Version 1.0.0

.flake8

@@ -0,0 +1,11 @@
+[flake8]
+max-line-length = 88
+extend-ignore = E203,W503
+exclude =
+    .git,
+    __pycache__,
+    build,
+    dist,
+    *.egg-info,
+    .venv,
+    venv

.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: Backend CI
+
+on:
+  push:
+    branches: [ main, develop ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  backend:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11"]
+    steps:
+    - uses: actions/checkout@v4
+    - name: Setup Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v4
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Cache pip
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-pip-${{ hashFiles('backend/pyproject.toml', 'backend/requirements.txt') }}
+        restore-keys: |
+          ${{ runner.os }}-pip-
+    - name: Install dependencies
+      run: |
+        cd backend
+        python -m pip install --upgrade pip
+        pip install -e ".[dev]"
+    - name: Lint with flake8
+      run: |
+        cd backend
+        flake8 app/ tests/
+    - name: Type check with mypy
+      run: |
+        cd backend
+        mypy app/
+    - name: Run tests with coverage
+      run: |
+        cd backend
+        python -m pytest --cov --cov-report=xml --cov-report=term-missing
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v3
+      with:
+        file: ./backend/coverage.xml
+        flags: unittests
+        name: codecov-umbrella
+        fail_ci_if_error: false

.github/workflows/docker.yml

@@ -0,0 +1,38 @@
+name: Docker Build (Backend)
+
+on:
+  push:
+    branches: [ main ]
+    tags: [ 'v*' ]
+
+jobs:
+  build-and-push-backend:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+    - name: Log in to Docker Hub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_PASSWORD }}
+    - name: Extract metadata
+      id: meta
+      uses: docker/metadata-action@v5
+      with:
+        images: yourusername/deploymate-backend
+        tags: |
+          type=ref,event=branch
+          type=ref,event=pr
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+    - name: Build and push backend
+      uses: docker/build-push-action@v5
+      with:
+        context: ./backend
+        file: ./backend/Dockerfile
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}

.gitignore

@@ -0,0 +1,151 @@
+# Byte-compiled / optimized / DLL files
+__pycache__/
+*.py[cod]
+*$py.class
+
+# C extensions
+*.so
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+#  Usually these files are written by a python script from a template
+#  before PyInstaller builds the exe, so as to inject date/other infos into it.
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff:
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Flask stuff:
+instance/
+.webassets-cache
+
+# Scrapy stuff:
+.scrapy
+
+# Sphinx documentation
+docs/_build/
+
+# PyBuilder
+target/
+
+# Jupyter Notebook
+.ipynb_checkpoints
+
+# IPython
+profile_default/
+ipython_config.py
+
+# pyenv
+.python-version
+
+# pipenv
+#   According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
+#   However, in case of collaboration, if having platform-specific dependencies or dependencies
+#   having no cross-platform support, pipenv may install dependencies that don't work, or not
+#   install all needed dependencies.
+#Pipfile.lock
+
+# PEP 582; used by e.g. github.com/David-OConnor/pyflow
+__pypackages__/
+
+# Celery stuff
+celerybeat-schedule
+celerybeat.pid
+
+# SageMath parsed files
+*.sage.py
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# Spyder project settings
+.spyderproject
+.spyproject
+
+# Rope project settings
+.ropeproject
+
+# mkdocs documentation
+/site
+
+# mypy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Pyre type checker
+.pyre/
+
+# Application specific
+logs/
+generated/
+*.log
+server.log
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+.DS_Store?
+._*
+.Spotlight-V100
+.Trashes
+ehthumbs.db
+Thumbs.db

Dockerfile

@@ -0,0 +1,27 @@
+# Backend Dockerfile
+FROM python:3.11-slim
+
+WORKDIR /app
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Copy requirements and install Python dependencies
+COPY requirements.txt .
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Copy application code
+COPY . .
+
+# Create non-root user
+RUN useradd --create-home --shell /bin/bash app \
+    && chown -R app:app /app
+USER app
+
+# Expose port
+EXPOSE 8000
+
+# Run the application
+CMD ["python", "main.py"]

