], token=x[1], name=x[2], created=x[3]), 
+      self.cursor.fetchall()
+    ))
+
+  def generate_api_token(self, email, name):
+    token = generate()
+    m = hashlib.md5()
+    m.update(token.encode('utf-8'))
+    hash_token = m.hexdigest()
+    self.cursor.execute(
+      "INSERT INTO api_tokens (email, name, token) VALUES (%s, %s, %s)", 
+      (email, name, hash_token)
+    )
+    self.connection.commit()
+    return token
+
+  def delete_api_token(self, email, id_):
+    self.cursor.execute( "DELETE FROM api_tokens where email = %s AND id = %s", (email, id_))
+    self.connection.commit()
+
   def list_vms_for_account(self, email):
     self.cursor.execute(""" 
       SELECT vms.id, vms.public_ipv4, vms.public_ipv6, vms.size, vms.os, vms.created, vms.deleted, vm_sizes.dollars_per_month
@@ -144,10 +179,14 @@ class DBModel:
       self.cursor.fetchall()
     ))
 
-  def update_vm_ip(self, email, id, ipv4):
+  def update_vm_ipv4(self, email, id, ipv4):
     self.cursor.execute("UPDATE vms SET public_ipv4 = %s WHERE email = %s AND id = %s", (ipv4, email, id))
     self.connection.commit()
 
+  def update_vm_ipv6(self, email, id, ipv6):
+    self.cursor.execute("UPDATE vms SET public_ipv6 = %s WHERE email = %s AND id = %s", (ipv6, email, id))
+    self.connection.commit()
+
   def update_vm_ssh_host_keys(self, email, id, ssh_host_keys):
     for key in ssh_host_keys:
       self.cursor.execute(""" 
@@ -479,8 +518,3 @@ class DBModel:
     #cursor.close()
 
     return to_return
-      
-
-
-
-

capsulflask/hub_api.py

@@ -178,4 +178,4 @@ def on_create_claimed(payload, host_id):
     network_name=payload['network_name'],
     public_ipv4=payload['public_ipv4'],
     ssh_authorized_keys=list(map(lambda x: x["name"], payload['ssh_authorized_keys'])),
-  )
+  )

capsulflask/hub_model.py

@@ -44,6 +44,7 @@ class MockHub(VirtualizationInterface):
     validate_capsul_id(id)
     current_app.logger.info(f"mock create: {id} for {email}")
     sleep(1)
+
     get_model().create_vm(
       email=email, 
       id=id, 
@@ -197,6 +198,10 @@ class CapsulFlaskHub(VirtualizationInterface):
     validate_capsul_id(id)
     online_hosts = get_model().get_online_hosts()
     #current_app.logger.debug(f"hub_model.create(): ${len(online_hosts)} hosts")
+
+    current_app.logger.error(f'{email}, {id} {os} {size} {template_image_file_name} {vcpus} {memory_mb}')
+    current_app.logger.error(f'{ssh_authorized_keys}')
+    
     payload = json.dumps(dict(
       type="create", 
       email=email, 
@@ -227,12 +232,13 @@ class CapsulFlaskHub(VirtualizationInterface):
       except:
         # no need to do anything here since if it cant be parsed then generic_operation will handle it.
         pass
+
+    if error_message != "":
+      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts} failed with {error_message}")
       
     if number_of_assigned != 1:
       assigned_hosts_string = ", ".join(assigned_hosts)
       raise ValueError(f"expected create capsul operation {operation_id} to be assigned to one host, it was assigned to {number_of_assigned} ({assigned_hosts_string})")
-    if error_message != "":
-      raise ValueError(f"create capsul operation {operation_id} on {assigned_hosts_string} failed with {error_message}")
       
 
   def destroy(self, email: str, id: str):

capsulflask/landing.py

@@ -22,7 +22,7 @@ def pricing():
 
 @bp.route("/faq")
 def faq():
-  return render_template("faq.html")
+  return render_template("faq.html", ssh_username=current_app.config['SSH_USERNAME'])
 
