Compare commits

..

22 commits

Author SHA1 Message Date
2e20 170b6a6c3d rename chat.heizhaus.org to matrix 2024-10-07 06:47:10 +02:00
2e20 84d61d1f8e first the hypervisor then common, baixun, matrix-synapse, and www 2024-10-07 06:45:10 +02:00
2e20 6fc06e88df common befor baixun 2024-10-07 06:43:44 +02:00
2e20 63e9fedf62 move baxiun, common, matrix-synapse, and www to roles/ 2024-10-07 06:42:52 +02:00
2e20 922f395881 merge brach matix, www, and common to merge_try 2024-10-07 06:18:25 +02:00
2e20 f734cb439b Merge branch 'www' into merge_try 2024-10-07 06:05:14 +02:00
2e20 f972b2625f add files and templates for common/deploy.py 2024-10-07 06:03:51 +02:00
2e20 1967a627ba add common/deploy.py 2024-10-07 06:02:31 +02:00
2e20 1787d57118 add common/deploy.py to deploy.py 2024-10-07 06:01:41 +02:00
2e20 0fa85b7b43 add common to inventory.py 2024-10-07 06:00:58 +02:00
2e20 ef6cff3fa0 cleanup and comments 2024-10-07 04:38:51 +02:00
2e20 f699f5fe31 remove irrelevant os.path.exists() checks 2024-10-07 02:57:27 +02:00
2e20 af8044f7a3 add files for www/deploy.py in files/www/ 2024-10-07 02:52:18 +02:00
2e20 61111796ba add www/deploy.py 2024-10-07 02:50:27 +02:00
2e20 48be71f4dd add www/deploy.py to deploy,py 2024-10-07 02:49:46 +02:00
2e20 47e1bb3351 add www to the inventory.py 2024-10-07 02:48:44 +02:00
2e20 5d4d2d6a62 typos and a outcomment try 2024-10-06 21:04:15 +02:00
2e20 253e0f68c0 add files under files/matrix-synapse/ they are rellevant for the synapse setup 2024-10-06 19:53:20 +02:00
2e20 359f59bc83 add matrix-synapse/deploy.py 2024-10-06 19:46:18 +02:00
2e20 bece765e3b create a pyinfra log file and a user for it, incluse matrix-synapse/deploy.py 2024-10-06 19:43:19 +02:00
2e20 09e31bbab9 rename matrix to chat.heizhaus.org 2024-10-06 19:40:40 +02:00
2e20 48bfe66d3e add matrix to the inventory.py 2024-10-06 19:25:02 +02:00
25 changed files with 3340 additions and 2 deletions

View file

@ -2,6 +2,8 @@ from pyinfra import host, local
from pyinfra.facts import server
from pyinfra.operations import files
from pyinfra.operations import server as o_server
if host.name == "@local":
home = host.get_fact(server.Home)
files.directory(
@ -23,8 +25,35 @@ if host.name != "@local":
files.directory(path=f"{home}/.ssh", mode="700")
files.put(src="files/authorized_keys", dest=f"{home}/.ssh/authorized_keys")
o_server.user(
name="Create pyinfra user for logs",
user="pyinfra",
home="/home/pyinfra/"
)
files.file(
name="Create pyinfra log file",
path="/var/log/pyinfra.log",
user="pyinfra",
group="pyinfra",
mode="644",
# _doas=True,
# _sudo=True,
)
## first the hypervisor
if host.name == "ararat.0x90.space":
local.include("ararat/deploy.py")
if host.name == "common":
local.include("roles/common/deploy.py")
if host.name == "baixun.0x90.space":
local.include("baixun/deploy.py")
local.include("roles/baixun/deploy.py")
if host.name == "matrix":
local.include("roles/matrix-synapse/deploy.py")
if host.name == "www":
local.include("roles/www/deploy.py")