Makefile

@@ -0,0 +1,48 @@
+# DevOps Toolkit - Backend Makefile
+
+.PHONY: help install install-dev test test-cov lint type-check clean run format check all
+
+help: ## Show this help message
+	@echo "Available commands:"
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "  %-15s %s\n", $$1, $$2}'
+
+install: ## Install production dependencies
+	pip install -e .
+
+install-dev: ## Install development dependencies
+	pip install -e ".[dev]"
+
+test: ## Run tests
+	python -m pytest
+
+test-cov: ## Run tests with coverage
+	python -m pytest --cov --cov-report=term-missing --cov-report=html
+
+lint: ## Run linting
+	flake8 app/ tests/
+
+type-check: ## Run type checking
+	mypy app/
+
+format: ## Format code with black and isort
+	black app/ tests/
+	isort app/ tests/
+
+check: ## Run all checks (lint, type-check, test)
+	$(MAKE) lint
+	$(MAKE) type-check
+	$(MAKE) test
+
+clean: ## Clean up generated files
+	find . -type f -name "*.pyc" -delete
+	find . -type d -name "__pycache__" -delete
+	find . -type d -name "*.egg-info" -exec rm -rf {} +
+	rm -rf .coverage htmlcov/ .pytest_cache/ .mypy_cache/
+
+run: ## Run the application
+	python run.py
+
+run-dev: ## Run the application in development mode with auto-reload
+	uvicorn app.main:app --reload --host 0.0.0.0 --port 8000
+
+all: install-dev check ## Install dev dependencies and run all checks

Procfile

@@ -0,0 +1 @@
+web: python main.py

README.md

@@ -0,0 +1,44 @@
+# DeployMate Backend
+
+This is the backend service for DeployMate, built with FastAPI.
+
+## Features
+- RESTful API with FastAPI
+- Automated testing, linting, and type checking via GitHub Actions
+- Docker support for containerized deployment
+
+## Development
+
+### Setup
+1. Create and activate a virtual environment:
+   ```bash
+   python3 -m venv venv
+   source venv/bin/activate
+   ```
+2. Install dependencies:
+   ```bash
+   pip install -e .[dev]
+   ```
+3. Run the development server:
+   ```bash
+   uvicorn app.main:app --reload
+   ```
+
+### Testing
+Run all tests:
+```bash
+pytest
+```
+
+### Linting & Type Checking
+```bash
+flake8 app/ tests/
+mypy app/
+```
+
+### Docker
+Build and run with Docker:
+```bash
+docker build -t deploymate-backend .
+docker run -p 8000:8000 deploymate-backend
+```

app/__init__.py

@@ -0,0 +1,3 @@
+"""
+DevOps Toolkit API - FastAPI app for generating VPS setup scripts and nginx configs.
+"""

app/api/deps.py

@@ -0,0 +1,41 @@
+"""
+Dependency injection functions for the DevOps Toolkit API.
+"""
+
+import jinja2
+
+from app.core.config import settings
+from app.core.logging import logger
+from app.services.devops import DevOpsService
+
+# Jinja2 environment for template rendering
+template_env = jinja2.Environment(
+    loader=jinja2.FileSystemLoader(settings.templates_dir),
+    trim_blocks=True,
+    lstrip_blocks=True,
+    autoescape=True,
+    cache_size=0,  # Disable template caching to allow live reloading
+)
+
+# Service instance
+devops_service = DevOpsService(template_env, settings, logger)
+
+
+def get_settings():
+    """Get application settings."""
+    return settings
+
+
+def get_template_env() -> jinja2.Environment:
+    """Get Jinja2 template environment."""
+    return template_env
+
+
+def get_logger():
+    """Get application logger."""
+    return logger
+
+
+def get_devops_service() -> DevOpsService:
+    """Get DevOps service instance."""
+    return devops_service

app/api/routes/nginx.py

@@ -0,0 +1,66 @@
+"""
+API routes for nginx configuration generation.
+"""
+
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException, Request, status
+
+from app.api.deps import get_devops_service, get_logger, get_settings
+from app.core.security import limiter
+from app.models.schemas import ConfigState, GeneratedFiles
+
+router = APIRouter()
+
+
+@router.post("/generate-nginx-config", response_model=GeneratedFiles)
+@limiter.limit("10/minute")
+async def generate_nginx_config(
+    request: Request,
+    config: ConfigState,
+    service=Depends(get_devops_service),
+    settings=Depends(get_settings),
+    logger=Depends(get_logger),
+):
+    """Generate nginx configuration based on stack type."""
+    client_ip = request.client.host if request.client else "unknown"
+    logger.info(
+        f"Nginx config generation request from {client_ip} for {config.stackType}"
+    )
+
+    try:
+        # Generate unique filename
+        script_id = str(uuid.uuid4())[:8]
+
+        # Generate nginx config
+        nginx_config = service.generate_nginx_config(config, script_id)
+        nginx_filename = f"nginx-{script_id}.conf"
+        nginx_path = settings.generated_dir / nginx_filename
+
+        # Ensure generated directory exists
+        nginx_path.parent.mkdir(exist_ok=True)
+
+        # Write nginx config file
+        with open(nginx_path, "w") as f:
+            f.write(nginx_config)
+
+        # Create nginx config URL for frontend
+        nginx_url = f"/download/{nginx_filename}"
+
+        response = GeneratedFiles(
+            script_path="",
+            script_url="",
+            nginx_config_path=str(nginx_path),
+            nginx_url=nginx_url,
+            description="Nginx Configuration for " + config.stackType + " + " +
+                        (config.domain or 'your-domain.com'),
+        )
+
+        return response
+
+    except Exception as e:
+        logger.error(f"Failed to generate nginx config: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to generate nginx config: {str(e)}",
+        )