 @bp.route("/about-ssh")
 def about_ssh():

capsulflask/publicapi.py

@@ -0,0 +1,50 @@
+import datetime
+
+from flask import Blueprint
+from flask import current_app
+from flask import jsonify
+from flask import request
+from flask import session
+from nanoid import generate
+
+from capsulflask.auth import account_required
+from capsulflask.db import get_model
+
+bp = Blueprint("publicapi", __name__, url_prefix="/api")
+
+@bp.route("/capsul/create", methods=["POST"])
+@account_required
+def capsul_create():
+    email = session["account"][0]
+    
+    from .console import _create, get_account_balance, get_payments, get_vms
+
+    vm_sizes = get_model().vm_sizes_dict()
+    operating_systems = get_model().operating_systems_dict()
+    public_keys_for_account = get_model().list_ssh_public_keys_for_account(session["account"])
+    account_balance = get_account_balance(get_vms(), get_payments(), datetime.datetime.utcnow())
+    capacity_avaliable = current_app.config["HUB_MODEL"].capacity_avaliable(512*1024*1024)
+
+    affordable_vm_sizes = dict()
+    for key, vm_size in vm_sizes.items():
+      # if a user deposits $7.50 and then creates an f1-s vm which costs 7.50 a month, 
+      # then they have to delete the vm and re-create it, they will not be able to, they will have to pay again.
+      # so for UX it makes a lot of sense to give a small margin of 25 cents for usability sake
+      if vm_size["dollars_per_month"] <= account_balance+0.25:
+        affordable_vm_sizes[key] = vm_size
+
+    request.json['ssh_authorized_key_count'] = 1
+
+    id, errors = _create(
+      email,
+      vm_sizes, 
+      operating_systems,
+      public_keys_for_account,
+      affordable_vm_sizes,
+      request.json)
+
+    if id is not None:
+        return jsonify(
+            id=id,
+        )
+    return jsonify(errors=errors)

capsulflask/schema_migrations/19_down_api_tokens.py

@@ -0,0 +1,2 @@
+DROP TABLE api_keys;
+UPDATE schemaversion SET version = 18;

capsulflask/schema_migrations/19_up_api_tokens.py

@@ -0,0 +1,9 @@
+CREATE TABLE api_tokens (
+  id                 SERIAL PRIMARY KEY,
+  email              TEXT REFERENCES accounts(email) ON DELETE RESTRICT,
+  name               TEXT NOT NULL,
+  created            TIMESTAMP NOT NULL DEFAULT NOW(),
+  token              TEXT NOT NULL
+);
+
+UPDATE schemaversion SET version = 19;

capsulflask/shell_scripts/capacity-avaliable.sh

@@ -3,7 +3,7 @@
 # check available RAM and IPv4s
 
 ram_bytes_to_allocate="$1"
-ram_bytes_available=$(grep -E "^(size|memory_available_bytes)" /proc/spl/kstat/zfs/arcstats | awk '{sum+=$3} END {printf "%.0f", sum}')
+ram_bytes_available="$(($(grep Available /proc/meminfo | grep -o '[0-9]*') * 1024))"
 ram_bytes_remainder="$((ram_bytes_available - ram_bytes_to_allocate))"
 
 if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
@@ -11,8 +11,8 @@ if echo "$ram_bytes_to_allocate" | grep -vqE "^[0-9]+$"; then
   exit 1
 fi
 
-# 20GB
+# 0.25GB
-if [ "$ram_bytes_remainder" -le $((20 * 1024 * 1024 * 1024)) ]; then
+if [ "$ram_bytes_remainder" -le $((1 * 1024 * 1024 * 1024 / 4)) ]; then
   echo "VM is requesting more RAM than $(hostname -f) has available."
   echo "Bytes requested: $ram_bytes_to_allocate"
   echo "Bytes available: $ram_bytes_available"

capsulflask/shell_scripts/create.sh

@@ -6,6 +6,7 @@
 
 vmname="$1"
 template_file="/tank/img/$2"
+qemu_tank_dir="/tank"
 vcpus="$3"
 memory="$4"
 pubkeys="$5"
@@ -50,40 +51,40 @@ if echo "$public_ipv4" | grep -vqE "^[0-9.]+$"; then
   exit 1
 fi
 