View file

@ -1,4 +1,3 @@
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBODYKtJ2PDZRznfGcpviZl+NVcbgJQYYKGxg8rjJQCQRSW88aJM+jP3v+jFYZ0ZldLd6KoyIitEZI60Nsp/hdEoAAAAEc3NoOg== vmann
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPj/AFy/0NopKemEPZdMVSbWDLxX7b3ksPA1fSfBKr3 2e20
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBaV5uQf63sCfXZIT0lt61sOhEYuJHLNNpNQ0ppXFo+/ hagi@tumbleweed.localhost.localdomain
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZYJ91RLXRCQ4ZmdW6ucIltzukQ/k+lDOqlRIYwxNRv missytake@systemli.org

99
files/common/aliases Normal file
View file

@ -0,0 +1,99 @@
#
# $OpenBSD: aliases,v 1.68 2020/01/24 06:17:37 tedu Exp $
#
# Aliases in this file will NOT be expanded in the header from
# Mail, but WILL be visible over networks or from /usr/libexec/mail.local.
#
# >>>>>>>>>> The program "newaliases" must be run after
# >> NOTE >> this file is updated for any changes to
# >>>>>>>>>> show through to smtpd.
#
# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root
# General redirections for important pseudo accounts
daemon: root
ftp-bugs: root
operator: root
www: root
# Redirections for pseudo accounts that should not receive mail
_bgpd: /dev/null
_dhcp: /dev/null
_dpb: /dev/null
_dvmrpd: /dev/null
_eigrpd: /dev/null
_file: /dev/null
_fingerd: /dev/null
_ftp: /dev/null
_hostapd: /dev/null
_identd: /dev/null
_iked: /dev/null
_isakmpd: /dev/null
_iscsid: /dev/null
_ldapd: /dev/null
_ldpd: /dev/null
_mopd: /dev/null
_nsd: /dev/null
_ntp: /dev/null
_ospfd: /dev/null
_ospf6d: /dev/null
_pbuild: /dev/null
_pfetch: /dev/null
_pflogd: /dev/null
_ping: /dev/null
_pkgfetch: /dev/null
_pkguntar: /dev/null
_portmap: /dev/null
_ppp: /dev/null
_rad: /dev/null
_radiusd: /dev/null
_rbootd: /dev/null
_relayd: /dev/null
_ripd: /dev/null
_rstatd: /dev/null
_rusersd: /dev/null
_rwalld: /dev/null
_smtpd: /dev/null
_smtpq: /dev/null
_sndio: /dev/null
_snmpd: /dev/null
_spamd: /dev/null
_switchd: /dev/null
_syslogd: /dev/null
_tcpdump: /dev/null
_traceroute: /dev/null
_tftpd: /dev/null
_unbound: /dev/null
_unwind: /dev/null
_vmd: /dev/null
_x11: /dev/null
_ypldap: /dev/null
bin: /dev/null
build: /dev/null
nobody: /dev/null
_tftp_proxy: /dev/null
_ftp_proxy: /dev/null
_sndiop: /dev/null
_syspatch: /dev/null
_slaacd: /dev/null
sshd: /dev/null
# Well-known aliases -- these should be filled in!
root: servers@schleuder.0x90.space
# manager:
# dumper:
# RFC 2142: NETWORK OPERATIONS MAILBOX NAMES
abuse: root
noc: root
security: root
# RFC 2142: SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
hostmaster: root
# usenet: root
# news: usenet
webmaster: root
# ftp: root

View file

@ -0,0 +1,9 @@
Host cyberbackup
Hostname 192.168.223.3
Port 42022
User tech
Host nephilim
Hostname 192.168.223.5
Port 22
User nathan