app/api/routes/scripts.py

@@ -0,0 +1,79 @@
+"""
+API routes for script generation.
+"""
+
+import os
+import uuid
+
+from fastapi import APIRouter, Depends, HTTPException, Request, status
+
+from app.api.deps import get_devops_service, get_logger, get_settings
+from app.core.security import limiter
+from app.models.schemas import ConfigState, GeneratedFiles
+
+router = APIRouter()
+
+
+@router.post("/generate-script", response_model=GeneratedFiles)
+@limiter.limit("10/minute")
+async def generate_script(
+    request: Request,
+    config: ConfigState,
+    service=Depends(get_devops_service),
+    settings=Depends(get_settings),
+    logger=Depends(get_logger),
+):
+    """Generate a VPS setup script based on configuration."""
+    client_ip = request.client.host if request.client else "unknown"
+    logger.info(f"Script generation request from {client_ip} for {config.stackType}")
+
+    try:
+        # Generate unique filename
+        script_id = str(uuid.uuid4())[:8]
+
+        # Generate bash script
+        script_content = service.generate_bash_script(config, script_id)
+        script_filename = f"setup-{script_id}.sh"
+        script_path = settings.generated_dir / script_filename
+
+        # Ensure generated directory exists
+        script_path.parent.mkdir(exist_ok=True)
+
+        # Write script file
+        with open(script_path, "w") as f:
+            f.write(script_content)
+
+        # Make script executable
+        os.chmod(script_path, 0o755)
+
+        # Create script URL for frontend
+        script_url = f"/download/{script_filename}"
+
+        response = GeneratedFiles(
+            script_path=str(script_path),
+            script_url=script_url,
+            description="VPS Setup Script for " + config.stackType +
+                        " + " + config.webServer + " + " +
+                        (config.database or "No Database"),
+        )
+
+        # Generate nginx config if web server is selected
+        if config.webServer and config.webServer != "none":
+            nginx_config = service.generate_nginx_config(config, script_id)
+            nginx_filename = f"nginx-{script_id}.conf"
+            nginx_path = settings.generated_dir / nginx_filename
+
+            with open(nginx_path, "w") as f:
+                f.write(nginx_config)
+
+            response.nginx_config_path = str(nginx_path)
+            response.nginx_url = f"/download/{nginx_filename}"
+
+        return response
+
+    except Exception as e:
+        logger.error(f"Failed to generate script: {str(e)}")
+        raise HTTPException(
+            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+            detail=f"Failed to generate script: {str(e)}",
+        )

app/core/config.py

@@ -0,0 +1,39 @@
+"""
+Core configuration for the DevOps Toolkit API.
+"""
+
+import os
+from pathlib import Path
+from typing import List
+
+
+class Settings:
+    """Application settings loaded from environment variables."""
+
+    def __init__(self):
+        # Server settings
+        self.host: str = os.getenv("HOST", "0.0.0.0")
+        self.port: int = int(os.getenv("PORT", 8000))
+        self.debug: bool = os.getenv("DEBUG", "false").lower() == "true"
+
+        # Security settings
+        self.allowed_origins: List[str] = os.getenv("ALLOWED_ORIGINS", "*").split(",")
+        self.rate_limit_requests: int = int(os.getenv("RATE_LIMIT_REQUESTS", 10))
+
+        # Logging settings
+        self.log_level: str = os.getenv("LOG_LEVEL", "INFO")
+
+        # Path settings
+        self.base_dir: Path = Path(__file__).parent.parent
+        self.templates_dir: Path = self.base_dir / "templates"
+        self.generated_dir: Path = self.base_dir.parent / "generated"
+        self.logs_dir: Path = self.base_dir.parent / "logs"
+
+        # Ensure directories exist
+        self.templates_dir.mkdir(exist_ok=True)
+        self.generated_dir.mkdir(exist_ok=True)
+        self.logs_dir.mkdir(exist_ok=True)
+
+
+# Global settings instance
+settings = Settings()

app/core/logging.py

@@ -0,0 +1,41 @@
+"""
+Logging configuration for the DevOps Toolkit API.
+"""
+
+import sys
+
+from loguru import logger as loguru_logger
+
+from app.core.config import settings
+
+
+def setup_logging():
+    """Configure application logging."""
+    # Remove default handler
+    loguru_logger.remove()
+
+    # Add file handler with rotation and retention
+    loguru_logger.add(
+        settings.logs_dir / "devops_toolkit.log",
+        rotation="10 MB",
+        retention="1 week",
+        level=settings.log_level,
+        format="{time:YYYY-MM-DD HH:mm:ss} | {level} | "
+               "{name}:{function}:{line} | {message}",
+        backtrace=True,
+        diagnose=True,
+    )
+
+    # Add console handler
+    loguru_logger.add(
+        sys.stdout,
+        level=settings.log_level,
+        format="{time:YYYY-MM-DD HH:mm:ss} | {level} | {message}",
+        colorize=True,
+    )
+
+    return loguru_logger
+
+
+# Global logger instance
+logger = setup_logging()

