-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Vagrantfile
437 lines (391 loc) · 18.4 KB
/
Vagrantfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
require 'yaml'
# https://stackoverflow.com/a/38702906/4156752
class Hash
def deep_merge(other)
self.merge(other) { |key, value1, value2| value1.is_a?(Hash) && value2.is_a?(Hash) ? value1.deep_merge(value2) : value2}
end
def deep_merge!(other)
self.merge!(other) { |key, value1, value2| value1.is_a?(Hash) && value2.is_a?(Hash) ? value1.deep_merge(value2) : value2}
end
end
# Requires Ruby >=2.3.0 (25.12.2015) because of the dig method (https://docs.ruby-lang.org/en/2.3.0/Array.html#method-i-dig)
Vagrant.require_version '>= 2.1.0' # (03.05.2018) because of Triggers (https://developer.hashicorp.com/vagrant/docs/triggers)
Vagrant.configure('2') do |config|
# --------------------------------------------------------------------------
# Load configuration
# --------------------------------------------------------------------------
settingsFallback = settingsDist = settingsCustom = {}
if File.exist?('.vagrant.config.yml.dist')
settingsDist = YAML.load(File.read('.vagrant.config.yml.dist'))
end
# TODO: Handle empty file "in `merge': no implicit conversion of nil into Hash (TypeError)"
if File.exist?('.vagrant.config.yml')
settingsCustom = YAML.load(File.read('.vagrant.config.yml'))
end
settings = settingsFallback.deep_merge(settingsDist).deep_merge(settingsCustom)
# --------------------------------------------------------------------------
# Configure the machine
# --------------------------------------------------------------------------
config.vm.box = 'bento/debian-12'
config.vm.provider 'virtualbox' do |v|
# Set the name to show in the GUI
if settings.dig('vm', 'name')
v.name = settings.dig('vm', 'name')
elsif settings.dig('network', 'hostname')
v.name = settings.dig('network', 'hostname')
end
# Set the CPU limit
if settings.dig('vm', 'cpus')
v.cpus = settings.dig('vm', 'cpus')
end
# Set the amount of memory to allocate to the VM
if settings.dig('vm', 'memory')
v.memory = settings.dig('vm', 'memory')
end
end
# --------------------------------------------------------------------------
# Configure the network
# --------------------------------------------------------------------------
# Set the main hostname
if settings.dig('network', 'hostname')
config.vm.hostname = settings.dig('network', 'hostname')
end
# Add alternative hostnames
if Vagrant.has_plugin?('vagrant-hostsupdater')
if settings.dig('network', 'aliases')
config.hostsupdater.aliases = settings.dig('network', 'aliases')
end
end
# Define main IP address
if settings.dig('network', 'ip')
config.vm.network 'private_network', ip: settings.dig('network', 'ip')
if Vagrant.has_plugin?('vagrant-notify-forwarder')
# This configures the notify-forwarder to a port derived from the IP
# address to ensure that all running boxes have a different port
config.notify_forwarder.port = 22000 + settings.dig('network', 'ip').split('.')[2].to_i() + settings.dig('network', 'ip').split('.')[3].to_i()
end
else
config.vm.network 'private_network', type: 'dhcp'
end
# --------------------------------------------------------------------------
# Configure the synced folders
# --------------------------------------------------------------------------
# TODO: Function to check if Composer is installed on the host machine
#def composer_installed?
# system("composer --version > /dev/null 2>&1")
#end
# Get the path of the Composer cache if Composer is installed
#composer_cache_path = composer_installed? ? `composer config cache-dir --global`.strip : nil
# TODO: Function to check if Yarn is installed on the host machine
#def yarn_installed?