View file

@ -0,0 +1,16 @@
127.0.0.1 localhost
::1 localhost
192.168.45.3 cyberbackup
{% for hypervisor in groups['openbsd_hypervisor'] %}
192.168.{{ hostvars[hypervisor]['network_nr'] }}.1 {{ hypervisor }}.0x90.space {{ hypervisor }}
{{ hostvars[hypervisor]['ip6_prefix'] }}::1 {{ hypervisor }}.0x90.space {{ hypervisor }}
{% endfor %}
{% for vm in groups['openbsd_vm'] %}
{% if destroy is not defined or vm != destroy %}
192.168.{{ hostvars[hostvars[vm]['hypervisor']]['network_nr'] }}.{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
{{ hostvars[hostvars[vm]['hypervisor']]['ip6_prefix'] }}:fce1:baff:fed0:{{ hostvars[vm]['host_nr'] }} {{ vm }}.0x90.space {{ vm }}
{% endif %}
{% endfor %}
{% for machine in groups['vpn_hosts'] %}
192.168.{{ hostvars[hostvars[machine]['jumphost']]['vpn_network_nr'] }}.{{ hostvars[machine]['host_nr'] }} {{ machine }}
{% endfor %}

View file

@ -0,0 +1 @@
{{ inventory_hostname }}.0x90.space

View file

@ -0,0 +1,15 @@
# $OpenBSD: smtpd.conf,v 1.12 2019/07/24 15:31:53 kmos Exp $
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.
table aliases file:/etc/mail/aliases
listen on all
action "local_mail" mbox alias <aliases>
action "outbound" relay host "relay.0x90.space"
match from any for domain "{{ inventory_hostname }}.0x90.space" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"

View file

@ -0,0 +1,20 @@
#!/bin/ksh
. /etc/borg-env
export BORG_REPO=nathan@nephilim:repositories-borg/matrix
export BORG_RSH="ssh \
-o TCPKeepAlive=no \
-o ServerAliveInterval=15 \
-o ServerAliveCountMax=10 \
-o Compression=no"
# copy synapse data so that we don't rely on our slow downlink
nice -n 19 /usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
rcctl stop synapse
date
/usr/local/bin/rsync -a --delete /var/synapse/ /var/synapse-backup/
sync
date
rdate time.cloudflare.com
rcctl start synapse
nice -n 19 /usr/local/bin/borg create --stats ::'backup{now:%Y%m%d-%H%M}' /var/synapse-backup /var/postgresql /etc

View file

@ -0,0 +1,67 @@
# Log configuration for Synapse.
#
# This is a YAML file containing a standard Python logging configuration
# dictionary. See [1] for details on the valid settings.
#
# [1]: https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
handlers:
file:
class: logging.handlers.TimedRotatingFileHandler
formatter: precise
filename: /var/synapse/homeserver.log
when: midnight
backupCount: 3 # Does not include the current log file.
encoding: utf8
# Default to buffering writes to log file for efficiency. This means that
# will be a delay for INFO/DEBUG logs to get written, but WARNING/ERROR
# logs will still be flushed immediately.
buffer:
class: logging.handlers.MemoryHandler
target: file
# The capacity is the number of log lines that are buffered before
# being written to disk. Increasing this will lead to better
# performance, at the expensive of it taking longer for log lines to
# be written to disk.
capacity: 10
flushLevel: 30 # Flush for WARNING logs as well
# A handler that writes logs to stderr. Unused by default, but can be used
# instead of "buffer" and "file" in the logger handlers.
console:
class: logging.StreamHandler
formatter: precise
loggers:
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: INFO
twisted:
# We send the twisted logging directly to the file handler,
# to work around https://github.com/matrix-org/synapse/issues/3471
# when using "buffer" logger. Use "console" to log to stderr instead.
handlers: [file]
propagate: false
root:
level: INFO
# Write logs to the `buffer` handler, which will buffer them together in memory,
# then write them to a file.
#
# Replace "buffer" with "console" to log to stderr instead. (Note that you'll
# also need to update the configuation for the `twisted` logger above, in
# this case.)
#
handlers: [buffer]
disable_existing_loggers: false

