Make the displayed SSH username configurable

This patch allows the SSH username displayed in templates to be
configured through the SSH_USERNAME environment variable.

.drone.yml

@@ -0,0 +1,13 @@
+---
+kind: pipeline
+name: publish docker image
+steps:
+  - name: build and publish
+    image: plugins/docker
+    settings:
+      username:
+        from_secret: docker_reg_username_3wc
+      password:
+        from_secret: docker_reg_passwd_3wc
+      repo: 3wordchant/capsul-flask
+      tags: ${DRONE_COMMIT_BRANCH}

Dockerfile

@@ -0,0 +1,48 @@
+FROM python:3.8-alpine as build
+
+RUN apk add --no-cache \
+    build-base \
+    gcc \
+    gettext \
+    git \
+    jpeg-dev \
+    libffi-dev \
+    libjpeg \
+    musl-dev \
+    postgresql-dev \
+    python3-dev \
+    zlib-dev
+
+RUN mkdir -p /app/{code,venv}
+WORKDIR /app/code
+COPY Pipfile Pipfile.lock /app/code/
+
+RUN python3 -m venv /app/venv
+RUN pip install pipenv setuptools
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+RUN pip install wheel cppy
+# Install dependencies into the virtual environment with Pipenv
+RUN pipenv install --deploy --verbose
+
+FROM python:3.8-alpine
+
+RUN apk add --no-cache \
+    cloud-utils \
+    libjpeg \
+    libpq \
+    libstdc++ \
+    libvirt-client \
+    openssh-client \
+    virt-install
+
+COPY . /app/code/
+WORKDIR /app/code
+
+COPY --from=build /app/venv /app/venv
+ENV PATH="/app/venv/bin:$PATH" VIRTUAL_ENV="/app/venv"
+
+CMD ["gunicorn", "--bind", "0.0.0.0:5000", "-k", "gevent", "--worker-connections", "1000", "app:app"]
+
+VOLUME /app/code
+
+EXPOSE 5000

capsulflask/__init__.py

@@ -27,8 +27,24 @@ class StdoutMockFlaskMail:
     def send(self, message: Message):
       current_app.logger.info(f"Email would have been sent if configured:\n\nto: {','.join(message.recipients)}\nsubject: {message.subject}\nbody:\n\n{message.body}\n\n")
 
+
 load_dotenv(find_dotenv())
 
+for var_name in [
+  "SPOKE_HOST_TOKEN", "HUB_TOKEN", "STRIPE_SECRET_KEY",
+  "BTCPAY_PRIVATE_KEY", "MAIL_PASSWORD"
+]:
+  var = os.environ.get(f"{var_name}_FILE")
+  if not var:
+    continue
+
+  if not os.path.isfile(var):
+    continue
+
+  with open(var) as secret_file:
+    os.environ[var_name] = secret_file.read().rstrip('\n')
+  del os.environ[f"{var_name}_FILE"]
+
 app = Flask(__name__)
 
 app.config.from_mapping(
@@ -42,6 +58,7 @@ app.config.from_mapping(
   LOG_LEVEL=os.environ.get("LOG_LEVEL", default="INFO"),
   SPOKE_HOST_ID=os.environ.get("SPOKE_HOST_ID", default="baikal"),
   SPOKE_HOST_TOKEN=os.environ.get("SPOKE_HOST_TOKEN", default="changeme"),
+  SSH_USERNAME=os.environ.get("SSH_USERNAME", default="cyberian"),
   HUB_TOKEN=os.environ.get("HUB_TOKEN", default="changeme"),
 
   # https://www.postgresql.org/docs/9.1/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS

capsulflask/console.py

@@ -108,6 +108,8 @@ def detail(id):
   if vm is None:
     return abort(404, f"{id} doesn't exist.")
 
+  vm['ssh_username'] = current_app.config['SSH_USERNAME']
+
   if vm['deleted']:
     return render_template("capsul-detail.html", vm=vm, delete=True, deleted=True)
 

capsulflask/landing.py

@@ -22,7 +22,7 @@ def pricing():
 
 @bp.route("/faq")
 def faq():
-  return render_template("faq.html")
+  return render_template("faq.html", ssh_username=current_app.config['SSH_USERNAME'])
 
 @bp.route("/about-ssh")
 def about_ssh():

capsulflask/shell_scripts/get.sh

@@ -30,6 +30,6 @@ if virsh domuuid "$vmname" | grep -vqE '^[\t\s\n]*$'; then
 fi
 
 # this gets the ipv4
-ipv4="$(virsh domifaddr "$vmname" | awk '/vnet/ {print $4}' | cut -d'/' -f1)"
+ipv4="$(virsh domifaddr "$vmname" | awk '/ipv4/ {print $4}' | cut -d'/' -f1)"
 
 echo "$exists $state $ipv4"

capsulflask/templates/capsul-detail.html

@@ -97,7 +97,7 @@
       </div>
       <div class="row justify-start">
         <label class="align" for="ssh_username">SSH Username</label>
-        <span id="ssh_username">cyberian</span>
+        <span id="ssh_username">{{ vm['ssh_username'] }}</span>
       </div>
       <div class="row justify-start">
         <label class="align" for="ssh_authorized_keys">SSH Authorized Keys</label>

capsulflask/templates/faq.html

@@ -21,13 +21,13 @@
    </li>
    <li>
      How do I log in?
-     <p>ssh to the ip provided to you using the cyberian user.</p>
+     <p>ssh to the ip provided to you using the "{{ ssh_username }}" user.</p>
-     <pre class='code'>$ ssh cyberian@1.2.3.4</pre>
+     <pre class='code'>$ ssh {{ ssh_username }}@1.2.3.4</pre>
      <p>For more information, see <a href="/about-ssh">Understanding the Secure Shell Protocol (SSH)</a>.</p>
    </li>
    <li>
      How do I change to the root user?
-     <p>The cyberian user has passwordless sudo access by default. This should work:</p>
+     <p>The "{{ ssh_username }}" user has passwordless sudo access by default. This should work:</p>
      <pre class='code'>
 # Linux
 $ sudo su -

docker-compose.yml

@@ -0,0 +1,36 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: 3wordchant/capsul-flask:latest
+    build: .
+    volumes:
+      - "./:/app/code"
+      - "../tank:/tank"
+      # - "/var/run/libvirt/libvirt-sock:/var/run/libvirt/libvirt-sock"
+    depends_on:
+      - db
+    ports:
+      - "5000:5000"
+    environment:
+      - "POSTGRES_CONNECTION_PARAMETERS=host=db port=5432 user=capsul password=capsul dbname=capsul"
+      - SPOKE_MODEL=shell-scripts
+        #- FLASK_DEBUG=1
+      - BASE_URL=http://localhost:5000
+      - ADMIN_PANEL_ALLOW_EMAIL_ADDRESSES=3wc.capsul@doesthisthing.work
+      - VIRSH_DEFAULT_CONNECT_URI=qemu:///system
+    # The image uses gunicorn by default, let's override it with Flask's
+    # built-in development server
+    command: ["flask", "run", "-h", "0.0.0.0", "-p", "5000"]
+  db:
+    image: "postgres:9.6.5-alpine"
+    volumes:
+      - "postgres:/var/lib/postgresql/data"
+    environment:
+      POSTGRES_USER: capsul
+      POSTGRES_PASSWORD: capsul
+      POSTGRES_DB: capsul
+
+volumes:
+  postgres: