예제 #1
0
    def configure(self):
        self += User('seanopoly')

        self += Clone('https://github.com/wosc/monopoly',
                      branch='master',
                      target='/srv/seanopoly/app')
        git = self._
        app = git.target + '/game'
        self += NPM(app)
        self += NPM(app + '/client',
                    commands=['install --no-save', 'run build'],
                    dependencies=git)

        # The app wants to write logs here.
        self += File(app + '/static',
                     ensure='directory',
                     owner='seanopoly',
                     group='seanopoly')

        self += Program(
            'seanopoly',
            command='node %s/server/server.js' % app,
            directory=app,
            environ=
            'HTTP=true, BIND=127.0.0.1, PORT=7083, VHOST_PATH=/seanopoly',
            user='******')

        self += File('/srv/seanopoly/nginx.conf',
                     source='seanopoly.conf',
                     is_template=False)
        self += VHost(self._)
예제 #2
0
    def configure(self):
        self += User('haemera')

        self += VirtualEnv(path='/srv/haemera/deployment')
        self._ += Requirements()
        req = self._

        self += File('/srv/haemera/paste.ini',
                     owner='haemera',
                     group='haemera',
                     mode=0o640)
        config = self._

        self += ServiceDatabase('haemera', password=self.db_password)
        self += Schema()

        self += Program(
            'haemera',
            command='/srv/haemera/deployment/bin/pserve /srv/haemera/paste.ini',
            user='******',
            dependencies=[req, config])

        self += File('/srv/haemera/nginx.conf')
        self += VHost(self._)

        self += CronJob('/srv/haemera/deployment/bin/haemera-recurrences',
                        args='/srv/haemera/paste.ini#haemera',
                        user='******',
                        timing='5 0 * * *')
예제 #3
0
    def configure(self):
        self += Package('mongodb')
        self += User('robometeor')

        # meteor build dist
        # scp dist/robometeor.tar.gz wosc.de:/srv/robometeor
        # rm -rf /srv/robometeor/bundle/*; tar xfC robometeor.tar.gz /srv/robometeor/; npm install --prefix /srv/robometeor/bundle/programs/server; sudo sv restart robometeor

        # replace in programs/web.browser/12345.js:
        # `Router.route('/` with `Router.router('/roborally/`
        # prefix with `/roborally`:
        # `/robots/`, `/tiles/`, `/finish.png`, `/start.png`,
        # `/damage-token.png`, `/Power_Off.png`

        self += Program('robometeor',
                        command='node /srv/robometeor/bundle/main.js',
                        environ='BIND_IP=127.0.0.1, PORT=7082, '
                        'ROOT_URL=https://wosc.de/roborally, '
                        'MONGO_URL=mongodb://localhost:27017/robometeor',
                        user='******',
                        dependencies=())

        self += File('/srv/robometeor/nginx.conf',
                     source='roborally.conf',
                     is_template=False)
        self += VHost(self._)
예제 #4
0
 def configure(self):
     self += User(
         'grmusik', home='/home/grmusik',
         shell='/usr/lib/openssh/sftp-server')
     self += File('/etc/nginx/sites-available/grmusik.de',
                  source='grmusik.de.conf', is_template=False)
     self += VHost(self._, site_enable=True)
예제 #5
0
    def configure(self):
        self += User('peerjs')

        self += Download(
            self.url.format(version=self.version), checksum=self.checksum)
        self += Extract(
            self._.target, target='/srv/peerjs', strip=1,
            owner='peerjs', group='peerjs')

        self += Patch(
            '/srv/peerjs/lib/server.js',
            file='ws-3.0.patch', target='wosc patched')

        self += File('/srv/peerjs/package.json', is_template=False)
        self += File('/srv/peerjs/package-lock.json', is_template=False)
        self.packages = self._

        self += File('/srv/peerjs/serve.js', is_template=False,
                     owner='peerjs', group='peerjs')
        self += PHP(
            'peerjs',
            command='node serve.js',
            user='******',
            directory='/srv/peerjs',
            dependencies=[self])

        self += File('/srv/peerjs/nginx.conf', is_template=False)
        self += VHost(self._)
예제 #6
0
    def configure(self):
        self.url = self.url.format(version=self.version)