View file

@ -0,0 +1,2 @@
#permit root as _synapse
permit root as matrix-synapse

View file

@ -0,0 +1,21 @@
# $OpenBSD: dot.profile,v 1.9 2010/12/13 12:54:31 millert Exp $
#
# sh/ksh initialization
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin:/usr/local/share/synapse/
export PATH
: ${HOME='/root'}
export HOME
umask 022
case "$-" in
*i*) # interactive shell
if [ -x /usr/bin/tset ]; then
if [ X"$XTERM_VERSION" = X"" ]; then
eval `/usr/bin/tset -sQ '-munknown:?vt220' $TERM`
else
eval `/usr/bin/tset -IsQ '-munknown:?vt220' $TERM`
fi
fi
;;
esac

File diff suppressed because it is too large Load diff

35
files/www/config.json Normal file
View file

@ -0,0 +1,35 @@
{
"default_server_config": {
"m.homeserver": {
"server_name": "Heizhaus",
"base_url": "https://matrix.0x90.space/"
}
},
"brand": "Element",
"branding": {
"welcomeBackgroundUrl": "heizhaus.jpg",
"authHeaderLogoUrl": "heizhaus-logo.png",
"authFooterLinks": [
{
"text": "Homepage",
"url": "https://heizhaus.org/"
},
{
"text": "Wiki",
"url": "https://wiki.heizhaus.org/"
}
]
},
"defaultCountryCode": "DE",
"settingDefaults": {
"UIFeature.registration": false
},
"disable_custom_urls": true,
"permalinkPrefix": "https://chat.heizhaus.org",
"showLabsSettings": true,
"roomDirectory": {
"servers": [
"chat.heizhaus.org"
]
}
}

1
files/www/element.sha256 Normal file
View file

@ -0,0 +1 @@
sha256:1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a.

BIN
files/www/heizhaus-logo.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 2.3 KiB

BIN
files/www/heizhaus.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 304 KiB

49
files/www/httpd.conf Normal file
View file

@ -0,0 +1,49 @@
server "0x90.space" {
listen on egress port 80
log style forwarded
root "/0x90.space"
tcp { backlog 128 }
}
server "quellcode.0x90.space" {
listen on egress port 80
log style forwarded
root "/quellcode.0x90.space"
tcp { backlog 128 }
}
server "chat.0x90.space" {
listen on egress port 80
log style forwarded
root "/element"
location "/.well-known/matrix/*" {
root "/matrix"
request strip 2
default type application/json
}
tcp { backlog 128 }
}
server "chat.heizhaus.org" {
listen on egress port 80
log style forwarded
root "/element"
location "/.well-known/matrix/*" {
root "/matrix"
request strip 2
default type application/json
}
tcp { backlog 128 }
}
# for php:
# directory index "index.php"
# location match ".*%.php" {
# fastcgi socket "/run/php-fpm.sock"
# }

View file

@ -0,0 +1,6 @@
{
"m.homeserver": {
"base_url": "https://matrix.0x90.space/"
}
}

View file

@ -0,0 +1,4 @@
{
"m.server": "matrix.0x90.space:443"
}

View file

@ -1,5 +1,8 @@
targets = [
"@local",
("ararat.0x90.space", dict(ssh_port=42022)),
("common", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
("baixun.0x90.space", dict(ssh_port=42023)),
("matrix", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
("www", dict(ssh_port=22, ssh_allow_agent=True, ssh_key="~/.ssh/0x90/id_ed25519")),
]