# system("yarn --version > /dev/null 2>&1")
#end
# Get the path of the Yarn cache if Yarn is installed
#yarn_cache_path = yarn_installed? ? `yarn cache dir`.strip : nil
if settings.dig('folder', 'type') == 'nfs'
config.nfs.map_uid = Process.uid
config.nfs.map_gid = Process.gid
# Mount the Project itself
config.vm.synced_folder '.', '/vagrant',
type: 'nfs',
nfs_version: 3, # TODO: Update to NFSv4
nfs_udp: false, # UDP not allowed in NFSv4
mount_options: ['rw', 'tcp', 'nolock', 'async']
# TODO: Set up synced folder using NFS if Composer/Yarn cache path is available
#if composer_cache_path
# config.vm.synced_folder composer_cache_path, "/home/vagrant/data/composer",
# type: 'nfs',
# nfs_version: 3, # TODO: Update to NFSv4
# nfs_udp: false, # UDP not allowed in NFSv4
# mount_options: ['rw', 'tcp', 'nolock', 'async']
#end
#if yarn_cache_path
# config.vm.synced_folder yarn_cache_path, "/home/vagrant/data/yarn",
# type: 'nfs'
#end
elsif settings.dig('folder', 'type') == 'rsync'
config.vm.synced_folder '.', '/vagrant',
type: 'rsync',
rsync__args: ['--verbose', '--archive', '--delete', '-z'],
rsync__chown: true,
rsync__exclude: settings.dig('folder', 'rsync', 'exclude') || []
# An rsync watcher for Vagrant 1.5.1+ that uses fewer host resources at
# the potential cost of more rsync actions.
# Configure the window for gatling to coalesce writes.
if Vagrant.has_plugin?('vagrant-gatling-rsync')
config.gatling.latency = 1.5
config.gatling.time_format = '%H:%M:%S'
# Automatically sync when machines with rsync folders come up.
config.gatling.rsync_on_startup = false
end
elsif settings.dig('folder', 'type') == 'smb'
# https://github.com/hashicorp/vagrant/issues/6677#issuecomment-165873490
if settings.dig('folder', 'smb', 'username') && settings.dig('folder', 'smb', 'password')
config.vm.synced_folder '.', '/vagrant',
type: 'smb',
mount_options: ['vers=3.02', 'mfsymlinks'],
smb_username: settings.dig('folder', 'smb', 'username'),
smb_password: settings.dig('folder', 'smb', 'password')
else
config.vm.synced_folder '.', '/vagrant',
type: 'smb',
mount_options: ['vers=3.02', 'mfsymlinks']
end
else
# VirtualBox shared folders
config.vm.synced_folder '.', '/vagrant'
end
# --------------------------------------------------------------------------
# Provision the machine
# --------------------------------------------------------------------------
if Vagrant.has_plugin?('vagrant-vbguest')
# Temporary until base box is updated (see https://github.com/dotless-de/vagrant-vbguest/issues/351)
config.vbguest.auto_update = false
end
# Add custom PS1
config.vm.provision 'custom-ps1', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
echo 'export PS1='\\''📦 ${debian_chroot:+($debian_chroot)}\\[\\e[38;5;46m\\]\\u@\\h\\[\\e[0m\\]:\\[\\e[38;5;33m\\]\\w\\[\\e[0m\\]\\\\$ '\\' >> ~/.bashrc
SCRIPT
config.vm.provision 'enable-ssh-password-auth', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
sudo sed -i 's/#PasswordAuthentication yes/PasswordAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/PasswordAuthentication no//' /etc/ssh/sshd_config
sudo /etc/init.d/ssh restart
SCRIPT
if settings.dig('ssh', 'forward_agent') == true
# https://unix.stackexchange.com/questions/77238/ssh-agent-forwarding-for-a-vagrant-vm
config.ssh.forward_agent = true
else
# Copy the public SSH key of the host system user to the vagrant box to
# allow Git access
if File.file?(File.expand_path('~/.ssh/id_ed25519')) && File.file?(File.expand_path('~/.ssh/id_ed25519.pub'))
config.vm.provision 'file', source: '~/.ssh/id_ed25519', destination: '~/.ssh/id_ed25519', run: 'always'
config.vm.provision 'file', source: '~/.ssh/id_ed25519.pub', destination: '~/.ssh/id_ed25519.pub', run: 'always'
elsif File.file?(File.expand_path('~/.ssh/id_rsa')) && File.file?(File.expand_path('~/.ssh/id_rsa.pub'))
puts 'Still using RSA? Consider switching to ED25519 for better security'
config.vm.provision 'file', source: '~/.ssh/id_rsa', destination: '~/.ssh/id_rsa', run: 'always'
