Merge pull request #6 from adityacodes30/cli-security

security + cli enhancements

README.md

@@ -181,7 +181,7 @@ go build main.go
 ### Step 5: Point your domain 
 
 You will get your public IP in your terminal, go to your domain hosting provider and point your domain to that IP 
-
+ 
 ### Step 6: Your project is Deployed 
 
 You can now access your project on your domain after a few minutes ( Depending on the buildtime of your project )

config.example.yml

@@ -1,10 +1,14 @@
 target: --github-repo-url--
-domain : domain.com
-email : [email protected]
+domain : ----example.com---
+email : ----[email protected]----
 region : us-west-2
 aws_access_key_id : --aws-access-key-id--
 aws_secret_access_key : --aws-secret-access-key--
 
+# ---------- Change the ami to your needs, else it will be the free tier one ------------
+
+ami : ami-0d081196e3df05f4d
+
 # ------------ DO NOT EDIT BELOW THIS LINE ------------
 
-deployrSH : https://gist.githubusercontent.com/adityacodes30/e2ecbe8532b817d41f817641067e27e0/raw/bc7b78f44d4cf337c20824bd7b031109ea3c51f5/deployr.sh
+deployrSH : https://raw.githubusercontent.com/adityacodes30/deployr/refs/heads/main/deployr.sh

deployr.sh

@@ -8,15 +8,20 @@ GO_EXECUTABLE="server"
 DEPLOY_SCRIPT="deployr-daemon.sh"
 
 
-if [ "$#" -ne 3 ]; then
-    echo "Usage: $0 <TARGET_NEXTJS_REPO_URL> <DOMAIN> <EMAIL>"
+i# Variables
+if [ "$#" -ne 4 ]; then
+    echo "Usage: $0 <TARGET_NEXTJS_REPO_URL> <DOMAIN> <EMAIL> <DEPLOYR_PUBKEY>"
     exit 1
 fi
 
-
 TARGET_NEXTJS_REPO_URL="$1"
 DOMAIN="$2"
 EMAIL="$3"
+DEPLOYR_PUBKEY="$4"
+
+
+echo "Test passed - DEPLOYR_PUBKEY is set and persistent"
+echo "Current value: $DEPLOYR_PUBKEY"
 
 echo "Updating system..."
 sudo yum update -y
@@ -29,6 +34,36 @@ echo "Starting Nginx..."
 sudo systemctl start nginx
 sudo systemctl enable nginx
 
+sudo sh -c "echo 'DEPLOYR_PUBKEY=\"$DEPLOYR_PUBKEY\"' >> /etc/environment"
+
+# Load it for current session
+export DEPLOYR_PUBKEY="$DEPLOYR_PUBKEY"
+
+echo "Testing DEPLOYR_PUBKEY..."
+
+# Test 1: Check if variable is set
+if [ -z "$DEPLOYR_PUBKEY" ]; then
+    echo "Error: DEPLOYR_PUBKEY is not set"
+    exit 1
+fi
+
+if [ "$DEPLOYR_PUBKEY" = "$4" ]; then
+    echo "✅ DEPLOYR_PUBKEY is set correctly"
+else
+    echo "Error: DEPLOYR_PUBKEY does not match the input value"
+    echo "Expected: $4"
+    echo "Got: $DEPLOYR_PUBKEY"
+    exit 1
+fi
+
+
+if grep -q "DEPLOYR_PUBKEY=\"$4\"" /etc/environment; then
+    echo "DEPLOYR_PUBKEY is properly set in /etc/environment"
+else
+    echo "Error: DEPLOYR_PUBKEY not found in /etc/environment"
+    exit 1
+fi
+
 echo "Updating Nginx configuration to proxy to the application..."
 sudo tee "$NGINX_CONF_PATH" > /dev/null <<EOF
 user nginx;

main.go

@@ -8,7 +8,6 @@ import (
 	"log"
 	"net"
 	"os"
-	"path/filepath"
 	"time"
 
