1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-12-20 23:41:20 +00:00
AdvLabDB/scripts/logged_server_setup.py

95 lines
2.8 KiB
Python
Raw Normal View History

2022-05-03 17:02:39 +00:00
#!/usr/bin/env python3
import sys
from pathlib import Path
script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir))
from shared import install_latest_pipx, local_bin, poetry_install_latest, run, step
logs_dir = Path("/var/log/advlabdb/")
step("Update system packages")
run("sudo apt update")
run("sudo apt dist-upgrade")
step("Remove unused packages")
run("sudo apt autoremove")
step("Install needed system packages")
run("sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y")
step("Install optional system packages")
run("sudo apt install htop")
step("Setup firewall")
run("sudo ufw default allow outgoing")
run("sudo ufw default deny incoming")
run("sudo ufw allow ssh")
run("sudo ufw allow http/tcp")
# TODO: Setup https
# run("sudo ufw allow https/tcp")
run("sudo ufw enable")
run("sudo ufw status")
step("Enable Gunicorn")
gunicorn_service_file = script_dir / "gunicorn.service"
run(f"sudo cp -v {gunicorn_service_file} /etc/systemd/system/")
run("sudo systemctl enable gunicorn")
step("Setup Nginx")
for dir_appendix in ("available", "enabled"):
run(f"sudo rm -v /etc/nginx/sites-{dir_appendix}/default")
nginx_conf_file = script_dir / "advlabdb.conf"
run(f"sudo cp -v {nginx_conf_file} /etc/nginx/sites-available/")
run("sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/")
run("sudo systemctl enable nginx")
step("Install pipx")
install_latest_pipx()
pipx_bin = local_bin / "pipx"
step("Install Poetry")
run(f"{pipx_bin} install poetry")
# Place virtual environments in the root directory of the project
# The virtual environment will then be found in /home/admin/advlabdb/.venv
poetry_bin = local_bin / "poetry"
run(f"{poetry_bin} config virtualenvs.in-project true")
step("Install Certbot")
run(f"{pipx_bin} install certbot")
run(f"{pipx_bin} inject certbot certbot-nginx")
step("Setup Certbot")
certbot_bin = local_bin / "certbot"
run(f"sudo {certbot_bin} --nginx")
run(
f"echo \"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q\" | sudo tee -a /etc/crontab"
)
step("Setup update cron jobs")
user_update_script = script_dir / "user_update.py"
user_update_log = logs_dir / "user_update.log"
root_update_script = script_dir / "root_update.py"
root_update_log = logs_dir / "root_update.log"
# Every Sunday at 04:00
run(f'echo "0 4 * * 0 admin python3 {user_update_script} &>> {user_update_log}" | sudo tee -a /etc/crontab')
# Every Sunday at 04:15
run(f'echo "15 4 * * 0 root python3 {root_update_script} &>> {root_update_log}" | sudo tee -a /etc/crontab')
step("Install latest Poetry packages")
poetry_install_latest(script_dir)
step("Deactivate the 'root' user")
run("sudo passwd -l root")
step("Reboot")
run("sudo reboot")