config.vm.provision 'file', source: '~/.ssh/id_rsa.pub', destination: '~/.ssh/id_rsa.pub', run: 'always'
else
puts 'No SSH key found, please generate them first'
puts 'ECDSA: $ ssh-keygen -t ed25519 -C "[email protected]"'
puts 'RSA: $ ssh-keygen -t rsa -b 4096 -C "[email protected]"'
exit
end
config.vm.provision 'fix-ssh-permissions', type: 'shell', privileged: false, reset: true, inline: <<-SCRIPT
set -e -u -x -o pipefail
if [ -f ~/.ssh/id_ed25519 ]; then
chmod 600 ~/.ssh/id_ed25519
fi
SCRIPT
# Start SSH agent and add SSH key to agent
config.vm.provision 'start-ssh-agent-at-boot', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
echo 'eval "$(ssh-agent -s)"' >> ~/.bashrc
echo 'ssh-add -l > /dev/null || ssh-add' >> ~/.bashrc
SCRIPT
end
config.vm.provision 'update-known_hosts', type: 'shell', privileged: false, reset: true, inline: <<-SCRIPT
set -e -u -x -o pipefail
ssh-keyscan -t ed25519 github.com >> ~/.ssh/known_hosts
SCRIPT
config.vm.provision 'chdir-to-dockerfile', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
echo 'cd /vagrant' >> ~/.bashrc
SCRIPT
# Add user bin and proxies (PHP, PHP-CS-Fixer, PHP_CodeSniffer, PHPStan)
config.vm.provision 'install-php-proxy', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
if [ ! -d ~/bin ]; then
mkdir ~/bin
fi
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'if [ ! -z "${XDEBUG_CONFIG:-}" ]; then'
echo ' docker exec -e XDEBUG_CONFIG=$XDEBUG_CONFIG -e IDE_PHPUNIT_CUSTOM_LOADER=/app/vendor/autoload.php -t api php "$@"'
echo 'else'
echo ' docker exec -e IDE_PHPUNIT_CUSTOM_LOADER=/app/vendor/autoload.php -t api php "$@"'
echo 'fi'
} > ~/bin/php
chmod +x ~/bin/php
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'docker exec -t api php-cs-fixer "$@"'
} > ~/bin/php-cs-fixer
chmod +x ~/bin/php-cs-fixer
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'docker exec -t api phpcs "$@"'
} > ~/bin/phpcs
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'docker exec -t api phpcbf "$@"'
} > ~/bin/phpcbf
chmod +x ~/bin/phpcs
chmod +x ~/bin/phpcbf
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'docker exec -t api phpstan "$@"'
} > ~/bin/phpstan
chmod +x ~/bin/phpstan
{
echo '#!/bin/bash'
echo 'set -e -u -o pipefail'
echo 'docker exec -t api infection "$@"'
} > ~/bin/infection
chmod +x ~/bin/infection
SCRIPT
config.vm.provision 'create-app-data-folders', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
mkdir --parents \
~/data/app/cache \
~/data/app/logs \
~/data/app/sessions \
~/data/app/data \
~/data/composer \
~/data/pnpm \
~/data/db
SCRIPT
config.vm.provision 'fix-app-data-permissions', type: 'shell', privileged: false, run: 'always', inline: <<-SCRIPT
set -e -u -x -o pipefail
sudo chown --recursive vagrant:vagrant ~/data
SCRIPT
# Copy compose.yml.dist if it doesn't exist yet to compose.yml
config.vm.provision 'copy-necessary-dist-files', type: 'shell', privileged: false, run: 'always', inline: <<-SCRIPT
set -e -u -x -o pipefail
if [ ! -f /vagrant/compose.yml ]; then
cp /vagrant/compose.vm.yml.dist /vagrant/compose.yml
fi
SCRIPT
# Run mkcert on host if cert files don't exist yet or incomplete
if not File.exist?('./.docker/certs/cert.pem') || File.exist?('./.docker/certs/key.pem')
# TODO: Check that mkcert is installed, otherwise i think this failing will be ignored
system('mkcert -cert-file ./.docker/certs/cert.pem -key-file ./.docker/certs/key.pem localhost wedding-manuele-robine.test "*.wedding-manuele-robine.test"')
end
config.vm.provision 'check-certificates', type: 'shell', privileged: false, run: 'always', inline: <<-SCRIPT
set -e -u -x -o pipefail
if [ ! -f /vagrant/.docker/certs/cert.pem ] || [ ! -f /vagrant/.docker/certs/cert.pem ]; then
echo "Certificate files are missing. Please run 'mkcert -cert-file ./.docker/certs/cert.pem -key-file ./.docker/certs/key.pem localhost wedding-manuele-robine.test "*.wedding-manuele-robine.test"' on the host machine."