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -23,29 +22,14 @@ import (
 
 func main() {
 
-	if len(os.Args) < 2 {
-		fmt.Println("Usage: deployr <config.yml>")
-		os.Exit(1)
-	}
-
-	configFilePath := os.Args[1]
+	stop, clioutput := utils.Cli(os.Args)
 
-	if configFilePath == "-v" {
-		fmt.Println("Deployr on v1.0")
+	if stop {
+		fmt.Println(clioutput)
 		return
 	}
 
-	cwd, err := os.Getwd()
-	if err != nil {
-		fmt.Println("Error getting current working directory:", err)
-		os.Exit(1)
-	}
-
-	if !filepath.IsAbs(configFilePath) {
-		configFilePath = filepath.Join(cwd, configFilePath)
-	}
-
-	fmt.Println("Using config file at:", configFilePath)
+	configFilePath := clioutput
 
 	var deployrcfg utils.AppCfg
 
@@ -64,59 +48,76 @@ func main() {
 
 	svc := ec2.NewFromConfig(cfg)
 
-	// create security group
-	createGroupOutput, err := svc.CreateSecurityGroup(context.TODO(), &ec2.CreateSecurityGroupInput{
-		GroupName:   aws.String("deployr-sg"),
-		Description: aws.String("Security group for deployr instance with SSH, HTTP, and HTTPS access"),
+	describeGroupOutput, describeGroupOutputErr := svc.DescribeSecurityGroups(context.TODO(), &ec2.DescribeSecurityGroupsInput{
+		GroupNames: []string{"deployr-sg"},
 	})
-	if err != nil {
-		log.Fatalf("Failed to create security group: %v", err)
+
+	if describeGroupOutputErr != nil {
+		log.Fatalf("Failed to describe security group: %v", describeGroupOutputErr)
 	}
 
-	securityGroupID := aws.ToString(createGroupOutput.GroupId)
-	fmt.Printf("Created security group with ID: %s\n", securityGroupID)
-
-	// Inbound rules
-	_, err = svc.AuthorizeSecurityGroupIngress(context.TODO(), &ec2.AuthorizeSecurityGroupIngressInput{
-		GroupId: aws.String(securityGroupID),
-		IpPermissions: []types.IpPermission{
-			{
-				IpProtocol: aws.String("tcp"),
-				FromPort:   aws.Int32(22),
-				ToPort:     aws.Int32(22),
-				IpRanges: []types.IpRange{
-					{
-						CidrIp:      aws.String("0.0.0.0/0"),
-						Description: aws.String("Allow SSH access from anywhere"),
+	var securityGroupID string
+
+	if describeGroupOutputErr == nil && len(describeGroupOutput.SecurityGroups) > 0 {
+		// Security group exists, store the GroupId
+		securityGroupID = aws.ToString(describeGroupOutput.SecurityGroups[0].GroupId)
+		fmt.Printf("Security group 'deployr-sg' already exists with ID: %s\n", securityGroupID)
+	} else {
+		// Security group does not exist, create it
+		createGroupOutput, createGroupOutputerr := svc.CreateSecurityGroup(context.TODO(), &ec2.CreateSecurityGroupInput{
+			GroupName:   aws.String("deployr-sg"),
+			Description: aws.String("Security group for deployr instance with SSH, HTTP, and HTTPS access"),
+		})
+		if createGroupOutputerr != nil {
+			log.Fatalf("Failed to create security group: %v", createGroupOutputerr)
+		}
+		securityGroupID = aws.ToString(createGroupOutput.GroupId)
+		fmt.Printf("Created security group with ID: %s\n", securityGroupID)
+
+		// Inbound rules
+
+		_, err := svc.AuthorizeSecurityGroupIngress(context.TODO(), &ec2.AuthorizeSecurityGroupIngressInput{
+			GroupId: aws.String(securityGroupID),
+			IpPermissions: []types.IpPermission{
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int32(22),
+					ToPort:     aws.Int32(22),
+					IpRanges: []types.IpRange{
+						{
+							CidrIp:      aws.String("0.0.0.0/0"),
+							Description: aws.String("Allow SSH access from anywhere"),
+						},
 					},
 				},
-			},
-			{
-				IpProtocol: aws.String("tcp"),
-				FromPort:   aws.Int32(80),
-				ToPort:     aws.Int32(80),
-				IpRanges: []types.IpRange{
-					{
-						CidrIp:      aws.String("0.0.0.0/0"),
-						Description: aws.String("Allow HTTP traffic from anywhere"),
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int32(80),
+					ToPort:     aws.Int32(80),
+					IpRanges: []types.IpRange{
+						{
+							CidrIp:      aws.String("0.0.0.0/0"),
+							Description: aws.String("Allow HTTP traffic from anywhere"),
+						},
 					},
 				},
-			},
-			{
-				IpProtocol: aws.String("tcp"),
-				FromPort:   aws.Int32(443),
-				ToPort:     aws.Int32(443),
-				IpRanges: []types.IpRange{
-					{
-						CidrIp:      aws.String("0.0.0.0/0"),
-						Description: aws.String("Allow HTTPS traffic from anywhere"),
+				{
+					IpProtocol: aws.String("tcp"),
+					FromPort:   aws.Int32(443),
+					ToPort:     aws.Int32(443),
+					IpRanges: []types.IpRange{
+						{
+							CidrIp:      aws.String("0.0.0.0/0"),
+							Description: aws.String("Allow HTTPS traffic from anywhere"),
+						},
 					},
 				},
 			},
-		},
-	})
-	if err != nil {
-		log.Fatalf("Failed to add security group rules: %v", err)
+		})
+
+		if err != nil {
+			log.Fatalf("Failed to add security group rules: %v", err)
+		}
 	}
 
