From ea026f76e7bac88b34adb015c90a0c04c8ee930b Mon Sep 17 00:00:00 2001 From: Daniel Ziltener Date: Wed, 15 Jan 2020 13:28:22 +0100 Subject: [PATCH] Removed dependency --- deps.edn | 17 ++++++---- resources/nginx/skel.talent.careers | 10 +++--- src/com/sompani/onboarding.clj | 51 +++++++++++++++-------------- 3 files changed, 41 insertions(+), 37 deletions(-) diff --git a/deps.edn b/deps.edn index 7cb3ba6..3e95983 100644 --- a/deps.edn +++ b/deps.edn @@ -1,8 +1,7 @@ {:deps {org.clojure/clojure {:mvn/version "1.10.1"} clj-http {:mvn/version "3.10.0"} - amperity/vault-clj {:mvn/version "0.7.1"} - org.postgresql/postgresql {:mvn/version "42.2.8"} + org.postgresql/postgresql {:mvn/version "42.2.9"} com.layerware/hugsql-core {:mvn/version "0.5.1"} com.layerware/hugsql-adapter-next-jdbc {:mvn/version "0.5.1"} digest {:mvn/version "1.4.9"} @@ -10,11 +9,15 @@ ;; Logging com.taoensso/timbre {:mvn/version "4.10.0"} com.fzakaria/slf4j-timbre {:mvn/version "0.3.14"} - org.slf4j/log4j-over-slf4j {:mvn/version "1.7.14"} - org.slf4j/jul-to-slf4j {:mvn/version "1.7.14"} - org.slf4j/jcl-over-slf4j {:mvn/version "1.7.14"}} + org.slf4j/log4j-over-slf4j {:mvn/version "1.7.29"} + org.slf4j/jul-to-slf4j {:mvn/version "1.7.29"} + org.slf4j/jcl-over-slf4j {:mvn/version "1.7.29"}} :paths ["src" "resources"] :mvn/repos {"central" {:url "https://repo1.maven.org/maven2/"} "clojars" {:url "https://repo.clojars.org/"}} - :aliases {:test {:extra-paths ["test"] - :extra-deps {:mockery {:mvn/version "0.1.4"}}}}} + :aliases {:outdated {:extra-deps {olical/depot {:mvn/version "1.8.4"}} + :main-opts ["-m" "depot.outdated.main" "-a" "outdated"]} + :docs {:extra-deps {marginalia {:git/url "https://github.com/zilti/marginalia" :sha "33af53d4848c58aa0e7cfdd76ab23310052816af"}} + :main-opts ["-m" "marginalia.core" "-n" "Sompani-Toolbox"]} + :test {:extra-paths ["test"] + :extra-deps {mockery {:mvn/version "0.1.4"}}}}} diff --git a/resources/nginx/skel.talent.careers b/resources/nginx/skel.talent.careers index 846c819..d6c9293 100644 --- a/resources/nginx/skel.talent.careers +++ b/resources/nginx/skel.talent.careers @@ -1,12 +1,12 @@ server { - server_name www.talent.{{company-name}}.{{company-suffix}} talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers; - return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri; + server_name www.talent.{{company-domain}} talent.{{company-domain}} {{company-name}}.talent.careers; + return 301 https://talent.{{company-domain}}$request_uri; } server { listen [::]:443 ssl; listen 443 ssl; - server_name www.talent.{{company-name}}.{{company-suffix}}; + server_name www.talent.{{company-domain}}; ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem; @@ -20,13 +20,13 @@ server { ssl_stapling_verify on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"; - return 301 https://talent.{{company-name}}.{{company-suffix}}$request_uri; + return 301 https://talent.{{company-domain}}$request_uri; } server { listen [::]:443 ssl; listen 443 ssl; - server_name talent.{{company-name}}.{{company-suffix}} {{company-name}}.talent.careers; + server_name talent.