pyinfra-lxd/setup-haproxy.py

from pyinfra import host
from pyinfra.operations import server, files, systemd, apt

SUDO = True

apt.packages(
    name='Install packages',
    packages=['certbot', 'haproxy', 'nginx'],
    update=False,
)

files.put(
    name='Upload Nginx default vhost',
    src='files/nginx.default',
    dest='/etc/nginx/sites-available/default',
    user='root',
    group='root',
    mode='644',
)

systemd.service(
    name='Restart and enable nginx service',
    service='nginx.service',
    running=True,
    restarted=True,
    enabled=True,
)

files.put(
    name='Upload HAProxy config',
    src='files/haproxy.cfg',
    dest='/etc/haproxy/haproxy.cfg',
    user='root',
    group='root',
    mode='644',
)

files.directory(
    name='Ensure /etc/ssl/haproxy exists',
    path='/etc/ssl/haproxy',
    user='root',
    group='root',
    mode=700
)

if not host.fact.file('/etc/haproxy/dhparam'):
    server.shell(
        name='Generate dhparam',
        commands=['openssl dhparam 2048 > /etc/haproxy/dhparam']
    )

systemd.service(
    name='Restart and enable HAProxy service',
    service='haproxy.service',
    running=True,
    restarted=True,
    enabled=True,
)

if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):
    server.shell(
        name='Add certificate mo-f.fr',
        commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d mo-f.fr -d download.mo-f.fr -d ipv4.mo-f.fr -d oppai.mo-f.fr -d static-uploads.mo-f.fr -d www.mo-f.fr'],
    )

if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):
    server.shell(
        name='Add certificate play.benpro.fr',
        commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d play.benpro.fr'],
    )

if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):
    server.shell(
        name='Add certificate mo-f.fr to HAProxy',
        commands=['cat /etc/letsencrypt/live/mo-f.fr/fullchain.pem /etc/letsencrypt/live/mo-f.fr/privkey.pem > /etc/ssl/haproxy/mo-f.fr.pem']
    )

if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):
    server.shell(
        name='Add certificate play.benpro.fr to HAProxy',
        commands=['cat /etc/letsencrypt/live/play.benpro.fr/fullchain.pem /etc/letsencrypt/live/play.benpro.fr/privkey.pem > /etc/ssl/haproxy/play.benpro.fr.pem']
    )

systemd.service(
    name='Reload HAProxy service',
    service='haproxy.service',
    reloaded=True,
)
Init 2021-01-30 20:11:28 +09:00			`from pyinfra import host`
			`from pyinfra.operations import server, files, systemd, apt`

			`SUDO = True`

			`apt.packages(`
			`name='Install packages',`
			`packages=['certbot', 'haproxy', 'nginx'],`
			`update=False,`
			`)`

			`files.put(`
			`name='Upload Nginx default vhost',`
			`src='files/nginx.default',`
			`dest='/etc/nginx/sites-available/default',`
			`user='root',`
			`group='root',`
			`mode='644',`
			`)`

			`systemd.service(`
			`name='Restart and enable nginx service',`
			`service='nginx.service',`
			`running=True,`
			`restarted=True,`
			`enabled=True,`
			`)`

			`files.put(`
			`name='Upload HAProxy config',`
			`src='files/haproxy.cfg',`
			`dest='/etc/haproxy/haproxy.cfg',`
			`user='root',`
			`group='root',`
			`mode='644',`
			`)`

			`files.directory(`
			`name='Ensure /etc/ssl/haproxy exists',`
			`path='/etc/ssl/haproxy',`
			`user='root',`
			`group='root',`
			`mode=700`
			`)`

			`if not host.fact.file('/etc/haproxy/dhparam'):`
			`server.shell(`
			`name='Generate dhparam',`
			`commands=['openssl dhparam 2048 > /etc/haproxy/dhparam']`
			`)`

			`systemd.service(`
			`name='Restart and enable HAProxy service',`
			`service='haproxy.service',`
			`running=True,`
			`restarted=True,`
			`enabled=True,`
			`)`

			`if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):`
			`server.shell(`
			`name='Add certificate mo-f.fr',`
			`commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d mo-f.fr -d download.mo-f.fr -d ipv4.mo-f.fr -d oppai.mo-f.fr -d static-uploads.mo-f.fr -d www.mo-f.fr'],`
			`)`

			`if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):`
			`server.shell(`
			`name='Add certificate play.benpro.fr',`
			`commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d play.benpro.fr'],`
			`)`

			`if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):`
			`server.shell(`
			`name='Add certificate mo-f.fr to HAProxy',`
			`commands=['cat /etc/letsencrypt/live/mo-f.fr/fullchain.pem /etc/letsencrypt/live/mo-f.fr/privkey.pem > /etc/ssl/haproxy/mo-f.fr.pem']`
			`)`

			`if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):`
			`server.shell(`
			`name='Add certificate play.benpro.fr to HAProxy',`
			`commands=['cat /etc/letsencrypt/live/play.benpro.fr/fullchain.pem /etc/letsencrypt/live/play.benpro.fr/privkey.pem > /etc/ssl/haproxy/play.benpro.fr.pem']`
			`)`

			`systemd.service(`
			`name='Reload HAProxy service',`
			`service='haproxy.service',`
			`reloaded=True,`
			`)`