2022-05-17 09:58:19 +00:00
|
|
|
# No relative imports allowed in this file to be able to run server_setup.py without packages
|
|
|
|
|
|
|
|
import sys
|
2022-05-08 15:29:45 +00:00
|
|
|
from pathlib import Path
|
|
|
|
|
2022-05-17 09:58:19 +00:00
|
|
|
from shared import LOCAL_BIN, LOGS_DIR, install_latest_pipx, poetry_update
|
|
|
|
|
2022-05-17 10:09:54 +00:00
|
|
|
sys.path.insert(0, str(Path(__file__).parent.parent.absolute()))
|
2022-05-17 09:58:19 +00:00
|
|
|
from terminal_utils import run, step
|
2022-05-08 15:29:45 +00:00
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
file_dir = Path(__file__).parent.absolute()
|
|
|
|
|
|
|
|
step("Update system packages")
|
|
|
|
run("sudo apt update")
|
|
|
|
run("sudo apt dist-upgrade")
|
|
|
|
|
|
|
|
step("Remove unused packages")
|
|
|
|
run("sudo apt autoremove")
|
|
|
|
|
|
|
|
step("Install needed system packages")
|
2022-05-30 15:32:21 +00:00
|
|
|
run("sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y")
|
2022-05-08 15:29:45 +00:00
|
|
|
|
|
|
|
step("Install optional system packages")
|
2022-06-01 23:35:57 +00:00
|
|
|
run("sudo apt install htop rsync sqlite3")
|
2022-05-08 15:29:45 +00:00
|
|
|
|
|
|
|
step("Setup firewall")
|
|
|
|
run("sudo ufw default allow outgoing")
|
|
|
|
run("sudo ufw default deny incoming")
|
|
|
|
run("sudo ufw allow ssh")
|
|
|
|
run("sudo ufw allow http/tcp")
|
|
|
|
run("sudo ufw allow https/tcp")
|
|
|
|
run("sudo ufw enable")
|
|
|
|
run("sudo ufw status")
|
|
|
|
|
|
|
|
step("Enable Gunicorn")
|
|
|
|
gunicorn_service_file = file_dir / "gunicorn.service"
|
|
|
|
run(f"sudo cp -v {gunicorn_service_file} /etc/systemd/system/")
|
|
|
|
run("sudo systemctl enable gunicorn")
|
|
|
|
|
|
|
|
step("Setup Nginx")
|
|
|
|
for dir_appendix in ("available", "enabled"):
|
|
|
|
run(f"sudo rm -v /etc/nginx/sites-{dir_appendix}/default")
|
|
|
|
|
|
|
|
nginx_conf_file = file_dir / "advlabdb.conf"
|
|
|
|
run(f"sudo cp -v {nginx_conf_file} /etc/nginx/sites-available/")
|
|
|
|
run("sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/")
|
|
|
|
run("sudo systemctl enable nginx")
|
|
|
|
|
|
|
|
step("Install pipx")
|
|
|
|
install_latest_pipx()
|
|
|
|
|
|
|
|
pipx_bin = LOCAL_BIN / "pipx"
|
|
|
|
|
|
|
|
step("Install Poetry")
|
|
|
|
run(f"{pipx_bin} install poetry")
|
|
|
|
# Place virtual environments in the root directory of the project
|
|
|
|
# The virtual environment will then be found in /home/admin/advlabdb/.venv
|
|
|
|
poetry_bin = LOCAL_BIN / "poetry"
|
|
|
|
run(f"{poetry_bin} config virtualenvs.in-project true")
|
|
|
|
|
|
|
|
step("Install Certbot")
|
|
|
|
run(f"{pipx_bin} install certbot")
|
|
|
|
run(f"{pipx_bin} inject certbot certbot-nginx")
|
|
|
|
|
|
|
|
step("Setup Certbot")
|
|
|
|
certbot_bin = LOCAL_BIN / "certbot"
|
|
|
|
run(f"sudo {certbot_bin} --nginx")
|
|
|
|
run(
|
|
|
|
f"echo \"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q\" | sudo tee -a /etc/crontab"
|
|
|
|
)
|
|
|
|
|
|
|
|
step("Setup update cron jobs")
|
|
|
|
|
|
|
|
user_update_script = file_dir / "user_update.py"
|
|
|
|
user_update_log = LOGS_DIR / "user_update.log"
|
|
|
|
# Every Sunday at 04:00
|
|
|
|
run(f'echo "0 4 * * 0 admin python3 -u {user_update_script} &>> {user_update_log}" | sudo tee -a /etc/crontab')
|
|
|
|
|
|
|
|
root_update_script = file_dir / "root_update.py"
|
|
|
|
root_update_log = LOGS_DIR / "root_update.log"
|
|
|
|
# Every Sunday at 04:15
|
|
|
|
run(f'echo "15 4 * * 0 root python3 -u {root_update_script} &>> {root_update_log}" | sudo tee -a /etc/crontab')
|
|
|
|
|
|
|
|
step("Install latest Poetry packages")
|
|
|
|
poetry_update()
|
|
|
|
|
|
|
|
step("Deactivate the 'root' user")
|
|
|
|
run("sudo passwd -l root")
|
|
|
|
|
|
|
|
step("Reboot")
|
|
|
|
run("sudo reboot")
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
main()
|