pyinfra-lxd/setup-base.py

from pyinfra import host
from pyinfra.operations import apt, server, files, systemd

SUDO = True

server.user(
    name='Add user benpro',
    user='benpro',
    groups=['sudo'],
    public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
    shell='/bin/bash',
    present=True,
)

server.hostname(
   name='Set the hostname',
   hostname='lxd.home.arpa',
)

apt.update(
    name='Update apt repositories',
)

apt.upgrade(
    name='Upgrade apt packages',
)

# ufw disabled since no support for nftables and in a LAN 
#apt.packages(
#    name='Install ufw',
#    packages=['ufw'],
#    update=False,
#)
#
#server.shell(
#    name='Add ufw rules',
#    commands=['ufw limit 22'],
#)
#
#server.shell(
#    name='Enable ufw',
#    commands=['yes | ufw enable'],
#)

apt.packages(
    name='Install packages',
    packages=['manpages', 'man', 'snapd', 'vim', 'file',
    'parted', 'htop', 'ncdu', 'byobu', 'tcpdump', 'lm-sensors', 'iotop',
    'strace', 'lsof', 'iftop', 'haveged', 'postfix', 'nftables'],
    update=False,
)

files.put(
    name='Add postfix conf with relay to mail.benpro.fr',
    src='files/main.cf',
    dest='/etc/postfix/main.cf',
    user='root',
    group='root',
    mode='644',
)

files.put(
    name='Add postfix sasl_passwd',
    src='files/sasl_passwd',
    dest='/etc/postfix/sasl_passwd',
    user='root',
    group='root',
    mode='400',
)

server.shell(
    name='Postmap sasl_passwd',
    commands=['postmap hash:/etc/postfix/sasl_passwd'],
)

files.line(
    name='Set root aliases',
    path='/etc/aliases',
    line='root: lxd@benpro.fr',
)

server.shell(
    name='Load aliases table',
    commands=['newaliases'],
)

systemd.service(
    name='Restart and enable postfix service',
    service='postfix.service',
    running=True,
    restarted=True,
    enabled=True,
)

if not host.fact.directory('/var/snap/lxd'):
    server.shell(
        name='Install lxd',
        commands=['snap install lxd --channel=latest/stable'],
    )

files.put(
    name='Add lxd-containers-upgrade.sh',
    src='files/lxd-containers-upgrade.sh',
    dest='/usr/local/bin/lxd-containers-upgrade.sh',
    user='root',
    group='root',
    mode='700',
)

files.put(
    name='Add status.benpro.fr.sh',
    src='files/status.benpro.fr.sh',
    dest='/usr/local/bin/status.benpro.fr.sh',
    user='root',
    group='root',
    mode='700',
)
Init 2021-01-30 20:11:28 +09:00			`from pyinfra import host`
			`from pyinfra.operations import apt, server, files, systemd`

			`SUDO = True`

			`server.user(`
			`name='Add user benpro',`
			`user='benpro',`
			`groups=['sudo'],`
			`public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',`
			`shell='/bin/bash',`
			`present=True,`
			`)`

			`server.hostname(`
			`name='Set the hostname',`
Update hostname 2021-09-04 20:34:20 +09:00			`hostname='lxd.home.arpa',`
Init 2021-01-30 20:11:28 +09:00			`)`

			`apt.update(`
			`name='Update apt repositories',`
			`)`

			`apt.upgrade(`
			`name='Upgrade apt packages',`
			`)`

Disable ufw by commenting for now 2021-09-04 20:53:48 +09:00			`# ufw disabled since no support for nftables and in a LAN`
			`#apt.packages(`
			`# name='Install ufw',`
			`# packages=['ufw'],`
			`# update=False,`
			`#)`
			`#`
			`#server.shell(`
			`# name='Add ufw rules',`
			`# commands=['ufw limit 22'],`
			`#)`
			`#`
			`#server.shell(`
			`# name='Enable ufw',`
			`# commands=['yes \| ufw enable'],`
			`#)`
Init 2021-01-30 20:11:28 +09:00
			`apt.packages(`
			`name='Install packages',`
Add postfix conf 2021-02-06 16:41:09 +09:00			`packages=['manpages', 'man', 'snapd', 'vim', 'file',`
Break line 2021-01-31 21:16:22 +09:00			`'parted', 'htop', 'ncdu', 'byobu', 'tcpdump', 'lm-sensors', 'iotop',`
Add nftables 2021-09-03 14:16:43 +09:00			`'strace', 'lsof', 'iftop', 'haveged', 'postfix', 'nftables'],`
Init 2021-01-30 20:11:28 +09:00			`update=False,`
			`)`

Update postfix config 2021-09-04 21:15:21 +09:00			`files.put(`
			`name='Add postfix conf with relay to mail.benpro.fr',`
			`src='files/main.cf',`
			`dest='/etc/postfix/main.cf',`
			`user='root',`
			`group='root',`
			`mode='644',`
			`)`

			`files.put(`
			`name='Add postfix sasl_passwd',`
			`src='files/sasl_passwd',`
			`dest='/etc/postfix/sasl_passwd',`
			`user='root',`
			`group='root',`
			`mode='400',`
			`)`

			`server.shell(`
			`name='Postmap sasl_passwd',`
			`commands=['postmap hash:/etc/postfix/sasl_passwd'],`
			`)`

			`files.line(`
			`name='Set root aliases',`
			`path='/etc/aliases',`
			`line='root: lxd@benpro.fr',`
			`)`

			`server.shell(`
			`name='Load aliases table',`
			`commands=['newaliases'],`
			`)`

			`systemd.service(`
			`name='Restart and enable postfix service',`
			`service='postfix.service',`
			`running=True,`
			`restarted=True,`
			`enabled=True,`
			`)`
Add postfix conf 2021-02-06 16:41:09 +09:00
Init 2021-01-30 20:11:28 +09:00			`if not host.fact.directory('/var/snap/lxd'):`
			`server.shell(`
			`name='Install lxd',`
Install lastest stable LXD 2021-09-04 20:35:31 +09:00			`commands=['snap install lxd --channel=latest/stable'],`
Init 2021-01-30 20:11:28 +09:00			`)`

Add lxd-containers-upgrade script 2021-02-06 14:41:42 +09:00			`files.put(`
			`name='Add lxd-containers-upgrade.sh',`
			`src='files/lxd-containers-upgrade.sh',`
			`dest='/usr/local/bin/lxd-containers-upgrade.sh',`
			`user='root',`
			`group='root',`
			`mode='700',`
			`)`

Add status.benpro.fr script 2021-10-14 19:03:01 +09:00			`files.put(`
			`name='Add status.benpro.fr.sh',`
			`src='files/status.benpro.fr.sh',`
			`dest='/usr/local/bin/status.benpro.fr.sh',`
			`user='root',`
			`group='root',`
			`mode='700',`
			`)`