-disk="/tank/vm/$vmname.qcow2"
+disk="$vmname.qcow2"
-cdrom="/tank/vm/$vmname.iso"
+cdrom="$vmname.iso"
-xml="/tank/vm/$vmname.xml"
+xml="$vmname.xml"
 
 if [ -f /tank/vm/$vmname.qcow2 ]; then
     echo "Randomly generated name matched an existing VM! Odds are like one in a billion. Buy a lotto ticket."
     exit 1
 fi
 
-cp "$template_file" "$disk"
+cp "$template_file" "/tank/vm/$disk"
 cp /tank/config/cyberia-cloudinit.yml /tmp/cloudinit.yml
 echo "$pubkeys" | while IFS= read -r line; do
   echo "      - $line" >> /tmp/cloudinit.yml
 done
 
-cloud-localds "$cdrom" /tmp/cloudinit.yml
+cloud-localds "/tank/vm/$cdrom" /tmp/cloudinit.yml
 
-qemu-img resize "$disk" "$root_volume_size"
+qemu-img resize "/tank/vm/$disk" "$root_volume_size"
 virt-install \
     --memory "$memory" \
     --vcpus "$vcpus" \
     --name "$vmname" \
-    --disk "$disk",bus=virtio \
+    --disk "$qemu_tank_dir/vm/$disk",bus=virtio \
-    --disk "$cdrom",device=cdrom \
+    --disk "$qemu_tank_dir/vm/$cdrom",device=cdrom \
     --os-type Linux \
     --os-variant generic \
     --virt-type kvm \
     --graphics vnc,listen=127.0.0.1 \
-    --network network=$network_name,filterref=clean-traffic,model=virtio \
+    --network network=$network_name,model=virtio \
     --import \
-    --print-xml > "$xml"
+    --print-xml > "/tank/vm/$xml"
 
-chmod 0600 "$xml" "$disk" "$cdrom"
+chmod 0600 "/tank/vm/$xml" "/tank/vm/$disk" "/tank/vm/$cdrom"
-virsh define "$xml"
+virsh define "/tank/vm/$xml"
 virsh start "$vmname"
 
 echo "success"

capsulflask/shell_scripts/get.sh

@@ -29,7 +29,8 @@ if virsh domuuid "$vmname" | grep -vqE '^[\t\s\n]*$'; then
   esac
 fi
 
-# this gets the ipv4
+# this gets the vm ip addresses
-ipv4="$(virsh domifaddr "$vmname" | awk '/vnet/ {print $4}' | cut -d'/' -f1)"
+ipv4="$(virsh domifaddr "$vmname" | awk '/ipv4/ {print $4}' | cut -d'/' -f1)"
+ipv6="$(virsh domifaddr "$vmname" | awk '/ipv6/ {print $4}' | cut -d'/' -f1)"
 
-echo "$exists $state $ipv4"
+echo "$exists $state $ipv4 $ipv6"

capsulflask/spoke_model.py

@@ -114,24 +114,30 @@ class ShellScriptSpoke(VirtualizationInterface):
     if len(fields) < 3:
       return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state)
 
-    ipaddr = fields[2]
+    ip4addr = fields[2]
 
-    if not re.match(r"^([0-9]{1,3}\.){3}[0-9]{1,3}$", ipaddr):
+    if not re.match(r"^([0-9]{1,3}\.){3}[0-9]{1,3}$", ip4addr):
       return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state)
 
     if get_ssh_host_keys:
       try:
-        completedProcess2 = run([join(current_app.root_path, 'shell_scripts/ssh-keyscan.sh'), ipaddr], capture_output=True)
+        completedProcess2 = run([join(current_app.root_path, 'shell_scripts/ssh-keyscan.sh'), ip4addr], capture_output=True)
         self.validate_completed_process(completedProcess2)
         ssh_host_keys = json.loads(completedProcess2.stdout.decode("utf-8"))
-        return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ipaddr, ssh_host_keys=ssh_host_keys)
+        return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr, ssh_host_keys=ssh_host_keys)
       except:
         current_app.logger.warning(f"""
-          failed to ssh-keyscan {id} at {ipaddr}:
+          failed to ssh-keyscan {id} at {ip4addr}:
           {my_exec_info_message(sys.exc_info())}"""
         )
 