 	runInstanceResp, instanceErr := svc.RunInstances(context.TODO(),
@@ -168,7 +169,7 @@ func main() {
 
 	icsvc := ec2instanceconnect.NewFromConfig(cfg)
 
-	pubkey, _, privKeyPath := utils.Keygen()
+	pubkey, _, privKeyPath := utils.Keygen("ssh", deployrcfg.Domain)
 
 	respp, erroricsvc := icsvc.SendSSHPublicKey(context.TODO(), &ec2instanceconnect.SendSSHPublicKeyInput{
 		InstanceId:     instanceId,
@@ -224,7 +225,9 @@ func main() {
 	}
 	defer session.Close()
 
-	command := fmt.Sprintf(`sudo sh -c 'if [ ! -d /.deployr ]; then mkdir /.deployr; fi && curl -o /.deployr/deployr.sh %s && sudo chmod +x /.deployr/deployr.sh && sudo /bin/bash /.deployr/deployr.sh %s %s %s'`, deployrcfg.DeployrSh, deployrcfg.Target, deployrcfg.Domain, deployrcfg.Email)
+	daemonPub, daemonPriv, _ := utils.Keygen("auth", deployrcfg.Domain)
+
+	command := fmt.Sprintf(`sudo sh -c 'if [ ! -d /.deployr ]; then mkdir /.deployr; fi && curl -o /.deployr/deployr.sh %s && sudo chmod +x /.deployr/deployr.sh && sudo /bin/bash /.deployr/deployr.sh %s %s %s "%s"'`, deployrcfg.DeployrSh, deployrcfg.Target, deployrcfg.Domain, deployrcfg.Email, daemonPub)
 	var b bytes.Buffer
 	session.Stdout = &b
 	if err := session.Run(command); err != nil {
@@ -233,6 +236,8 @@ func main() {
 	fmt.Println(b.String())
 
 	utils.PrintSucesss(deployrcfg.Domain)
+
+	fmt.Println(`Use this private key as the github secret:` + " \n" + daemonPriv)
 }
 
 func GetPublicDNSByInstanceID(ec2Client *ec2.Client, instanceID string) (string, string, error) {