def configure(self): self += User('seanopoly') self += Clone('https://github.com/wosc/monopoly', branch='master', target='/srv/seanopoly/app') git = self._ app = git.target + '/game' self += NPM(app) self += NPM(app + '/client', commands=['install --no-save', 'run build'], dependencies=git) # The app wants to write logs here. self += File(app + '/static', ensure='directory', owner='seanopoly', group='seanopoly') self += Program( 'seanopoly', command='node %s/server/server.js' % app, directory=app, environ= 'HTTP=true, BIND=127.0.0.1, PORT=7083, VHOST_PATH=/seanopoly', user='******') self += File('/srv/seanopoly/nginx.conf', source='seanopoly.conf', is_template=False) self += VHost(self._)
def configure(self): self += User('haemera') self += VirtualEnv(path='/srv/haemera/deployment') self._ += Requirements() req = self._ self += File('/srv/haemera/paste.ini', owner='haemera', group='haemera', mode=0o640) config = self._ self += ServiceDatabase('haemera', password=self.db_password) self += Schema() self += Program( 'haemera', command='/srv/haemera/deployment/bin/pserve /srv/haemera/paste.ini', user='******', dependencies=[req, config]) self += File('/srv/haemera/nginx.conf') self += VHost(self._) self += CronJob('/srv/haemera/deployment/bin/haemera-recurrences', args='/srv/haemera/paste.ini#haemera', user='******', timing='5 0 * * *')
def configure(self): self += Package('mongodb') self += User('robometeor') # meteor build dist # scp dist/robometeor.tar.gz wosc.de:/srv/robometeor # rm -rf /srv/robometeor/bundle/*; tar xfC robometeor.tar.gz /srv/robometeor/; npm install --prefix /srv/robometeor/bundle/programs/server; sudo sv restart robometeor # replace in programs/web.browser/12345.js: # `Router.route('/` with `Router.router('/roborally/` # prefix with `/roborally`: # `/robots/`, `/tiles/`, `/finish.png`, `/start.png`, # `/damage-token.png`, `/Power_Off.png` self += Program('robometeor', command='node /srv/robometeor/bundle/main.js', environ='BIND_IP=127.0.0.1, PORT=7082, ' 'ROOT_URL=https://wosc.de/roborally, ' 'MONGO_URL=mongodb://localhost:27017/robometeor', user='******', dependencies=()) self += File('/srv/robometeor/nginx.conf', source='roborally.conf', is_template=False) self += VHost(self._)
def configure(self): self += User( 'grmusik', home='/home/grmusik', shell='/usr/lib/openssh/sftp-server') self += File('/etc/nginx/sites-available/grmusik.de', source='grmusik.de.conf', is_template=False) self += VHost(self._, site_enable=True)
def configure(self): self += User('peerjs') self += Download( self.url.format(version=self.version), checksum=self.checksum) self += Extract( self._.target, target='/srv/peerjs', strip=1, owner='peerjs', group='peerjs') self += Patch( '/srv/peerjs/lib/server.js', file='ws-3.0.patch', target='wosc patched') self += File('/srv/peerjs/package.json', is_template=False) self += File('/srv/peerjs/package-lock.json', is_template=False) self.packages = self._ self += File('/srv/peerjs/serve.js', is_template=False, owner='peerjs', group='peerjs') self += PHP( 'peerjs', command='node serve.js', user='******', directory='/srv/peerjs', dependencies=[self]) self += File('/srv/peerjs/nginx.conf', is_template=False) self += VHost(self._)
def configure(self): self.url = self.url.format(version=self.version) self += User('prometheus') for name in ['bin', 'conf.d', 'data', 'node']: self += File('/srv/prometheus/%s' % name, ensure='directory', owner='prometheus', group='prometheus') self += DownloadBinary(self.url.format(version=self.version), checksum=self.checksum, names=['prometheus', 'promtool']) self += Program( 'prometheus', command='/srv/prometheus/bin/prometheus ' '--config.file=/srv/prometheus/server.yml ' '--storage.tsdb.path=/srv/prometheus/data ' '--web.listen-address="127.0.0.1:9090" ' # https://github.com/prometheus/prometheus/issues/1191 '--web.external-url=https://pharos.wosc.de/prometheus/ ' '--web.route-prefix=/', user='******', dependencies=[self._]) self += File('/srv/prometheus/server.yml', is_template=False) self.config = [self._] + self.require('prom:rule', host=self.host) self += File('/srv/prometheus/nginx.conf', is_template=False) self += VHost(self._)