app/core/security.py

@@ -0,0 +1,13 @@
+"""
+Security utilities for the DevOps Toolkit API.
+"""
+
+from slowapi import Limiter
+from slowapi.middleware import SlowAPIMiddleware
+from slowapi.util import get_remote_address
+
+# Rate limiter instance
+limiter = Limiter(key_func=get_remote_address)
+
+# Rate limiting middleware
+rate_limit_middleware = SlowAPIMiddleware

app/main.py

@@ -0,0 +1,112 @@
+"""
+Main FastAPI application for DeployMate.
+"""
+
+from contextlib import asynccontextmanager
+
+from fastapi import Depends, FastAPI, HTTPException, Request
+from fastapi.exceptions import RequestValidationError
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.responses import FileResponse, JSONResponse
+from slowapi import _rate_limit_exceeded_handler
+from slowapi.errors import RateLimitExceeded
+
+from app.api.deps import get_logger, get_settings
+from app.api.routes.nginx import router as nginx_router
+from app.api.routes.scripts import router as scripts_router
+from app.core.config import settings
+from app.core.logging import logger
+from app.core.security import limiter, rate_limit_middleware
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    """Application lifespan context manager."""
+    logger.info("Starting DeployMate API")
+    yield
+    logger.info("Shutting down DeployMate API")
+
+
+# Create FastAPI application
+app = FastAPI(
+    title="DeployMate API",
+    version="1.0.0",
+    description="API for generating VPS setup scripts and nginx configurations",
+    lifespan=lifespan,
+)
+
+# Rate limiting
+app.state.limiter = limiter
+app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
+app.add_middleware(rate_limit_middleware)
+
+# CORS middleware
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.allowed_origins,
+    allow_credentials=True,
+    allow_methods=["*"],
+    allow_headers=["*"],
+)
+
+
+# Exception handlers
+@app.exception_handler(RequestValidationError)
+async def validation_exception_handler(request: Request, exc: RequestValidationError):
+    """Handle Pydantic validation errors."""
+    client_ip = request.client.host if request.client else "unknown"
+    errors = []
+    for error in exc.errors():
+        errors.append(
+            {
+                "type": error.get("type"),
+                "loc": error.get("loc"),
+                "msg": error.get("msg"),
+                "input": error.get("input"),
+            }
+        )
+    logger.error(f"Validation error from {client_ip}: {errors}")
+    return JSONResponse(
+        status_code=422,
+        content={"detail": errors},
+    )
+
+
+# Root endpoint
+@app.get("/")
+async def root():
+    """Root endpoint returning API information."""
+    return {
+        "message": "DeployMate API",
+        "version": "1.0.0",
+        "docs": "/docs",
+        "redoc": "/redoc",
+    }
+
+
+# File download endpoint
+@app.get("/download/{filename}")
+async def download_file(
+    filename: str, 
+    request: Request, 
+    settings=Depends(get_settings), 
+    logger=Depends(get_logger)
+):
+    """Download a generated file."""
+    client_ip = request.client.host if request.client else "unknown"
+    logger.info(f"File download request from {client_ip}: {filename}")
+
+    file_path = settings.generated_dir / filename
+    if not file_path.exists():
+        logger.warning(f"File not found: {filename}")
+        raise HTTPException(status_code=404, detail="File not found")
+
+    logger.info(f"Serving file: {filename}")
+    return FileResponse(
+        path=file_path, filename=filename, media_type="application/octet-stream"
+    )
+
+
+# Include API routers
+app.include_router(scripts_router, prefix="/api/v1", tags=["scripts"])
+app.include_router(nginx_router, prefix="/api/v1", tags=["nginx"])

