AdvLabDB/scripts/logged_server_setup.xsh

#!/usr/bin/env xonsh

from pathlib import Path
import sys

script_dir = Path(__file__).parent.absolute()

sys.path.insert(0, str(script_dir))

from shared import step, install_latest_pipx, poetry_install_latest

logs_dir = Path("/var/log/advlabdb/")

step("Update system packages")
sudo apt update
sudo apt dist-upgrade

step("Remove unused packages")
sudo apt autoremove

step("Install needed system packages")
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y

step("Install optional system packages")
sudo apt install htop

step("Setup firewall")
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
# sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status

step("Enable Gunicorn")
gunicorn_service_file = script_dir / "gunicorn.service"
sudo cp -v @(gunicorn_service_file) /etc/systemd/system/
sudo systemctl enable gunicorn

step("Setup Nginx")
for dir_appendix in ("available", "enabled"):
    sudo rm -v /etc/nginx/sites-@(dir_appendix)/default

nginx_conf_file = script_dir / "advlabdb.conf"
sudo cp -v @(nginx_conf_file) /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx

step("Install pipx")
install_latest_pipx()

local_bin = Path("/home/admin/.local/bin/")
$PATH.insert(0, str(local_bin))

step("Install Poetry")
pipx install poetry

step("Install Certbot")
pipx install certbot
pipx inject certbot certbot-nginx

step("Setup Certbot")
certbot_bin = local_bin / "certbot"
sudo @(certbot_bin) --nginx
echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q" | sudo tee -a /etc/crontab

step("Setup update cron jobs")
xonsh_bin = local_bin / "xonsh"

user_update_script = script_dir / "user_update.xsh"
user_update_log = logs_dir / "user_update.log"

root_update_script = script_dir / "root_update.xsh"
root_update_log = logs_dir / "root_update.log"

# Every Sunday at 04:00
echo f"0 4 * * 0 admin {xonsh_bin} {user_update_script} &>> {user_update_log}" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo f"15 4 * * 0 root {xonsh_bin} {root_update_script} &>> {root_update_log}" | sudo tee -a /etc/crontab

step("Install latest Poetry packages")
poetry_install_latest()

step("Deactivate the 'root' user")
sudo passwd -l root

step("Reboot")
sudo reboot
Add logged_server_setup script 2022-04-26 00:20:57 +00:00			`#!/usr/bin/env xonsh`

			`from pathlib import Path`
			`import sys`

			`script_dir = Path(__file__).parent.absolute()`

			`sys.path.insert(0, str(script_dir))`

			`from shared import step, install_latest_pipx, poetry_install_latest`

			`logs_dir = Path("/var/log/advlabdb/")`

			`step("Update system packages")`
			`sudo apt update`
			`sudo apt dist-upgrade`

			`step("Remove unused packages")`
			`sudo apt autoremove`

			`step("Install needed system packages")`
			`sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y`

			`step("Install optional system packages")`
			`sudo apt install htop`

			`step("Setup firewall")`
			`sudo ufw default allow outgoing`
			`sudo ufw default deny incoming`
			`sudo ufw allow ssh`
			`sudo ufw allow http/tcp`
			`# TODO: Setup https`
			`# sudo ufw allow https/tcp`
			`sudo ufw enable`
			`sudo ufw status`

			`step("Enable Gunicorn")`
			`gunicorn_service_file = script_dir / "gunicorn.service"`
			`sudo cp -v @(gunicorn_service_file) /etc/systemd/system/`
			`sudo systemctl enable gunicorn`

			`step("Setup Nginx")`
			`for dir_appendix in ("available", "enabled"):`
			`sudo rm -v /etc/nginx/sites-@(dir_appendix)/default`

			`nginx_conf_file = script_dir / "advlabdb.conf"`
			`sudo cp -v @(nginx_conf_file) /etc/nginx/sites-available/`
			`sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/`
			`sudo systemctl enable nginx`

			`step("Install pipx")`
			`install_latest_pipx()`

			`local_bin = Path("/home/admin/.local/bin/")`
			`$PATH.insert(0, str(local_bin))`

			`step("Install Poetry")`
			`pipx install poetry`

			`step("Install Certbot")`
			`pipx install certbot`
			`pipx inject certbot certbot-nginx`

			`step("Setup Certbot")`
			`certbot_bin = local_bin / "certbot"`
			`sudo @(certbot_bin) --nginx`
			`echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q" \| sudo tee -a /etc/crontab`

			`step("Setup update cron jobs")`
			`xonsh_bin = local_bin / "xonsh"`

			`user_update_script = script_dir / "user_update.xsh"`
			`user_update_log = logs_dir / "user_update.log"`

			`root_update_script = script_dir / "root_update.xsh"`
			`root_update_log = logs_dir / "root_update.log"`

			`# Every Sunday at 04:00`
			`echo f"0 4 * * 0 admin {xonsh_bin} {user_update_script} &>> {user_update_log}" \| sudo tee -a /etc/crontab`
			`# Every Sunday at 04:15`
			`echo f"15 4 * * 0 root {xonsh_bin} {root_update_script} &>> {root_update_log}" \| sudo tee -a /etc/crontab`

			`step("Install latest Poetry packages")`
			`poetry_install_latest()`

			`step("Deactivate the 'root' user")`
			`sudo passwd -l root`

			`step("Reboot")`
			`sudo reboot`