92
roles/common/deploy.py Normal file
View file

@ -0,0 +1,92 @@
from pyinfra import host
from pyinfra.operations import apt, server, files
from pyinfra.facts.server import LinuxName
files_path = "files/common/"
template_path = files_path +"template/"
## check on which Distribution the script is executed
if host.get_fact(LinuxName) == "Debian":
## update apt repositories
apt.update(
name="update apt repositories",
# _doas=True,
# _doas_user="pyinfra",
# _sudo=True,
# _sudo_user="pyinfra",
)
## install python3
apt.packages(
name="install python3",
packages=["python3"],
)
## install borgbackup
apt.packages(
name="install borgbackup",
packages=["borgbackup"],
)
#elif host.get_fact(LinuxName) == "":
else:
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
exit("exit from matrix-synapse/deploy.py")
## create /etc/myname
myname_path = template_path +"myname"
files.put(
name="create " +myname_path,
src=myname_path,
dest="/etc/myname",
)
## disable and stop sndiod
service_name = "sndiod"
server.service(
name="disable and stop sndiod",
service=service_name,
enabled=False,
running=False,
)
## create /root/.ssh/config
dotssh_conf_path = files_path +"dotssh_config"
files.put(
name="create /root/.ssh/config",
src=dotssh_conf_path,
dest="/root/.ssh/config",
)
# ? when: provision is not defined or inventory_hostname == provision
## create /etc/hosts
hosts_path = template_path +"hosts"
files.put(
name="create /etc/hosts",
src=hosts_path,
dest="/etc/hosts",
)
# ? when: destroy is not defined or inventory_hostname != destroy
# ? - block:
## copy /etc/mail/aliases
aliases_path = files_path +"aliases"
files.put(
name="copy /etc/mail/aliases",
src=aliases_path,
dest="/etc/mail/aliases",
)
## create /etc/mail/smtpd.conf
smtpd_conf_path = template_path +"smtpd.conf"
files.put(
name="create /etc/mail/smtpd.conf",
src=smtpd_conf_path,
dest="/etc/mail/smtpd.conf",
)
# ? when: provision is not defined or inventory_hostname == provision

