Benoit/pyinfra-adguard
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
This repository has been archived on 2025-02-14. You can view files and clone it, but cannot push or open issues or pull requests.
pyinfra-adguard/deploy.py
Benoit S 0b9132eb77 Handle DNS renewal
2021-04-08 18:56:33 +09:00

164 lines
3.7 KiB
Python
Raw Blame History

from pyinfra import host
from pyinfra.operations import apt, server, files, systemd
SUDO = True
server.user(
name='Add user benpro',
user='benpro',
groups=['sudo'],
public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
shell='/bin/bash',
present=True,
)
server.hostname(
name='Set the hostname',
hostname='dns.benpro.fr',
)
apt.update(
name='Update apt repositories',
)
apt.upgrade(
name='Upgrade apt packages',
)
apt.packages(
name='Install ufw',
packages=['ufw'],
update=False,
)
files.line(
name='Set port 28 for SSH',
path='/etc/ssh/sshd_config',
line=r'Port .*',
replace='Port 28',
)
systemd.service(
name='Reload sshd',
service='ssh.service',
reloaded=True,
)
server.shell(
name='Add ufw rules',
commands=['ufw limit 28', 'ufw allow 80', 'ufw allow 443', 'ufw allow 853'],
)
server.shell(
name='Enable ufw',
commands=['yes | ufw enable'],
)
apt.packages(
name='Install certbot',
packages=['certbot'],
update=False,
)
if not host.fact.directory('/etc/letsencrypt/live/dns.benpro.fr'):
server.shell(
name='Add certificate',
commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --standalone -d dns.benpro.fr'],
)
server.group(
name='Add group adguard',
group=host.data.app_user,
system=True,
present=True,
)
server.user(
name='Add user adguard',
user=host.data.app_user,
group=host.data.app_user,
home=host.data.app_dir,
ensure_home=True,
system=True,
present=True,
)
for items in ['fullchain.pem', 'privkey.pem']:
server.shell(
name='Make certificate available for Adguard ({})'.format(items),
chdir=host.data.app_dir,
commands=['cp -L /etc/letsencrypt/live/dns.benpro.fr/{} .'.format(items), 'chown adguard: {}'.format(items)]
)
files.download(
name='Download AdGuard',
src='https://static.adguard.com/adguardhome/release/AdGuardHome_linux_amd64.tar.gz',
dest='/home/adguard/AdGuardHome_linux_amd64.tar.gz',
user=host.data.app_user,
group=host.data.app_user,
mode='640',
cache_time=604800,
)
server.shell(
name='Extract Adguard release file',
chdir=host.data.app_dir,
commands=['tar zxf AdGuardHome_linux_amd64.tar.gz','chown -R adguard: AdGuardHome'],
)
server.shell(
name='Setcap on Adguard binary',
chdir=host.data.app_dir,
commands=['setcap \'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip\' AdGuardHome/AdGuardHome'],
)
if host.fact.systemd_enabled['AdGuardHome.service'] == False:
server.shell(
name='Install Adguard systemd service file',
chdir=host.data.app_dir,
commands=['AdGuardHome/AdGuardHome -s install'],
)
files.put(
name='Update systemd service file',
src='files/AdGuardHome.service',
dest='/etc/systemd/system/AdGuardHome.service',
mode='644',
)
files.template(
name='Push AdGuardHome config',
src='templates/AdGuardHome.yaml.j2',
dest='/home/adguard/AdGuardHome/AdGuardHome.yaml',
mode='640',
user='adguard',
group='adguard',
)
systemd.daemon_reload(
name='Reload systemd',
user_mode=False,
)
systemd.service(
name='Restart and enable adguard service',
service='AdGuardHome.service',
running=True,
restarted=True,
enabled=True,
)
files.put(
name='Set LE pre renewal-hook',
src='files/stop-adguard.sh',
dest='/etc/letsencrypt/renewal-hooks/pre/stop-adguard.sh',
mode='755',
)
files.put(
name='Set LE post renewal-hook',
src='files/start-adguard.sh',
dest='/etc/letsencrypt/renewal-hooks/post/start-adguard.sh',
mode='755',
)
Reference in a new issue View git blame Copy permalink