        self += User('prometheus')
        for name in ['bin', 'conf.d', 'data', 'node']:
            self += File('/srv/prometheus/%s' % name,
                         ensure='directory',
                         owner='prometheus',
                         group='prometheus')

        self += DownloadBinary(self.url.format(version=self.version),
                               checksum=self.checksum,
                               names=['prometheus', 'promtool'])
        self += Program(
            'prometheus',
            command='/srv/prometheus/bin/prometheus '
            '--config.file=/srv/prometheus/server.yml '
            '--storage.tsdb.path=/srv/prometheus/data '
            '--web.listen-address="127.0.0.1:9090" '
            # https://github.com/prometheus/prometheus/issues/1191
            '--web.external-url=https://pharos.wosc.de/prometheus/ '
            '--web.route-prefix=/',
            user='******',
            dependencies=[self._])

        self += File('/srv/prometheus/server.yml', is_template=False)
        self.config = [self._] + self.require('prom:rule', host=self.host)

        self += File('/srv/prometheus/nginx.conf', is_template=False)
        self += VHost(self._)
예제 #7
0
    def configure(self):
        for name in self.packages:
            self += Package(name)

        self += ServiceDatabase('wallabag', password=self.db_password)
        self += Schema()
        self += AdminUser(password=self.ui_password)

        self += User('wallabag')

        self += Download(self.url.format(version=self.version),
                         checksum=self.checksum)
        self += Extract(self._.target,
                        target='/srv/wallabag',
                        strip=1,
                        owner='wallabag',
                        group='wallabag')

        self += Patch('/srv/wallabag/app/config/routing.yml',
                      file='backup-api.patch',
                      target='backup')

        self += File('/srv/wallabag/app/config/parameters.yml',
                     owner='wallabag',
                     group='wallabag',
                     mode=0o640)

        self += PHP('wallabag', user='******', environ='SYMFONY_ENV=prod')

        self += File('/srv/wallabag/nginx.conf', is_template=False)
        self += VHost(self._)
예제 #8
0
    def configure(self):
        self += Package('imapproxy')
        self += Patch('/etc/imapproxy.conf',
                      source='#listen_address 127.0.0.1',
                      target='listen_address 127.0.0.1',
                      check_source_removed=True)
        self += Service('imapproxy', action='restart', deps=self._)

        self += User('roundcube')

        self += Download(self.url.format(version=self.version),
                         checksum=self.checksum)
        self += Extract(self._.target,
                        target='/srv/roundcube',
                        strip=1,
                        owner='roundcube',
                        group='roundcube')
        self += Delete('/srv/roundcube/installer')

        self += File('/srv/roundcube/config/config.inc.php',
                     source='config.php',
                     owner='roundcube',
                     group='roundcube',
                     mode=0o640)

        self += Download(
            'https://github.com/marneu/login_info/archive/'
            'b4e8a299a3f10b5e81a753a84cc9fe51015b0035.zip',
            checksum=
            'sha256:3e90853e991dfb7e8ec1814f716ebf031633859a6c522e9281a1381b310b45e6'
        )
        self += Extract(self._.target, owner='roundcube', group='roundcube')
        # Poor man's strip for zip, idea taken from
        # <https://github.com/chef-cookbooks/ark/blob/e8c03f6/
        #   libraries/unzip_command_builder.rb#L34>
        self += SyncDirectory('/srv/roundcube/plugins/login_info',
                              source=self._.target + '/*',
                              sync_opts='-a')

        self += ServiceDatabase('roundcube',
                                password=self.db_password,
                                schema='/srv/roundcube/SQL/mysql.initial.sql')

        self += PHP('roundcube',
                    params={
                        'upload_max_filesize': '30M',
                        'post_max_size': '30M'
                    },
                    user='******')

        self += File('/etc/nginx/sites-available/mail.wosc.de',
                     source='nginx.conf',
                     is_template=False)
        self += VHost(self._, site_enable=True)
예제 #9
0
    def configure(self):
        self += User('letsencrypt')
        for user in self.daemons:
            self += GroupMember('letsencrypt', user=user)

        self += File('/srv/letsencrypt/public', ensure='directory',
                     owner='letsencrypt', group='letsencrypt')
        self += File('/srv/letsencrypt/data', ensure='directory',
                     owner='letsencrypt', group='letsencrypt', mode=0o770)

        self += VirtualEnv(path='/srv/letsencrypt/deployment')
        self._ += Requirements()

        self += Patch(
            '/srv/letsencrypt/deployment/lib/python%s/site-packages'
            '/simp_le.py' % VirtualEnv.version, target='wosc patched',
            file='logging.patch')

        self += File(
            '/etc/nginx/snippets/letsencrypt.conf',
            source='nginx.conf', is_template=False)

        self += File(
            '/etc/sudoers.d/letsencrypt',
            content='letsencrypt ALL=(root) NOPASSWD: /etc/init.d/nginx, /etc/init.d/exim4, /etc/init.d/courier-imap-ssl\n')

        self += File(
            '/srv/letsencrypt/update-letsencrypt', source='update.sh',
            is_template=False, mode=0o755)

        self += CronJob(
            '/srv/letsencrypt/update-letsencrypt',
            user='******',
            timing='15 2 * * *')

        for domain in self.domains:
            self += File(
                '/srv/letsencrypt/public/%s' % domain, ensure='directory',
                owner='letsencrypt', group='letsencrypt')
            self += File(
                '/srv/letsencrypt/data/%s' % domain, ensure='directory',
                owner='letsencrypt', group='letsencrypt')

            for item in self.files:
                if not os.path.exists('%s/data/%s.%s' % (
                        self.defdir, domain, item['source'])):
                    continue
                self += File(
                    '/srv/letsencrypt/data/%s/%s' % (domain, item['target']),
                    source='%s.%s' % (domain, item['source']),
                    is_template=False, mode=item['mode'],
                    owner='letsencrypt', group='letsencrypt')
예제 #10
0
    def configure(self):
        for name in self.packages:
            self += Package(name)

        # Allow accessing (mostly python) software installed by batou
        self += File('/root', ensure='directory', mode=0o755)

        self += User('wosc', home='/home/wosc')
        self += GroupMember('sudo', user='******')

        self += File('/etc/motd', is_template=False)
        self += File('/etc/ssh/sshd_config.d/cyberduck.conf',
                     source='ssh.conf',
                     is_template=False)
예제 #11
0
    def configure(self):
        self += Package('php7.4-mysql')

        self += User('grshop')
        self += ServiceDatabase('grshop', password=self.db_password)

        self += File('/srv/grshop/tmp',
                     ensure='directory',
                     owner='grshop',
                     group='grshop')

        self += Download(self.url.format(version=self.version),
                         checksum=self.checksum)
        self += Extract(self._.target,
                        target='/srv/grshop/lib',
                        strip=1,
                        owner='grshop',
                        group='grshop')

        self += File('/srv/grshop/lib/wp-config.php',
                     owner='grshop',
                     group='grshop',
                     mode=0o640)

        self += File(
            '/srv/grshop/lib/wp-content/plugins'
            '/wc-free-checkout-fields/wc-free-checkout-fields.php',
            leading=True,
            owner='grshop',
            group='grshop',
            is_template=False)

        self += PHP('grshop',
                    params={
                        'upload_max_filesize': '200M',
                        'post_max_size': '200M',
                        'memory_limit': '64M',
                        'upload_tmp_dir': '/srv/grshop/tmp',
                        'open_basedir': '/srv/grshop/lib',
                        'allow_url_fopen': 'Off'
                    },
                    user='******')

        self += File('/srv/grshop/nginx.conf',
                     source='nginx.conf',
                     is_template=False)
        self += VHost(self._)

        self += AdminUser(password=self.ui_password)
예제 #12
0
    def configure(self):
        self += User('tabu')

        self += VirtualEnv(path='/srv/tabu/deployment')
        self._ += Requirements(source='tabu.txt')

        self += Program('tabu',
                        command='/srv/tabu/deployment/bin/tabu-serve 7080',
                        user='******',
                        dependencies=[self._, self._.parent])