-    return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ipaddr)
+    if len(fields) < 4:
+        return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr)
+
+    ip6addr = fields[3]
+
+    return VirtualMachine(id, current_app.config["SPOKE_HOST_ID"], state=state, ipv4=ip4addr, ipv6=ip6addr)
+
 
   def list_ids(self) -> list:
     completedProcess = run([join(current_app.root_path, 'shell_scripts/list-ids.sh')], capture_output=True)

capsulflask/static/style.css

@@ -1,8 +1,8 @@
 html {
-  color: #bdc7b8;
+  color: #241e1e;
   font: calc(0.40rem + 1vmin) monospace;
   overflow-y: scroll;
-  background-color: #241e1e;
+  background-color: #bdc7b8;
 }
 
 body {
@@ -19,8 +19,8 @@ body {
 }
 
 a {
-  color:#6CF;
+  color:#00517a;
-  text-shadow: 1px 1px 0px #000c;
+  text-shadow: 1px 1px 0px #eee;
 }
 
 a.no-shadow {
@@ -28,7 +28,7 @@ a.no-shadow {
 }
 
 a:hover, a:active, a:visited {
-  color: #b5bd68;
+  color: #323417;
 } 
 
 .nav-links  a {
@@ -59,11 +59,11 @@ h1, h2, h3, h4, h5 {
   margin: initial;
   padding: initial;
   text-transform: uppercase;
-  text-shadow: 2px 2px 0px #0007;
+  text-shadow: 2px 2px 0px #eee;
 }
 
 main {
-  border: 1px dashed #bdc7b8;
+  border: 1px dashed #241e1e;
   padding: 1rem;
   margin-bottom: 2em;
 
@@ -143,7 +143,7 @@ input, textarea, select, label {
 input, select, textarea {
   outline: 0;
   padding: 0.25em 0.5em;
-  color: #bdc7b8;
+  color: #241e1e;
   background-color: #bdc7b805;
 }
 

capsulflask/static/style.yolocolo.css

@@ -0,0 +1,35 @@
+html {
+  color: #241e1e !important;
+  background-color: #bdc7b8 !important;
+}
+
+a {
+  color:#00517a !important;
+  text-shadow: 1px 1px 0px #eee !important;
+}
+
+a:hover, a:active, a:visited {
+  color: #323417 !important;
+} 
+
+.nav-links  a {
+  text-shadow: 2px 2px 0px #eee !important;
+}
+
+h1, h2, h3, h4, h5 {
+	text-shadow: 2px 2px 0px #eee;
+}
+
+main {
+  border: 1px dashed #241e1e !important;
+}
+
+
+input, select, textarea {
+  color: #241e1e !important;
+}
+
+th {
+  border-right: 1px solid #eee !important;
+  text-align: left !important;
+}

capsulflask/templates/base.html

@@ -31,7 +31,7 @@
 
     {% if session["account"] %} 
       <a href="/console">Capsuls</a>
-      <a href="/console/ssh">SSH Public Keys</a>
+      <a href="/console/keys">SSH &amp; API Keys</a>
       <a href="/console/account-balance">Account Balance</a>
     {% endif %}
 

capsulflask/templates/capsul-detail.html

@@ -79,6 +79,10 @@
         <label class="align" for="ipv4">IPv4 Address</label>
         <span id="ipv4">{{ vm['ipv4'] }}</span>
       </div>
+      <div class="row justify-start">
+        <label class="align" for="ipv6">IPv6 Address</label>
+        <span id="ipv6">{{ vm['ipv6'] }}</span>
+      </div>
       <div class="row justify-start">
         <label class="align" for="os_description">Operating System</label>
         <span id="os_description">{{ vm['os_description'] }}</span>
@@ -97,11 +101,11 @@
       </div>
       <div class="row justify-start">
         <label class="align" for="ssh_username">SSH Username</label>
-        <span id="ssh_username">cyberian</span>
+        <span id="ssh_username">{{ vm['ssh_username'] }}</span>
       </div>
       <div class="row justify-start">
         <label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>
-        <a id="ssh_authorized_keys" href="/console/ssh">{{ vm['ssh_authorized_keys'] }}</a>
+        <a id="ssh_authorized_keys" href="/console/keys">{{ vm['ssh_authorized_keys'] }}</a>
       </div>
       
