ryra 0.9.6

A tool to test and deploy self-hosted services on a Linux server using rootless Podman and systemd. Built-in VM testing gives AI agents fast feedback loops for building infrastructure and deploying apps.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460

//! `ryra configure` with no service argument: edit global preferences
//! (the SMTP relay, the admin email) and then propagate the change into
//! every installed service that renders an env var from it.
//!
//! The editing half writes `preferences.toml`; the propagation half is core's
//! [`ryra_core::reconcile_service`], which re-renders each installed service
//! and surfaces only the env keys driven by global config. This module owns
//! the user-facing flow: collect the edit (flags or prompts), save, show the
//! per-service env diff, let the user pick which services to apply, restart.

use anyhow::{Result, bail};
use console::style;
use dialoguer::{Input, MultiSelect, Select};

use ryra_core::config::ConfigPaths;
use ryra_core::config::schema::{Config, SmtpCredentials, SmtpSecurity};
use ryra_core::{EnvKeyChange, ServiceReconcile};

use super::apply;

/// SMTP transport security, as a typed CLI flag. A `clap::ValueEnum` so
/// `--smtp-security bogus` is rejected at parse time (and `--help` lists the
/// choices) rather than failing in a runtime string match. Maps 1:1 onto the
/// core [`SmtpSecurity`]; kept CLI-side because core carries no clap dep.
#[derive(Debug, Clone, Copy, clap::ValueEnum)]
pub enum SmtpSecurityArg {
    Starttls,
    #[value(name = "force_tls")]
    ForceTls,
    Off,
}

impl SmtpSecurityArg {
    fn to_core(self) -> SmtpSecurity {
        match self {
            SmtpSecurityArg::Starttls => SmtpSecurity::Starttls,
            SmtpSecurityArg::ForceTls => SmtpSecurity::ForceTls,
            SmtpSecurityArg::Off => SmtpSecurity::Off,
        }
    }
}

/// Flags for the no-service (global) form of `ryra configure`. Each SMTP
/// field is individually settable so a script can change one value without
/// restating the rest.
#[derive(Debug, Default, Clone)]
pub struct GlobalFlags {
    pub smtp_host: Option<String>,
    pub smtp_port: Option<u16>,
    pub smtp_username: Option<String>,
    pub smtp_password: Option<String>,
    pub smtp_from: Option<String>,
    pub smtp_security: Option<SmtpSecurityArg>,
    pub admin_email: Option<String>,
    /// Reconcile installed services against the current on-disk config
    /// without editing it (the post-`vim` workflow).
    pub apply: bool,
    pub yes: bool,
    pub dry_run: bool,
}

impl GlobalFlags {
    fn has_smtp_edit(&self) -> bool {
        self.smtp_host.is_some()
            || self.smtp_port.is_some()
            || self.smtp_username.is_some()
            || self.smtp_password.is_some()
            || self.smtp_from.is_some()
            || self.smtp_security.is_some()
    }

    fn has_any_edit(&self) -> bool {
        self.has_smtp_edit() || self.admin_email.is_some()
    }
}

pub async fn run(flags: GlobalFlags) -> Result<()> {
    let paths = ConfigPaths::resolve()?;
    let mut config = ryra_core::config::load_or_default(&paths.config_file)?;
    let had_secrets_before = config.has_secrets();

    // --apply: reconcile installed services against the current
    // preferences.toml without editing it. The on-disk file is already the
    // source of truth (e.g. the user hand-edited it), so there's no edit to
    // make and no snapshot/restore dance: just plan and apply.
    if flags.apply {
        if flags.has_any_edit() {
            bail!(
                "--apply reconciles services against the current config and can't be combined \
                 with edit flags (--smtp-*, --admin-email); drop --apply to edit-and-propagate"
            );
        }
        let plans = collect_plans().await?;
        if plans.is_empty() {
            println!("All services already match the global config - nothing to update.");
            return Ok(());
        }
        println!();
        render_plans(&plans);
        println!();
        if flags.dry_run {
            println!(
                "Dry run: {} service(s) would be updated and restarted. \
                 Re-run without --dry-run to apply.",
                plans.len()
            );
            return Ok(());
        }
        return apply_plans(&plans, flags.yes).await;
    }

    let changed = if flags.has_any_edit() {
        apply_flag_edits(&mut config, &flags)?
    } else if super::is_interactive() {
        edit_interactive(&mut config)?
    } else {
        print_current(&config);
        println!();
        println!(
            "No changes specified. Pass --smtp-host / --smtp-password / --admin-email / … \
             (or run in a terminal to edit interactively)."
        );
        return Ok(());
    };

    if !changed {
        println!("No changes - global config left as-is.");
        return Ok(());
    }

    // Dry run must end fully non-mutating. But `reconcile_service` reads the
    // global config from disk, so to preview propagation we have to make the
    // new values visible: snapshot the file, write the edit, plan, then put
    // the original back. No service steps are executed (planning is pure), so
    // the only transient change is the config file, which we restore.
    if flags.dry_run {
        let existed = paths.config_file.exists();
        let snapshot = if existed {
            Some(std::fs::read(&paths.config_file).map_err(|e| {
                anyhow::anyhow!(
                    "reading {} for dry-run snapshot: {e}",
                    paths.config_file.display()
                )
            })?)
        } else {
            None
        };
        paths.ensure_dirs()?;
        ryra_core::config::save_config(&paths.config_file, &config)?;
        let plans = collect_plans().await;
        // Restore before surfacing any planning error, so a failure can't
        // leave the temporarily-written config behind.
        match &snapshot {
            Some(bytes) => std::fs::write(&paths.config_file, bytes).map_err(|e| {
                anyhow::anyhow!(
                    "restoring {} after dry run: {e}",
                    paths.config_file.display()
                )
            })?,
            None => std::fs::remove_file(&paths.config_file).map_err(|e| {
                anyhow::anyhow!(
                    "removing dry-run temp config {}: {e}",
                    paths.config_file.display()
                )
            })?,
        }
        let plans = plans?;

        println!();
        println!("Would set:");
        print_current(&config);
        if plans.is_empty() {
            println!();
            println!("Dry run: no installed service env vars would change. Nothing was written.");
        } else {
            println!();
            render_plans(&plans);
            println!();
            println!(
                "Dry run: nothing written. {} service(s) would be updated and restarted. \
                 Re-run without --dry-run to apply.",
                plans.len()
            );
        }
        return Ok(());
    }

    paths.ensure_dirs()?;
    ryra_core::config::save_config(&paths.config_file, &config)?;
    println!("  Saved to {}", paths.config_file.display());
    if !had_secrets_before && config.has_secrets() {
        println!(
            "  Note: credentials saved to {} (mode 0600 / do not commit or share).",
            paths.config_file.display()
        );
    }

    propagate(flags.yes).await
}

/// Apply `--smtp-*` / `--admin-email` flag edits onto `config`. Returns true
/// if anything changed. SMTP edits overlay onto the existing relay; creating
/// one from scratch needs at least `--smtp-host`.
fn apply_flag_edits(config: &mut Config, flags: &GlobalFlags) -> Result<bool> {
    let mut changed = false;

    if flags.has_smtp_edit() {
        let mut smtp = match &config.smtp {
            Some(s) => s.clone(),
            None => {
                let host = flags.smtp_host.clone().ok_or_else(|| {
                    anyhow::anyhow!(
                        "no global SMTP relay configured yet - provide at least --smtp-host \
                         (and typically --smtp-from) to create one"
                    )
                })?;
                SmtpCredentials {
                    host,
                    port: 587,
                    username: String::new(),
                    password: String::new(),
                    from: String::new(),
                    security: SmtpSecurity::Starttls,
                }
            }
        };
        if let Some(h) = &flags.smtp_host {
            smtp.host = h.clone();
        }
        if let Some(p) = flags.smtp_port {
            smtp.port = p;
        }
        if let Some(u) = &flags.smtp_username {
            smtp.username = u.clone();
        }
        if let Some(pw) = &flags.smtp_password {
            smtp.password = pw.clone();
        }
        if let Some(f) = &flags.smtp_from {
            smtp.from = f.clone();
        }
        if let Some(sec) = flags.smtp_security {
            smtp.security = sec.to_core();
        }
        if smtp.from.is_empty() {
            smtp.from = format!("noreply@{}", smtp.host);
        }
        config.smtp = Some(smtp);
        changed = true;
    }

    if let Some(email) = &flags.admin_email
        && config.admin_email.as_deref() != Some(email.as_str())
    {
        config.admin_email = Some(email.clone());
        changed = true;
    }

    Ok(changed)
}

/// Interactive global editor: show current state, pick a setting, edit it.
fn edit_interactive(config: &mut Config) -> Result<bool> {
    println!();
    println!("{}", style("Global configuration").bold());
    print_current(config);
    println!();

    let sel = Select::new()
        .with_prompt("Edit which setting?")
        .items(&["SMTP relay", "Admin email", "Cancel"])
        .default(0)
        .interact()?;

