From e7a7aaeb3730060be8719ad4f9b8da03e5498388 Mon Sep 17 00:00:00 2001
From: missytake <missytake@systemli.org>
Date: Wed, 7 Feb 2024 16:43:36 +0100
Subject: [PATCH] added pyinfra method to deploy wordpress

---
 .gitignore        |   1 +
 podman.service.j2 |  14 ++++++
 pyinfra.py        | 123 ++++++++++++++++++++++++++++++++++++++++++++++
 pyproject.toml    |  39 +++++++++++++++
 4 files changed, 177 insertions(+)
 create mode 100644 podman.service.j2
 create mode 100644 pyinfra.py
 create mode 100644 pyproject.toml

diff --git a/.gitignore b/.gitignore
index 4c49bd7..6b15362 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .env
+pyinfra_wordpress.egg-info/
diff --git a/podman.service.j2 b/podman.service.j2
new file mode 100644
index 0000000..e1c9062
--- /dev/null
+++ b/podman.service.j2
@@ -0,0 +1,14 @@
+[Unit]
+Description={{description}}
+After=network.target
+StartLimitIntervalSec=0
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/podman run --rm --name={{container_name}} {{environment}} {{mount}} {{port}} docker.io/library/{{container}}:{{version}}
+EnvironmentFile=%h/.env
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pyinfra.py b/pyinfra.py
new file mode 100644
index 0000000..944127b
--- /dev/null
+++ b/pyinfra.py
@@ -0,0 +1,123 @@
+from io import StringIO
+import importlib.resources
+
+from pyinfra.operations import files, systemd, server
+
+
+def deploy_wordpress(
+        unix_user: str,
+        domain: str,
+        wordpress_version: str,
+        wordpress_port: int,
+        mysql_ip: str,
+        mysql_port: int,
+        mysql_password: str = None,
+        mysql_root_password: str = None,
+        _su: dict = {},
+    ):
+    if not mysql_root_password:
+        mysql_root_password = mysql_password
+    # check that podman is installed
+    secrets = [
+        f"MYSQL_PASSWORD={mysql_password}",
+        f"MYSQL_ROOT_PASSWORD={mysql_root_password}",
+    ]
+    env = "\n".join(secrets)
+    files.put(
+        name="upload secrets",
+        src=StringIO(env),
+        dest=f"/home/{unix_user}/.env",
+        mode="0600",
+        user=unix_user,
+    )
+
+    # is this also possible with a config file and file.line()?
+    server.shell(
+        name="set firewall rules",
+        commands=[
+            "ufw default deny incoming",
+            "ufw default allow outgoing",
+            "ufw allow 443",
+            "ufw allow 80",
+            "ufw allow 22",
+            "ufw allow 42022",
+            "ufw status",
+            # "ufw reload?",
+        ],
+    )
+    files.directory(
+        name="create db_data directory",
+        path=f"/home/{unix_user}/db_data",
+        **_su,
+    )
+    files.directory(
+        name="create wp-content directory",
+        path=f"/home/{unix_user}/wp-content",
+        **_su,
+    )
+
+    print(importlib.resources.files(__package__))
+    service_path = f"/home/{unix_user}/.config/systemd/user/"
+    environment = [
+        f"WORDPRESS_DB_HOST={mysql_ip}:{mysql_port}",
+        f"WORDPRESS_DB_PASSWORD={mysql_password}",
+        "WORDPRESS_DB_USER=wordpress",
+        "WORDPRESS_DB_NAME=wordpress",
+    ]
+    mount = [
+        f"type=bind,source=/home/{unix_user}/wp-content,destination=/var/www/html/wp-content",
+        f"type=bind,source=/home/{unix_user}/uploads.ini,destination=/usr/local/etc/php/conf.d/uploads.ini",
+    ]
+    files.template(
+        name="upload wordpress systemd service",
+        src=importlib.resources.files(__package__) / "podman.service.j2",
+        dest=f"{service_path}{domain}_wp.service",
+        description="run wordpress podman container",
+        container_name=f"{domain}_wp",
+        environment="-e " + " -e ".join(environment),
+        mount="--mount " + " --mount ".join(mount),
+        port=f"-p 127.0.0.1:{wordpress_port}:80",
+        container="wordpress",
+        version=wordpress_version,
+        **_su,
+    )
+
+    environment = [
+        f"MYSQL_ROOT_PASSWORD={mysql_password}",
+        f"MYSQL_PASSWORD={mysql_password}",
+        "MYSQL_DATABASE=wordpress",
+        "MYSQL_USER=wordpress",
+    ]
+    files.template(
+        name="upload mysql systemd service",
+        src=importlib.resources.files(__package__) / "podman.service.j2",
+        dest=f"{service_path}{domain}_db.service",
+        description="run mysql podman container",
+        container_name=f"{domain}_db",
+        environment="-e " + " -e ".join(environment),
+        mount=f"--mount type=bind,source=/home/{unix_user}/db_data,destination=/var/lib/mysql",
+        port=f"-p {mysql_port}:3306",
+        container="mysql",
+        version="5.7",
+        **_su,
+    )
+
+    files.put(
+        name="upload uploads.ini",
+        src=importlib.resources.files(__package__) / "uploads.ini",
+        dest=f"/home/{unix_user}/uploads.ini",
+        **_su,
+    )
+
+    for container in ["db", "wp"]:
+        systemd.service(
+            name=f"restart {domain}_{container} service",
+            service=f"{domain}_{container}.service",
+            enabled=True,
+            running=True,
+            restarted=True,
+            daemon_reload=True,
+            user_name=unix_user,
+            user_mode=True,
+            **_su,
+        )
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..5605e8c
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,39 @@
+[build-system]
+requires = ["setuptools>=45", "setuptools_scm[toml]>=6.2"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "pyinfra_wordpress"
+description = "pyinfra module to deploy wordpress in a podman container"
+readme = "README.md"
+requires-python = ">=3.10"
+keywords = ["pyinfra", "wordpress", "podman"]
+classifiers = [
+  "Development Status :: 4 - Beta",
+  "Programming Language :: Python :: 3",
+  "Intended Audience :: Developers",
+]
+dynamic = [
+    "version"
+]
+dependencies = [
+    "pyinfra",
+]
+
+[project.optional-dependencies]
+dev = [
+  "black",
+  "mypy",
+  "isort",
+  "pylint",
+  "pylama",
+]
+
+[tool.black]
+line-length = 120
+
+[tool.isort]
+profile = "black"
+
+[tool.mypy]
+ignore_missing_imports = "True"