Compare commits
22 commits
developmen
...
for_develo
Author | SHA1 | Date | |
---|---|---|---|
2e20 | 170b6a6c3d | ||
2e20 | 84d61d1f8e | ||
2e20 | 6fc06e88df | ||
2e20 | 63e9fedf62 | ||
2e20 | 922f395881 | ||
2e20 | f734cb439b | ||
2e20 | f972b2625f | ||
2e20 | 1967a627ba | ||
2e20 | 1787d57118 | ||
2e20 | 0fa85b7b43 | ||
2e20 | ef6cff3fa0 | ||
2e20 | f699f5fe31 | ||
2e20 | af8044f7a3 | ||
2e20 | 61111796ba | ||
2e20 | 48be71f4dd | ||
2e20 | 47e1bb3351 | ||
2e20 | 5d4d2d6a62 | ||
2e20 | 253e0f68c0 | ||
2e20 | 359f59bc83 | ||
2e20 | bece765e3b | ||
2e20 | 09e31bbab9 | ||
2e20 | 48bfe66d3e |
31
deploy.py
31
deploy.py
|
@ -2,6 +2,8 @@ from pyinfra import host, local
|
||||||
from pyinfra.facts import server
|
from pyinfra.facts import server
|
||||||
from pyinfra.operations import files
|
from pyinfra.operations import files
|
||||||
|
|
||||||
|
from pyinfra.operations import server as o_server
|
||||||
|
|
||||||
if host.name == "@local":
|
if host.name == "@local":
|
||||||
home = host.get_fact(server.Home)
|
home = host.get_fact(server.Home)
|
||||||
files.directory(
|
files.directory(
|
||||||
|
@ -23,8 +25,35 @@ if host.name != "@local":
|
||||||
files.directory(path=f"{home}/.ssh", mode="700")
|
files.directory(path=f"{home}/.ssh", mode="700")
|
||||||
files.put(src="files/authorized_keys", dest=f"{home}/.ssh/authorized_keys")
|
files.put(src="files/authorized_keys", dest=f"{home}/.ssh/authorized_keys")
|
||||||
|
|
||||||
|
o_server.user(
|
||||||
|
name="Create pyinfra user for logs",
|
||||||
|
user="pyinfra",
|
||||||
|
home="/home/pyinfra/"
|
||||||
|
)
|
||||||
|
|
||||||
|
files.file(
|
||||||
|
name="Create pyinfra log file",
|
||||||
|
path="/var/log/pyinfra.log",
|
||||||
|
user="pyinfra",
|
||||||
|
group="pyinfra",
|
||||||
|
mode="644",
|
||||||
|
# _doas=True,
|
||||||
|
# _sudo=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
## first the hypervisor
|
||||||
if host.name == "ararat.0x90.space":
|
if host.name == "ararat.0x90.space":
|
||||||
local.include("ararat/deploy.py")
|
local.include("ararat/deploy.py")
|
||||||
|
|
||||||
|
if host.name == "common":
|
||||||
|
local.include("roles/common/deploy.py")
|
||||||
|
|
||||||
if host.name == "baixun.0x90.space":
|
if host.name == "baixun.0x90.space":
|
||||||
local.include("baixun/deploy.py")
|
local.include("roles/baixun/deploy.py")
|
||||||
|
|
||||||
|
if host.name == "matrix":
|
||||||
|
local.include("roles/matrix-synapse/deploy.py")
|
||||||
|
|
||||||
|
if host.name == "www":
|
||||||
|
local.include("roles/www/deploy.py")
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODYKtJ2PDZRznfGcpviZl+NVcbgJQYYKGxg8rjJQCQRSW88aJM+jP3v+jFYZ0ZldLd6KoyIitEZI60Nsp/hdEoAAAAEc3NoOg== vmann
|
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODYKtJ2PDZRznfGcpviZl+NVcbgJQYYKGxg8rjJQCQRSW88aJM+jP3v+jFYZ0ZldLd6KoyIitEZI60Nsp/hdEoAAAAEc3NoOg== vmann
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPj/AFy/0NopKemEPZdMVSbWDLxX7b3ksPA1fSfBKr3 2e20
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPj/AFy/0NopKemEPZdMVSbWDLxX7b3ksPA1fSfBKr3 2e20
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaV5uQf63sCfXZIT0lt61sOhEYuJHLNNpNQ0ppXFo+/ hagi@tumbleweed.localhost.localdomain
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaV5uQf63sCfXZIT0lt61sOhEYuJHLNNpNQ0ppXFo+/ hagi@tumbleweed.localhost.localdomain
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZYJ91RLXRCQ4ZmdW6ucIltzukQ/k+lDOqlRIYwxNRv missytake@systemli.org
