def system(ctx):
ctx.sudo(
"curl -L -O https://github.com/wkhtmltopdf/wkhtmltopdf/releases/download/0.12.5/wkhtmltox_0.12.5-1.bionic_amd64.deb"
)
install_packages(
ctx,
"git",
"locales",
"nginx",
"python3",
"python3-pip",
"python3-venv",
"python3-swiftclient",
"python3-wheel",
"./wkhtmltox_0.12.5-1.bionic_amd64.deb",
"xvfb",
)
ctx.sudo("mkdir -p /srv/zam")
ctx.sudo("mkdir -p /srv/zam/letsencrypt/.well-known/acme-challenge")
create_user(ctx, "zam", "/srv/zam/")
ctx.sudo("chown zam:users /srv/zam/")
ctx.sudo("chsh -s /bin/bash zam")
setup_postgres(ctx)
setup_redis(ctx)
setup_smtp_server(ctx)
setup_unattended_upgrades(ctx)
def setup_redis(ctx):
install_packages(ctx, "redis-server")
sudo_put(
ctx,
"files/redis/sysctl.conf",
"/etc/sysctl.d/60-redis-server.conf",
chown="root",
)
ctx.sudo("sudo service procps reload")
def setup_postgres(ctx):
install_packages(ctx, "postgresql", "libpq-dev")
sudo_put(
ctx,
"files/postgres.conf",
"/etc/postgresql/10/main/conf.d/zam.conf",
chown="postgres",
)
ctx.sudo("systemctl reload postgresql@10-main")
def monitoring(ctx):
"""
Setup basic system monitoring using munin
"""
install_packages(ctx, "munin", "munin-node", "libdbd-pg-perl",
"libparse-http-useragent-perl")
sudo_put(ctx, "files/munin/munin.conf", "/etc/munin/munin.conf")
sudo_put(ctx, "files/munin/munin-node.conf", "/etc/munin/munin-node.conf")
_munin_setup_nginx_plugin(ctx)
_munin_setup_postgres_plugin(ctx)
_munin_setup_redis_plugin(ctx)
ctx.sudo("systemctl restart munin-node")
def setup_unattended_upgrades(ctx):
install_packages(ctx, "unattended-upgrades", "bsd-mailx")
admins = ctx.config.get("admins", [])
with template_local_file(
"files/unattended-upgrades.conf.template",
"files/unattended-upgrades.conf",
{"email": ",".join(admins)},
):
sudo_put(
ctx,
"files/unattended-upgrades.conf",
"/etc/apt/apt.conf.d/50unattended-upgrades",
)
def setup_postgres(ctx):
install_packages(ctx, "postgresql")
shared_buffers = total_memory(ctx) // 4 # 25% total RAM
with template_local_file(
"files/postgres.conf.template",
"files/postgres.conf",
{"shared_buffers": shared_buffers},
):
sudo_put(
ctx,
"files/postgres.conf",
"/etc/postgresql/10/main/conf.d/zam.conf",
chown="postgres",
)
ctx.sudo("systemctl reload postgresql@10-main")
def letsencrypt(ctx):
ctx.sudo("add-apt-repository ppa:certbot/certbot")
install_packages(ctx, "certbot", "software-properties-common")
hostname = ctx.run("hostname").stdout.strip()
with template_local_file(
"files/letsencrypt/certbot.ini.template",
"files/letsencrypt/certbot.ini",
{"host": hostname},
):
sudo_put(ctx, "files/letsencrypt/certbot.ini", "/srv/zam/certbot.ini")
sudo_put(ctx, "files/letsencrypt/ssl-renew", "/etc/cron.weekly/ssl-renew")
ctx.sudo("chmod +x /etc/cron.weekly/ssl-renew")
ctx.sudo(
"certbot certonly -c /srv/zam/certbot.ini --non-interactive --agree-tos"
)
def setup_smtp_server(ctx):
hostname = ctx.run("hostname").stdout.strip()
debconf(ctx, "postfix", "postfix/main_mailer_type", "string",
"Internet Site")
debconf(ctx, "postfix", "postfix/mailname", "string", hostname)
install_packages(ctx, "postfix")
def basicauth(ctx, user="******"):
install_packages(ctx, "apache2-utils")
# Will prompt for password.
ctx.sudo(f"touch /etc/nginx/.htpasswd")
ctx.sudo(f"htpasswd /etc/nginx/.htpasswd {user}")