update

2025-02-15 01:16:26 +09:00 · 2025-02-15 01:16:26 +09:00 · f4e1334b64
commit f4e1334b64
parent 4fa249cc8c
2 changed files with 113 additions and 118 deletions
--- a/setup-base.py
+++ b/setup-base.py
@ -1,118 +0,0 @@
 from pyinfra import host
 from pyinfra.operations import apt, server, files, systemd
 SUDO = True
 server.user(
    name='Add user benpro',
    user='benpro',
    groups=['sudo'],
    public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
    shell='/bin/bash',
    present=True,
 )
 server.hostname(
   name='Set the hostname',
   hostname='lxd.home.arpa',
 )
 apt.update(
    name='Update apt repositories',
 )
 apt.upgrade(
    name='Upgrade apt packages',
 )
 # ufw disabled since no support for nftables and in a LAN 
 #apt.packages(
 #    name='Install ufw',
 #    packages=['ufw'],
 #    update=False,
 #)
 #
 #server.shell(
 #    name='Add ufw rules',
 #    commands=['ufw limit 22'],
 #)
 #
 #server.shell(
 #    name='Enable ufw',
 #    commands=['yes | ufw enable'],
 #)
 apt.packages(
    name='Install packages',
    packages=['manpages', 'man', 'snapd', 'vim', 'file',
    'parted', 'htop', 'ncdu', 'byobu', 'tcpdump', 'lm-sensors', 'iotop',
    'strace', 'lsof', 'iftop', 'haveged', 'postfix', 'nftables'],
    update=False,
 )
 files.put(
    name='Add postfix conf with relay to mail.benpro.fr',
    src='files/main.cf',
    dest='/etc/postfix/main.cf',
    user='root',
    group='root',
    mode='644',
 )
 files.put(
    name='Add postfix sasl_passwd',
    src='files/sasl_passwd',
    dest='/etc/postfix/sasl_passwd',
    user='root',
    group='root',
    mode='400',
 )
 server.shell(
    name='Postmap sasl_passwd',
    commands=['postmap hash:/etc/postfix/sasl_passwd'],
 )
 files.line(
    name='Set root aliases',
    path='/etc/aliases',
    line='root: lxd@benpro.fr',
 )
 server.shell(
    name='Load aliases table',
    commands=['newaliases'],
 )
 systemd.service(
    name='Restart and enable postfix service',
    service='postfix.service',
    running=True,
    restarted=True,
    enabled=True,
 )
 if not host.fact.directory('/var/snap/lxd'):
    server.shell(
        name='Install lxd',
        commands=['snap install lxd --channel=latest/stable'],
    )
 files.put(
    name='Add lxd-containers-upgrade.sh',
    src='files/lxd-containers-upgrade.sh',
    dest='/usr/local/bin/lxd-containers-upgrade.sh',
    user='root',
    group='root',
    mode='700',
 )
 files.put(
    name='Add status.benpro.fr.sh',
    src='files/status.benpro.fr.sh',
    dest='/usr/local/bin/status.benpro.fr.sh',
    user='root',
    group='root',
    mode='700',
 )
--- a/setup.sh
+++ b/setup.sh
@ -0,0 +1,113 @@
 #!/usr/bin/env bash
 set -euo pipefail
 HOSTNAME='lxd2204.home.arpa'
 NVME_ZFS_ASHIFT=12
 NVME_ZFS_POOL_NAME='nvme'
 NVME_ZFS_TARGET='/dev/vdb'
 HDD_ZFS_ASHIFT=12
 HDD_ZFS_POOL_NAME='hdd'
 HDD_ZFS_TARGET='/dev/vdc'
 BACKUP_ZFS_ASHIFT=12
 BACKUP_ZFS_POOL_NAME='backup'
 BACKUP_ZFS_TARGET='/dev/vdd'
 hostnamectl hostname $HOSTNAME
 if ! dpkg -l zfsutils-linux 2>/dev/null 1>&2 ; then
  apt update && apt install -y zfsutils-linux
 fi
 if ! zpool list $NVME_ZFS_POOL_NAME 2>/dev/null 1>&2; then
  zpool create \
    -m none \
    -o ashift=$NVME_ZFS_ASHIFT \
    -o autotrim=on \
    -o feature@lz4_compress=enabled \
    -O compression=on \
    -O dedup=on \
    $NVME_ZFS_POOL_NAME \
    $NVME_ZFS_TARGET
 fi
 if ! zpool list $HDD_ZFS_POOL_NAME 2>/dev/null 1>&2; then
  zpool create \
    -m none \
    -o ashift=$HDD_ZFS_ASHIFT \
    -o autotrim=on \
    -o feature@lz4_compress=enabled \
    -O compression=on \
    $HDD_ZFS_POOL_NAME \
    $HDD_ZFS_TARGET
 fi
 if ! zpool list $BACKUP_ZFS_POOL_NAME 2>/dev/null 1>&2; then
  zpool create \
    -m none \
    -o ashift=$BACKUP_ZFS_ASHIFT \
    -o autotrim=on \
    -o feature@lz4_compress=enabled \
    -O compression=on \
    $BACKUP_ZFS_POOL_NAME \
    $BACKUP_ZFS_TARGET
 fi
 cat << EOF > /tmp/lxd.yml
 config: {}
 networks:
 - config:
    ipv4.address: auto
    ipv6.address: auto
  description: ""
  name: lxdbr0
  type: ""
  project: default
 storage_pools:
 - config:
    source: nvme
  description: ""
  name: nvme
  driver: zfs
 - config:
    source: hdd
  description: ""
  name: hdd
  driver: zfs
 profiles:
 - config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: lxdbr0
      type: nic
    root:
      path: /
      pool: nvme
      type: disk
    data_hdd:
      path: /var/data_hdd
      pool: hdd
      type: disk
      source: hdd
  name: default
 cluster: null
 EOF
 if ! lxc storage list $NVME_ZFS_POOL_NAME | grep  2>/dev/null 1>&2; then
  lxd init --preseed < /tmp/lxd.yml
 fi
 # To use with lxd export, this is where lxd copy temporary file
 #if ! lxc storage volume list $NVME_ZFS_POOL_NAME | grep backups >/dev/null; then
 #  lxc storage volume create default backups
 #  lxc config set storage.backups_volume default/backups
 #fi
 # Where to store images
 if ! lxc storage volume list $NVME_ZFS_POOL_NAME | grep images >/dev/null; then
  lxc storage volume create $NVME_ZFS_POOL_NAME images
  lxc config set storage.images_volume $NVME_ZFS_POOL_NAME/images
 fi