def configure(self):
self += User('haemera')
self += VirtualEnv(path='/srv/haemera/deployment')
self._ += Requirements()
req = self._
self += File('/srv/haemera/paste.ini',
owner='haemera',
group='haemera',
mode=0o640)
config = self._
self += ServiceDatabase('haemera', password=self.db_password)
self += Schema()
self += Program(
'haemera',
command='/srv/haemera/deployment/bin/pserve /srv/haemera/paste.ini',
user='******',
dependencies=[req, config])
self += File('/srv/haemera/nginx.conf')
self += VHost(self._)
self += CronJob('/srv/haemera/deployment/bin/haemera-recurrences',
args='/srv/haemera/paste.ini#haemera',
user='******',
timing='5 0 * * *')
def configure(self):
self += VirtualEnv()
self._ += Requirements(source='twifeed.txt')
# Install ws.twifeed manually from sdist, as it contains oauth secrets.
self += CronJob(
self.map('bin/twitter-notify'),
user='******',
timing='0 * * * *')
def configure(self):
self += VirtualEnv()
self._ += Requirements(source='rsspull.txt')
self += CronJob(
self.map('bin/rsspull'),
args='--confdir=/home/wosc/.dot/x11/rsspull',
user='******',
timing='0 6 * * *')
# Allow writing directly to Maildir
self += GroupMember('Debian-exim', user='******')
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/uptimerobot')
self._ += Requirements(source='uptimerobot/requirements.txt')
self += File(
'/srv/cgiserv/uptimerobot/config',
owner='cgiserv', group='cgiserv', mode=0o640,
source='uptimerobot/uptimerobot.conf')
self += File('/srv/cgiserv/apache.d/uptimerobot.conf',
source='uptimerobot/apache.conf', is_template=False)
self += CGI(self._)
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/nginxdbauth')
self._ += Requirements(source='nginxdbauth/requirements.txt')
self += File(
'/srv/cgiserv/nginxdbauth/config',
owner='cgiserv', group='cgiserv', mode=0o640,
source='nginxdbauth/auth.conf')
self += File('/srv/cgiserv/apache.d/nginxdbauth.conf',
source='nginxdbauth/apache.conf', is_template=False)
self += CGI(self._)
def configure(self):
self += User('letsencrypt')
for user in self.daemons:
self += GroupMember('letsencrypt', user=user)
self += File('/srv/letsencrypt/public', ensure='directory',
owner='letsencrypt', group='letsencrypt')
self += File('/srv/letsencrypt/data', ensure='directory',
owner='letsencrypt', group='letsencrypt', mode=0o770)
self += VirtualEnv(path='/srv/letsencrypt/deployment')
self._ += Requirements()
self += Patch(
'/srv/letsencrypt/deployment/lib/python%s/site-packages'
'/simp_le.py' % VirtualEnv.version, target='wosc patched',
file='logging.patch')
self += File(
'/etc/nginx/snippets/letsencrypt.conf',
source='nginx.conf', is_template=False)
self += File(
'/etc/sudoers.d/letsencrypt',
content='letsencrypt ALL=(root) NOPASSWD: /etc/init.d/nginx, /etc/init.d/exim4, /etc/init.d/courier-imap-ssl\n')
self += File(
'/srv/letsencrypt/update-letsencrypt', source='update.sh',
is_template=False, mode=0o755)
self += CronJob(
'/srv/letsencrypt/update-letsencrypt',
user='******',
timing='15 2 * * *')
for domain in self.domains:
self += File(
'/srv/letsencrypt/public/%s' % domain, ensure='directory',
owner='letsencrypt', group='letsencrypt')
self += File(
'/srv/letsencrypt/data/%s' % domain, ensure='directory',
owner='letsencrypt', group='letsencrypt')
for item in self.files:
if not os.path.exists('%s/data/%s.%s' % (
self.defdir, domain, item['source'])):
continue
self += File(
'/srv/letsencrypt/data/%s/%s' % (domain, item['target']),
source='%s.%s' % (domain, item['source']),
is_template=False, mode=item['mode'],
owner='letsencrypt', group='letsencrypt')
def configure(self):
self += User('tabu')
self += VirtualEnv(path='/srv/tabu/deployment')
self._ += Requirements(source='tabu.txt')
self += Program('tabu',
command='/srv/tabu/deployment/bin/tabu-serve 7080',
user='******',
dependencies=[self._, self._.parent])
self += File('/srv/tabu/nginx.conf',
source='tabu.conf',
is_template=False)
self += VHost(self._)
def configure(self):
self += VirtualEnv()
