From c94993571cde27fe2a0ff5d212063a5102a1eb79 Mon Sep 17 00:00:00 2001
From: Thomas E Lackey <telackey@bozemanpass.com>
Date: Fri, 20 Nov 2020 14:15:11 -0600
Subject: [PATCH 1/2] fix: add Let's Encrypt support

---
 packages/cli-machine/src/modules/machine.js | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/packages/cli-machine/src/modules/machine.js b/packages/cli-machine/src/modules/machine.js
index 175d3c0dc..972cdd963 100644
--- a/packages/cli-machine/src/modules/machine.js
+++ b/packages/cli-machine/src/modules/machine.js
@@ -56,7 +56,8 @@ export const MachineModule = ({ config }) => {
   const sshKeys = [
     'ec:e0:6b:82:1e:b2:b7:74:a2:c3:1b:b4:3c:6d:72:a0', // David
     'b1:a9:fa:63:0d:60:d5:6c:31:76:37:52:c7:fe:02:0b', // Thomas
-    '5f:82:c0:88:68:41:26:1b:d7:9f:be:82:24:7c:29:e3' // Egor
+    '5f:82:c0:88:68:41:26:1b:d7:9f:be:82:24:7c:29:e3', // Egor
+    '15:f7:37:d4:34:79:38:6d:97:e9:fe:bc:ae:3c:03:ae' // Alex
   ];
 
   return ({
@@ -193,10 +194,11 @@ export const MachineModule = ({ config }) => {
           .option('name', { type: 'string' })
           .option('memory', { type: 'number', default: 4 })
           .option('pin', { type: 'boolean', default: false })
-          .option('cliver', { type: 'string', default: '' }),
+          .option('cliver', { type: 'string', default: '' })
+          .option('letsencrypt', { type: 'boolean', default: false }),
 
         handler: asyncHandler(async () => {
-          const { verbose, pin, cliver, memory } = yargs.argv;
+          const { verbose, pin, cliver, letsencrypt, memory } = yargs.argv;
 
           const session = new DigitalOcean(doAccessToken, 100);
 
@@ -255,7 +257,10 @@ export const MachineModule = ({ config }) => {
            - cp ./conf/systemd/kube.service /etc/systemd/system
            - systemctl enable kube
            - systemctl start kube
+           - if [ "${letsencrypt ? 1 : 0}" = "1" ]; then certbot --apache -d ${boxFullyQualifiedName} -n --agree-tos -m thomas@wireline.io; fi
+           - /etc/init.d/apache2 restart
         `;
+          // TODO(telackey): Replace with organizational email.
 
           // from https://developers.digitalocean.com/documentation/changelog/api-v2/new-size-slugs-for-droplet-plan-changes/
           let sizeSlug = 's-2vcpu-4gb';

From 79e46cb293575c7b786f0ef6d09373103c3af6bb Mon Sep 17 00:00:00 2001
From: Thomas E Lackey <telackey@bozemanpass.com>
Date: Tue, 24 Nov 2020 11:59:33 -0600
Subject: [PATCH 2/2] Add way to specify email

---
 packages/cli-core/env-map.yml               |  4 +++-
 packages/cli-machine/src/modules/machine.js | 11 ++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/packages/cli-core/env-map.yml b/packages/cli-core/env-map.yml
index 80c93755f..c1eee5619 100644
--- a/packages/cli-core/env-map.yml
+++ b/packages/cli-core/env-map.yml
@@ -15,4 +15,6 @@ WIRE_MACHINE_DO_TOKEN:
 WIRE_MACHINE_GITHUB_TOKEN:
   path: services.machine.githubAccessToken
 WIRE_MACHINE_DNS_DOMAIN:
-  path: services.machine.dnsDomain
\ No newline at end of file
+  path: services.machine.dnsDomain
+WIRE_MACHINE_EMAIL:
+  path: services.machine.email
diff --git a/packages/cli-machine/src/modules/machine.js b/packages/cli-machine/src/modules/machine.js
index 972cdd963..ad1e41fd5 100644
--- a/packages/cli-machine/src/modules/machine.js
+++ b/packages/cli-machine/src/modules/machine.js
@@ -50,6 +50,7 @@ const getRecordIdFromName = async (session, domain, name) => {
  */
 export const MachineModule = ({ config }) => {
   const doAccessToken = config.get('services.machine.doAccessToken');
+  const email = config.get('services.machine.email');
   const githubAccessToken = config.get('services.machine.githubAccessToken');
   const dnsDomain = config.get('services.machine.dnsDomain');
   // TODO(dboreham): Get from profile
@@ -195,10 +196,14 @@ export const MachineModule = ({ config }) => {
           .option('memory', { type: 'number', default: 4 })
           .option('pin', { type: 'boolean', default: false })
           .option('cliver', { type: 'string', default: '' })
-          .option('letsencrypt', { type: 'boolean', default: false }),
+          .option('letsencrypt', { type: 'boolean', default: false })
+          .option('email', { type: 'string', default: email }),
 
         handler: asyncHandler(async () => {
-          const { verbose, pin, cliver, letsencrypt, memory } = yargs.argv;
+          const { verbose, pin, cliver, letsencrypt, memory, email } = yargs.argv;
+          if (letsencrypt) {
+            assert(email, '--email is required with --letsencrypt');
+          }
 
           const session = new DigitalOcean(doAccessToken, 100);
 
@@ -257,7 +262,7 @@ export const MachineModule = ({ config }) => {
            - cp ./conf/systemd/kube.service /etc/systemd/system
            - systemctl enable kube
            - systemctl start kube
-           - if [ "${letsencrypt ? 1 : 0}" = "1" ]; then certbot --apache -d ${boxFullyQualifiedName} -n --agree-tos -m thomas@wireline.io; fi
+           - if [ "${letsencrypt ? 1 : 0}" = "1" ]; then certbot --apache -d ${boxFullyQualifiedName} -n --agree-tos -m ${email}; fi
            - /etc/init.d/apache2 restart
         `;
           // TODO(telackey): Replace with organizational email.