     </div>

capsulflask/templates/create-capsul.html

@@ -31,7 +31,7 @@
     <p>(At least one month of funding is required)</p>
   {% elif no_ssh_public_keys %}
     <p>You don't have any ssh public keys yet.</p> 
-    <p>You must <a href="/console/ssh">upload one</a> before you can create a Capsul.</p>
+    <p>You must <a href="/console/keys">upload one</a> before you can create a Capsul.</p>
   {% elif not capacity_avaliable %}
     <p>Host(s) at capacity. No capsuls can be created at this time. sorry. </p> 
   {% else %}

capsulflask/templates/faq.html

@@ -21,13 +21,13 @@
    </li>
    <li>
      How do I log in?
-     <p>ssh to the ip provided to you using the cyberian user.</p>
+     <p>ssh to the ip provided to you using the "{{ ssh_username }}" user.</p>
-     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
+     <pre class='code'>$ ssh {{ ssh_username }}@1.2.3.4</pre>
      <p>For more information, see <a href="/about-ssh">Understanding the Secure Shell Protocol (SSH)</a>.</p>
    </li>
    <li>
      How do I change to the root user?
-     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
+     <p>The "{{ ssh_username }}" user has passwordless sudo access by default. This should work:</p>
      <pre class='code'>
 # Linux
 $ sudo su -

capsulflask/templates/keys.html

@@ -1,17 +1,18 @@
 {% extends 'base.html' %}
 
-{% block title %}SSH Public Keys{% endblock %}
+{% block title %}SSH & API Keys{% endblock %}
 
 {% block content %}
 <div class="row third-margin">
   <h1>SSH PUBLIC KEYS</h1>
 </div>
 <div class="row third-margin"><div>
-  {% if has_ssh_public_keys %} <hr/> {% endif %}
+    {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
   
   {% for ssh_public_key in ssh_public_keys %}
     <form method="post">
       <input type="hidden" name="method" value="DELETE"></input> 
+      <input type="hidden" name="action" value="delete_ssh_key"></input>
       <input type="hidden" name="name" value="{{ ssh_public_key['name'] }}"></input> 
       <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
       <div class="row">
@@ -22,13 +23,14 @@
     </form>
   {% endfor %}
 
-  {% if has_ssh_public_keys %} <hr/> {% endif %}
+  {% if ssh_public_keys|length > 0 %} <hr/> {% endif %}
 
   <div class="third-margin">
     <h1>UPLOAD A NEW SSH PUBLIC KEY</h1>
   </div>
   <form method="post">
     <input type="hidden" name="method" value="POST"></input>
+    <input type="hidden" name="action" value="upload_ssh_key"></input>
     <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
     <div class="row justify-start">
       <label class="align" for="content">File Contents</label>
@@ -54,6 +56,51 @@
     </div>
   </form>
 </div></div>
+<hr/>
+<div class="row third-margin">
+  <h1>API KEYS</h1>
+</div>
+<div class="row third-margin"><div>
+  {% if generated_api_token %}
+    <hr/>
+    Generated key:
+    <span class="code">{{ generated_api_token }}</span>
+  {% endif %}
+  {% if api_tokens|length >0 %} <hr/>{% endif %}
+  {% for api_token in api_tokens %}
+    <form method="post">
+      <input type="hidden" name="method" value="DELETE"></input> 
+      <input type="hidden" name="action" value="delete_api_token"></input>
+      <input type="hidden" name="id" value="{{ api_token['id'] }}"></input> 
+      <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
+      <div class="row">
+        <span class="code">{{ api_token['name'] }}</span>
+        created {{ api_token['created'].strftime("%b %d %Y") }}
+        <input type="submit" value="Delete">
+      </div>
+    </form>
+  {% endfor %}
+  {% if api_tokens|length >0 %} <hr/>{% endif %}
+
+  <div class="third-margin">
+    <h1>GENERATE A NEW API KEY</h1>
+  </div>
+  <form method="post">
+    <input type="hidden" name="method" value="POST"></input>
+    <input type="hidden" name="action" value="generate_api_token"></input>
+    <input type="hidden" name="csrf-token" value="{{ csrf_token }}"/>
+    <div class="smalltext">
+      <p>Generate a new API key, to integrate with other systems.</p>
+    </div>
+    <div class="row justify-start">
+      <label class="align" for="name">Key Name</label>
+      <input type="text" id="name" name="name"></input> (defaults to creation time)
+    </div>
+    <div class="row justify-end">
+      <input type="submit" value="Generate">
+    </div>
+  </form>
+</div></div>
 {% endblock %}
 