def configure(self): for name in self.packages: self += Package(name) self += ServiceDatabase('wallabag', password=self.db_password) self += Schema() self += AdminUser(password=self.ui_password) self += User('wallabag') self += Download(self.url.format(version=self.version), checksum=self.checksum) self += Extract(self._.target, target='/srv/wallabag', strip=1, owner='wallabag', group='wallabag') self += Patch('/srv/wallabag/app/config/routing.yml', file='backup-api.patch', target='backup') self += File('/srv/wallabag/app/config/parameters.yml', owner='wallabag', group='wallabag', mode=0o640) self += PHP('wallabag', user='******', environ='SYMFONY_ENV=prod') self += File('/srv/wallabag/nginx.conf', is_template=False) self += VHost(self._)
def configure(self): self += Package('imapproxy') self += Patch('/etc/imapproxy.conf', source='#listen_address 127.0.0.1', target='listen_address 127.0.0.1', check_source_removed=True) self += Service('imapproxy', action='restart', deps=self._) self += User('roundcube') self += Download(self.url.format(version=self.version), checksum=self.checksum) self += Extract(self._.target, target='/srv/roundcube', strip=1, owner='roundcube', group='roundcube') self += Delete('/srv/roundcube/installer') self += File('/srv/roundcube/config/config.inc.php', source='config.php', owner='roundcube', group='roundcube', mode=0o640) self += Download( 'https://github.com/marneu/login_info/archive/' 'b4e8a299a3f10b5e81a753a84cc9fe51015b0035.zip', checksum= 'sha256:3e90853e991dfb7e8ec1814f716ebf031633859a6c522e9281a1381b310b45e6' ) self += Extract(self._.target, owner='roundcube', group='roundcube') # Poor man's strip for zip, idea taken from # <https://github.com/chef-cookbooks/ark/blob/e8c03f6/ # libraries/unzip_command_builder.rb#L34> self += SyncDirectory('/srv/roundcube/plugins/login_info', source=self._.target + '/*', sync_opts='-a') self += ServiceDatabase('roundcube', password=self.db_password, schema='/srv/roundcube/SQL/mysql.initial.sql') self += PHP('roundcube', params={ 'upload_max_filesize': '30M', 'post_max_size': '30M' }, user='******') self += File('/etc/nginx/sites-available/mail.wosc.de', source='nginx.conf', is_template=False) self += VHost(self._, site_enable=True)
def configure(self): self += User('letsencrypt') for user in self.daemons: self += GroupMember('letsencrypt', user=user) self += File('/srv/letsencrypt/public', ensure='directory', owner='letsencrypt', group='letsencrypt') self += File('/srv/letsencrypt/data', ensure='directory', owner='letsencrypt', group='letsencrypt', mode=0o770) self += VirtualEnv(path='/srv/letsencrypt/deployment') self._ += Requirements() self += Patch( '/srv/letsencrypt/deployment/lib/python%s/site-packages' '/simp_le.py' % VirtualEnv.version, target='wosc patched', file='logging.patch') self += File( '/etc/nginx/snippets/letsencrypt.conf', source='nginx.conf', is_template=False) self += File( '/etc/sudoers.d/letsencrypt', content='letsencrypt ALL=(root) NOPASSWD: /etc/init.d/nginx, /etc/init.d/exim4, /etc/init.d/courier-imap-ssl\n') self += File( '/srv/letsencrypt/update-letsencrypt', source='update.sh', is_template=False, mode=0o755) self += CronJob( '/srv/letsencrypt/update-letsencrypt', user='******', timing='15 2 * * *') for domain in self.domains: self += File( '/srv/letsencrypt/public/%s' % domain, ensure='directory', owner='letsencrypt', group='letsencrypt') self += File( '/srv/letsencrypt/data/%s' % domain, ensure='directory', owner='letsencrypt', group='letsencrypt') for item in self.files: if not os.path.exists('%s/data/%s.%s' % ( self.defdir, domain, item['source'])): continue self += File( '/srv/letsencrypt/data/%s/%s' % (domain, item['target']), source='%s.%s' % (domain, item['source']), is_template=False, mode=item['mode'], owner='letsencrypt', group='letsencrypt')
def configure(self): for name in self.packages: self += Package(name) # Allow accessing (mostly python) software installed by batou self += File('/root', ensure='directory', mode=0o755) self += User('wosc', home='/home/wosc') self += GroupMember('sudo', user='******') self += File('/etc/motd', is_template=False) self += File('/etc/ssh/sshd_config.d/cyberduck.conf', source='ssh.conf', is_template=False)