app/models/schemas.py

@@ -0,0 +1,195 @@
+"""
+Pydantic models and schemas for the DevOps Toolkit API.
+"""
+
+import re
+from typing import Optional
+
+from pydantic import BaseModel, field_validator, model_validator
+
+
+class SecurityConfig(BaseModel):
+    """Security configuration options."""
+
+    ufw: bool = True
+    fail2ban: bool = True
+    disableRoot: bool = True
+    autoUpdates: bool = True
+
+
+class AdvancedConfig(BaseModel):
+    """Advanced configuration options."""
+
+    swap: bool = False
+    swapSize: str = "2G"
+    sshKey: str = ""
+    backups: bool = False
+    monitoring: bool = False
+
+
+class ConfigState(BaseModel):
+    """Main configuration state for script generation."""
+
+    stackType: str  # nodejs, python, php, static
+    webServer: str  # nginx, apache
+    database: str  # postgresql, mysql, mongodb, none
+    dbName: str = ""
+    dbUsername: str = ""
+    dbPassword: str = ""
+    domain: Optional[str] = None
+    ssl: bool = False
+    sslEmail: str = ""
+    runtime: str = ""  # 20, 18, 16 for nodejs; 3.11, 3.10 for python; 8.3, 8.2 for php
+    processManager: str = ""  # pm2, systemd, supervisor
+    security: SecurityConfig = SecurityConfig()
+    advanced: AdvancedConfig = AdvancedConfig()
+
+    @field_validator("stackType")
+    @classmethod
+    def validate_stack_type(cls, v):
+        allowed = [
+            "nodejs",
+            "python",
+            "php",
+            "static",
+            "docker",
+            "react",
+            "vue",
+            "angular",
+            "go",
+            "java",
+            "dotnet",
+        ]
+        if v not in allowed:
+            raise ValueError(
+                f'Invalid stack type. Must be one of: {", ".join(allowed)}'
+            )
+        return v
+
+    @field_validator("webServer")
+    @classmethod
+    def validate_web_server(cls, v):
+        if v is None or v == "":
+            return v
+        allowed = [
+            "nginx",
+            "apache",
+            "caddy",
+            "litespeed",
+            "tomcat",
+            "cherokee",
+            "haproxy",
+            "none",
+        ]
+        if v and v not in allowed:
+            raise ValueError(
+                f'Invalid web server. Must be one of: {", ".join(allowed)}'
+            )
+        return v
+
+    @field_validator("database")
+    @classmethod
+    def validate_database(cls, v):
+        allowed = [
+            "postgresql",
+            "mysql",
+            "mariadb",
+            "mongodb",
+            "redis",
+            "cassandra",
+            "couchdb",
+            "sqlite",
+            "elasticsearch",
+            "none",
+        ]
+        if v and v not in allowed:
+            raise ValueError(f'Invalid database. Must be one of: {", ".join(allowed)}')
+        return v
+
+    @field_validator("processManager")
+    @classmethod
+    def validate_process_manager(cls, v):
+        allowed = ["pm2", "systemd", "supervisor", "docker-compose", "none"]
+        if v and v not in allowed:
+            raise ValueError(
+                f'Invalid process manager. Must be one of: {", ".join(allowed)}'
+            )
+        return v
+
+    @field_validator("domain")
+    @classmethod
+    def validate_domain(cls, v):
+        if v and not re.match(
+            r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$", v
+        ):
+            raise ValueError("Invalid domain format")
+        return v
+
+    @model_validator(mode="after")
+    def validate_database_credentials(self):
+        # Databases that require credentials
+        dbs_requiring_creds = ["postgresql", "mysql", "mariadb", "mongodb"]
+
+        if self.database in dbs_requiring_creds:
+            if not self.dbName or self.dbName.strip() == "":
+                raise ValueError("dbName is required for " + self.database)
+            if not self.dbUsername or self.dbUsername.strip() == "":
+                raise ValueError("dbUsername is required for " + self.database)
+            if not self.dbPassword or self.dbPassword.strip() == "":
+                raise ValueError("dbPassword is required for " + self.database)
+            if len(self.dbPassword) < 8:
+                raise ValueError(
+                    "Password must be at least 8 characters for database access"
+                )
+
+        return self
+
+
+class GeneratedFiles(BaseModel):
+    """Response model for generated files."""
+
+    script_path: str
+    script_url: str
+    nginx_config_path: Optional[str] = None
+    nginx_url: Optional[str] = None
+    description: str
+
+
+class NginxConfigRequest(BaseModel):
+    """Request model for nginx configuration generation."""
+
+    stackType: str
+    domain: str
+    ssl: bool = False
+    sslEmail: str = ""
+
+    @field_validator("stackType")
+    @classmethod
+    def validate_stack_type(cls, v):
+        allowed = [
+            "nodejs",
+            "python",
+            "php",
+            "static",
+            "docker",
+            "react",
+            "vue",
+            "angular",
+            "go",
+            "java",
+            "dotnet",
+        ]
+        if v not in allowed:
+            raise ValueError(
+                f'Invalid stack type. Must be one of: {", ".join(allowed)}'
+            )
+        return v
+
+    @field_validator("domain")
+    @classmethod
+    def validate_domain(cls, v):
+        if not re.match(
+            r"^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?\.)+[a-zA-Z]{2,}$", v
+        ):
+            raise ValueError("Invalid domain format")
+        return v