 {% block pagesource %}/templates/ssh-public-keys.html{% endblock %}

capsulflask/theme/yolocolo/account-balance.html

@@ -0,0 +1,94 @@
+{% extends 'base.html' %}
+
+{% block title %}Account Balance{% endblock %}
+
+{% block content %}
+<div class="row third-margin">
+  <h1>Account Balance: ${{ account_balance }}</h1>
+</div>
+<div class="half-margin">
+ 
+  {% if has_vms and has_payments and warning_text != "" %}
+  <div class="row">
+    <pre class="wrap">{{ warning_text }}</pre>
+  </div>
+  {% endif %}
+  <div class="row">
+    {% if has_payments %}
+    <div>
+      <div class="row third-margin">
+        <h1>Payments</h1>
+      </div>
+    
+      <table>
+        <thead>
+          <tr>
+            <th>amount</th>
+            <th>date</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for payment in payments %}
+            <tr>
+              <td class="{{ payment['class_name'] }}">${{ payment["dollars"] }}</td>
+              <td class="{{ payment['class_name'] }}">{{ payment["created"] }}</td>
+            </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+    {% endif %}
+    <ul>
+      <li>
+        <h1>PAYMENT OPTIONS</h1>
+        <ul>
+          <li>
+            <a href="/payment/stripe">Add funds with Credit/Debit (stripe)</a>
+            <ul><li>notice: stripe will load nonfree javascript </li></ul>
+          </li>
+          {% if btcpay_enabled %}
+          <li><a href="/payment/btcpay">Add funds with Bitcoin/Litecoin/Monero (btcpay)</a></li>
+          {% endif %}
+        </ul>
+      </li>
+    </ul>
+
+  </div>
+
+
+  {% if has_vms %}
+  <div class="row third-margin">
+    <h1>Capsuls Billed</h1>
+  </div>
+  <div class="row">
+    <table class="small">
+      <thead>
+        <tr>
+          <th>id</th>
+          <th>created</th>
+          <th>deleted</th>
+          <th>$/month</th>
+          <th>months</th>
+          <th>$ billed</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for vm in vms_billed %}
+          <tr>
+            <td>{{ vm["id"] }}</td>
+            <td>{{ vm["created"] }}</td>
+            <td>{{ vm["deleted"] }}</td>
+            <td>${{ vm["dollars_per_month"] }}</td>
+            <td>{{ vm["months"] }}</td>
+            <td>${{ vm["dollars"] }}</td>
+          </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+  </div>
+  
+  {% endif %}
+</div>
+{% endblock %}
+
+{% block pagesource %}/templates/create-capsul.html{% endblock %}

