164 lines
3.2 KiB
Python
164 lines
3.2 KiB
Python
from pyinfra import host
|
|
from pyinfra.operations import apt, server, files, systemd
|
|
|
|
SUDO = True
|
|
|
|
server.user(
|
|
name='Add user benpro',
|
|
user='benpro',
|
|
groups=['sudo'],
|
|
public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
|
|
shell='/bin/bash',
|
|
present=True,
|
|
)
|
|
|
|
server.hostname(
|
|
name='Set the hostname',
|
|
hostname='lxd10.benpro.fr',
|
|
)
|
|
|
|
apt.update(
|
|
name='Update apt repositories',
|
|
)
|
|
|
|
apt.upgrade(
|
|
name='Upgrade apt packages',
|
|
)
|
|
|
|
apt.packages(
|
|
name='Install ufw',
|
|
packages=['ufw'],
|
|
update=False,
|
|
)
|
|
|
|
server.shell(
|
|
name='Add ufw rules',
|
|
commands=['ufw limit 22', 'ufw limit 28', 'ufw allow 80', 'ufw allow 443'],
|
|
)
|
|
|
|
server.shell(
|
|
name='Enable ufw',
|
|
commands=['yes | ufw enable'],
|
|
)
|
|
|
|
files.line(
|
|
name='Set port 28 for SSH',
|
|
path='/etc/ssh/sshd_config',
|
|
line=r'Port .*',
|
|
replace='Port 28',
|
|
)
|
|
|
|
systemd.service(
|
|
name='Reload sshd',
|
|
service='ssh.service',
|
|
reloaded=True,
|
|
)
|
|
|
|
apt.packages(
|
|
name='Install packages',
|
|
packages=['manpages', 'man', 'snapd', 'vim', 'file',
|
|
'parted', 'htop', 'ncdu', 'byobu', 'tcpdump', 'lm-sensors', 'iotop',
|
|
'strace', 'lsof', 'iftop', 'haveged', 'postfix'],
|
|
update=False,
|
|
)
|
|
|
|
files.line(
|
|
name='Enable postfix relays to mail.benpro.fr',
|
|
path='/etc/postfix/main.cf',
|
|
line=r'relayhost = .*',
|
|
replace='relayhost = 10.0.0.2',
|
|
)
|
|
|
|
files.line(
|
|
name='Set root aliases',
|
|
path='/etc/aliases',
|
|
line='root: lxd10@benpro.fr',
|
|
)
|
|
|
|
server.shell(
|
|
name='Load aliases table',
|
|
commands=['newaliases'],
|
|
)
|
|
|
|
systemd.service(
|
|
name='Restart and enable postfix service',
|
|
service='postfix.service',
|
|
running=True,
|
|
restarted=True,
|
|
enabled=True,
|
|
)
|
|
|
|
if not host.fact.directory('/var/snap/lxd'):
|
|
server.shell(
|
|
name='Install lxd',
|
|
commands=['snap install lxd'],
|
|
)
|
|
|
|
if not host.fact.command('file -s /dev/sdc1 | grep swap || true'):
|
|
server.shell(
|
|
name='Create swap',
|
|
commands=['wipefs -a /dev/sdc1', 'mkswap /dev/sdc1'],
|
|
)
|
|
|
|
files.line(
|
|
name='Add swap to /etc/fstab',
|
|
path='/etc/fstab',
|
|
line='/dev/sdc1 none swap defaults 0 0',
|
|
)
|
|
|
|
server.shell(
|
|
name='Enable swap',
|
|
commands=['swapon -a'],
|
|
)
|
|
|
|
files.line(
|
|
name='Disable intel_pstate',
|
|
path='/etc/default/grub',
|
|
line='GRUB_CMDLINE_LINUX="intel_pstate=disable"',
|
|
)
|
|
|
|
server.shell(
|
|
name='Reload grub',
|
|
commands=['update-grub'],
|
|
)
|
|
|
|
files.put(
|
|
name='Install set-cpufreq-performance',
|
|
src='files/set-cpufreq-performance',
|
|
dest='/lib/systemd/set-cpufreq-performance',
|
|
user='root',
|
|
group='root',
|
|
mode='755',
|
|
)
|
|
|
|
files.put(
|
|
name='Override systemd ondemand.service',
|
|
src='files/ondemand.service',
|
|
dest='/etc/systemd/system/ondemand.service',
|
|
user='root',
|
|
group='root',
|
|
mode='644',
|
|
)
|
|
|
|
systemd.daemon_reload(
|
|
name='Reload systemd',
|
|
user_mode=False,
|
|
)
|
|
|
|
systemd.service(
|
|
name='Restart and enable ondemand service',
|
|
service='ondemand.service',
|
|
running=True,
|
|
restarted=True,
|
|
enabled=True,
|
|
)
|
|
|
|
files.put(
|
|
name='Add lxd-containers-upgrade.sh',
|
|
src='files/lxd-containers-upgrade.sh',
|
|
dest='/usr/local/bin/lxd-containers-upgrade.sh',
|
|
user='root',
|
|
group='root',
|
|
mode='700',
|
|
)
|
|
|