self._ += Requirements(source='github.txt')
self += Program('prometheus-github',
command=self.map('bin/github_vulnerability_exporter') +
' --host=127.0.0.1 --port=9597 --ttl=3590',
environ='GITHUB_AUTHTOKEN="%s", GITHUB_OWNER="%s"' %
(self.api_key, self.owner),
user='******',
dependencies=[])
self += File('/srv/prometheus/conf.d/alert-github.yml',
is_template=False)
self.provide('prom:rule', self._)
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/ddns')
self._ += Requirements(source='ddns/requirements.txt')
self += File(
'/srv/cgiserv/ddns/config',
owner='cgiserv', group='cgiserv', mode=0o640,
source='ddns/ddns.conf')
self += File('/srv/cgiserv/apache.d/ddns.conf',
source='ddns/apache.conf', is_template=False)
self += CGI(self._)
self += File('/srv/cgiserv/nginx.d/ddns.conf',
source='ddns/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/passwd')
self._ += Requirements(source='passwd.txt')
self += File(
'/etc/sudoers.d/webpasswd',
content='cgiserv ALL=(root) NOPASSWD: /srv/cgiserv/passwd/bin/webpasswd-change\n')
self += File(
'/srv/cgiserv/apache.d/passwd.conf',
content='ScriptAlias /passwd /srv/cgiserv/passwd/bin/webpasswd-cgi\n' )
self += CGI(self._)
self += File(
'/srv/cgiserv/nginx.d/passwd.conf',
content='location /passwd { proxy_pass http://cgi; }\n')
self += VHost(self._)
def configure(self):
self += User('thyrida')
self += VirtualEnv(path='/srv/thyrida/deployment')
self._ += Requirements()
reqs = self._
self += File(
'/srv/thyrida/paste.ini',
owner='thyrida', group='thyrida', mode=0o640)
self += Program(
'thyrida',
command='/srv/thyrida/deployment/bin/pserve /srv/thyrida/paste.ini',
user='******',
dependencies=[reqs, self._])
self += File('/srv/thyrida/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
# Allow running `mailq`
self += GroupMember('Debian-exim', user='******')
self += File('/srv/prometheus/bin/node_exporter-mailq',
source='mailq.sh',
is_template=False,
mode=0o755)
self += CronJob('/srv/prometheus/bin/node_exporter-mailq',
user='******',
timing='* * * * *')
# Allow reading exim mainlog
self += GroupMember('adm', user='******')
self += File('/srv/prometheus/bin/node_exporter-eximstats',
source='eximstats.sh',
is_template=False,
mode=0o755)
self += CronJob('/srv/prometheus/bin/node_exporter-eximstats',
user='******',
timing='*/5 * * * *')
self += VirtualEnv()
self._ += Requirements(source='mailcheck.txt')
for name in ['mail', 'caldav']:
self += Symlink('/srv/prometheus/bin/%s-check-roundtrip' % name,
source=self.map('bin/%s-check-roundtrip' % name))
self += File('/srv/prometheus/%scheck.conf' % name,
owner='prometheus',
group='prometheus',
mode=0o640)
self += File('/srv/prometheus/bin/node_exporter-mailcheck',
source='mailcheck.sh',
is_template=False,
mode=0o755)
self += CronJob('/srv/prometheus/bin/node_exporter-mailcheck',
user='******',
timing='*/5 * * * *')
self += File('/srv/prometheus/conf.d/alert-mailcheck.yml',
is_template=False)
self.provide('prom:rule', self._)
def configure(self):
self += User('radicale')
self += File('/srv/radicale/data',
ensure='directory',
owner='radicale',
group='radicale')
deps = []
self += VirtualEnv(path='/srv/radicale/deployment')
self._ += Requirements()
deps.append(self._)
courier_py = ('/srv/radicale/deployment/lib/python%s/site-packages'
'/radicale/auth/courier.py' % VirtualEnv.version)
self += Patch(courier_py, source='"GID"', target='b"GID"')
self += Patch(courier_py,
source='sock.send(line)',
target='sock.send(line.encode("utf-8")')
# Allow access to authdaemon
self += GroupMember('courier', user='******')
for name in ['radicale.conf', 'logging.conf', 'serve.py']:
self += File('/srv/radicale/%s' % name, is_template=False)
deps.append(self._)
self += Program(
'radicale',
command=
'/srv/radicale/deployment/bin/python /srv/radicale/serve.py',
environ='RADICALE_CONFIG=/srv/radicale/radicale.conf',
user='******',
dependencies=deps)
self += File('/srv/radicale/nginx.conf', is_template=False)
self += VHost(self._)