capsulflask/theme/yolocolo/base.html

@@ -0,0 +1,58 @@
+<html lang="en">
+<head>
+  <!-- Namecoin Address: N2aVL6pHtBp7EtNGb3jpsL2L2NyjBNbiB1 -->
+  <link href="{{ url_for('static', filename='favicon.yolocolo.ico') }}" rel="icon">
+  <title>{% block title %}{% endblock %}{% if self.title() %} - {% endif %}Serverscoop</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1.0">
+  <meta name="Description" content="Cyberia Capsul">
+  {% block head %}{% endblock %}
+  <link rel="stylesheet" href="{{ url_for('static', filename='style.css') }}">
+  <link rel="stylesheet" href="{{ url_for('static', filename='style.yolocolo.css') }}">
+</head>
+<body>
+<nav>
+  <div class="row justify-space-between half-margin">
+    <div>
+      🍞 <a href="/"><b>serverscoop</b></a>
+    </div>
+    <div>
+      &nbsp;
+      {% if session["account"] %} 
+        { {{ session["account"] }} <a href="{{ url_for('auth.logout') }}">Log Out</a> } 
+      {% else %} 
+        <a href="{{ url_for('auth.login') }}">Login</a>
+      {% endif %}
+    </div>
+  </div>
+  <div class="row justify-center half-margin wrap nav-links">
+    <a href="/pricing">Pricing</a>
+    <a href="/faq">FAQ</a>
+
+    {% if session["account"] %} 
+      <a href="/console">Capsuls</a>
+      <a href="/console/keys">SSH &amp; API Keys</a>
+      <a href="/console/account-balance">Account Balance</a>
+    {% endif %}
+
+    <a href="/support">Support</a>
+  </div>
+</nav>
+{% for message in get_flashed_messages() %}
+  <div class="flash">{{ message }}</div>
+{% endfor %}
+{% block custom_flash %}{% endblock %}
+<main>
+  {% block content %}{% endblock %}
+</main>
+{% block subcontent %}{% endblock %}
+<footer>
+  This server runs <a
+    href="https://giit.cyberia.club/~forest/capsul-flask">capsul-flask</a> by
+  Cyberia Computer Club, available under the GNU AFFERO GENERAL PUBLIC LICENSE.<br/><br/>
+  <a href="https://git.autonomic.zone/3wordchant/capsul-flask/src/branch/yolocolo/capsulflask{% block pagesource %}{% endblock %}">View page source</a>
+</footer>
+</body>
+</html>
+
+

capsulflask/theme/yolocolo/capsuls.html

@@ -0,0 +1,68 @@
+{% extends 'base.html' %}
+
+{% block title %}Capsuls{% endblock %}
+
+{% block custom_flash %}
+{% if created  %} 
+  <div class="flash green">{{ created }} successfully created!</div>
+{% endif %}
+{% endblock %}
+
+{% block content %}
+<div class="row third-margin">
+  <h1>Capsuls</h1>
+</div>
+<div class="third-margin">
+  {% if has_vms %} 
+  <div class="row third-margin justify-end">
+    <a href="/console/create">Create Capsul</a>
+  </div>
+  <div class="row">
+    <table>
+      <thead>
+        <tr>
+          <th class="heart-icon">❦</th>
+          <th>id</th>
+          <th>size</th>
+          <th>cpu</th>
+          <th>mem</th>
+          <th>ipv4</th>
+          <th>os</th>
+          <th>created</th>
+        </tr>
+      </thead>
+      <tbody>
+        {% for vm in vms %}
+          <tr>
+            {% if vm['state'] == 'starting' or vm['state'] == 'stopping'  %}
+              <td class="capsul-status waiting-pulse">•</td>
+            {% elif vm['state'] == 'crashed' or vm['state'] == 'blocked' or vm['state'] == 'stopped'  %}
+              <td class="capsul-status red">•</td>
+            {% elif vm['state'] == 'unknown' %}
+              <td class="capsul-status-questionmark">?</td>
+            {% else  %}
+              <td class="capsul-status green">•</td>
+            {% endif  %}
+            
+            <td><a class="no-shadow" href="/console/{{ vm['id'] }}">{{ vm["id"] }}</a></td>
+            <td>{{ vm["size"] }}</td>
+            <td class="metrics"><img src="/metrics/cpu/{{ vm['id'] }}/5m/s"/></td>
+            <td class="metrics"><img src="/metrics/memory/{{ vm['id'] }}/5m/s"/></td>
+            <td class="{{ vm['ipv4_status'] }}">{{ vm["ipv4"] }}</td>
+            <td>{{ vm["os"] }}</td>
+            <td>{{ vm["created"] }}</td>
+          </tr>
+        {% endfor %}
+      </tbody>
+    </table>
+  </div>
+  
+  {% else %} 
+  <div class="row">
+    <p>You don't have any Capsuls running. <a href="/console/create">Create one</a> today!</p>
+  </div>
+  {% endif %}
+</div>
+{% endblock %}
+
+{% block pagesource %}/templates/capsuls.html{% endblock %}

