Added firewall and cloud instructions

README.md

@@ -33,18 +33,60 @@ There are a few ways to get a Gameeso Server.
 	4. Reboot using `vagrant reload` to be sure your fork is loaded.
 	5. You can now freely edit and push your sources 
 
+##Cloud Options
+Gameeso can run on several cloud providers out of the box. **More provider-support will be added soon!**
+
+###DigitalOcean
+1. Clone this repo if you haven't done already: `git clone -b development https://github.com/Gameeso/openkit-server.git`
+2. Download & install Packer if you haven't done already (see: [packer.io](http://packer.io/))
+3. In your DigitalOcean dashboard, create & copy your client id and API key. You're gonna need those.
+4. In your terminal, cd to the cloud_images/ directory in this repo.
+5. Create a file named 'packer_variables.json'
+	In this file, add the following contents:
+		
+		{
+	      "digitalocean_client_id": "<your client id>",
+	      "digitalocean_api_key": "<your api key>"
+	    }
+		
+	Replace the <> values by your own api key and client id
+
+6. You are now ready to build! Run: `packer build -var-file=packer_variables.json -only=digitalocean packer.io.json`
+7. After a while you have a snapshot named 'Gameeso < random timestap >', which you can use to set up gameeso servers.
+8. After instantiating a snapshot, your server is automatically booted and running at your ip on port: 3000
+
 ##Building your image from source (not needed for development)
 
 If you want to roll your own images, we use a sophisticated automated build system called Packer ([packer.io](packer.io))
 
 1. Download & install Vagrant if you haven't done already (see: [vagrantup.com](http://www.vagrantup.com/))
 	- It needs Vagrant because Packer also will export a Vagrant box for you.
 2. Download & install Packer if you haven't done already (see: [packer.io](http://packer.io/))
-3. Clone this repo if you want done already: `git clone -b development https://github.com/Gameeso/openkit-server.git`
+3. Clone this repo if you haven't done already: `git clone -b development https://github.com/Gameeso/openkit-server.git`
 4. In your terminal, cd to the cloud_images/ directory in this repo.
 5. If you want to build a VirtualBox appliance, run `packer build -only=virtualbox-iso packer.io.json`
 	- Please note that this also will generate a Vagrant box, which you can use in the Installation tutorial.
-6. If you want to build a VMWare appliance (untested), run `packer build -only=vmware-iso packer.io.json`
+6. If you want to build a VMWare appliance (untested), run `packer build -only=vmware-iso packer.io.json`.
+
+##Security
+All Gameeso images have a non-root user to run the server, called "gameeso". It's default password is also gameeso, which is fine for local development, but you might want to change the default password so you can safely ssh into your server when using in production. Fortunately, I took that into account ;)
+
+- **I assume you already have cloned the repo and installed packer**
+- In your terminal, cd to the cloud_images/ directory in this repo.
+- Create (or edit) a file named 'packer_variables.json'
+	In this file, add the following contents:
+		
+		{
+	      "user_password": "<your new password>"
+	    }
+
+- When you now build your image, the default gameeso-user will contain this new password for you to login with.
+
+
+###Other Security notes
+
+MySQL has a default root password 'gameeso'. **This is not a problem.** All Gameeso images are running a firewall (UFW) that only allows you to connect to the following ports: 80, 443, 3000 and 22 for allowing ssh. The MySQL, ftp or other ports are unexposed and thus do not form a threat.
+
 
 ##FAQ
 

cloud_images/Vagrantfile

@@ -34,12 +34,14 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   # If true, then any SSH connections made will enable agent forwarding.
   # Default value: false
   # config.ssh.forward_agent = true
+  config.ssh.username = "gameeso"
 
   # Share an additional folder to the guest VM. The first argument is
   # the path on the host to the actual folder. The second argument is
   # the path on the guest to mount the folder. And the optional third
   # argument is a set of non-required options.
   # config.vm.synced_folder "../data", "/vagrant_data"
+  config.vm.synced_folder "gameeso/", "/var/gameeso"
 
   # Provider-specific configuration so you can fine-tune various
   # backing providers for Vagrant. These expose provider-specific options.

cloud_images/http/preseed.cfg

@@ -17,6 +17,13 @@ d-i partman/confirm boolean true
 d-i partman/confirm_nooverwrite boolean true
 d-i partman/confirm_write_new_label boolean true
 