|
|
||||||
|
|
99
files/common/aliases
Normal file
99
files/common/aliases
Normal file
|
@ -0,0 +1,99 @@
|
||||||
|
#
|
||||||
|
# $OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $
|
||||||
|
#
|
||||||
|
# Aliases in this file will NOT be expanded in the header from
|
||||||
|
# Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
|
||||||
|
#
|
||||||
|
# >>>>>>>>>> The program "newaliases" must be run after
|
||||||
|
# >> NOTE >> this file is updated for any changes to
|
||||||
|
# >>>>>>>>>> show through to smtpd.
|
||||||
|
#
|
||||||
|
|
||||||
|
# Basic system aliases -- these MUST be present
|
||||||
|
MAILER-DAEMON: postmaster
|
||||||
|
postmaster: root
|
||||||
|
|
||||||
|
# General redirections for important pseudo accounts
|
||||||
|
daemon: root
|
||||||
|
ftp-bugs: root
|
||||||
|
operator: root
|
||||||
|
www: root
|
||||||
|
|
||||||
|
# Redirections for pseudo accounts that should not receive mail
|
||||||
|
_bgpd: /dev/null
|
||||||
|
_dhcp: /dev/null
|
||||||
|
_dpb: /dev/null
|
||||||
|
_dvmrpd: /dev/null
|
||||||
|
_eigrpd: /dev/null
|
||||||
|
_file: /dev/null
|
||||||
|
_fingerd: /dev/null
|
||||||
|
_ftp: /dev/null
|
||||||
|
_hostapd: /dev/null
|
||||||
|
_identd: /dev/null
|
||||||
|
_iked: /dev/null
|
||||||
|
_isakmpd: /dev/null
|
||||||
|
_iscsid: /dev/null
|
||||||
|
_ldapd: /dev/null
|
||||||
|
_ldpd: /dev/null
|
||||||
|
_mopd: /dev/null
|
||||||
|
_nsd: /dev/null
|
||||||
|
_ntp: /dev/null
|
||||||
|
_ospfd: /dev/null
|
||||||
|
_ospf6d: /dev/null
|
||||||
|
_pbuild: /dev/null
|
||||||
|
_pfetch: /dev/null
|
||||||
|
_pflogd: /dev/null
|
||||||
|
_ping: /dev/null
|
||||||
|
_pkgfetch: /dev/null
|
||||||
|
_pkguntar: /dev/null
|
||||||
|
_portmap: /dev/null
|
||||||
|
_ppp: /dev/null
|
||||||
|
_rad: /dev/null
|
||||||
|
_radiusd: /dev/null
|
||||||
|
_rbootd: /dev/null
|
||||||
|
_relayd: /dev/null
|
||||||
|
_ripd: /dev/null
|
||||||
|
_rstatd: /dev/null
|
||||||
|
_rusersd: /dev/null
|
||||||
|
_rwalld: /dev/null
|
||||||
|
_smtpd: /dev/null
|
||||||
|
_smtpq: /dev/null
|
||||||
|
_sndio: /dev/null
|
||||||
|
_snmpd: /dev/null
|
||||||
|
_spamd: /dev/null
|
||||||
|
_switchd: /dev/null
|
||||||
|
_syslogd: /dev/null
|
||||||
|
_tcpdump: /dev/null
|
||||||
|
_traceroute: /dev/null
|
||||||
|
_tftpd: /dev/null
|
||||||
|
_unbound: /dev/null
|
||||||
|
_unwind: /dev/null
|
||||||
|
_vmd: /dev/null
|
||||||
|
_x11: /dev/null
|
||||||
|
_ypldap: /dev/null
|
||||||
|
bin: /dev/null
|
||||||
|
build: /dev/null
|
||||||
|
nobody: /dev/null
|
||||||
|
_tftp_proxy: /dev/null
|
||||||
|
_ftp_proxy: /dev/null
|
||||||
|
_sndiop: /dev/null
|
||||||
|
_syspatch: /dev/null
|
||||||
|
_slaacd: /dev/null
|
||||||
|
sshd: /dev/null
|
||||||
|
|
||||||
|
# Well-known aliases -- these should be filled in!
|
||||||
|
root: servers@schleuder.0x90.space
|
||||||
|
# manager:
|
||||||
|
# dumper:
|
||||||
|
|
||||||
|
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
|
||||||
|
abuse: root
|
||||||
|
noc: root
|
||||||
|
security: root
|
||||||
|
|
||||||
|
# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
|
||||||
|
hostmaster: root
|
||||||
|
# usenet: root
|
||||||
|
# news: usenet
|
||||||
|
webmaster: root
|
||||||
|
# ftp: root
|
9
files/common/dotssh_config
Normal file
9
files/common/dotssh_config
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
Host cyberbackup
|
||||||
|
Hostname 192.168.223.3
|
||||||
|
Port 42022
|
||||||
|
User tech
|
||||||
|
|
||||||
|
Host nephilim
|
||||||
|
Hostname 192.168.223.5
|
||||||
|
Port 22
|
||||||
|
User nathan
|
16
files/common/template/hosts
Normal file
16
files/common/template/hosts
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost
|
||||||
|
192.168.45.3 cyberbackup
|
||||||
|
{% for hypervisor in groups['openbsd_hypervisor'] %}
|
||||||
|
192.168.{{ hostvars[hypervisor]['network_nr'] }}.1 {{ hypervisor }}.0x90.space {{ hypervisor }}
|
||||||
|
{{ hostvars[hypervisor]['ip6_prefix'] }}::1 {{ hypervisor }}.0x90.space {{ hypervisor }}
|
||||||
|
{% endfor %}
|
||||||
|
{% for vm in groups['openbsd_vm'] %}
|
||||||
|
{% if destroy is not defined or vm != destroy %}
|
||||||
|
192.168.{{ hostvars[hostvars[vm]['hypervisor']]['network_nr'] }}.{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
|
||||||
|
{{ hostvars[hostvars[vm]['hypervisor']]['ip6_prefix'] }}:fce1:baff:fed0:{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
{% for machine in groups['vpn_hosts'] %}
|
||||||
|
192.168.{{ hostvars[hostvars[machine]['jumphost']]['vpn_network_nr'] }}.{{ hostvars[machine]['host_nr'] }} {{ machine }}