View file

@ -0,0 +1,193 @@
from pyinfra import host
from pyinfra.operations import apt, server, files
from pyinfra.facts.server import LinuxName
files_path = "files/matrix-synapse/"
## don't exexute on a local mashine
if host.name != "@local":
## edit fstab to set wxallowd
'''
files.line(
name="edit fstab to set wxallowd",
path="/etc/fstab",
# line="var ffs rw,nodev,",
# line="var ffs rw,wxallowed,nodev,",
# line="var /var ffs rw,wxallowed,nodev 0 0",
# line="var /var ext4 rw,wxallowed,nodev 0 0",
)
'''
## change mount option for /var for now
'''
[matrix] mount: /var: wrong fs type, bad option, bad superblock on var, missing codepage or helper program, or other error.
[matrix] dmesg(1) may have more information after failed mount system call.
[matrix] Error: executed 0 commands
'''
'''
server.shell(
name="change mount option for /var for now",
# commands="mount -uo wxallowed /var",
commands="mount -o wxallowed /var",
)
'''
## check on which Distribution the script is executed
if host.get_fact(LinuxName) == "Debian":
## enable prerelease chanel to install matrix-synapse on Debian
server.shell(
name="enable prerelease chanel to install matrix-synapse on Debian",
commands=["wget -O /usr/share/keyrings/matrix-org-archive-keyring.gpg https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg",
"echo \"deb [signed-by=/usr/share/keyrings/matrix-org-archive-keyring.gpg] https://packages.matrix.org/debian/ $(lsb_release -cs) main prerelease\" | tee /etc/apt/sources.list.d/matrix-org.list",
],
)
## update apt repositories
apt.update(
name="update apt repositories",
# _doas=True,
# _doas_user="pyinfra",
# _sudo=True,
# _sudo_user="pyinfra",
)
apt.packages(
name="install build-essential python3-dev libffi-def python3-pip python3-setuptools sqlite3 libssl-dev virtualenv libjpeg-dev libxslt1-dev libicu-dev as prerequisites for matrix-synapse-py3",
packages=["build-essential",
"python3-dev",
"libffi-dev",
"python3-pip",
"python3-setuptools",
"sqlite3",
"libssl-dev",
"virtualenv",
"libjpeg-dev",
"libxslt1-dev",
"libicu-dev",
],
)
apt.packages(
name="install synapse",
# packages=["synapse"],
packages=["matrix-synapse-py3"],
)
apt.packages(
name="install libxml (for link previews)",
# packages=["py3-libxml"],
packages=["python3-lxml"],
)
apt.packages(
name="install opendoas",
packages=["opendoas"],
)
# elif host.get_fact(LinuxName) == "":
else:
print("matrix-synapse deploy.py don't support: \"" +host.get_fact(LinuxName) +"\" yet")
exit("exit from matrix-synapse/deploy.py")
## copy doas config
doas_conf_path = files_path +"doas.conf"
files.put(
name="copy doas config",
src=doas_conf_path,
dest="/etc/doas.conf",
)
## generate synapse config
server.shell(
name="generate synapse config",
# commands=["/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --generate-keys --keys-directory /var/synapse",
commands=[
## --generate-config and --generate-keys can't be in the same line/command
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-config --server-name chat.heizhaus.org --report-stats=no --keys-directory /var/synapse",
"/opt/venvs/matrix-synapse/bin/python3 -m synapse.app.homeserver -c /var/synapse/homeserver.yaml --generate-keys --keys-directory /var/synapse",
"touch /var/synapse/homeserver.yaml",
"cd /var/synapse",
],
# )
#!!! change user to _synapse !!!#
# _su_user="matrix-synapse",
# _su_user="_synapse",
)
# os.chdir("/var/synapse")
'''
[matrix] This account is currently not available.
[matrix] Error: executed 0 commands
'''
# creates="/var/synapse/homeserver.yaml",
# chdir="/var/synapse/",
# becom_user="_synapse",
## copy synapse config
homeserver_py_path = files_path +"homeserver.yaml"
files.put(
name="copy synapse config",
src=homeserver_py_path,
dest="/var/synapse/homeserver.yaml",
)
## copy logging config
log_conf_path = files_path + "chat.heizhaus.org.log.config"
files.put(
name="copy logging config",
src=log_conf_path,
dest="/var/synapse/chat.heizhaus.org.log.config",
)
## add synapse commands to PATH
dotprofile_path = files_path +"dotprofile"
files.put(
name="add synapse commands to PATH",
src=dotprofile_path,
dest="/root/.profile",
)
## change owner for /var/synapse
# user_name = "_synapse"
# group_name = "_synapse"
user_name = "matrix-synapse"
group_name = "matrix-synapse"
server.shell(
name="chown -R " +user_name +":" +group_name +" /var/synapse",
commands="chown -R " +user_name +":" +group_name +" /var/synapse && chmod -R 0770 /var/synapse",
)
## set server name
server_name = "chat.heizhaus.org"
files.replace(
name="set server name",
path="/etc/matrix-synapse/conf.d/server_name.yaml",
text="server_name: ",
replace="server_name: " +server_name,
)
## enable and restart matrix
server.service(
name="enable and restart matrix",
# service="synapse",
service="matrix-synapse.service",
enabled=True,
restarted=True,
)
# server.shell(
# name="enable and restart matrix",
# commands="systemctl enable synapse && systemctl restart synapse",
# )
## add synapse backup script
backup_sh_path = files_path +"borgbackup.sh"
files.put(
name="add synapse backup script",
src=backup_sh_path,
dest="/etc/daily.d/borgbackup.sh"
)