def configure(self): self += Package('php7.4-mysql') self += User('grshop') self += ServiceDatabase('grshop', password=self.db_password) self += File('/srv/grshop/tmp', ensure='directory', owner='grshop', group='grshop') self += Download(self.url.format(version=self.version), checksum=self.checksum) self += Extract(self._.target, target='/srv/grshop/lib', strip=1, owner='grshop', group='grshop') self += File('/srv/grshop/lib/wp-config.php', owner='grshop', group='grshop', mode=0o640) self += File( '/srv/grshop/lib/wp-content/plugins' '/wc-free-checkout-fields/wc-free-checkout-fields.php', leading=True, owner='grshop', group='grshop', is_template=False) self += PHP('grshop', params={ 'upload_max_filesize': '200M', 'post_max_size': '200M', 'memory_limit': '64M', 'upload_tmp_dir': '/srv/grshop/tmp', 'open_basedir': '/srv/grshop/lib', 'allow_url_fopen': 'Off' }, user='******') self += File('/srv/grshop/nginx.conf', source='nginx.conf', is_template=False) self += VHost(self._) self += AdminUser(password=self.ui_password)
def configure(self): self += User('tabu') self += VirtualEnv(path='/srv/tabu/deployment') self._ += Requirements(source='tabu.txt') self += Program('tabu', command='/srv/tabu/deployment/bin/tabu-serve 7080', user='******', dependencies=[self._, self._.parent]) self += File('/srv/tabu/nginx.conf', source='tabu.conf', is_template=False) self += VHost(self._)
def configure(self): self += User('thyrida') self += VirtualEnv(path='/srv/thyrida/deployment') self._ += Requirements() reqs = self._ self += File( '/srv/thyrida/paste.ini', owner='thyrida', group='thyrida', mode=0o640) self += Program( 'thyrida', command='/srv/thyrida/deployment/bin/pserve /srv/thyrida/paste.ini', user='******', dependencies=[reqs, self._]) self += File('/srv/thyrida/nginx.conf', is_template=False) self += VHost(self._)
def configure(self): for name in self.packages: self += Package(name) self += User('matomo') # Allow reading accesslogs self += GroupMember('adm', user='******') self += ServiceDatabase('matomo', password=self.db_password) self += File('/srv/matomo/setup/install.json', owner='matomo', group='matomo', mode=0o640) self += Setup() self += Download( self.url.format(version=self.version), checksum=self.checksum, requests_kwargs={'headers': {'accept-encoding': '', 'accept': ''}}) self += Extract( self._.target, target='/srv/matomo', strip=1, owner='matomo', group='matomo') self += PHP('matomo', user='******') self += File('/srv/matomo/nginx.conf', is_template=False) self += VHost(self._) self += CronJob( self.import_logs.format(id=1, domain='wosc.de'), user='******', timing='0 8 * * *') self += CronJob( self.import_logs.format(id=2, domain='grmusik.de'), user='******', timing='30 8 * * *') self += CronJob( 'php /srv/matomo/console core:archive ' '--url=https://pharos.wosc.de/logs/ > /dev/null', user='******', timing='0 9 * * *') self += File( '/etc/sudoers.d/matomo-geoip', content='matomo ALL=(root) NOPASSWD: /usr/sbin/update-geoip-database\n')
def configure(self): self.provide('apache', self) self += Package('apache2') self += User('cgiserv') for name in ['apache.d', 'nginx.d']: self += File('/srv/cgiserv/%s' % name, ensure='directory') self += File( '/srv/cgiserv/apache.conf', owner='cgiserv', group='cgiserv', source=here + 'apache.conf', is_template=False) self += Program( 'cgiserv', command='/usr/sbin/apache2 -d /usr/lib/apache2 ' '-f /srv/cgiserv/apache.conf -k start -X', user='******', dependencies=[self._]) self += File( '/srv/cgiserv/nginx.conf', source=here + 'cgi.conf', is_template=False) self += VHost(self._)
def configure(self): self += User('radicale') self += File('/srv/radicale/data', ensure='directory', owner='radicale', group='radicale') deps = [] self += VirtualEnv(path='/srv/radicale/deployment') self._ += Requirements() deps.append(self._) courier_py = ('/srv/radicale/deployment/lib/python%s/site-packages' '/radicale/auth/courier.py' % VirtualEnv.version) self += Patch(courier_py, source='"GID"', target='b"GID"') self += Patch(courier_py, source='sock.send(line)', target='sock.send(line.encode("utf-8")') # Allow access to authdaemon self += GroupMember('courier', user='******') for name in ['radicale.conf', 'logging.conf', 'serve.py']: self += File('/srv/radicale/%s' % name, is_template=False) deps.append(self._) self += Program( 'radicale', command= '/srv/radicale/deployment/bin/python /srv/radicale/serve.py', environ='RADICALE_CONFIG=/srv/radicale/radicale.conf', user='******', dependencies=deps) self += File('/srv/radicale/nginx.conf', is_template=False) self += VHost(self._)