|
||||||
|
{% endfor %}
|
1
files/common/template/myname
Normal file
1
files/common/template/myname
Normal file
|
@ -0,0 +1 @@
|
||||||
|
{{ inventory_hostname }}.0x90.space
|
15
files/common/template/smtpd.conf
Normal file
15
files/common/template/smtpd.conf
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
# $OpenBSD: smtpd.conf,v 1.12 2019/07/24 15:31:53 kmos Exp $
|
||||||
|
|
||||||
|
# This is the smtpd server system-wide configuration file.
|
||||||
|
# See smtpd.conf(5) for more information.
|
||||||
|
|
||||||
|
table aliases file:/etc/mail/aliases
|
||||||
|
|
||||||
|
listen on all
|
||||||
|
|
||||||
|
action "local_mail" mbox alias <aliases>
|
||||||
|
action "outbound" relay host "relay.0x90.space"
|
||||||
|
|
||||||
|
match from any for domain "{{ inventory_hostname }}.0x90.space" action "local_mail"
|
||||||
|
match from local for local action "local_mail"
|
||||||
|
match from local for any action "outbound"
|
20
files/matrix-synapse/borgbackup.sh
Normal file
20
files/matrix-synapse/borgbackup.sh
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/ksh
|
||||||
|
. /etc/borg-env
|
||||||
|
export BORG_REPO=nathan@nephilim:repositories-borg/matrix
|
||||||
|
export BORG_RSH="ssh \
|
||||||
|
-o TCPKeepAlive=no \
|
||||||
|
-o ServerAliveInterval=15 \
|
||||||
|
-o ServerAliveCountMax=10 \
|
||||||
|
-o Compression=no"
|
||||||
|
|
||||||
|
# copy synapse data so that we don't rely on our slow downlink
|
||||||
|
nice -n 19 /usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
|
||||||
|
rcctl stop synapse
|
||||||
|
date
|
||||||
|
/usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
|
||||||
|
sync
|
||||||
|
date
|
||||||
|
rdate time.cloudflare.com
|
||||||
|
rcctl start synapse
|
||||||
|
|
||||||
|
nice -n 19 /usr/local/bin/borg create --stats ::'backup{now:%Y%m%d-%H%M}' /var/synapse-backup /var/postgresql /etc
|
67
files/matrix-synapse/chat.heizhaus.org.log.config
Normal file
67
files/matrix-synapse/chat.heizhaus.org.log.config
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
# Log configuration for Synapse.
|
||||||
|
#
|
||||||
|
# This is a YAML file containing a standard Python logging configuration
|
||||||
|
# dictionary. See [1] for details on the valid settings.
|
||||||
|
#
|
||||||
|
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
||||||
|
|
||||||
|
version: 1
|
||||||
|
|
||||||
|
formatters:
|
||||||
|
precise:
|
||||||
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
|
||||||
|
|
||||||
|
handlers:
|
||||||
|
file:
|
||||||
|
class: logging.handlers.TimedRotatingFileHandler
|
||||||
|
formatter: precise
|
||||||
|
filename: /var/synapse/homeserver.log
|
||||||
|
when: midnight
|
||||||
|
backupCount: 3 # Does not include the current log file.
|
||||||
|
encoding: utf8
|
||||||
|
|
||||||
|
# Default to buffering writes to log file for efficiency. This means that
|
||||||
|
# will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
|
||||||
|
# logs will still be flushed immediately.
|
||||||
|
buffer:
|
||||||
|
class: logging.handlers.MemoryHandler
|
||||||
|
target: file
|
||||||
|
# The capacity is the number of log lines that are buffered before
|
||||||
|
# being written to disk. Increasing this will lead to better
|
||||||
|
# performance, at the expensive of it taking longer for log lines to
|
||||||
|
# be written to disk.
|
||||||
|
capacity: 10
|
||||||
|
flushLevel: 30 # Flush for WARNING logs as well
|
||||||
|
|
||||||
|
# A handler that writes logs to stderr. Unused by default, but can be used
|
||||||
|
# instead of "buffer" and "file" in the logger handlers.
|
||||||
|
console:
|
||||||
|
class: logging.StreamHandler
|
||||||
|
formatter: precise
|
||||||
|
|
||||||
|
loggers:
|
||||||
|
synapse.storage.SQL:
|
||||||
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
||||||
|
# information such as access tokens.
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
twisted:
|
||||||
|
# We send the twisted logging directly to the file handler,
|
||||||
|
# to work around https://github.com/matrix-org/synapse/issues/3471
|
||||||
|
# when using "buffer" logger. Use "console" to log to stderr instead.
|
||||||
|
handlers: [file]
|
||||||
|
propagate: false
|
||||||
|
|
||||||
|
root:
|
||||||
|
level: INFO
|
||||||
|
|
||||||
|
# Write logs to the `buffer` handler, which will buffer them together in memory,
|
||||||
|
# then write them to a file.
|
||||||
|
#
|
||||||
|
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
|
||||||
|
# also need to update the configuation for the `twisted` logger above, in
|
||||||
|
# this case.)
|
||||||
|
#
|
||||||
|
handlers: [buffer]
|
||||||
|
|
||||||
|
disable_existing_loggers: false
|
2
files/matrix-synapse/doas.conf
Normal file
2
files/matrix-synapse/doas.conf
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
#permit root as _synapse
|
||||||
|
permit root as matrix-synapse
|
21
files/matrix-synapse/dotprofile
Normal file
21
files/matrix-synapse/dotprofile
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
|
||||||
|
#
|
||||||
|
# sh/ksh initialization
|
||||||
|
|
||||||
|
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin:/usr/local/share/synapse/
|
||||||
|
export PATH
|
||||||
|
: ${HOME='/root'}
|
||||||
|
export HOME
|
||||||
|
umask 022
|
||||||
|
|
||||||
|
case "$-" in
|
||||||
|
*i*) # interactive shell
|
||||||
|
if [ -x /usr/bin/tset ]; then
|
||||||
|
if [ X"$XTERM_VERSION" = X"" ]; then
|
||||||
|
eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
|
||||||
|
else
|
||||||
|
eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
2504
files/matrix-synapse/homeserver.yaml
Normal file
2504
files/matrix-synapse/homeserver.yaml
Normal file
File diff suppressed because it is too large
Load diff
35
files/www/config.json
Normal file
35
files/www/config.json
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{
|
||||||
|
"default_server_config": {
|
||||||
|
"m.homeserver": {
|
||||||
|
"server_name": "Heizhaus",
|
||||||
|
"base_url": "https://matrix.0x90.space/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"brand": "Element",
|
||||||
|
"branding": {
|
||||||
|
"welcomeBackgroundUrl": "heizhaus.jpg",
|
||||||
|
"authHeaderLogoUrl": "heizhaus-logo.png",
|
||||||
|
"authFooterLinks": [
|
||||||
|
{
|
||||||
|
"text": "Homepage",
|
||||||
|
"url": "https://heizhaus.org/"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"text": "Wiki",
|
||||||
|
"url": "https://wiki.heizhaus.org/"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"defaultCountryCode": "DE",
|
||||||
|
"settingDefaults": {
|
||||||
|
"UIFeature.registration": false
|
||||||
|
},
|
||||||
|
"disable_custom_urls": true,
|
||||||
|
"permalinkPrefix": "https://chat.heizhaus.org",
|
||||||
|
"showLabsSettings": true,
|
||||||
|
"roomDirectory": {
|
||||||
|
"servers": [
|
||||||
|
"chat.heizhaus.org"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
1
files/www/element.sha256
Normal file
1
files/www/element.sha256
Normal file
|
@ -0,0 +1 @@
|
||||||
|
sha256:1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a.
|
BIN
files/www/heizhaus-logo.png
Normal file
BIN
files/www/heizhaus-logo.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.3 KiB |
BIN
files/www/heizhaus.jpg
Normal file
BIN
files/www/heizhaus.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 304 KiB |
49
files/www/httpd.conf
Normal file
49
files/www/httpd.conf
Normal file
|
@ -0,0 +1,49 @@
|
||||||
|
server "0x90.space" {
|
||||||
|
listen on egress port 80
|
||||||
|
log style forwarded
|
||||||
|
root "/0x90.space"
|
||||||
|
|
||||||
|
tcp { backlog 128 }
|
||||||
|
}
|
||||||
|
|
||||||
|
server "quellcode.0x90.space" {
|
||||||
|
listen on egress port 80
|
||||||
|
log style forwarded
|
||||||
|
root "/quellcode.0x90.space"
|
||||||
|
|
||||||
|
tcp { backlog 128 }
|
||||||
|
}
|
||||||
|
|
||||||
|
server "chat.0x90.space" {
|
||||||
|
listen on egress port 80
|
||||||
|
log style forwarded
|
||||||
|
root "/element"
|
||||||
|
|
||||||
|
location "/.well-known/matrix/*" {
|
||||||
|
root "/matrix"
|
||||||
|
request strip 2
|
||||||
|
default type application/json
|
||||||
|
}
|
||||||
|
|
||||||
|
tcp { backlog 128 }
|
||||||
|
}
|
||||||
|
|
||||||
|
server "chat.heizhaus.org" {
|
||||||
|
listen on egress port 80
|
||||||
|
log style forwarded
|
||||||
|
root "/element"
|
||||||
|
|
||||||
|
location "/.well-known/matrix/*" {
|
||||||
|
root "/matrix"
|
||||||
|
request strip 2
|
||||||
|
default type application/json
|
||||||
|
}
|
||||||
|
|
||||||
|
tcp { backlog 128 }
|
||||||
|
}
|
||||||
|
|
||||||
|
# for php:
|
||||||
|
# directory index "index.php"
|
||||||
|
# location match ".*%.php" {
|
||||||
|
# fastcgi socket "/run/php-fpm.sock"
|
||||||
|
# }
|
6