fi
SCRIPT
# Increase file watcher limit for Vite.js
#config.vm.provision 'fix-file-watcher-limit', type: 'shell', privileged: false, inline: <<-SCRIPT
# set -e -u -x -o pipefail
# echo fs.inotify.max_user_watches=100000 | sudo tee -a /etc/sysctl.conf >/dev/null
# sudo sysctl -p >/dev/null
#SCRIPT
# Update Box and fix "dpkg-reconfigure: unable to re-open stdin: No file or directory"
# See https://serverfault.com/a/717770/955565
config.vm.provision 'prepare-and-fix-apt', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
sudo ex +"%s@DPkg@//DPkg" -cwq /etc/apt/apt.conf.d/70debconf
sudo dpkg-reconfigure debconf -f noninteractive -p critical
sudo apt-get update -qq
# TODO: dist-upgrade locks the machine during bios update
#sudo apt-get dist-upgrade -qq >/dev/null
SCRIPT
# Fixes "fatal: detected dubious ownership in repository at '/vagrant'"
config.vm.provision 'fix-git-error-ownership', type: 'shell', privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
sudo apt-get -qq install \
git >/dev/null
git config --global --add safe.directory /vagrant
SCRIPT
config.vm.provision 'install-docker-and-compose', type: 'shell', privileged: false, reset: true, inline: <<-SCRIPT
set -e -u -x -o pipefail
# Setup repository
sudo apt-get update -qq
sudo apt-get -qq install \
ca-certificates \
curl \
gnupg >/dev/null
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
# Install Docker
sudo apt-get update -qq
sudo apt-get -qq install \
docker-ce \
docker-ce-cli \
containerd.io \
docker-buildx-plugin \
docker-compose-plugin >/dev/null
# Manage Docker as a non-root user
getent group docker >/dev/null || sudo groupadd docker
sudo usermod -aG docker vagrant
SCRIPT
class DockerUsername
def to_s
print "Please enter your Docker credentials (the same as for dockerhub.com)\n"
print 'Username: '
STDIN.gets.chomp
end
end
class DockerPassword
def to_s
begin
system 'stty -echo'
print 'Password (or Access Token if you have 2FA): '
map = {'"' => '%22', '#' => '%23', '^' => '25%5E' }
re = Regexp.new(map.keys.map { |x| Regexp.escape(x) }.join('|'))
pass = STDIN.gets.chomp.gsub(re, map)
ensure
system 'stty echo'
end
pass
end
end
# TODO: Still insecure
config.vm.provision 'docker-login', type: 'shell', privileged: false, env: { 'USERNAME' => DockerUsername.new, 'PASSWORD' => DockerPassword.new }, inline: <<-SHELL
set -e -u -o pipefail
echo $PASSWORD | docker login --username $USERNAME --password-stdin
SHELL
config.trigger.after :up do |trigger|
trigger.name = 'Start Containers'
trigger.info = 'Starting Docker containers...'
if settings.dig('ssh', 'forward_agent') == true
trigger.run_remote = { privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
cd /vagrant
docker compose pull
docker compose build --pull
docker compose up --detach
SCRIPT
}
else
trigger.run_remote = { privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
cd /vagrant
eval "$(ssh-agent -s)"
ssh-add -l > /dev/null || ssh-add
docker compose pull
docker compose build --pull
docker compose up --detach
SCRIPT
}
end
end
config.vm.post_up_message = 'Machine was booted. Docker is starting. To check use "docker compose logs -f pwa api".'
if settings.dig('network', 'hostname') || settings.dig('network', 'ip')
config.vm.post_up_message += ' The application will soon be available on https://' + (settings.dig('network', 'hostname') || settings.dig('network', 'ip'))
end
config.trigger.before :halt do |trigger|
trigger.name = 'Stop Containers'
trigger.info = 'Stopping Docker containers...'
trigger.run_remote = { privileged: false, inline: <<-SCRIPT
set -e -u -x -o pipefail
cd /vagrant
docker compose down
SCRIPT
}
end
end