app/services/devops.py

@@ -0,0 +1,203 @@
+"""
+DevOps service for script and configuration generation.
+"""
+
+from typing import Union
+
+from fastapi import HTTPException, status
+from jinja2 import Environment
+
+from app.core.config import Settings
+from app.models.schemas import ConfigState, NginxConfigRequest
+
+
+class DevOpsService:
+    """Service for generating DevOps scripts and configurations."""
+
+    def __init__(self, template_env: Environment, settings: Settings, logger):
+        self.template_env = template_env
+        self.settings = settings
+        self.logger = logger
+
+    def get_script_templates(self, config: ConfigState) -> list[str]:
+        """
+        Determine which templates to include based on configuration.
+        """
+        templates = []
+
+        # Stack type templates
+        stack_map = {
+            "python": "python_setup.j2",
+            "nodejs": "nodejs_setup.j2",
+            "php": "php_setup.j2",
+            "react": "react_setup.j2",
+            "vue": "vue_setup.j2",
+            "angular": "angular_setup.j2",
+            "go": "go_setup.j2",
+            "java": "java_setup.j2",
+            "dotnet": "dotnet_setup.j2",
+            "docker": "docker_setup.j2",
+        }
+
+        if config.stackType in stack_map:
+            templates.append(stack_map[config.stackType])
+
+        # Web server templates
+        web_map = {
+            "nginx": "nginx_setup.j2",
+            "apache": "apache_setup.j2",
+            "caddy": "caddy_setup.j2",
+            "litespeed": "litespeed_setup.j2",
+            "tomcat": "tomcat_setup.j2",
+            "cherokee": "cherokee_setup.j2",
+            "haproxy": "haproxy_setup.j2",
+        }
+
+        if config.webServer and config.webServer != "none":
+            template_name = web_map.get(config.webServer)
+            if template_name:
+                templates.append(template_name)
+
+        # Database templates
+        db_map = {
+            "postgresql": "postgresql_setup.j2",
+            "mysql": "mysql_setup.j2",
+            "mariadb": "mariadb_setup.j2",
+            "mongodb": "mongodb_setup.j2",
+            "redis": "redis_setup.j2",
+        }
+
+        if config.database and config.database != "none":
+            template_name = db_map.get(config.database)
+            if template_name:
+                templates.append(template_name)
+
+        # Process manager templates
+        pm_map = {
+            "pm2": "pm2_setup.j2",
+            "systemd": "systemd_setup.j2",
+            "docker-compose": "docker_compose_setup.j2",
+        }
+
+        if config.processManager and config.processManager != "none":
+            template_name = pm_map.get(config.processManager)
+            if template_name:
+                templates.append(template_name)
+
+        # Security templates
+        if config.security.ufw:
+            templates.append("ufw_setup.j2")
+        if config.security.fail2ban:
+            templates.append("fail2ban_setup.j2")
+        if config.security.disableRoot:
+            templates.append("disable_root_setup.j2")
+        if config.security.autoUpdates:
+            templates.append("auto_updates_setup.j2")
+
+        # Advanced templates
+        if config.advanced.swap:
+            templates.append("swap_setup.j2")
+        if config.advanced.sshKey:
+            templates.append("ssh_key_setup.j2")
+        if config.advanced.backups:
+            templates.append("backups_setup.j2")
+        if config.advanced.monitoring:
+            templates.append("monitoring_setup.j2")
+
+        # SSL template
+        if config.ssl:
+            templates.append("ssl_setup.j2")
+
+        return templates
+
+    def generate_bash_script(self, config: ConfigState, script_id: str) -> str:
+        """
+        Generate a bash script by combining multiple modular templates.
+        """
+        templates = self.get_script_templates(config)
+
+        script_parts = []
+        for template_name in templates:
+            try:
+                # Read template directly from disk to avoid caching issues
+                template_path = self.settings.templates_dir / template_name
+                with open(template_path, 'r', encoding='utf-8') as f:
+                    template_content = f.read()
+
+                # Render using Jinja2 Template directly
+                from jinja2 import Template
+                template = Template(template_content, trim_blocks=True, lstrip_blocks=True)
+                part = template.render(config=config, script_id=script_id)
+                if part.strip():  # Only add non-empty parts
+                    script_parts.append(part)
+            except Exception as e:
+                self.logger.warning(f"Template error for {template_name}: {e}")
+
+        combined_script = "\n\n".join(script_parts)
+
+        # Add header
+        header = f"""#!/bin/bash
+# Generated DevOps Toolkit Script - {script_id}
+# Stack: {config.stackType}
+# Web Server: {config.webServer or 'None'}
+# Database: {config.database or 'None'}
+# Process Manager: {config.processManager or 'None'}
+
+set -e
+
+echo "🚀 Starting server setup..."
+"""
+
+        # Add footer
+        footer = """
+echo "✅ Setup complete! Your server is ready."
+echo "📝 Next steps:"
+echo "  1. Configure your application"
+echo "  2. Upload your code"
+echo "  3. Start your application service"
+"""
+
+        return header + combined_script + footer
+
+    def generate_nginx_config(
+        self, config: Union[ConfigState, NginxConfigRequest], script_id: str
+    ) -> str:
+        """
+        Generate nginx configuration using modular templates.
+        """
+        stack = config.stackType
+
+        # Map stack types to nginx config templates
+        nginx_map = {
+            "python": "nginx/nginx_python.conf.j2",
+            "nodejs": "nginx/nginx_nodejs.conf.j2",
+            "php": "nginx/nginx_php.conf.j2",
+            "react": "nginx/nginx_static.conf.j2",
+            "vue": "nginx/nginx_static.conf.j2",
+            "angular": "nginx/nginx_static.conf.j2",
+            "go": "nginx/nginx_go.conf.j2",
+            "java": "nginx/nginx_java.conf.j2",
+            "dotnet": "nginx/nginx_dotnet.conf.j2",
+            "docker": "nginx/nginx_docker.conf.j2",
+        }
+
+        template_name = nginx_map.get(
+            stack, "nginx/nginx_static.conf.j2"
+        )  # Default to static
+
+        try:
+            # Read template directly from disk to avoid caching issues
+            template_path = self.settings.templates_dir / template_name
+            with open(template_path, 'r', encoding='utf-8') as f:
+                template_content = f.read()
+
+            # Render using Jinja2 Template directly
+            from jinja2 import Template
+            template = Template(template_content, trim_blocks=True, lstrip_blocks=True)
+            return template.render(config=config, script_id=script_id)
+        except Exception as e:
+            self.logger.error(f"Nginx template error for {template_name}: {e}")
+            raise HTTPException(
+                status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                detail=f"Required nginx template {template_name} not found",
+            )