files/www/matrix_client.json
Normal file
6
files/www/matrix_client.json
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
"m.homeserver": {
|
||||||
|
"base_url": "https://matrix.0x90.space/"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
4
files/www/matrix_server.json
Normal file
4
files/www/matrix_server.json
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
"m.server": "matrix.0x90.space:443"
|
||||||
|
}
|
||||||
|
|
|
@ -1,5 +1,8 @@
|
||||||
targets = [
|
targets = [
|
||||||
"@local",
|
"@local",
|
||||||
("ararat.0x90.space", dict(ssh_port=42022)),
|
("ararat.0x90.space", dict(ssh_port=42022)),
|
||||||
|
("common", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||||
("baixun.0x90.space", dict(ssh_port=42023)),
|
("baixun.0x90.space", dict(ssh_port=42023)),
|
||||||
|
("matrix", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||||
|
("www", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
|
||||||
]
|
]
|
||||||
|
|
92
roles/common/deploy.py
Normal file
92
roles/common/deploy.py
Normal file
|
@ -0,0 +1,92 @@
|
||||||
|
from pyinfra import host
|
||||||
|
from pyinfra.operations import apt, server, files
|
||||||
|
from pyinfra.facts.server import LinuxName
|
||||||
|
|
||||||
|
files_path = "files/common/"
|
||||||
|
template_path = files_path +"template/"
|
||||||
|
|
||||||
|
## check on which Distribution the script is executed
|
||||||
|
if host.get_fact(LinuxName) == "Debian":
|
||||||
|
|
||||||
|
## update apt repositories
|
||||||
|
apt.update(
|
||||||
|
name="update apt repositories",
|
||||||
|
# _doas=True,
|
||||||
|
# _doas_user="pyinfra",
|
||||||
|
# _sudo=True,
|
||||||
|
# _sudo_user="pyinfra",
|
||||||
|
)
|
||||||
|
|
||||||
|
## install python3
|
||||||
|
apt.packages(
|
||||||
|
name="install python3",
|
||||||
|
packages=["python3"],
|
||||||
|
)
|
||||||
|
|
||||||
|
## install borgbackup
|
||||||
|
apt.packages(
|
||||||
|
name="install borgbackup",
|
||||||
|
packages=["borgbackup"],
|
||||||
|
)
|
||||||
|
|
||||||
|
#elif host.get_fact(LinuxName) == "":
|
||||||
|
else:
|
||||||
|
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
|
||||||
|
exit("exit from matrix-synapse/deploy.py")
|
||||||
|
|
||||||
|
## create /etc/myname
|
||||||
|
myname_path = template_path +"myname"
|
||||||
|
files.put(
|
||||||
|
name="create " +myname_path,
|
||||||
|
src=myname_path,
|
||||||
|
dest="/etc/myname",
|
||||||
|
)
|
||||||
|
|
||||||
|
## disable and stop sndiod
|
||||||
|
service_name = "sndiod"
|
||||||
|
server.service(
|
||||||
|
name="disable and stop sndiod",
|
||||||
|
service=service_name,
|
||||||
|
enabled=False,
|
||||||
|
running=False,
|
||||||
|
)
|
||||||
|
|
||||||
|
## create /root/.ssh/config
|
||||||
|
dotssh_conf_path = files_path +"dotssh_config"
|
||||||
|
files.put(
|
||||||
|
name="create /root/.ssh/config",
|
||||||
|
src=dotssh_conf_path,
|
||||||
|
dest="/root/.ssh/config",
|
||||||
|
)
|
||||||
|
|
||||||
|
# ? when: provision is not defined or inventory_hostname == provision
|
||||||
|
|
||||||
|
## create /etc/hosts
|
||||||
|
hosts_path = template_path +"hosts"
|
||||||
|
files.put(
|
||||||
|
name="create /etc/hosts",
|
||||||
|
src=hosts_path,
|
||||||
|
dest="/etc/hosts",
|
||||||
|
)
|
||||||
|
|
||||||
|
# ? when: destroy is not defined or inventory_hostname != destroy
|
||||||
|
|
||||||
|
# ? - block:
|
||||||
|
|
||||||
|
## copy /etc/mail/aliases
|
||||||
|
aliases_path = files_path +"aliases"
|
||||||
|
files.put(
|
||||||
|
name="copy /etc/mail/aliases",
|
||||||
|
src=aliases_path,
|
||||||
|
dest="/etc/mail/aliases",
|
||||||
|
)
|
||||||
|
|
||||||
|
## create /etc/mail/smtpd.conf
|
||||||
|
smtpd_conf_path = template_path +"smtpd.conf"
|
||||||
|
files.put(
|
||||||
|
name="create /etc/mail/smtpd.conf",
|
||||||
|
src=smtpd_conf_path,
|
||||||
|
dest="/etc/mail/smtpd.conf",
|
||||||
|
)
|
||||||
|
|
||||||
|
# ? when: provision is not defined or inventory_hostname == provision
|
193
roles/matrix-synapse/deploy.py
Normal file
193
roles/matrix-synapse/deploy.py
Normal file
|
@ -0,0 +1,193 @@
|
||||||
|
from pyinfra import host
|
||||||
|
from pyinfra.operations import apt, server, files
|
||||||
|
from pyinfra.facts.server import LinuxName
|
||||||
|
|
||||||
|
files_path = "files/matrix-synapse/"
|
||||||
|
|
||||||
|
## don't exexute on a local mashine
|
||||||
|
if host.name != "@local":
|
||||||
|
|
||||||
|
## edit fstab to set wxallowd
|
||||||
|
'''
|
||||||
|
files.line(
|
||||||
|
name="edit fstab to set wxallowd",
|
||||||
|
path="/etc/fstab",
|
||||||
|
# line="var ffs rw,nodev,",
|
||||||
|
# line="var ffs rw,wxallowed,nodev,",
|
||||||
|
# line="var /var ffs rw,wxallowed,nodev 0 0",
|
||||||
|
# line="var /var ext4 rw,wxallowed,nodev 0 0",
|
||||||
|
)
|
||||||
|
'''
|
||||||
|
|
||||||
|
## change mount option for /var for now
|
||||||
|
'''
|
||||||
|
[matrix] mount: /var: wrong fs type, bad option, bad superblock on var, missing codepage or helper program, or other error.
