Start a minimal project (hello-chillbox)

Follow the below steps after installing chillbox on a local machine. This tutorial will not require access to a server. It is only focused on running some local chillbox commands to render some files and show how some chillbox configuration works.

Tutorial Steps

1. Create Initial `chillbox.toml` File

Create an empty directory on the local machine where chillbox has been installed. Name this empty project directory hello-chillbox for this tutorial. Perform the rest of the commands within this project directory (cd hello-chillbox).
Run the chillbox init command. Note that this will show an ERROR message about a missing configuration file.
Chillbox needs a configuration file. Create a file named chillbox.toml in the project directory. This configuration file will be in the TOML format.
Not all settings are required for the chillbox configuration file. Add only the required ones: "instance", and "archive-directory". Copy and paste the below TOML snippet to the chillbox.toml file.
Create file: chillbox.toml
```
instance = "hello-chillbox"

archive-directory = ".chillbox" (1)
```
1 The directory to use to store the state files among other things. This directory should not be included in source control. It is only useful to the current user.

1.1. Add alice as current user

Run the chillbox init command again. Note that this time it will prompt for the 'current_user' to be set. Enter alice as the current user for this tutorial. After hitting enter it will show another message stating that the current_user has not been added to the chillbox configuration. Do that now by appending the below to the configuration file.
Add to file: chillbox.toml
```
[[user]]
name = "alice" (1)
gpg-key = "alice@hello-chillbox.example" (2)
```
1 The current user is alice for this tutorial.

2 The gpg-key doesn’t need to exist first.
Run the chillbox init command again. This time it will see that a user has been defined and the current user matches it (alice is the current user at this step in the tutorial). Chillbox uses GnuPG to encrypt the private asymmetric key that chillbox will generate. Since your local machine most likely doesn’t already have a GPG key named 'alice@hello-chillbox.example'; it will prompt you to create a new GPG key and set a password on it.

It will also automatically create a private and public ssh key for this user. This is because no 'public_ssh_key' was set for alice in the chillbox configuration file. The private ssh key is encrypted in the chillbox archive directory.

A prompt to set a password for alice will also happen at this point. Only the hash of this password is saved in the chillbox archive directory. It can be used when adding alice to a server.
Persist the password_hash and public_ssh_key that was created for alice. These are stored in the chillbox archive directory and can be viewed by using the jq command or just open the statefile.json in a text editor. Copy these from .chillbox/statefile.json and include them in the chillbox.toml for the alice user.
Update file: chillbox.toml
```
[[user]]
name = "alice"
gpg-key = "alice@hello-chillbox.example"
password_hash = "..." (1)
public_ssh_key = [
   "..." (2)
]
```
1 Copy and paste the '.current_user_data.password_hash' value from ./chillbox/statefile.json

2 Copy and paste the '.current_user_data.public_ssh_key[0]' value from ./chillbox/statefile.json

1.2. Add bob User That Has A Public SSH Key

Add another user named bob to the chillbox.toml. Bob has shared his public ssh key with Alice, so it can also be set here.
Add to file: chillbox.toml
```
[[user]]
name = "bob"
gpg-key = "bob@hello-chillbox.example"
public_ssh_key = "ssh-rsa AAAbbbCCCddd== bob@hello-chillbox.example" (1)
```
1 Not a real public ssh key.

2. Set Secrets Securely

2.1. Add Secrets For Alice

Alice has access to a secret value that will be needed on the server. Add a secret in the chillbox.toml like this.
Add to file: chillbox.toml
```
[[secret]]
id = "favorite_color_for_alice"
name = "FAVORITE_COLOR"
prompt = "What... is your favorite color?"
owner = "alice"
```
Run the chillbox init command again. It will prompt Alice for that secret since she is the current user and the 'owner' is set to alice. After entering the secret value (no characters will be shown); the secret is encrypted and stored in the chillbox archive directory.

2.2. Add Secrets For Another User (Bob)

Bob also has access to a secret that will need to be used on a server. Alice will not need to ask Bob for that secret, but can add a prompt for it in the chillbox.toml. This time the 'owner' will be set to bob. This secret is only valid for a short time and so an 'expires' date is set.
Add to file: chillbox.toml
```
[[secret]]
id = "level_3_lunch_code"
name = "SECRET_LUNCH_CODE"
prompt = "Enter the lunch code for next week:"
owner = "bob"
expires = 2023-11-02 (1)
```
1 This is a date value in TOML

Note that if chillbox init is run again it doesn’t prompt Alice for that secret.

3. Add Environment Variables That Are Not Secret

3.1. Include `env` Section in `chillbox.toml` File

Other values that are not so secretive can be added as environment variables. Add some now by adding an 'env' section and key/values to the chillbox configuration file.
Add to file: chillbox.toml
```
[env]
MENU = "breakfast"
THEME = "funny hats"
```

3.2. Show the Env Values

Chillbox can be used to load up these env variables with the 'output-env' subcommand. The 'output-env' will print out the temporary file that is created. Run this command to display them.

# Show the environment variables set with chillbox.
chillbox output-env | xargs cat

# Show the environment variables and secrets set with chillbox.
chillbox output-env --sensitive | xargs cat

Show the help for more information: chillbox --help output-env

4. Server `user-data` Example

Chillbox is mainly for setting up deployment scripts for servers. Define a 'server' in the chillbox configuration file with a fake 'ip' address for now. A 'server.user-data' section is added with a template file defined. This will be how a user-data script can be created.
Add to file: chillbox.toml
```
[[server]]
ip = "127.0.0.1" (1)
name = "hello-chillbox-example-server"
owner = "alice"

[server.user-data]
template = "tutorial:hello-chillbox-user-data.sh.jinja"
```
1 Using the localhost for the tutorial.

Run the chillbox server-init command to try creating the user-data script for that server. It will show an error since no template file was found. Create that template file now by creating a template-tutorial/ directory and including the below contents to a file named hello-chillbox-user-data.sh.jinja within that directory.

Create file: template-tutorial/hello-chillbox-user-data.sh.jinja

#!/usr/bin/env sh

# Example user-data script for hello-chillbox tutorial.

## Add user and set the password hash
# shellcheck disable=SC2016
id '{{ chillbox_user.name }}' > /dev/null 2> /dev/null \
    || useradd -m -s /usr/bin/bash -p '{{ chillbox_user.password_hash }}' '{{ chillbox_user.name }}'

## Add the user's public ssh key.
mkdir -p '/home/{{ chillbox_user.name }}/.ssh'
cat <<'HERE_PUBLIC_SSH_KEYS' > '/home/{{ chillbox_user.name }}/.ssh/authorized_keys'
{{ chillbox_user["public_ssh_key"] | join('\n') }}
HERE_PUBLIC_SSH_KEYS

chown -R '{{ chillbox_user.name }}' '/home/{{ chillbox_user.name }}/.ssh'
chmod -R 700 '/home/{{ chillbox_user.name }}/.ssh'
chmod -R 644 '/home/{{ chillbox_user.name }}/.ssh/authorized_keys'

Custom templates need to be defined in the chillbox configuration as well. Add a 'template' for the 'tutorial' prefix that will use the template-tutorial/ directory as the 'src' (source).
Add to file: chillbox.toml
```
[[template]]
src = "template-tutorial"
prefix = "tutorial"
```
Run chillbox server-init again. This time it will find that template to use when creating the user-data file. It renders this file with the values found in the environment and saves it to the chillbox archive directory. View the rendered user-data file now with a text editor or with the cat command.
```
cat .chillbox/server/hello-chillbox-example-server/user-data
```
The rendered user-data script will have the necessary commands to add the current user (alice) to the server. This user-data script could be used when provisioning a new server.

5. Upload and Render Other Files

5.1. Set a File To Be Uploaded

Now Alice needs a file to be uploaded to the server. The 'path' for it can be defined in the chillbox configuration file. Create a new directory named 'server-files' and add a file named the-menu.md with the below content.

+ .Create file: server-files/the-menu.md

# Menu for Server

Donuts are no longer on the menu. Sorry.

Add that file as a 'path' to the configuration file.

Add to file: chillbox.toml

[[path]]
id = "server-menu-md"
src = "server-files/the-menu.md"
dest = "/srv/files/the-menu.md"

Running chillbox init again will process all items in 'path' list. Each one will be gzipped and encrypted to the chillbox archive directory under the 'id' attribute. Include the id of the path item to the 'remote-files' of a server for it to be uploaded to that server. This step is not necessary for this tutorial since the server being used doesn’t need to exist.
Update file: chillbox.toml
```
[[server]]
# ... Existing hello-chillbox-example-server
remote-files = [
  "server-menu-md"
]
```

5.2. Render a File From a Template

Path items can also be rendered from a template. Add this jinja file with the name breakfast-menu.md.jinja to the template-tutorial/ directory.
Create file: template-tutorial/breakfast-menu.md.jinja
```
# Breakfast Menu for {{ event_name }}

Our theme for today is: {{ THEME }}.

## The Specials
- Spam
- Eggs
```
Add it as a 'path' with the id of 'breakfast-menu'. The 'src' attribute uses the 'tutorial:' prefix defined for that template entry, so it also needs to set the 'render' attribute to true.
Add to file: chillbox.toml
```
## ... other 'path' items

[[path]]
id = "breakfast-menu"
src = "tutorial:breakfast-menu.md.jinja"
render = true
dest = "/srv/files/breakfast-menu.md"
```
Run the chillbox show breakfast-menu command to see the rendered file. This will print out the temporary directory that has the rendered file in it. Using chillbox show is useful to view the rendered file by the path id before uploading them to a server. These files are always stored in the chillbox archive directory as encrypted gzipped files.
```
# Show the rendered files for 'breakfast-menu' path id.
chillbox show breakfast-menu | xargs ls -R
```
The rendered breakfast-menu.md file will have the THEME variable expanded, but not the event_name. This is because the THEME was set as an 'env' variable which is available to all paths if render is true.
Fix the breakfast-menu path to include event_name variable. This can be done for just this path by adding a 'context' to it. Update the chillbox configuration for the breakfast-menu path.
Update file: chillbox.toml
```
[[path]]
id = "breakfast-menu"
src = "tutorial:breakfast-menu.md.jinja"
render = true
dest = "/srv/files/breakfast-menu.md"
[path.context] (1)
event_name = "Alice and Bob" (2)
```
1 Add a context to the 'breakfast-menu' path.

2 Set event_name so it will expand that variable.

Now running the chillbox show breakfast-menu again will show a new temporary directory with the rendered file. This time it will have all variables expanded.

5.3. Render a File With Secrets

To create a file with a secret value; add the 'sensitive' and 'owner' attributes. Create a new file that Alice will include her 'FAVORITE_COLOR' color secret in.
Create file: template-tutorial/answers.txt.jinja
```
Favorite color for {{ chillbox_path.owner | title }} is: {{ FAVORITE_COLOR }}.
```
And create a new 'path' item:
Add to file: chillbox.toml
```
[[path]]
id = "alice-answers"
src = "tutorial:answers.txt.jinja"
render = true
owner = "alice" (1)
sensitive = true (2)
dest = "/srv/files/alice/answers.txt"
```
1 Only the owner will be prompted for this secret.

2 The sensitive attribute will ensure that the rendered file is encrypted.
Preview it by using the chillbox show alice-answers --sensitive command. The output will be a temporary directory with the rendered answers.txt file in it.

Continue to the next tutorial to Setup a Virtual Machine (VM) on your local computer.

Summary

This tutorial was a somewhat contrived example to create some files for a server. Although what was actually accomplished could have easily been done without using the chillbox commands; the benefits of generating these files and securely storing them can be seen. Chillbox can be used in this way to work with other tools and users.

To further understand how to effectively use chillbox, try simulating how Bob would use this 'hello-chillbox' project if it was checked into version control (git). Make sure to not include the chillbox archive directory (.chillbox/) to version control; that is only useful for the current user.

1	The current user is alice for this tutorial.
2	The gpg-key doesn’t need to exist first.

1	Copy and paste the '.current_user_data.password_hash' value from ./chillbox/statefile.json
2	Copy and paste the '.current_user_data.public_ssh_key[0]' value from ./chillbox/statefile.json

1	Add a context to the 'breakfast-menu' path.
2	Set event_name so it will expand that variable.

1	Only the owner will be prompted for this secret.
2	The sensitive attribute will ensure that the rendered file is encrypted.