app/templates/angular_setup.j2

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Angular setup script
+
+# Install nvm
+curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
+source ~/.bashrc
+
+# Install latest LTS Node.js
+nvm install --lts
+nvm use --lts

app/templates/apache_setup.j2

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Apache setup script
+
+sudo apt-get update
+sudo apt-get install -y apache2
+
+# Basic Apache config
+cat > /etc/apache2/sites-available/000-default.conf << 'EOF'
+<VirtualHost *:80>
+    DocumentRoot /var/www/html
+    <Directory /var/www/html>
+        AllowOverride All
+        Require all granted
+    </Directory>
+</VirtualHost>
+EOF
+
+sudo systemctl restart apache2

app/templates/auto_updates_setup.j2

@@ -0,0 +1,8 @@
+#!/bin/bash
+# Auto updates setup script
+
+sudo apt-get update
+sudo apt-get install -y unattended-upgrades
+
+# Enable automatic updates
+sudo dpkg-reconfigure --priority=low unattended-upgrades

app/templates/backups_setup.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Backups setup script
+
+# Example: Create a backup of /var/www
+sudo tar -czvf /var/backups/www-backup-$(date +%F).tar.gz /var/www

app/templates/caddy_setup.j2

@@ -0,0 +1,20 @@
+#!/bin/bash
+# Caddy setup script
+
+sudo apt-get update
+sudo apt-get install -y curl
+
+# Install Caddy
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
+curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
+sudo apt-get update
+sudo apt-get install -y caddy
+
+# Basic Caddyfile
+cat > /etc/caddy/Caddyfile << 'EOF'
+:80 {
+    reverse_proxy localhost:3000
+}
+EOF
+
+sudo systemctl restart caddy

app/templates/cherokee_setup.j2

@@ -0,0 +1,8 @@
+#!/bin/bash
+# Cherokee setup script
+
+sudo apt-get update
+sudo apt-get install -y cherokee
+
+sudo systemctl enable cherokee
+sudo systemctl start cherokee

app/templates/disable_root_setup.j2

@@ -0,0 +1,10 @@
+#!/bin/bash
+# Disable root login setup script
+
+# Disable root SSH login
+sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
+sudo systemctl restart sshd
+
+# Create a new user if needed
+# sudo useradd -m -s /bin/bash newuser
+# sudo usermod -aG sudo newuser

app/templates/docker_compose_setup.j2

@@ -0,0 +1,9 @@
+#!/bin/bash
+# Docker Compose setup script
+
+sudo apt-get update
+sudo apt-get install -y docker.io docker-compose
+
+# Enable and start Docker
+sudo systemctl enable docker
+sudo systemctl start docker

app/templates/docker_setup.j2

@@ -0,0 +1,9 @@
+#!/bin/bash
+# Docker setup script
+
+sudo apt-get update
+sudo apt-get install -y docker.io docker-compose
+
+# Enable and start Docker
+sudo systemctl enable docker
+sudo systemctl start docker

app/templates/dotnet_setup.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+# .NET setup script
+
+sudo apt-get update
+sudo apt-get install -y dotnet-sdk-7.0

app/templates/fail2ban_setup.j2

@@ -0,0 +1,8 @@
+#!/bin/bash
+# Fail2Ban setup script
+
+sudo apt-get update
+sudo apt-get install -y fail2ban
+
+sudo systemctl enable fail2ban
+sudo systemctl start fail2ban