|
||||||
|
[matrix] dmesg(1) may have more information after failed mount system call.
|
||||||
|
[matrix] Error: executed 0 commands
|
||||||
|
'''
|
||||||
|
'''
|
||||||
|
server.shell(
|
||||||
|
name="change mount option for /var for now",
|
||||||
|
# commands="mount -uo wxallowed /var",
|
||||||
|
commands="mount -o wxallowed /var",
|
||||||
|
)
|
||||||
|
'''
|
||||||
|
|
||||||
|
## check on which Distribution the script is executed
|
||||||
|
if host.get_fact(LinuxName) == "Debian":
|
||||||
|
|
||||||
|
## enable prerelease chanel to install matrix-synapse on Debian
|
||||||
|
server.shell(
|
||||||
|
name="enable prerelease chanel to install matrix-synapse on Debian",
|
||||||
|
commands=["wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg",
|
||||||
|
"echo \"deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main prerelease\" | tee /etc/apt/sources.list.d/matrix-org.list",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
## update apt repositories
|
||||||
|
apt.update(
|
||||||
|
name="update apt repositories",
|
||||||
|
# _doas=True,
|
||||||
|
# _doas_user="pyinfra",
|
||||||
|
# _sudo=True,
|
||||||
|
# _sudo_user="pyinfra",
|
||||||
|
)
|
||||||
|
|
||||||
|
apt.packages(
|
||||||
|
name="install build-essential python3-dev libffi-def python3-pip python3-setuptools sqlite3 libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev as prerequisites for matrix-synapse-py3",
|
||||||
|
packages=["build-essential",
|
||||||
|
"python3-dev",
|
||||||
|
"libffi-dev",
|
||||||
|
"python3-pip",
|
||||||
|
"python3-setuptools",
|
||||||
|
"sqlite3",
|
||||||
|
"libssl-dev",
|
||||||
|
"virtualenv",
|
||||||
|
"libjpeg-dev",
|
||||||
|
"libxslt1-dev",
|
||||||
|
"libicu-dev",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
apt.packages(
|
||||||
|
name="install synapse",
|
||||||
|
# packages=["synapse"],
|
||||||
|
packages=["matrix-synapse-py3"],
|
||||||
|
)
|
||||||
|
|
||||||
|
apt.packages(
|
||||||
|
name="install libxml (for link previews)",
|
||||||
|
# packages=["py3-libxml"],
|
||||||
|
packages=["python3-lxml"],
|
||||||
|
)
|
||||||
|
|
||||||
|
apt.packages(
|
||||||
|
name="install opendoas",
|
||||||
|
packages=["opendoas"],
|
||||||
|
)
|
||||||
|
|
||||||
|
# elif host.get_fact(LinuxName) == "":
|
||||||
|
else:
|
||||||
|
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
|
||||||
|
exit("exit from matrix-synapse/deploy.py")
|
||||||
|
|
||||||
|
## copy doas config
|
||||||
|
doas_conf_path = files_path +"doas.conf"
|
||||||
|
files.put(
|
||||||
|
name="copy doas config",
|
||||||
|
src=doas_conf_path,
|
||||||
|
dest="/etc/doas.conf",
|
||||||
|
)
|
||||||
|
|
||||||
|
## generate synapse config
|
||||||
|
server.shell(
|
||||||
|
name="generate synapse config",
|
||||||
|
# commands=["/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --generate-keys --keys-directory /var/synapse",
|
||||||
|
commands=[
|
||||||
|
## --generate-config and --generate-keys can't be in the same line/command
|
||||||
|
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --keys-directory /var/synapse",
|
||||||
|
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-keys --keys-directory /var/synapse",
|
||||||
|
"touch /var/synapse/homeserver.yaml",
|
||||||
|
"cd /var/synapse",
|
||||||
|
],
|
||||||
|
# )
|
||||||
|
|
||||||
|
#!!! change user to _synapse !!!#
|
||||||
|
# _su_user="matrix-synapse",
|
||||||
|
# _su_user="_synapse",
|
||||||
|
)
|
||||||
|
# os.chdir("/var/synapse")
|
||||||
|
|
||||||
|
'''
|
||||||
|
[matrix] This account is currently not available.
