def configure(self):
self += User('peerjs')
self += Download(
self.url.format(version=self.version), checksum=self.checksum)
self += Extract(
self._.target, target='/srv/peerjs', strip=1,
owner='peerjs', group='peerjs')
self += Patch(
'/srv/peerjs/lib/server.js',
file='ws-3.0.patch', target='wosc patched')
self += File('/srv/peerjs/package.json', is_template=False)
self += File('/srv/peerjs/package-lock.json', is_template=False)
self.packages = self._
self += File('/srv/peerjs/serve.js', is_template=False,
owner='peerjs', group='peerjs')
self += PHP(
'peerjs',
command='node serve.js',
user='******',
directory='/srv/peerjs',
dependencies=[self])
self += File('/srv/peerjs/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += User('haemera')
self += VirtualEnv(path='/srv/haemera/deployment')
self._ += Requirements()
req = self._
self += File('/srv/haemera/paste.ini',
owner='haemera',
group='haemera',
mode=0o640)
config = self._
self += ServiceDatabase('haemera', password=self.db_password)
self += Schema()
self += Program(
'haemera',
command='/srv/haemera/deployment/bin/pserve /srv/haemera/paste.ini',
user='******',
dependencies=[req, config])
self += File('/srv/haemera/nginx.conf')
self += VHost(self._)
self += CronJob('/srv/haemera/deployment/bin/haemera-recurrences',
args='/srv/haemera/paste.ini#haemera',
user='******',
timing='5 0 * * *')
def configure(self):
self += User(
'grmusik', home='/home/grmusik',
shell='/usr/lib/openssh/sftp-server')
self += File('/etc/nginx/sites-available/grmusik.de',
source='grmusik.de.conf', is_template=False)
self += VHost(self._, site_enable=True)
def configure(self):
for name in self.packages:
self += Package(name)
self += ServiceDatabase('wallabag', password=self.db_password)
self += Schema()
self += AdminUser(password=self.ui_password)
self += User('wallabag')
self += Download(self.url.format(version=self.version),
checksum=self.checksum)
self += Extract(self._.target,
target='/srv/wallabag',
strip=1,
owner='wallabag',
group='wallabag')
self += Patch('/srv/wallabag/app/config/routing.yml',
file='backup-api.patch',
target='backup')
self += File('/srv/wallabag/app/config/parameters.yml',
owner='wallabag',
group='wallabag',
mode=0o640)
self += PHP('wallabag', user='******', environ='SYMFONY_ENV=prod')
self += File('/srv/wallabag/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += Package('mongodb')
self += User('robometeor')
# meteor build dist
# scp dist/robometeor.tar.gz wosc.de:/srv/robometeor
# rm -rf /srv/robometeor/bundle/*; tar xfC robometeor.tar.gz /srv/robometeor/; npm install --prefix /srv/robometeor/bundle/programs/server; sudo sv restart robometeor
# replace in programs/web.browser/12345.js:
# `Router.route('/` with `Router.router('/roborally/`
# prefix with `/roborally`:
# `/robots/`, `/tiles/`, `/finish.png`, `/start.png`,
# `/damage-token.png`, `/Power_Off.png`
self += Program('robometeor',
command='node /srv/robometeor/bundle/main.js',
environ='BIND_IP=127.0.0.1, PORT=7082, '
'ROOT_URL=https://wosc.de/roborally, '
'MONGO_URL=mongodb://localhost:27017/robometeor',
user='******',
dependencies=())
self += File('/srv/robometeor/nginx.conf',
source='roborally.conf',
is_template=False)
self += VHost(self._)
def configure(self):
self.url = self.url.format(version=self.version)
self += User('prometheus')
for name in ['bin', 'conf.d', 'data', 'node']:
self += File('/srv/prometheus/%s' % name,
ensure='directory',
owner='prometheus',
group='prometheus')
self += DownloadBinary(self.url.format(version=self.version),
checksum=self.checksum,
names=['prometheus', 'promtool'])
self += Program(
'prometheus',
command='/srv/prometheus/bin/prometheus '
'--config.file=/srv/prometheus/server.yml '
'--storage.tsdb.path=/srv/prometheus/data '
'--web.listen-address="127.0.0.1:9090" '
# https://github.com/prometheus/prometheus/issues/1191
'--web.external-url=https://pharos.wosc.de/prometheus/ '
'--web.route-prefix=/',
user='******',
dependencies=[self._])
self += File('/srv/prometheus/server.yml', is_template=False)
self.config = [self._] + self.require('prom:rule', host=self.host)
self += File('/srv/prometheus/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += User('seanopoly')
self += Clone('https://github.com/wosc/monopoly',
branch='master',
target='/srv/seanopoly/app')
git = self._
app = git.target + '/game'
self += NPM(app)
self += NPM(app + '/client',
commands=['install --no-save', 'run build'],
dependencies=git)