+# Default user
+d-i passwd/user-fullname string gameeso
+d-i passwd/username string gameeso
+d-i passwd/user-password password gameeso
+d-i passwd/user-password-again password gameeso
+d-i passwd/username string gameeso
+
 # Minimum packages (see postinstall.sh)
 d-i pkgsel/include string openssh-server
 d-i pkgsel/install-language-support boolean false

cloud_images/packer.io.json

@@ -2,22 +2,30 @@
   "provisioners": [
     {
       "type": "shell",
-      "execute_command": "sudo sh '{{.Path}}'",
-      "scripts": [
-        "scripts/setup_default_user.sh"
-      ]
+      "execute_command": "sh '{{.Path}}' {{user `user_password`}}",
+      "override": {
+        "digitalocean": {
+          "scripts": [
+            "scripts/setup_default_user.sh"
+          ]
+        },
+        "virtualbox-iso": {
+          "scripts": [
+            "scripts/dummy.sh"
+          ]
+        },
+        "vmware-iso": {
+          "scripts": [
+            "scripts/dummy.sh"
+          ]
+        }
+      }
     },
     {
       "type": "shell",
       "execute_command": "echo 'gameeso'|sudo -S sh '{{.Path}}'",
       "scripts": [
-        "scripts/install_openkit_server.sh"
-      ]
-    },
-    {
-      "type": "shell",
-      "execute_command": "sh '{{.Path}}'",
-      "scripts": [
+        "scripts/install_openkit_server.sh",
         "scripts/bundle_install_openkit_server.sh"
       ]
     },
@@ -67,14 +75,17 @@
   ],
   "variables": {
     "digitalocean_client_id": "",
-    "digitalocean_api_key": ""
+    "digitalocean_api_key": "",
+    "user_password": "gameeso"
   },
   "builders": [
     {
       "type": "digitalocean",
       "client_id": "{{user `digitalocean_client_id`}}",
       "api_key": "{{user `digitalocean_api_key`}}",
-      "image": "ubuntu-14-04-x64" 
+      "image": "ubuntu-14-04-x64",
+      "droplet_name": "GameesoServer-{{timestamp}}",
+      "snapshot_name": "Gameeso Server {{timestamp}}"
     },
     {
       "type": "virtualbox-iso",

cloud_images/scripts/bundle_install_openkit_server.sh

@@ -1,9 +1,9 @@
-cd /vagrant
+cd /var/gameeso
 git clone -b development https://github.com/Gameeso/openkit-server.git
 cd openkit-server/dashboard
 
 bundle install --path vendor/bundle
 bundle update
-bundle exec bin/rake db:create RAILS_ENV=development
+bundle exec bin/rake db:setup RAILS_ENV=development
 
 start gameeso

cloud_images/scripts/install_openkit_server.sh

@@ -11,15 +11,30 @@ apt-get install -y git mysql-server ruby2.1 ruby2.1-dev mysql-client libmysqlcli
 
 gem install bundle
 
-mkdir -p /vagrant
-chmod 7777 -R /vagrant
+mkdir -p /var/gameeso
+chmod 7777 -R /var/gameeso
+
+cat >/usr/bin/start_gameeso <<EOL
+cd /var/gameeso/openkit-server/dashboard
+bin/rails server
+EOL
+
+chmod a+x /usr/bin/start_gameeso
 
 cat >/etc/init/gameeso.conf <<EOL
 description "Gameeso Game Backend"
  
 start on filesystem or runlevel [2345]
 stop on run level [!2345]
  
-exec start-stop-daemon --start --chuid vagrant --chdir /vagrant/openkit-server/dashboard/ --exec "/vagrant/openkit-server/dashboard/bin/rails" \
-    -- server
-EOL
+exec /usr/bin/start_gameeso
+
+EOL
+
+# Firewall
+echo "Installing firewall"
+ufw enable
+ufw allow 22
+ufw allow 80
+ufw allow 443
+ufw allow 3000

cloud_images/scripts/setup_default_user.sh

@@ -1,3 +1,3 @@
-useradd gameeso
-adduser gameeso sudo
-echo gameeso:gameeso | /usr/sbin/chpasswd
+sudo id -u gameeso &>/dev/null sudo useradd -m gameeso
+sudo adduser gameeso sudo
+sudo echo "gameeso:$1" | /usr/sbin/chpasswd

cloud_images/scripts/vagrant.sh

@@ -1,8 +1,8 @@
 date > /etc/vagrant_box_build_time
 
-mkdir /home/vagrant/.ssh
+mkdir /home/gameeso/.ssh
 wget --no-check-certificate \
     'https://github.com/mitchellh/vagrant/raw/master/keys/vagrant.pub' \
-    -O /home/vagrant/.ssh/authorized_keys
-chown -R vagrant /home/vagrant/.ssh
-chmod -R go-rwsx /home/vagrant/.ssh
+    -O /home/gameeso/.ssh/authorized_keys
+chown -R gameeso /home/gameeso/.ssh
+chmod -R go-rwsx /home/gameeso/.ssh