|
||||||
|
[matrix] Error: executed 0 commands
|
||||||
|
'''
|
||||||
|
|
||||||
|
# creates="/var/synapse/homeserver.yaml",
|
||||||
|
# chdir="/var/synapse/",
|
||||||
|
# becom_user="_synapse",
|
||||||
|
|
||||||
|
## copy synapse config
|
||||||
|
homeserver_py_path = files_path +"homeserver.yaml"
|
||||||
|
files.put(
|
||||||
|
name="copy synapse config",
|
||||||
|
src=homeserver_py_path,
|
||||||
|
dest="/var/synapse/homeserver.yaml",
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy logging config
|
||||||
|
log_conf_path = files_path + "chat.heizhaus.org.log.config"
|
||||||
|
files.put(
|
||||||
|
name="copy logging config",
|
||||||
|
src=log_conf_path,
|
||||||
|
dest="/var/synapse/chat.heizhaus.org.log.config",
|
||||||
|
)
|
||||||
|
|
||||||
|
## add synapse commands to PATH
|
||||||
|
dotprofile_path = files_path +"dotprofile"
|
||||||
|
files.put(
|
||||||
|
name="add synapse commands to PATH",
|
||||||
|
src=dotprofile_path,
|
||||||
|
dest="/root/.profile",
|
||||||
|
)
|
||||||
|
|
||||||
|
## change owner for /var/synapse
|
||||||
|
# user_name = "_synapse"
|
||||||
|
# group_name = "_synapse"
|
||||||
|
user_name = "matrix-synapse"
|
||||||
|
group_name = "matrix-synapse"
|
||||||
|
server.shell(
|
||||||
|
name="chown -R " +user_name +":" +group_name +" /var/synapse",
|
||||||
|
commands="chown -R " +user_name +":" +group_name +" /var/synapse && chmod -R 0770 /var/synapse",
|
||||||
|
)
|
||||||
|
|
||||||
|
## set server name
|
||||||
|
server_name = "chat.heizhaus.org"
|
||||||
|
files.replace(
|
||||||
|
name="set server name",
|
||||||
|
path="/etc/matrix-synapse/conf.d/server_name.yaml",
|
||||||
|
text="server_name: ",
|
||||||
|
replace="server_name: " +server_name,
|
||||||
|
)
|
||||||
|
|
||||||
|
## enable and restart matrix
|
||||||
|
server.service(
|
||||||
|
name="enable and restart matrix",
|
||||||
|
# service="synapse",
|
||||||
|
service="matrix-synapse.service",
|
||||||
|
enabled=True,
|
||||||
|
restarted=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
# server.shell(
|
||||||
|
# name="enable and restart matrix",
|
||||||
|
# commands="systemctl enable synapse && systemctl restart synapse",
|
||||||
|
# )
|
||||||
|
|
||||||
|
## add synapse backup script
|
||||||
|
backup_sh_path = files_path +"borgbackup.sh"
|
||||||
|
files.put(
|
||||||
|
name="add synapse backup script",
|
||||||
|
src=backup_sh_path,
|
||||||
|
dest="/etc/daily.d/borgbackup.sh"
|
||||||
|
)
|
173
roles/www/deploy.py
Normal file
173
roles/www/deploy.py
Normal file
|
@ -0,0 +1,173 @@
|
||||||
|
from pyinfra import host
|
||||||
|
from pyinfra.operations import apt, server, files
|
||||||
|
from pyinfra.facts.server import LinuxName
|
||||||
|
|
||||||
|
files_path = "files/www/"
|
||||||
|
|
||||||
|
## check on which Distribution the script is executed
|
||||||
|
if host.get_fact(LinuxName) == "Debian":
|
||||||
|
|
||||||
|
## update apt repositories
|
||||||
|
apt.update(
|
||||||
|
name="update apt repositories",
|
||||||
|
# _doas=True,
|
||||||
|
# _doas_user="pyinfra",
|
||||||
|
# _sudo=True,
|
||||||
|
# _sudo_user="pyinfra",
|
||||||
|
)
|
||||||
|
|
||||||
|
## get repository for php7.3 part-1
|
||||||
|
apt.packages(
|
||||||
|
name="get repository for php7.3 part-1",
|
||||||
|
packages=["lsb-release",
|
||||||
|
"apt-transport-https",
|
||||||
|
"ca-certificates",
|
||||||
|
"software-properties-common",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
## create /etc/apt/source.list.d/
|
||||||
|
source_list_d_path = "/etc/apt/source.list.d/"
|
||||||
|
files.directory(
|
||||||
|
name="create /etc/apt/source.list.d/",
|
||||||
|
path=source_list_d_path,
|
||||||
|
)
|
||||||
|
|
||||||
|
## get repository for php7.3 part-2
|
||||||
|
server.shell(
|
||||||
|
name="get repository for php7.3 part-2",
|
||||||
|
commands=["wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg",
|
||||||
|
"sh -c 'echo \"deb https://packages.sury.org/php/ $(lsb_release -sc) main\" > /etc/apt/source.list.d/php.list'",
|
||||||
|
"apt update",
|
||||||
|
],
|
||||||
|
)
|
||||||
|
|
||||||
|
## insrall php7.3
|
||||||
|
apt.packages(
|
||||||
|
name="install php7.3 and php-fpm",
|
||||||
|
packages=["php7.3", "php-fpm"],
|
||||||
|
)
|
||||||
|
|
||||||
|
## install apache2 as replacenebt for httpd.service
|
||||||
|
apt.packages(
|
||||||
|
name="install apache2 as replacenebt for httpd.service",
|
||||||
|
packages=["apache2"],
|
||||||
|
)
|
||||||
|
|
||||||
|
# elif host.get_fact(LinuxName) == "":
|
||||||
|
else:
|
||||||
|
print("www deploy.py don't support: \"" + host.get_fact(LinuxName) + "\" yet")
|
||||||
|
exit("exit from www/deploy.py")
|
||||||
|
|
||||||
|
## start the php8.2-fpm.service service
|
||||||
|
#service_name = "php73_fpm"
|
||||||
|
service_name = "php8.2-fpm.service"
|
||||||
|
server.service(
|
||||||
|
name="enable and restart php8.2-fpm.service",
|
||||||
|
service=service_name,
|
||||||
|
enabled=True,
|
||||||
|
running=True,
|
||||||
|
)
|
||||||
|
|
||||||
|
# ? when: phpinstall.changed
|
||||||
|
|
||||||
|
## fetch element tarball
|
||||||
|
url = "https://github.com/vector-im/element-web/releases/download/v1.11.52/element-v1.11.52.tar.gz"
|
||||||
|
dest = "/tmp/element.tar.gz"
|
||||||
|
sha256_checksum = "1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a."