app/templates/go_setup.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Go setup script
+
+sudo apt-get update
+sudo apt-get install -y golang

app/templates/haproxy_setup.j2

@@ -0,0 +1,38 @@
+#!/bin/bash
+# HAProxy setup script
+
+sudo apt-get update
+sudo apt-get install -y haproxy
+
+# Basic HAProxy config
+cat > /etc/haproxy/haproxy.cfg << 'EOF'
+global
+    log /dev/log local0
+    log /dev/log local1 notice
+    chroot /var/lib/haproxy
+    stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
+    stats timeout 30s
+    user haproxy
+    group haproxy
+    daemon
+
+defaults
+    log global
+    mode http
+    option httplog
+    option dontlognull
+    timeout connect 5000
+    timeout client 50000
+    timeout server 50000
+
+frontend http_front
+    bind *:80
+    default_backend http_back
+
+backend http_back
+    balance roundrobin
+    server server1 localhost:3000 check
+EOF
+
+sudo systemctl enable haproxy
+sudo systemctl start haproxy

app/templates/java_setup.j2

@@ -0,0 +1,5 @@
+#!/bin/bash
+# Java setup script
+
+sudo apt-get update
+sudo apt-get install -y openjdk-17-jdk

app/templates/litespeed_setup.j2

@@ -0,0 +1,13 @@
+#!/bin/bash
+# LiteSpeed setup script
+
+sudo apt-get update
+sudo apt-get install -y wget
+
+# Download and install LiteSpeed
+wget -O - http://rpms.litespeedtech.com/debian/enable_lst_debian_repo.sh | sudo bash
+sudo apt-get update
+sudo apt-get install -y openlitespeed
+
+sudo systemctl enable lshttpd
+sudo systemctl start lshttpd

app/templates/mariadb_setup.j2

@@ -0,0 +1,16 @@
+#!/bin/bash
+# MariaDB setup script
+
+sudo apt-get update
+sudo apt-get install -y mariadb-server
+
+# Secure installation
+sudo mysql_secure_installation
+
+# Create database and user
+sudo mysql -u root <<EOF
+CREATE DATABASE mydb;
+CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
+GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'@'localhost';
+FLUSH PRIVILEGES;
+EOF

app/templates/mongodb_setup.j2

@@ -0,0 +1,19 @@
+#!/bin/bash
+# MongoDB setup script
+
+sudo apt-get update
+sudo apt-get install -y mongodb
+
+# Start MongoDB
+sudo systemctl enable mongodb
+sudo systemctl start mongodb
+
+# Create database and user
+mongo <<EOF
+use mydb
+ db.createUser({
+   user: "myuser",
+   pwd: "mypassword",
+   roles: [ { role: "readWrite", db: "mydb" } ]
+ })
+EOF

app/templates/monitoring_setup.j2

@@ -0,0 +1,7 @@
+#!/bin/bash
+# Monitoring setup script
+
+sudo apt-get update
+sudo apt-get install -y htop
+
+# For more advanced monitoring, consider installing netdata, prometheus, grafana, etc.

app/templates/mysql_setup.j2

@@ -0,0 +1,16 @@
+#!/bin/bash
+# MySQL setup script
+
+sudo apt-get update
+sudo apt-get install -y mysql-server
+
+# Secure installation
+sudo mysql_secure_installation
+
+# Create database and user
+sudo mysql -u root <<EOF
+CREATE DATABASE mydb;
+CREATE USER 'myuser'@'localhost' IDENTIFIED BY 'mypassword';
+GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'@'localhost';
+FLUSH PRIVILEGES;
+EOF

app/templates/nginx/nginx_docker.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for Docker containers
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '3000' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_dotnet.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for .NET apps
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '5000' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_go.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for Go apps
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '8080' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_java.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for Java apps
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '8080' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_nodejs.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for Node.js apps
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '3000' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_php.conf.j2

@@ -0,0 +1,18 @@
+# Nginx config for PHP apps (PHP, Laravel, WordPress)
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    root {{ config.dir or '/var/www/laravel/public' }};
+    index index.php;
+
+    location / {
+        try_files $uri $uri/ /index.php?$query_string;
+    }
+
+    location ~ \.php$ {
+        include fastcgi_params;
+        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}

app/templates/nginx/nginx_python.conf.j2

@@ -0,0 +1,13 @@
+# Nginx config for Python apps
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ config.port or '8000' }};
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}

app/templates/nginx/nginx_static.conf.j2

@@ -0,0 +1,11 @@
+# Nginx config for static sites (React, Vue, Angular, etc.)
+server {
+    listen 80;
+    server_name {{ config.domain or '_' }};
+    root /var/www/{{ config.domain or 'site' }}/html;
+    index index.html;
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}