        self += File('/srv/tabu/nginx.conf',
                     source='tabu.conf',
                     is_template=False)
        self += VHost(self._)
예제 #13
0
    def configure(self):
        self += User('thyrida')
        self += VirtualEnv(path='/srv/thyrida/deployment')
        self._ += Requirements()
        reqs = self._

        self += File(
            '/srv/thyrida/paste.ini',
            owner='thyrida', group='thyrida', mode=0o640)

        self += Program(
            'thyrida',
            command='/srv/thyrida/deployment/bin/pserve /srv/thyrida/paste.ini',
            user='******',
            dependencies=[reqs, self._])

        self += File('/srv/thyrida/nginx.conf', is_template=False)
        self += VHost(self._)
예제 #14
0
    def configure(self):
        for name in self.packages:
            self += Package(name)

        self += User('matomo')
        # Allow reading accesslogs
        self += GroupMember('adm', user='******')
        self += ServiceDatabase('matomo', password=self.db_password)

        self += File('/srv/matomo/setup/install.json',
                     owner='matomo', group='matomo', mode=0o640)
        self += Setup()

        self += Download(
            self.url.format(version=self.version), checksum=self.checksum,
            requests_kwargs={'headers': {'accept-encoding': '', 'accept': ''}})
        self += Extract(
            self._.target, target='/srv/matomo', strip=1,
            owner='matomo', group='matomo')

        self += PHP('matomo', user='******')

        self += File('/srv/matomo/nginx.conf', is_template=False)
        self += VHost(self._)

        self += CronJob(
            self.import_logs.format(id=1, domain='wosc.de'),
            user='******',
            timing='0 8 * * *')
        self += CronJob(
            self.import_logs.format(id=2, domain='grmusik.de'),
            user='******',
            timing='30 8 * * *')
        self += CronJob(
            'php /srv/matomo/console core:archive '
            '--url=https://pharos.wosc.de/logs/ > /dev/null',
            user='******',
            timing='0 9 * * *')

        self += File(
            '/etc/sudoers.d/matomo-geoip',
            content='matomo ALL=(root) NOPASSWD: /usr/sbin/update-geoip-database\n')
예제 #15
0
    def configure(self):
        self.provide('apache', self)
        self += Package('apache2')

        self += User('cgiserv')
        for name in ['apache.d', 'nginx.d']:
            self += File('/srv/cgiserv/%s' % name, ensure='directory')

        self += File(
            '/srv/cgiserv/apache.conf', owner='cgiserv', group='cgiserv',
            source=here + 'apache.conf', is_template=False)
        self += Program(
            'cgiserv',
            command='/usr/sbin/apache2 -d /usr/lib/apache2 '
                    '-f /srv/cgiserv/apache.conf -k start -X',
            user='******',
            dependencies=[self._])

        self += File(
            '/srv/cgiserv/nginx.conf',
            source=here + 'cgi.conf', is_template=False)
        self += VHost(self._)
예제 #16
0
    def configure(self):
        self += User('radicale')
        self += File('/srv/radicale/data',
                     ensure='directory',
                     owner='radicale',
                     group='radicale')

        deps = []
        self += VirtualEnv(path='/srv/radicale/deployment')
        self._ += Requirements()
        deps.append(self._)

        courier_py = ('/srv/radicale/deployment/lib/python%s/site-packages'
                      '/radicale/auth/courier.py' % VirtualEnv.version)
        self += Patch(courier_py, source='"GID"', target='b"GID"')
        self += Patch(courier_py,
                      source='sock.send(line)',
                      target='sock.send(line.encode("utf-8")')

        # Allow access to authdaemon
        self += GroupMember('courier', user='******')

        for name in ['radicale.conf', 'logging.conf', 'serve.py']:
            self += File('/srv/radicale/%s' % name, is_template=False)
            deps.append(self._)

        self += Program(
            'radicale',
            command=
            '/srv/radicale/deployment/bin/python /srv/radicale/serve.py',
            environ='RADICALE_CONFIG=/srv/radicale/radicale.conf',
            user='******',
            dependencies=deps)

        self += File('/srv/radicale/nginx.conf', is_template=False)
        self += VHost(self._)