{{company-domain}} {{company-name}}.talent.careers; ssl_certificate /etc/letsencrypt/live/{{company-name}}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{company-name}}/privkey.pem; diff --git a/src/com/sompani/onboarding.clj b/src/com/sompani/onboarding.clj index d6f17cc..5aaed9b 100644 --- a/src/com/sompani/onboarding.clj +++ b/src/com/sompani/onboarding.clj @@ -1,9 +1,15 @@ (ns com.sompani.onboarding + "A tool to automate the onboarding of new VCs. + + This works by providing `-main` with an EDN file containing the keys + with the necessary info. The EDN file has to contain a map with the + following keys: + + * `:company-name`: the company name as in .talent.careers. + * `:company-domain`: the company domain name as in talent.." (:require [clojure.java.shell :as sh] [clojure.java.io :as io] [clojure.string :as str] - [vault.core :as vault] - vault.client.http [clj-http.client :as http] [cljstache.core :as cljstache] [taoensso.timbre :as timbre @@ -15,8 +21,6 @@ (java.nio.file.attribute PosixFileAttributeView FileAttribute))) -(def vault-client (vault/new-client "http://127.0.0.1:8200")) - ;; # Webserver configuration ;; ## Deployment directory structure @@ -35,7 +39,6 @@ (let [attrs (Files/getFileAttributeView (.toPath (io/file "/srv/http/www.sompani.com")) PosixFileAttributeView (into-array LinkOption [LinkOption/NOFOLLOW_LINKS])) - ;; group (.group attrs) owner (.getOwner attrs) fattr (into-array FileAttribute [])] (doseq [dir-str ["/srv/http/staging.%s.talent.careers-cache" @@ -49,24 +52,24 @@ "/srv/http/%s.talent.careers-uploads" "/srv/http/%s.talent.careers.1234"] :let [dir (.toPath (io/file (format dir-str company-name)))]] - (Files/createDirectory dir fattr) - (set-owner dir owner) - ;; (set-group dir group) + (and + (Files/createDirectory dir fattr) + (set-owner dir owner)) ) (let [link (.toPath (io/file (format "/srv/http/staging.%s.talent.careers" company-name)))] - (Files/createSymbolicLink link - (.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name))) - fattr) - (set-owner link owner) - ;; (set-group link group) + (and + (Files/createSymbolicLink link + (.toPath (io/file (format "/srv/http/staging.%s.talent.careers.1234" company-name))) + fattr) + (set-owner link owner)) ) (let [link (.toPath (io/file (format "/srv/http/%s.talent.careers" company-name)))] - (Files/createSymbolicLink link - (.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name))) - fattr) - (set-owner link owner) - ;; (set-group link group) + (and + (Files/createSymbolicLink link + (.toPath (io/file (format "/srv/http/%s.talent.careers.1234" company-name))) + fattr) + (set-owner link owner)) ))) ;; ## nginx configuration @@ -81,14 +84,14 @@ (cljstache/render (slurp in-file) datamap)))) ;; ## Certificates -(defn generate-certs! [{:keys [company-name company-suffix] :as datamap}] +(defn generate-certs! [{:keys [company-name company-domain] :as datamap}] (info (apply sh/sh (map #(cljstache/render % datamap) ["certbot" "certonly" "--nginx" "-d" "staging.{{company-name}}.talent.careers" "-d" "{{company-name}}.talent.careers" - "-d" "talent.{{company-name}}.{{company-suffix}}" - "-d" "www.talent.{{company-name}}.{{company-suffix}}" + "-d" "talent.{{company-domain}}" + "-d" "www.talent.{{company-domain}}" "--cert-name" "{{company-name}}"])))) ;; # DNS configuration @@ -106,7 +109,7 @@ (defn make-basic-dns-entries! [{:keys [company-name]}] (let [uri "https://api.cloudflare.com/client/v4/zones/5cd643e7432d7cf69f44e268e32b5452/dns_records" - headers {"Authorization" (str "Bearer " (:token (vault/read-secret vault-client "secret/cloudflare-api")))} + headers {"Authorization" (str "Bearer " (System/getenv "CLOUDFLARE_API"))} entries (basic-dns-entries company-name)] (debug "Creating DNS entries for" company-name "; Headers: " headers) (doseq [entry entries] @@ -118,9 +121,7 @@ ;; # Main initialization (defn -main [& args] - (let [datamap {:company-name (nth args 0) - :company-suffix (nth args 1)}] - (vault/authenticate! vault-client :token (System/getenv "VAULT_TOKEN")) + (let [datamap (read-string (slurp (nth args 0)))] (info "Creating deploy directories.") (make-dirs! datamap) (info "Creating basic DNS entries.")