173
roles/www/deploy.py Normal file
View file

@ -0,0 +1,173 @@
from pyinfra import host
from pyinfra.operations import apt, server, files
from pyinfra.facts.server import LinuxName
files_path = "files/www/"
## check on which Distribution the script is executed
if host.get_fact(LinuxName) == "Debian":
## update apt repositories
apt.update(
name="update apt repositories",
# _doas=True,
# _doas_user="pyinfra",
# _sudo=True,
# _sudo_user="pyinfra",
)
## get repository for php7.3 part-1
apt.packages(
name="get repository for php7.3 part-1",
packages=["lsb-release",
"apt-transport-https",
"ca-certificates",
"software-properties-common",
],
)
## create /etc/apt/source.list.d/
source_list_d_path = "/etc/apt/source.list.d/"
files.directory(
name="create /etc/apt/source.list.d/",
path=source_list_d_path,
)
## get repository for php7.3 part-2
server.shell(
name="get repository for php7.3 part-2",
commands=["wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg",
"sh -c 'echo \"deb https://packages.sury.org/php/ $(lsb_release -sc) main\" > /etc/apt/source.list.d/php.list'",
"apt update",
],
)
## insrall php7.3
apt.packages(
name="install php7.3 and php-fpm",
packages=["php7.3", "php-fpm"],
)
## install apache2 as replacenebt for httpd.service
apt.packages(
name="install apache2 as replacenebt for httpd.service",
packages=["apache2"],
)
# elif host.get_fact(LinuxName) == "":
else:
print("www deploy.py don't support: \"" + host.get_fact(LinuxName) + "\" yet")
exit("exit from www/deploy.py")
## start the php8.2-fpm.service service
#service_name = "php73_fpm"
service_name = "php8.2-fpm.service"
server.service(
name="enable and restart php8.2-fpm.service",
service=service_name,
enabled=True,
running=True,
)
# ? when: phpinstall.changed
## fetch element tarball
url = "https://github.com/vector-im/element-web/releases/download/v1.11.52/element-v1.11.52.tar.gz"
dest = "/tmp/element.tar.gz"
sha256_checksum = "1f309d7863f583fef7294aa34ae19413991fd82aebd4c5d8bc3ac72eab04f71a."
checksum_path = "files/www/element.sha256"
files.download(
name="fetch element tarball",
src=url,
dest=dest,
sha256sum=sha256_checksum,
)
## create /var/www/
files.directory(
name="create /var/www/",
path="/var/www/",
)
## extract element tarball
server.shell(
name="extract element tarball",
commands=["tar xzf /tmp/element.tar.gz -C /var/www/"],
)
## rm -rf /var/www/element
server.shell(
name="rm -rf /var/www/element",
commands=["rm -rf /var/www/element"],
)
## cp -r /var/www/element-v1.11.52 /var/www/element
## files.put() seams not to be compatible with directorys
element_vers = "element-v1.11.52/"
element_path = "/var/www/" +element_vers
server.shell(
name="cp -r " +element_path +" /var/www/element",
commands=["cp -r " +element_path +" /var/www/element"],
)
## copy element config.json
element_json_path = files_path +"config.json"
files.put(
name="copy element config.json",
src=element_json_path,
dest="/var/www/element/config.json",
)
## copy heizhaus.jpg
heizhaus_jpg_path = files_path +"heizhaus.jpg"
files.put(
name="copy heizhaus.jpg",
src=heizhaus_jpg_path,
dest="/var/www/element/heizhaus.jpg",
)
## heizhaus-logo.png
heizhaus_logo_path = files_path +"heizhaus-logo.png"
files.put(
name="heizhaus-logo.png",
src=heizhaus_logo_path,
dest="/var/www/element/heizhaus-logo.png",
)
## mkdir /var/www/matrix
files.directory(
name="mkdir /var/www/matrix",
path="/var/www/matrix",
)
## copy matrix/client
matrix_client_json_path = files_path +"matrix_client.json"
files.put(
name="copy matrix/client",
src=matrix_client_json_path,
dest="/var/www/matrix/client",
)
## copy matrix/server
matrix_server_json_path = files_path +"matrix_server.json"
files.put(
name="copy matrix/server",
src=matrix_server_json_path,
dest="/var/www/matrix/server",
)
## copy /etc/httpd.conf
httpd_conf_path = files_path +"httpd.conf"
files.put(
name="copy /etc/httpd.conf",
src=httpd_conf_path,
dest="/etc/httpd.conf",
)
## start apache2
service_name = "apache2"
server.service(
name="start apache2",
service=service_name,
running=True,
)