# The app wants to write logs here.
self += File(app + '/static',
ensure='directory',
owner='seanopoly',
group='seanopoly')
self += Program(
'seanopoly',
command='node %s/server/server.js' % app,
directory=app,
environ=
'HTTP=true, BIND=127.0.0.1, PORT=7083, VHOST_PATH=/seanopoly',
user='******')
self += File('/srv/seanopoly/nginx.conf',
source='seanopoly.conf',
is_template=False)
self += VHost(self._)
def configure(self):
self += Package('imapproxy')
self += Patch('/etc/imapproxy.conf',
source='#listen_address 127.0.0.1',
target='listen_address 127.0.0.1',
check_source_removed=True)
self += Service('imapproxy', action='restart', deps=self._)
self += User('roundcube')
self += Download(self.url.format(version=self.version),
checksum=self.checksum)
self += Extract(self._.target,
target='/srv/roundcube',
strip=1,
owner='roundcube',
group='roundcube')
self += Delete('/srv/roundcube/installer')
self += File('/srv/roundcube/config/config.inc.php',
source='config.php',
owner='roundcube',
group='roundcube',
mode=0o640)
self += Download(
'https://github.com/marneu/login_info/archive/'
'b4e8a299a3f10b5e81a753a84cc9fe51015b0035.zip',
checksum=
'sha256:3e90853e991dfb7e8ec1814f716ebf031633859a6c522e9281a1381b310b45e6'
)
self += Extract(self._.target, owner='roundcube', group='roundcube')
# Poor man's strip for zip, idea taken from
# <https://github.com/chef-cookbooks/ark/blob/e8c03f6/
# libraries/unzip_command_builder.rb#L34>
self += SyncDirectory('/srv/roundcube/plugins/login_info',
source=self._.target + '/*',
sync_opts='-a')
self += ServiceDatabase('roundcube',
password=self.db_password,
schema='/srv/roundcube/SQL/mysql.initial.sql')
self += PHP('roundcube',
params={
'upload_max_filesize': '30M',
'post_max_size': '30M'
},
user='******')
self += File('/etc/nginx/sites-available/mail.wosc.de',
source='nginx.conf',
is_template=False)
self += VHost(self._, site_enable=True)
def configure(self):
self += File('/home/controverse', ensure='directory',
owner='wosc', group='wosc')
self += File('/etc/nginx/sites-available/controverse.wosc.de',
source='controverse.conf', is_template=False)
self += VHost(self._, site_enable=True)
self += File(
'/etc/exim4/domains/controverse.wosc.de',
content='mail: "|/usr/bin/mlmmj-recieve -L /var/spool/mlmmj/controverse/"')
def configure(self):
self += Package('php7.4-mysql')
self += User('grshop')
self += ServiceDatabase('grshop', password=self.db_password)
self += File('/srv/grshop/tmp',
ensure='directory',
owner='grshop',
group='grshop')
self += Download(self.url.format(version=self.version),
checksum=self.checksum)
self += Extract(self._.target,
target='/srv/grshop/lib',
strip=1,
owner='grshop',
group='grshop')
self += File('/srv/grshop/lib/wp-config.php',
owner='grshop',
group='grshop',
mode=0o640)
self += File(
'/srv/grshop/lib/wp-content/plugins'
'/wc-free-checkout-fields/wc-free-checkout-fields.php',
leading=True,
owner='grshop',
group='grshop',
is_template=False)
self += PHP('grshop',
params={
'upload_max_filesize': '200M',
'post_max_size': '200M',
'memory_limit': '64M',
'upload_tmp_dir': '/srv/grshop/tmp',
'open_basedir': '/srv/grshop/lib',
'allow_url_fopen': 'Off'
},
user='******')
self += File('/srv/grshop/nginx.conf',
source='nginx.conf',
is_template=False)
self += VHost(self._)
self += AdminUser(password=self.ui_password)
def configure(self):
self += User('tabu')
self += VirtualEnv(path='/srv/tabu/deployment')
self._ += Requirements(source='tabu.txt')
self += Program('tabu',
command='/srv/tabu/deployment/bin/tabu-serve 7080',
user='******',
dependencies=[self._, self._.parent])
self += File('/srv/tabu/nginx.conf',
source='tabu.conf',
is_template=False)
self += VHost(self._)
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/ddns')
self._ += Requirements(source='ddns/requirements.txt')
self += File(
'/srv/cgiserv/ddns/config',
owner='cgiserv', group='cgiserv', mode=0o640,
source='ddns/ddns.conf')
self += File('/srv/cgiserv/apache.d/ddns.conf',
source='ddns/apache.conf', is_template=False)
self += CGI(self._)
self += File('/srv/cgiserv/nginx.d/ddns.conf',
source='ddns/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += ServiceDatabase('grafana', password=self.db_password)
self += Package('apt-transport-https')
self += AptRepository(
'grafana',