|
||||||
|
checksum_path = "files/www/element.sha256"
|
||||||
|
files.download(
|
||||||
|
name="fetch element tarball",
|
||||||
|
src=url,
|
||||||
|
dest=dest,
|
||||||
|
sha256sum=sha256_checksum,
|
||||||
|
)
|
||||||
|
|
||||||
|
## create /var/www/
|
||||||
|
files.directory(
|
||||||
|
name="create /var/www/",
|
||||||
|
path="/var/www/",
|
||||||
|
)
|
||||||
|
|
||||||
|
## extract element tarball
|
||||||
|
server.shell(
|
||||||
|
name="extract element tarball",
|
||||||
|
commands=["tar xzf /tmp/element.tar.gz -C /var/www/"],
|
||||||
|
)
|
||||||
|
|
||||||
|
## rm -rf /var/www/element
|
||||||
|
server.shell(
|
||||||
|
name="rm -rf /var/www/element",
|
||||||
|
commands=["rm -rf /var/www/element"],
|
||||||
|
)
|
||||||
|
|
||||||
|
## cp -r /var/www/element-v1.11.52 /var/www/element
|
||||||
|
## files.put() seams not to be compatible with directorys
|
||||||
|
element_vers = "element-v1.11.52/"
|
||||||
|
element_path = "/var/www/" +element_vers
|
||||||
|
server.shell(
|
||||||
|
name="cp -r " +element_path +" /var/www/element",
|
||||||
|
commands=["cp -r " +element_path +" /var/www/element"],
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy element config.json
|
||||||
|
element_json_path = files_path +"config.json"
|
||||||
|
files.put(
|
||||||
|
name="copy element config.json",
|
||||||
|
src=element_json_path,
|
||||||
|
dest="/var/www/element/config.json",
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy heizhaus.jpg
|
||||||
|
heizhaus_jpg_path = files_path +"heizhaus.jpg"
|
||||||
|
files.put(
|
||||||
|
name="copy heizhaus.jpg",
|
||||||
|
src=heizhaus_jpg_path,
|
||||||
|
dest="/var/www/element/heizhaus.jpg",
|
||||||
|
)
|
||||||
|
|
||||||
|
## heizhaus-logo.png
|
||||||
|
heizhaus_logo_path = files_path +"heizhaus-logo.png"
|
||||||
|
files.put(
|
||||||
|
name="heizhaus-logo.png",
|
||||||
|
src=heizhaus_logo_path,
|
||||||
|
dest="/var/www/element/heizhaus-logo.png",
|
||||||
|
)
|
||||||
|
|
||||||
|
## mkdir /var/www/matrix
|
||||||
|
files.directory(
|
||||||
|
name="mkdir /var/www/matrix",
|
||||||
|
path="/var/www/matrix",
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy matrix/client
|
||||||
|
matrix_client_json_path = files_path +"matrix_client.json"
|
||||||
|
files.put(
|
||||||
|
name="copy matrix/client",
|
||||||
|
src=matrix_client_json_path,
|
||||||
|
dest="/var/www/matrix/client",
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy matrix/server
|
||||||
|
matrix_server_json_path = files_path +"matrix_server.json"
|
||||||
|
files.put(
|
||||||
|
name="copy matrix/server",
|
||||||
|
src=matrix_server_json_path,
|
||||||
|
dest="/var/www/matrix/server",
|
||||||
|
)
|
||||||
|
|
||||||
|
## copy /etc/httpd.conf
|
||||||
|
httpd_conf_path = files_path +"httpd.conf"
|
||||||
|
files.put(
|
||||||
|
name="copy /etc/httpd.conf",
|
||||||
|
src=httpd_conf_path,
|
||||||
|
dest="/etc/httpd.conf",
|
||||||
|
)
|
||||||
|
|
||||||
|
## start apache2
|
||||||
|
service_name = "apache2"
|
||||||
|
server.service(
|
||||||
|
name="start apache2",
|
||||||
|
service=service_name,
|
||||||
|
running=True,
|
||||||
|
)
|
Loading…
Reference in a new issue