    match sel {
        0 => match &config.smtp {
            // Editing an existing relay: pre-fill every field with its
            // current value. Treat an unchanged edit as a no-op so we don't
            // rewrite the config and run a pointless propagation pass.
            Some(existing) => {
                let existing = existing.clone();
                let edited = super::prompts::prompt_smtp_edit(&existing)?;
                let changed = edited != existing;
                config.smtp = Some(edited);
                Ok(changed)
            }
            // No relay yet: the from-scratch setup flow (also offers inbucket).
            None => match super::prompts::prompt_smtp()? {
                super::prompts::SmtpSetupChoice::Custom(smtp) => {
                    config.smtp = Some(smtp);
                    Ok(true)
                }
                super::prompts::SmtpSetupChoice::Inbucket => {
                    config.smtp = Some(SmtpCredentials::inbucket());
                    if !ryra_core::is_service_installed("inbucket") {
                        println!(
                            "  {} inbucket is not installed - run `ryra add inbucket` so mail has somewhere to land.",
                            style("note:").yellow()
                        );
                    }
                    Ok(true)
                }
                super::prompts::SmtpSetupChoice::Skip => Ok(false),
            },
        },
        1 => {
            let current = config.admin_email.clone().unwrap_or_default();
            let email: String = Input::new()
                .with_prompt("Admin email")
                .with_initial_text(current)
                .interact_text()?;
            let email = email.trim();
            if email.is_empty() {
                Ok(false)
            } else {
                config.admin_email = Some(email.to_string());
                Ok(true)
            }
        }
        _ => Ok(false),
    }
}

fn print_current(config: &Config) {
    let smtp = match &config.smtp {
        Some(s) => format!(
            "{}:{} (from {}, {})",
            s.host,
            s.port,
            s.from,
            s.security.as_str()
        ),
        None => "(not configured)".to_string(),
    };
    println!("  SMTP:        {}", style(smtp).cyan());
    println!(
        "  Admin email: {}",
        style(config.admin_email.as_deref().unwrap_or("(not set)")).cyan()
    );
}

/// Reconcile every installed service against the current on-disk global
/// config, keeping only the ones whose env would actually change. A service
/// that fails to reconcile (e.g. an unresolvable registry) is warned about
/// and skipped, not fatal.
async fn collect_plans() -> Result<Vec<ServiceReconcile>> {
    let installed = ryra_core::list_installed()?;
    let mut plans: Vec<ServiceReconcile> = Vec::new();
    for svc in &installed {
        match ryra_core::reconcile_service(&svc.name).await {
            Ok(r) if !r.changes.is_empty() => plans.push(r),
            Ok(_) => {}
            Err(e) => eprintln!("  {} {}: {e}", style("warning:").yellow(), svc.name),
        }
    }
    Ok(plans)
}

/// Print the per-service env diff.
fn render_plans(plans: &[ServiceReconcile]) {
    for p in plans {
        println!("{}", style(&p.service).bold());
        for c in &p.changes {
            print_change(c);
        }
    }
}

/// Re-render every installed service against the just-saved global config,
/// show the per-service env diff, and apply to the ones the user selects.
async fn propagate(yes: bool) -> Result<()> {
    println!();
    println!("Checking installed services for affected env vars…");
    let plans = collect_plans().await?;

    if plans.is_empty() {
        println!("All services already match the global config - nothing to update.");
        return Ok(());
    }

    println!();
    render_plans(&plans);
    println!();

    apply_plans(&plans, yes).await
}

/// Let the user pick which of `plans` to apply (all with `--yes`, an
/// interactive multi-select otherwise, refuse non-interactively without
/// `--yes`), then write each selected service's `.env` and restart it.
async fn apply_plans(plans: &[ServiceReconcile], yes: bool) -> Result<()> {
    let selected: Vec<&ServiceReconcile> = if yes {
        plans.iter().collect()
    } else if super::is_interactive() {
        let labels: Vec<String> = plans
            .iter()
            .map(|p| {
                let n = p.changes.len();
                format!(
                    "{} ({n} env var{})",
                    p.service,
                    if n == 1 { "" } else { "s" }
                )
            })
            .collect();
        let defaults = vec![true; plans.len()];
        let chosen = MultiSelect::new()
            .with_prompt("Update which services? (space toggles, enter confirms)")
            .items(&labels)
            .defaults(&defaults)
            .interact()?;
        chosen.into_iter().filter_map(|i| plans.get(i)).collect()
    } else {
        bail!(
            "non-interactive run without --yes; re-run with --yes to apply to all {} affected \
             service(s), or --dry-run to preview",
            plans.len()
        );
    };

    if selected.is_empty() {
        println!("Nothing selected - no services updated.");
        return Ok(());
    }

    for p in &selected {
        println!();
        println!("Updating {} (restart)…", style(&p.service).bold());
        apply::execute_all(&p.steps).await?;
    }
    println!();
    println!("Done. Updated {} service(s).", selected.len());
    Ok(())
}

fn print_change(c: &EnvKeyChange) {
    let show = |v: &str| {
        if c.secret {
            "••••••".to_string()
        } else {
            v.to_string()
        }
    };
    match &c.from {
        Some(old) => println!(
            "  {} {}: {} {} {}",
            style("~").yellow(),
            c.key,
            style(show(old)).dim(),
            style("").dim(),
            style(show(&c.to)).cyan()
        ),
        None => println!(
            "  {} {}: {} (was: unset)",
            style("+").green().bold(),
            c.key,
            style(show(&c.to)).cyan()
        ),
    }
}