line='deb https://packages.grafana.com/oss/deb stable main',
key='https://packages.grafana.com/gpg.key')
self += Package('grafana')
self += File('/etc/grafana/grafana.ini')
self += Service('grafana-server', action='restart', deps=self._)
self += File('/srv/prometheus/grafana-nginx.conf',
source='nginx.conf',
is_template=False)
self += VHost(self._)
def configure(self):
self += VirtualEnv(path='/srv/cgiserv/passwd')
self._ += Requirements(source='passwd.txt')
self += File(
'/etc/sudoers.d/webpasswd',
content='cgiserv ALL=(root) NOPASSWD: /srv/cgiserv/passwd/bin/webpasswd-change\n')
self += File(
'/srv/cgiserv/apache.d/passwd.conf',
content='ScriptAlias /passwd /srv/cgiserv/passwd/bin/webpasswd-cgi\n' )
self += CGI(self._)
self += File(
'/srv/cgiserv/nginx.d/passwd.conf',
content='location /passwd { proxy_pass http://cgi; }\n')
self += VHost(self._)
def configure(self):
self += User('thyrida')
self += VirtualEnv(path='/srv/thyrida/deployment')
self._ += Requirements()
reqs = self._
self += File(
'/srv/thyrida/paste.ini',
owner='thyrida', group='thyrida', mode=0o640)
self += Program(
'thyrida',
command='/srv/thyrida/deployment/bin/pserve /srv/thyrida/paste.ini',
user='******',
dependencies=[reqs, self._])
self += File('/srv/thyrida/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
for name in self.packages:
self += Package(name)
self += User('matomo')
# Allow reading accesslogs
self += GroupMember('adm', user='******')
self += ServiceDatabase('matomo', password=self.db_password)
self += File('/srv/matomo/setup/install.json',
owner='matomo', group='matomo', mode=0o640)
self += Setup()
self += Download(
self.url.format(version=self.version), checksum=self.checksum,
requests_kwargs={'headers': {'accept-encoding': '', 'accept': ''}})
self += Extract(
self._.target, target='/srv/matomo', strip=1,
owner='matomo', group='matomo')
self += PHP('matomo', user='******')
self += File('/srv/matomo/nginx.conf', is_template=False)
self += VHost(self._)
self += CronJob(
self.import_logs.format(id=1, domain='wosc.de'),
user='******',
timing='0 8 * * *')
self += CronJob(
self.import_logs.format(id=2, domain='grmusik.de'),
user='******',
timing='30 8 * * *')
self += CronJob(
'php /srv/matomo/console core:archive '
'--url=https://pharos.wosc.de/logs/ > /dev/null',
user='******',
timing='0 9 * * *')
self += File(
'/etc/sudoers.d/matomo-geoip',
content='matomo ALL=(root) NOPASSWD: /usr/sbin/update-geoip-database\n')
def configure(self):
self.provide('apache', self)
self += Package('apache2')
self += User('cgiserv')
for name in ['apache.d', 'nginx.d']:
self += File('/srv/cgiserv/%s' % name, ensure='directory')
self += File(
'/srv/cgiserv/apache.conf', owner='cgiserv', group='cgiserv',
source=here + 'apache.conf', is_template=False)
self += Program(
'cgiserv',
command='/usr/sbin/apache2 -d /usr/lib/apache2 '
'-f /srv/cgiserv/apache.conf -k start -X',
user='******',
dependencies=[self._])
self += File(
'/srv/cgiserv/nginx.conf',
source=here + 'cgi.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += User('radicale')
self += File('/srv/radicale/data',
ensure='directory',
owner='radicale',
group='radicale')
deps = []
self += VirtualEnv(path='/srv/radicale/deployment')
self._ += Requirements()
deps.append(self._)
courier_py = ('/srv/radicale/deployment/lib/python%s/site-packages'
'/radicale/auth/courier.py' % VirtualEnv.version)
self += Patch(courier_py, source='"GID"', target='b"GID"')
self += Patch(courier_py,
source='sock.send(line)',
target='sock.send(line.encode("utf-8")')
# Allow access to authdaemon
self += GroupMember('courier', user='******')
for name in ['radicale.conf', 'logging.conf', 'serve.py']:
self += File('/srv/radicale/%s' % name, is_template=False)
deps.append(self._)
self += Program(
'radicale',
command=
'/srv/radicale/deployment/bin/python /srv/radicale/serve.py',
environ='RADICALE_CONFIG=/srv/radicale/radicale.conf',
user='******',
dependencies=deps)
self += File('/srv/radicale/nginx.conf', is_template=False)
self += VHost(self._)
def configure(self):
self += File('/etc/nginx/sites-available/pharos.wosc.de',
source='pharos.conf',
is_template=False)
self += VHost(self._, site_enable=True)
def configure(self):
self += File('/etc/nginx/sites-available/wosc.de',
source='wosc.de.conf')
self += VHost(self._, site_enable=True)