capsulflask/theme/yolocolo/faq.html

@@ -0,0 +1,46 @@
+{% extends 'base.html' %}
+
+{% block title %}FAQ{% endblock %}
+
+{% block content %}
+  <div class="row full-margin"><h1>Frequently Asked Questions</h1></div>
+{% endblock %}
+
+{% block subcontent %}
+<p>
+ <ul>
+   <li>
+     What is this?
+     <p>
+      This is a <strong>technical demo</strong> of <a
+       href="https://giit.cyberia.club/~forest/capsul-flask">Capsul</a>, for the
+      as-yet-untitled <a href="https://coops.tech">Cotech</a> server hosting
+      initiative, which you can <a
+      href="https://community.coops.tech/t/call-for-input-v2-co-op-vps-survey/2802/9">read
+     about on the Cotech forum</a>.
+     </p>
+   </li>
+   <li>
+     What do you mean, "technical demo"?
+     <p>No backups</p>
+     <p>No service level agreement</p>
+     <p>"Best effort" support</p>
+   </li>
+   <li>
+     Where can I get this, but, more reliable?
+     <p>Cyberia, the authors of this platform, run the canonical instance, <a
+      href="https://capsul.org">Capsul.org</a>, on hardware they own. Please
+     send them your money! (cash, crypto, or card accepted).</p>
+   </li>
+   <li>
+     How do I use this system?
+     <p>Please see <a href="https://capsul.org/faq">the official Capsul FAQ
+       page</a>.</p>
+   </li>
+ </ul>
+</p>
+
+{% endblock %}
+
+{% block pagesource %}/templates/faq.html{% endblock %}
+

capsulflask/theme/yolocolo/index.html

@@ -0,0 +1,26 @@
+{% extends 'base.html' %}
+
+{% block content %}
+  <h1>
+  <pre>
+ ___  ___ _ ____   _____ _ __ ___  ___ ___   ___  _ __  
+/ __|/ _ \ '__\ \ / / _ \ '__/ __|/ __/ _ \ / _ \| '_ \ 
+\__ \  __/ |   \ V /  __/ |  \__ \ (_| (_) | (_) | |_) |
+|___/\___|_|    \_/ \___|_|  |___/\___\___/ \___/| .__/ 
+                                                 |_|    
+  </pre>
+  <span>Co-operative hosting using <a href="https://cyberia.club">Cyberia</a>'s Capsul</span>
+{% endblock %}
+
+{% block subcontent %}
+<p>
+ <ul>
+   <li>Sign up for an account!</li>
+   <li>Add some funds!</li>
+   <li>Create a VPS!</li>
+   <li>Give your feedback!</li>
+ </ul>           
+</p>
+{% endblock %}
+
+{% block pagesource %}/templates/index.html{% endblock %}

capsulflask/theme/yolocolo/pricing.html

@@ -0,0 +1,23 @@
+{% extends 'base.html' %}
+
+{% block title %}Pricing{% endblock %}
+
+{% block content %}
+  <div class="row third-margin">
+    <h1>CAPSUL TYPES & PRICING</h1>
+  </div>
+  <div class="row half-margin">
+    <p>
+      Rates for this service aren't set yet. You can see Cyberia's Capsul pricing
+      on <a href="https://capsul.org/pricing">their website</a>.
+    </p>
+  </div>
+  <div>
+    <pre>
+      SUPPORTED OPERATING SYSTEMS:
+
+      {% for os_id, os in operating_systems.items() %}   - {{ os.description }} 
+      {% endfor %}
+    </pre>
+  </div>
+{% endblock %}

capsulflask/theme/yolocolo/support.html

@@ -0,0 +1,21 @@
+{% extends 'base.html' %}
+
+{% block title %}Support{% endblock %}
+
+{% block content %}
+  <div class="row half-margin">
+    <h1>SUPPORT</h1>
+  </div>
+  <div class="row half-margin">
+    <a href="mailto:yolocolo@doesthisthing.work?subject=Please%20help!">yolocolo@doesthisthing.work</a> 
+  </div>
+{% endblock %}
+
+{% block subcontent %}
+<p>
+  You can also find us on Matrix: <a
+    href="https://matrix.to/#/#untitled-hosting.public:autonomic.zone">#untitled-hosting.public:autonomic.zone</a>.
+</p>
+{% endblock %}
+
+{% block pagesource %}/templates/support.html{% endblock %}

docker-compose.yml

@@ -0,0 +1,36 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+      - "../tank:/tank"
+      # - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+  db:
+    image: "postgres:9.6.5-alpine"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres: