Compare commits
22 commits
developmen
...
for_develo
Author | SHA1 | Date | |
---|---|---|---|
2e20 | 170b6a6c3d | ||
2e20 | 84d61d1f8e | ||
2e20 | 6fc06e88df | ||
2e20 | 63e9fedf62 | ||
2e20 | 922f395881 | ||
2e20 | f734cb439b | ||
2e20 | f972b2625f | ||
2e20 | 1967a627ba | ||
2e20 | 1787d57118 | ||
2e20 | 0fa85b7b43 | ||
2e20 | ef6cff3fa0 | ||
2e20 | f699f5fe31 | ||
2e20 | af8044f7a3 | ||
2e20 | 61111796ba | ||
2e20 | 48be71f4dd | ||
2e20 | 47e1bb3351 | ||
2e20 | 5d4d2d6a62 | ||
2e20 | 253e0f68c0 | ||
2e20 | 359f59bc83 | ||
2e20 | bece765e3b | ||
2e20 | 09e31bbab9 | ||
2e20 | 48bfe66d3e |
31
deploy.py
31
deploy.py
|
@ -2,6 +2,8 @@ from pyinfra import host, local
|
|||
from pyinfra.facts import server
|
||||
from pyinfra.operations import files
|
||||
|
||||
from pyinfra.operations import server as o_server
|
||||
|
||||
if host.name == "@local":
|
||||
home = host.get_fact(server.Home)
|
||||
files.directory(
|
||||
|
@ -23,8 +25,35 @@ if host.name != "@local":
|
|||
files.directory(path=f"{home}/.ssh", mode="700")
|
||||
files.put(src="files/authorized_keys", dest=f"{home}/.ssh/authorized_keys")
|
||||
|
||||
o_server.user(
|
||||
name="Create pyinfra user for logs",
|
||||
user="pyinfra",
|
||||
home="/home/pyinfra/"
|
||||
)
|
||||
|
||||
files.file(
|
||||
name="Create pyinfra log file",
|
||||
path="/var/log/pyinfra.log",
|
||||
user="pyinfra",
|
||||
group="pyinfra",
|
||||
mode="644",
|
||||
# _doas=True,
|
||||
# _sudo=True,
|
||||
)
|
||||
|
||||
## first the hypervisor
|
||||
if host.name == "ararat.0x90.space":
|
||||
local.include("ararat/deploy.py")
|
||||
|
||||
if host.name == "common":
|
||||
local.include("roles/common/deploy.py")
|
||||
|
||||
if host.name == "baixun.0x90.space":
|
||||
local.include("baixun/deploy.py")
|
||||
local.include("roles/baixun/deploy.py")
|
||||
|
||||
if host.name == "matrix":
|
||||
local.include("roles/matrix-synapse/deploy.py")
|
||||
|
||||
if host.name == "www":
|
||||
local.include("roles/www/deploy.py")
|
||||
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODYKtJ2PDZRznfGcpviZl+NVcbgJQYYKGxg8rjJQCQRSW88aJM+jP3v+jFYZ0ZldLd6KoyIitEZI60Nsp/hdEoAAAAEc3NoOg== vmann
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPj/AFy/0NopKemEPZdMVSbWDLxX7b3ksPA1fSfBKr3 2e20
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaV5uQf63sCfXZIT0lt61sOhEYuJHLNNpNQ0ppXFo+/ hagi@tumbleweed.localhost.localdomain
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZYJ91RLXRCQ4ZmdW6ucIltzukQ/k+lDOqlRIYwxNRv missytake@systemli.org
|
||||
|
|
99
files/common/aliases
Normal file
99
files/common/aliases
Normal file
|
@ -0,0 +1,99 @@
|
|||
#
|
||||
# $OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $
|
||||
#
|
||||
# Aliases in this file will NOT be expanded in the header from
|
||||
# Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
|
||||
#
|
||||
# >>>>>>>>>> The program "newaliases" must be run after
|
||||
# >> NOTE >> this file is updated for any changes to
|
||||
# >>>>>>>>>> show through to smtpd.
|
||||
#
|
||||
|
||||
# Basic system aliases -- these MUST be present
|
||||
MAILER-DAEMON: postmaster
|
||||
postmaster: root
|
||||
|
||||
# General redirections for important pseudo accounts
|
||||
daemon: root
|
||||
ftp-bugs: root
|
||||
operator: root
|
||||
www: root
|
||||
|
||||
# Redirections for pseudo accounts that should not receive mail
|
||||
_bgpd: /dev/null
|
||||
_dhcp: /dev/null
|
||||
_dpb: /dev/null
|
||||
_dvmrpd: /dev/null
|
||||
_eigrpd: /dev/null
|
||||
_file: /dev/null
|
||||
_fingerd: /dev/null
|
||||
_ftp: /dev/null
|
||||
_hostapd: /dev/null
|
||||
_identd: /dev/null
|
||||
_iked: /dev/null
|
||||
_isakmpd: /dev/null
|
||||
_iscsid: /dev/null
|
||||
_ldapd: /dev/null
|
||||
_ldpd: /dev/null
|
||||
_mopd: /dev/null
|
||||
_nsd: /dev/null
|
||||
_ntp: /dev/null
|
||||
_ospfd: /dev/null
|
||||
_ospf6d: /dev/null
|
||||
_pbuild: /dev/null
|
||||
_pfetch: /dev/null
|
||||
_pflogd: /dev/null
|
||||
_ping: /dev/null
|
||||
_pkgfetch: /dev/null
|
||||
_pkguntar: /dev/null
|
||||
_portmap: /dev/null
|
||||
_ppp: /dev/null
|
||||
_rad: /dev/null
|
||||
_radiusd: /dev/null
|
||||
_rbootd: /dev/null
|
||||
_relayd: /dev/null
|
||||
_ripd: /dev/null
|
||||
_rstatd: /dev/null
|
||||
_rusersd: /dev/null
|
||||
_rwalld: /dev/null
|
||||
_smtpd: /dev/null
|
||||
_smtpq: /dev/null
|
||||
_sndio: /dev/null
|
||||
_snmpd: /dev/null
|
||||
_spamd: /dev/null
|
||||
_switchd: /dev/null
|
||||
_syslogd: /dev/null
|
||||
_tcpdump: /dev/null
|
||||
_traceroute: /dev/null
|
||||
_tftpd: /dev/null
|
||||
_unbound: /dev/null
|
||||
_unwind: /dev/null
|
||||
_vmd: /dev/null
|
||||
_x11: /dev/null
|
||||
_ypldap: /dev/null
|
||||
bin: /dev/null
|
||||
build: /dev/null
|
||||
nobody: /dev/null
|
||||
_tftp_proxy: /dev/null
|
||||
_ftp_proxy: /dev/null
|
||||
_sndiop: /dev/null
|
||||
_syspatch: /dev/null
|
||||
_slaacd: /dev/null
|
||||
sshd: /dev/null
|
||||
|
||||
# Well-known aliases -- these should be filled in!
|
||||
root: servers@schleuder.0x90.space
|
||||
# manager:
|
||||
# dumper:
|
||||
|
||||
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
|
||||
abuse: root
|
||||
noc: root
|
||||
security: root
|
||||
|
||||
# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
|
||||
hostmaster: root
|
||||
# usenet: root
|
||||
# news: usenet
|
||||
webmaster: root
|
||||
# ftp: root
|
9
files/common/dotssh_config
Normal file
9
files/common/dotssh_config
Normal file
|
@ -0,0 +1,9 @@
|
|||
Host cyberbackup
|
||||
Hostname 192.168.223.3
|
||||
Port 42022
|
||||
User tech
|
||||
|
||||
Host nephilim
|
||||
Hostname 192.168.223.5
|
||||
Port 22
|
||||
User nathan
|
16
files/common/template/hosts
Normal file
16
files/common/template/hosts
Normal file
|
@ -0,0 +1,16 @@
|
|||
127.0.0.1 localhost
|
||||
::1 localhost
|
||||
192.168.45.3 cyberbackup
|
||||
{% for hypervisor in groups['openbsd_hypervisor'] %}
|
||||
192.168.{{ hostvars[hypervisor]['network_nr'] }}.1 {{ hypervisor }}.0x90.space {{ hypervisor }}
|
||||
{{ hostvars[hypervisor]['ip6_prefix'] }}::1 {{ hypervisor }}.0x90.space {{ hypervisor }}
|
||||
{% endfor %}
|
||||
{% for vm in groups['openbsd_vm'] %}
|
||||
{% if destroy is not defined or vm != destroy %}
|
||||
192.168.{{ hostvars[hostvars[vm]['hypervisor']]['network_nr'] }}.{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
|
||||
{{ hostvars[hostvars[vm]['hypervisor']]['ip6_prefix'] }}:fce1:baff:fed0:{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% for machine in groups['vpn_hosts'] %}
|
||||
192.168.{{ hostvars[hostvars[machine]['jumphost']]['vpn_network_nr'] }}.{{ hostvars[machine]['host_nr'] }} {{ machine }}
|
||||
{% endfor %}
|
1
files/common/template/myname
Normal file
1
files/common/template/myname
Normal file
|
@ -0,0 +1 @@
|
|||
{{ inventory_hostname }}.0x90.space
|
15
files/common/template/smtpd.conf
Normal file
15
files/common/template/smtpd.conf
Normal file
|
@ -0,0 +1,15 @@
|
|||
# $OpenBSD: smtpd.conf,v 1.12 2019/07/24 15:31:53 kmos Exp $
|
||||
|
||||
# This is the smtpd server system-wide configuration file.
|
||||
# See smtpd.conf(5) for more information.
|
||||
|
||||
table aliases file:/etc/mail/aliases
|
||||
|
||||
listen on all
|
||||
|
||||
action "local_mail" mbox alias <aliases>
|
||||
action "outbound" relay host "relay.0x90.space"
|
||||
|
||||
match from any for domain "{{ inventory_hostname }}.0x90.space" action "local_mail"
|
||||
match from local for local action "local_mail"
|
||||
match from local for any action "outbound"
|
20
files/matrix-synapse/borgbackup.sh
Normal file
20
files/matrix-synapse/borgbackup.sh
Normal file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/ksh
|
||||
. /etc/borg-env
|
||||
export BORG_REPO=nathan@nephilim:repositories-borg/matrix
|
||||
export BORG_RSH="ssh \
|
||||
-o TCPKeepAlive=no \
|
||||
-o ServerAliveInterval=15 \
|
||||
-o ServerAliveCountMax=10 \
|
||||
-o Compression=no"
|
||||
|
||||
# copy synapse data so that we don't rely on our slow downlink
|
||||
nice -n 19 /usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
|
||||
rcctl stop synapse
|
||||
date
|
||||
/usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
|
||||
sync
|
||||
date
|
||||
rdate time.cloudflare.com
|
||||
rcctl start synapse
|
||||
|
||||
nice -n 19 /usr/local/bin/borg create --stats ::'backup{now:%Y%m%d-%H%M}' /var/synapse-backup /var/postgresql /etc
|
67
files/matrix-synapse/chat.heizhaus.org.log.config
Normal file
67
files/matrix-synapse/chat.heizhaus.org.log.config
Normal file
|
@ -0,0 +1,67 @@
|
|||
# Log configuration for Synapse.
|
||||
#
|
||||
# This is a YAML file containing a standard Python logging configuration
|
||||
# dictionary. See [1] for details on the valid settings.
|
||||
#
|
||||
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
||||
|
||||
version: 1
|
||||
|
||||
formatters:
|
||||
precise:
|
||||
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||
|
||||
handlers:
|
||||
file:
|
||||
class: logging.handlers.TimedRotatingFileHandler
|
||||
formatter: precise
|
||||
filename: /var/synapse/homeserver.log
|
||||
when: midnight
|
||||
backupCount: 3 # Does not include the current log file.
|
||||
encoding: utf8
|
||||
|
||||
# Default to buffering writes to log file for efficiency. This means that
|
||||
# will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
|
||||
# logs will still be flushed immediately.
|
||||
buffer:
|
||||
class: logging.handlers.MemoryHandler
|
||||
target: file
|
||||
# The capacity is the number of log lines that are buffered before
|
||||
# being written to disk. Increasing this will lead to better
|
||||
# performance, at the expensive of it taking longer for log lines to
|
||||
# be written to disk.
|
||||
capacity: 10
|
||||
flushLevel: 30 # Flush for WARNING logs as well
|
||||
|
||||
# A handler that writes logs to stderr. Unused by default, but can be used
|
||||
# instead of "buffer" and "file" in the logger handlers.
|
||||
console:
|
||||
class: logging.StreamHandler
|
||||
formatter: precise
|
||||
|
||||
loggers:
|
||||
synapse.storage.SQL:
|
||||
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||
# information such as access tokens.
|
||||
level: INFO
|
||||
|
||||
twisted:
|
||||
# We send the twisted logging directly to the file handler,
|
||||
# to work around https://github.com/matrix-org/synapse/issues/3471
|
||||
# when using "buffer" logger. Use "console" to log to stderr instead.
|
||||
handlers: [file]
|
||||
propagate: false
|
||||
|
||||
root:
|
||||
level: INFO
|
||||
|
||||
# Write logs to the `buffer` handler, which will buffer them together in memory,
|
||||
# then write them to a file.
|
||||
#
|
||||
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
|
||||
# also need to update the configuation for the `twisted` logger above, in
|
||||
# this case.)
|
||||
#
|
||||
handlers: [buffer]
|
||||
|
||||
disable_existing_loggers: false
|
2
files/matrix-synapse/doas.conf
Normal file
2
files/matrix-synapse/doas.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
#permit root as _synapse
|
||||
permit root as matrix-synapse
|
21
files/matrix-synapse/dotprofile
Normal file
21
files/matrix-synapse/dotprofile
Normal file
|
@ -0,0 +1,21 @@
|
|||
# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
|
||||
#
|
||||
# sh/ksh initialization
|
||||
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin:/usr/local/share/synapse/
|
||||
export PATH
|
||||
: ${HOME='/root'}
|
||||
export HOME
|
||||
umask 022
|
||||
|
||||
case "$-" in
|
||||
*i*) # interactive shell
|
||||
if [ -x /usr/bin/tset ]; then
|
||||
if [ X"$XTERM_VERSION" = X"" ]; then
|
||||
eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
|
||||
else
|
||||
eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
esac
|
2504
files/matrix-synapse/homeserver.yaml
Normal file
2504
files/matrix-synapse/homeserver.yaml
Normal file
File diff suppressed because it is too large
Load diff
35
files/www/config.json
Normal file
35
files/www/config.json
Normal file
|
@ -0,0 +1,35 @@
|
|||
{
|
||||
"default_server_config": {
|
||||
"m.homeserver": {
|
||||
"server_name": "Heizhaus",
|
||||
"base_url": "https://matrix.0x90.space/"
|
||||
}
|
||||
},
|
||||
"brand": "Element",
|
||||
"branding": {
|
||||
"welcomeBackgroundUrl": "heizhaus.jpg",
|
||||
"authHeaderLogoUrl": "heizhaus-logo.png",
|
||||
"authFooterLinks": [
|
||||
{
|
||||
"text": "Homepage",
|
||||
"url": "https://heizhaus.org/"
|
||||
},
|
||||
{
|
||||
"text": "Wiki",
|
||||
"url": "https://wiki.heizhaus.org/"
|
||||
}
|
||||
]
|
||||
},
|
||||
"defaultCountryCode": "DE",
|
||||
"settingDefaults": {
|
||||
"UIFeature.registration": false
|
||||
},
|
||||
"disable_custom_urls": true,
|
||||
"permalinkPrefix": "https://chat.heizhaus.org",
|
||||
"showLabsSettings": true,
|
||||
"roomDirectory": {
|
||||
"servers": [
|
||||
"chat.heizhaus.org"
|
||||
]
|
||||
}
|
||||
}
|
1
files/www/element.sha256
Normal file
1
files/www/element.sha256
Normal file
|
@ -0,0 +1 @@
|
|||
sha256:1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a.
|
BIN
files/www/heizhaus-logo.png
Normal file
BIN
files/www/heizhaus-logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.3 KiB |
BIN
files/www/heizhaus.jpg
Normal file
BIN
files/www/heizhaus.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 304 KiB |
49
files/www/httpd.conf
Normal file
49
files/www/httpd.conf
Normal file
|
@ -0,0 +1,49 @@
|
|||
server "0x90.space" {
|
||||
listen on egress port 80
|
||||
log style forwarded
|
||||
root "/0x90.space"
|
||||
|
||||
tcp { backlog 128 }
|
||||
}
|
||||
|
||||
server "quellcode.0x90.space" {
|
||||
listen on egress port 80
|
||||
log style forwarded
|
||||
root "/quellcode.0x90.space"
|
||||
|
||||
tcp { backlog 128 }
|
||||
}
|
||||
|
||||
server "chat.0x90.space" {
|
||||
listen on egress port 80
|
||||
log style forwarded
|
||||
root "/element"
|
||||
|
||||
location "/.well-known/matrix/*" {
|
||||
root "/matrix"
|
||||
request strip 2
|
||||
default type application/json
|
||||
}
|
||||
|
||||
tcp { backlog 128 }
|
||||
}
|
||||
|
||||
server "chat.heizhaus.org" {
|
||||
listen on egress port 80
|
||||
log style forwarded
|
||||
root "/element"
|
||||
|
||||
location "/.well-known/matrix/*" {
|
||||
root "/matrix"
|
||||
request strip 2
|
||||
default type application/json
|
||||
}
|
||||
|
||||
tcp { backlog 128 }
|
||||
}
|
||||
|
||||
# for php:
|
||||
# directory index "index.php"
|
||||
# location match ".*%.php" {
|
||||
# fastcgi socket "/run/php-fpm.sock"
|
||||
# }
|
6
files/www/matrix_client.json
Normal file
6
files/www/matrix_client.json
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"m.homeserver": {
|
||||
"base_url": "https://matrix.0x90.space/"
|
||||
}
|
||||
}
|
||||
|
4
files/www/matrix_server.json
Normal file
4
files/www/matrix_server.json
Normal file
|
@ -0,0 +1,4 @@
|
|||
{
|
||||
"m.server": "matrix.0x90.space:443"
|
||||
}
|
||||
|
|
@ -1,5 +1,8 @@
|
|||
targets = [
|
||||
"@local",
|
||||
("ararat.0x90.space", dict(ssh_port=42022)),
|
||||
("common", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||
("baixun.0x90.space", dict(ssh_port=42023)),
|
||||
("matrix", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||
("www", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||
]
|
||||
|
|
92
roles/common/deploy.py
Normal file
92
roles/common/deploy.py
Normal file
|
@ -0,0 +1,92 @@
|
|||
from pyinfra import host
|
||||
from pyinfra.operations import apt, server, files
|
||||
from pyinfra.facts.server import LinuxName
|
||||
|
||||
files_path = "files/common/"
|
||||
template_path = files_path +"template/"
|
||||
|
||||
## check on which Distribution the script is executed
|
||||
if host.get_fact(LinuxName) == "Debian":
|
||||
|
||||
## update apt repositories
|
||||
apt.update(
|
||||
name="update apt repositories",
|
||||
# _doas=True,
|
||||
# _doas_user="pyinfra",
|
||||
# _sudo=True,
|
||||
# _sudo_user="pyinfra",
|
||||
)
|
||||
|
||||
## install python3
|
||||
apt.packages(
|
||||
name="install python3",
|
||||
packages=["python3"],
|
||||
)
|
||||
|
||||
## install borgbackup
|
||||
apt.packages(
|
||||
name="install borgbackup",
|
||||
packages=["borgbackup"],
|
||||
)
|
||||
|
||||
#elif host.get_fact(LinuxName) == "":
|
||||
else:
|
||||
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
|
||||
exit("exit from matrix-synapse/deploy.py")
|
||||
|
||||
## create /etc/myname
|
||||
myname_path = template_path +"myname"
|
||||
files.put(
|
||||
name="create " +myname_path,
|
||||
src=myname_path,
|
||||
dest="/etc/myname",
|
||||
)
|
||||
|
||||
## disable and stop sndiod
|
||||
service_name = "sndiod"
|
||||
server.service(
|
||||
name="disable and stop sndiod",
|
||||
service=service_name,
|
||||
enabled=False,
|
||||
running=False,
|
||||
)
|
||||
|
||||
## create /root/.ssh/config
|
||||
dotssh_conf_path = files_path +"dotssh_config"
|
||||
files.put(
|
||||
name="create /root/.ssh/config",
|
||||
src=dotssh_conf_path,
|
||||
dest="/root/.ssh/config",
|
||||
)
|
||||
|
||||
# ? when: provision is not defined or inventory_hostname == provision
|
||||
|
||||
## create /etc/hosts
|
||||
hosts_path = template_path +"hosts"
|
||||
files.put(
|
||||
name="create /etc/hosts",
|
||||
src=hosts_path,
|
||||
dest="/etc/hosts",
|
||||
)
|
||||
|
||||
# ? when: destroy is not defined or inventory_hostname != destroy
|
||||
|
||||
# ? - block:
|
||||
|
||||
## copy /etc/mail/aliases
|
||||
aliases_path = files_path +"aliases"
|
||||
files.put(
|
||||
name="copy /etc/mail/aliases",
|
||||
src=aliases_path,
|
||||
dest="/etc/mail/aliases",
|
||||
)
|
||||
|
||||
## create /etc/mail/smtpd.conf
|
||||
smtpd_conf_path = template_path +"smtpd.conf"
|
||||
files.put(
|
||||
name="create /etc/mail/smtpd.conf",
|
||||
src=smtpd_conf_path,
|
||||
dest="/etc/mail/smtpd.conf",
|
||||
)
|
||||
|
||||
# ? when: provision is not defined or inventory_hostname == provision
|
193
roles/matrix-synapse/deploy.py
Normal file
193
roles/matrix-synapse/deploy.py
Normal file
|
@ -0,0 +1,193 @@
|
|||
from pyinfra import host
|
||||
from pyinfra.operations import apt, server, files
|
||||
from pyinfra.facts.server import LinuxName
|
||||
|
||||
files_path = "files/matrix-synapse/"
|
||||
|
||||
## don't exexute on a local mashine
|
||||
if host.name != "@local":
|
||||
|
||||
## edit fstab to set wxallowd
|
||||
'''
|
||||
files.line(
|
||||
name="edit fstab to set wxallowd",
|
||||
path="/etc/fstab",
|
||||
# line="var ffs rw,nodev,",
|
||||
# line="var ffs rw,wxallowed,nodev,",
|
||||
# line="var /var ffs rw,wxallowed,nodev 0 0",
|
||||
# line="var /var ext4 rw,wxallowed,nodev 0 0",
|
||||
)
|
||||
'''
|
||||
|
||||
## change mount option for /var for now
|
||||
'''
|
||||
[matrix] mount: /var: wrong fs type, bad option, bad superblock on var, missing codepage or helper program, or other error.
|
||||
[matrix] dmesg(1) may have more information after failed mount system call.
|
||||
[matrix] Error: executed 0 commands
|
||||
'''
|
||||
'''
|
||||
server.shell(
|
||||
name="change mount option for /var for now",
|
||||
# commands="mount -uo wxallowed /var",
|
||||
commands="mount -o wxallowed /var",
|
||||
)
|
||||
'''
|
||||
|
||||
## check on which Distribution the script is executed
|
||||
if host.get_fact(LinuxName) == "Debian":
|
||||
|
||||
## enable prerelease chanel to install matrix-synapse on Debian
|
||||
server.shell(
|
||||
name="enable prerelease chanel to install matrix-synapse on Debian",
|
||||
commands=["wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg",
|
||||
"echo \"deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main prerelease\" | tee /etc/apt/sources.list.d/matrix-org.list",
|
||||
],
|
||||
)
|
||||
|
||||
## update apt repositories
|
||||
apt.update(
|
||||
name="update apt repositories",
|
||||
# _doas=True,
|
||||
# _doas_user="pyinfra",
|
||||
# _sudo=True,
|
||||
# _sudo_user="pyinfra",
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="install build-essential python3-dev libffi-def python3-pip python3-setuptools sqlite3 libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev as prerequisites for matrix-synapse-py3",
|
||||
packages=["build-essential",
|
||||
"python3-dev",
|
||||
"libffi-dev",
|
||||
"python3-pip",
|
||||
"python3-setuptools",
|
||||
"sqlite3",
|
||||
"libssl-dev",
|
||||
"virtualenv",
|
||||
"libjpeg-dev",
|
||||
"libxslt1-dev",
|
||||
"libicu-dev",
|
||||
],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="install synapse",
|
||||
# packages=["synapse"],
|
||||
packages=["matrix-synapse-py3"],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="install libxml (for link previews)",
|
||||
# packages=["py3-libxml"],
|
||||
packages=["python3-lxml"],
|
||||
)
|
||||
|
||||
apt.packages(
|
||||
name="install opendoas",
|
||||
packages=["opendoas"],
|
||||
)
|
||||
|
||||
# elif host.get_fact(LinuxName) == "":
|
||||
else:
|
||||
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
|
||||
exit("exit from matrix-synapse/deploy.py")
|
||||
|
||||
## copy doas config
|
||||
doas_conf_path = files_path +"doas.conf"
|
||||
files.put(
|
||||
name="copy doas config",
|
||||
src=doas_conf_path,
|
||||
dest="/etc/doas.conf",
|
||||
)
|
||||
|
||||
## generate synapse config
|
||||
server.shell(
|
||||
name="generate synapse config",
|
||||
# commands=["/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --generate-keys --keys-directory /var/synapse",
|
||||
commands=[
|
||||
## --generate-config and --generate-keys can't be in the same line/command
|
||||
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --keys-directory /var/synapse",
|
||||
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-keys --keys-directory /var/synapse",
|
||||
"touch /var/synapse/homeserver.yaml",
|
||||
"cd /var/synapse",
|
||||
],
|
||||
# )
|
||||
|
||||
#!!! change user to _synapse !!!#
|
||||
# _su_user="matrix-synapse",
|
||||
# _su_user="_synapse",
|
||||
)
|
||||
# os.chdir("/var/synapse")
|
||||
|
||||
'''
|
||||
[matrix] This account is currently not available.
|
||||
[matrix] Error: executed 0 commands
|
||||
'''
|
||||
|
||||
# creates="/var/synapse/homeserver.yaml",
|
||||
# chdir="/var/synapse/",
|
||||
# becom_user="_synapse",
|
||||
|
||||
## copy synapse config
|
||||
homeserver_py_path = files_path +"homeserver.yaml"
|
||||
files.put(
|
||||
name="copy synapse config",
|
||||
src=homeserver_py_path,
|
||||
dest="/var/synapse/homeserver.yaml",
|
||||
)
|
||||
|
||||
## copy logging config
|
||||
log_conf_path = files_path + "chat.heizhaus.org.log.config"
|
||||
files.put(
|
||||
name="copy logging config",
|
||||
src=log_conf_path,
|
||||
dest="/var/synapse/chat.heizhaus.org.log.config",
|
||||
)
|
||||
|
||||
## add synapse commands to PATH
|
||||
dotprofile_path = files_path +"dotprofile"
|
||||
files.put(
|
||||
name="add synapse commands to PATH",
|
||||
src=dotprofile_path,
|
||||
dest="/root/.profile",
|
||||
)
|
||||
|
||||
## change owner for /var/synapse
|
||||
# user_name = "_synapse"
|
||||
# group_name = "_synapse"
|
||||
user_name = "matrix-synapse"
|
||||
group_name = "matrix-synapse"
|
||||
server.shell(
|
||||
name="chown -R " +user_name +":" +group_name +" /var/synapse",
|
||||
commands="chown -R " +user_name +":" +group_name +" /var/synapse && chmod -R 0770 /var/synapse",
|
||||
)
|
||||
|
||||
## set server name
|
||||
server_name = "chat.heizhaus.org"
|
||||
files.replace(
|
||||
name="set server name",
|
||||
path="/etc/matrix-synapse/conf.d/server_name.yaml",
|
||||
text="server_name: ",
|
||||
replace="server_name: " +server_name,
|
||||
)
|
||||
|
||||
## enable and restart matrix
|
||||
server.service(
|
||||
name="enable and restart matrix",
|
||||
# service="synapse",
|
||||
service="matrix-synapse.service",
|
||||
enabled=True,
|
||||
restarted=True,
|
||||
)
|
||||
|
||||
# server.shell(
|
||||
# name="enable and restart matrix",
|
||||
# commands="systemctl enable synapse && systemctl restart synapse",
|
||||
# )
|
||||
|
||||
## add synapse backup script
|
||||
backup_sh_path = files_path +"borgbackup.sh"
|
||||
files.put(
|
||||
name="add synapse backup script",
|
||||
src=backup_sh_path,
|
||||
dest="/etc/daily.d/borgbackup.sh"
|
||||
)
|
173
roles/www/deploy.py
Normal file
173
roles/www/deploy.py
Normal file
|
@ -0,0 +1,173 @@
|
|||
from pyinfra import host
|
||||
from pyinfra.operations import apt, server, files
|
||||
from pyinfra.facts.server import LinuxName
|
||||
|
||||
files_path = "files/www/"
|
||||
|
||||
## check on which Distribution the script is executed
|
||||
if host.get_fact(LinuxName) == "Debian":
|
||||
|
||||
## update apt repositories
|
||||
apt.update(
|
||||
name="update apt repositories",
|
||||
# _doas=True,
|
||||
# _doas_user="pyinfra",
|
||||
# _sudo=True,
|
||||
# _sudo_user="pyinfra",
|
||||
)
|
||||
|
||||
## get repository for php7.3 part-1
|
||||
apt.packages(
|
||||
name="get repository for php7.3 part-1",
|
||||
packages=["lsb-release",
|
||||
"apt-transport-https",
|
||||
"ca-certificates",
|
||||
"software-properties-common",
|
||||
],
|
||||
)
|
||||
|
||||
## create /etc/apt/source.list.d/
|
||||
source_list_d_path = "/etc/apt/source.list.d/"
|
||||
files.directory(
|
||||
name="create /etc/apt/source.list.d/",
|
||||
path=source_list_d_path,
|
||||
)
|
||||
|
||||
## get repository for php7.3 part-2
|
||||
server.shell(
|
||||
name="get repository for php7.3 part-2",
|
||||
commands=["wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg",
|
||||
"sh -c 'echo \"deb https://packages.sury.org/php/ $(lsb_release -sc) main\" > /etc/apt/source.list.d/php.list'",
|
||||
"apt update",
|
||||
],
|
||||
)
|
||||
|
||||
## insrall php7.3
|
||||
apt.packages(
|
||||
name="install php7.3 and php-fpm",
|
||||
packages=["php7.3", "php-fpm"],
|
||||
)
|
||||
|
||||
## install apache2 as replacenebt for httpd.service
|
||||
apt.packages(
|
||||
name="install apache2 as replacenebt for httpd.service",
|
||||
packages=["apache2"],
|
||||
)
|
||||
|
||||
# elif host.get_fact(LinuxName) == "":
|
||||
else:
|
||||
print("www deploy.py don't support: \"" + host.get_fact(LinuxName) + "\" yet")
|
||||
exit("exit from www/deploy.py")
|
||||
|
||||
## start the php8.2-fpm.service service
|
||||
#service_name = "php73_fpm"
|
||||
service_name = "php8.2-fpm.service"
|
||||
server.service(
|
||||
name="enable and restart php8.2-fpm.service",
|
||||
service=service_name,
|
||||
enabled=True,
|
||||
running=True,
|
||||
)
|
||||
|
||||
# ? when: phpinstall.changed
|
||||
|
||||
## fetch element tarball
|
||||
url = "https://github.com/vector-im/element-web/releases/download/v1.11.52/element-v1.11.52.tar.gz"
|
||||
dest = "/tmp/element.tar.gz"
|
||||
sha256_checksum = "1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a."
|
||||
checksum_path = "files/www/element.sha256"
|
||||
files.download(
|
||||
name="fetch element tarball",
|
||||
src=url,
|
||||
dest=dest,
|
||||
sha256sum=sha256_checksum,
|
||||
)
|
||||
|
||||
## create /var/www/
|
||||
files.directory(
|
||||
name="create /var/www/",
|
||||
path="/var/www/",
|
||||
)
|
||||
|
||||
## extract element tarball
|
||||
server.shell(
|
||||
name="extract element tarball",
|
||||
commands=["tar xzf /tmp/element.tar.gz -C /var/www/"],
|
||||
)
|
||||
|
||||
## rm -rf /var/www/element
|
||||
server.shell(
|
||||
name="rm -rf /var/www/element",
|
||||
commands=["rm -rf /var/www/element"],
|
||||
)
|
||||
|
||||
## cp -r /var/www/element-v1.11.52 /var/www/element
|
||||
## files.put() seams not to be compatible with directorys
|
||||
element_vers = "element-v1.11.52/"
|
||||
element_path = "/var/www/" +element_vers
|
||||
server.shell(
|
||||
name="cp -r " +element_path +" /var/www/element",
|
||||
commands=["cp -r " +element_path +" /var/www/element"],
|
||||
)
|
||||
|
||||
## copy element config.json
|
||||
element_json_path = files_path +"config.json"
|
||||
files.put(
|
||||
name="copy element config.json",
|
||||
src=element_json_path,
|
||||
dest="/var/www/element/config.json",
|
||||
)
|
||||
|
||||
## copy heizhaus.jpg
|
||||
heizhaus_jpg_path = files_path +"heizhaus.jpg"
|
||||
files.put(
|
||||
name="copy heizhaus.jpg",
|
||||
src=heizhaus_jpg_path,
|
||||
dest="/var/www/element/heizhaus.jpg",
|
||||
)
|
||||
|
||||
## heizhaus-logo.png
|
||||
heizhaus_logo_path = files_path +"heizhaus-logo.png"
|
||||
files.put(
|
||||
name="heizhaus-logo.png",
|
||||
src=heizhaus_logo_path,
|
||||
dest="/var/www/element/heizhaus-logo.png",
|
||||
)
|
||||
|
||||
## mkdir /var/www/matrix
|
||||
files.directory(
|
||||
name="mkdir /var/www/matrix",
|
||||
path="/var/www/matrix",
|
||||
)
|
||||
|
||||
## copy matrix/client
|
||||
matrix_client_json_path = files_path +"matrix_client.json"
|
||||
files.put(
|
||||
name="copy matrix/client",
|
||||
src=matrix_client_json_path,
|
||||
dest="/var/www/matrix/client",
|
||||
)
|
||||
|
||||
## copy matrix/server
|
||||
matrix_server_json_path = files_path +"matrix_server.json"
|
||||
files.put(
|
||||
name="copy matrix/server",
|
||||
src=matrix_server_json_path,
|
||||
dest="/var/www/matrix/server",
|
||||
)
|
||||
|
||||
## copy /etc/httpd.conf
|
||||
httpd_conf_path = files_path +"httpd.conf"
|
||||
files.put(
|
||||
name="copy /etc/httpd.conf",
|
||||
src=httpd_conf_path,
|
||||
dest="/etc/httpd.conf",
|
||||
)
|
||||
|
||||
## start apache2
|
||||
service_name = "apache2"
|
||||
server.service(
|
||||
name="start apache2",
|
||||
service=service_name,
|
||||
running=True,
|
||||
)
|
Loading…
Reference in a new issue