## Install
## See also (http://codeplot.com/documents/3186/edit)
I Installed Ubuntu 8.04 Server 
US Keyboard Layout
Zimbabwe region
If this machine was using an SSD drive configure the paritions so that it has no swap
I did a single partition marked as bootable and setup for the root on EXT3+Journaling
I marked the OpenSSH server as an additional option
I did not set it as a DNS server or Mail Server

## Naming
For baobab we name our computers after trees so I called this one Sapele
I added the default user as baobab

## Reboot and login
hostname datadyne

## Get the stuff you will need (you may want to combine these steps so you can leave the download running)
sudo apt-get update
sudo apt-get install mysql-server nginx build-essential sudo git-core openssl lynx

## At the end you will need to input the mysql root password
In general we create paswords with a hash of the machine name, a common nonce value and some special characters

## Update the ssh for Debian security vulnerability
## If you are running Ubuntu/Debian locally, you should do this on your machine *before*
## You ssh into the server!
sudo apt-get install openssh-client

## Check for vulnerable keys
If you are using 8.04 like me (I think that Intrepid will include this fix by default)
Then you will get a message saying that it is correcting the blacklisted keys
When completed, you should run ssh-vulnkey to make sure your root user is 
Not blacklisted. You should see two keys listed and both should start with 
"Not blacklisted:"
ssh-vulnkey

## Setup users on your server 
sudo adduser --disabled-password deploy 
sudo adduser --system --no-create-home --group --disabled-password www
sudo visudo

## Add to the end of the visudo file (someone needs to add a quick vi how-to here)
deploy  ALL=(ALL) ALL

## As an option you can give the deploy user more freedom if you control the keys carefully:
deploy  ALL=(ALL) NOPASSWD:ALL

## For extra credit, change the defaults in the visudo file to insult people that try to enter passwords
Defaults env_reset, insults

## Back on your local create your public key if you have not done so already
## Read the earlier note on Ubuntu <= 8.04 and openssh-client
## ****** If you have already generated your key ** DO NOT REGENERATE ************
cd 
ssh-keygen -t rsa
Enter file in which to save the key (/home/YOURLOCALUSER/.ssh/id_rsa): <Enter>
Enter passphrase (empty for no passphrase): <Enter>
Enter same passphrase again: <Enter>

## On your local scp your public key up (note that I use the baobab user I created when installing Ubuntu on the server)
## Make sure you copy the id_rsa.pub and not the id_rsa, the id_rsa file is your private key and you want to keep it safe!
## If you don't know your server's ip address, type ifconfig on the server
scp ~/.ssh/id_rsa.pub baobab@YOURSERVERIP:/tmp
password: <Enter your server's baobab user password>

## On the server setup the key for your deploy user (you need to be root)
sudo su
mkdir /home/deploy/.ssh
chmod 700 /home/deploy/.ssh
cat /tmp/id_rsa.pub >> /home/deploy/.ssh/authorized_keys
chmod 600 /home/deploy/.ssh/authorized_keys 
chown -R deploy:deploy /home/deploy/.ssh
exit

## On the server, create the root project folder (our project is called "mateme")
sudo mkdir /var/www/mateme
sudo chown deploy:deploy /var/www/mateme

sudo mkdir /var/www/staging
sudo chown deploy:deploy /var/www/staging

## On the server, setup the database
## We should be calling the database openmrs, with the user openmrs
## The password should be common probably

## ***** IF YOU ARE WORKING WITH AN EXISTING INSTALLATION DO NOT CHANGE THE OPENMRS DATABASE *******
mysql -u root -p
> CREATE DATABASE openmrs;
> GRANT ALL on openmrs.* to 'openmrs' IDENTIFIED BY 'YOURPASS'

## On the server, you need to install RubyEE.
wget http://rubyforge.org/frs/download.php/51101/ruby-enterprise_1.8.6-20090201_i386.deb
sudo dpkg -i ruby-enterprise_1.8.6-20090201_i386.deb
/opt/ruby-enterprise/bin/passenger-install-apache2-module


## On your local, cross your fingers and deploy (cap -T if you want to see all tasks)
## I have noticed that the deploy and deploy:setup tasks rely on each other
## So you have to run cap deploy first and let it fail... 
## then run setup, then run deploy again
cap deploy

## Everytime you will be asked a series of questions:

$ cap deploy
Do you want to stage this deployment? (y/n): y  ## changes the target folder (either /var/www/mateme or /var/www/staging)
Domain you are deploying to (IP Address or Hostname): neno ## I have "neno" in my /etc/hosts point to the server. If you can use an internal address it will save the round trip to the internet
Pull from current machine (192.168.1.111)? (y/n): n ## If the server can see your machine on the network (at the address shown) then do it, this will also save a round trip to the internet
Pull from distributed git repository? (y/n): n ## generally just say no here
Pull from shared github.com (public)? (y/n): n ## This pulls from baobab/mateme on github... not currently in sync with neno
Pull from alternate github.com (public)? (y/n): y ## if you said no to everything else, you need to say yes here
Github Repository (jeffrafter/mateme): cherodney/mateme ## pulls from master on a specific fork... specify the fork as shown

## 






cap deploy:setup
cap deploy

# ------------- Firefox
# READ the firefox README
# If you don't have the firefox daemon it is here https://github.com/baobab/firefox-daemon