1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-12-20 23:41:20 +00:00

Xonsh scripts

This commit is contained in:
Mo 2022-04-26 01:54:43 +02:00
parent 219d94f75e
commit 12035f96ca
8 changed files with 162 additions and 141 deletions

View file

@ -1,15 +0,0 @@
#!/bin/bash
SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
source "$SDIR/shared.sh"
echo "\n\n___________________\n\n"
box "$(date)" "Update on: "
box "Update system packages"
sudo apt update
sudo apt upgrade -y
sudo reboot

20
scripts/root_update.xsh Normal file
View file

@ -0,0 +1,20 @@
#!/usr/bin/env xonsh
from pathlib import Path
import sys
script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir))
from shared import box, spaced_hl
spaced_hl()
box($(date), "Update on")
box("Update system packages")
sudo apt update
sudo apt upgrade -y
sudo reboot

View file

@ -1,71 +0,0 @@
#!/bin/bash
SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
source "$SDIR/shared.sh"
LOGS_DIR=/var/log/advlabdb
step "Update system packages"
sudo apt update
sudo apt dist-upgrade
step "Remove unused packages"
sudo apt autoremove
step "Install needed system packages"
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
step "Install optional system packages"
sudo apt install htop
step "Setup firewall"
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
#sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status
step "Enable Gunicorn"
sudo cp -v "$SDIR/gunicorn.service" /etc/systemd/system/
sudo systemctl enable gunicorn
step "Setup Nginx"
sudo rm -v /etc/nginx/sites-{available,enabled}/default
sudo cp -v "$SDIR/advlabdb.conf" /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx
step "Install pipx"
install_latest_pipx
LOCAL_BIN=/home/admin/.local/bin/
PATH="$LOCAL_BIN:$PATH"
step "Install Poetry"
pipx install poetry
step "Install Certbot"
pipx install certbot
pipx inject certbot certbot-nginx
step "Setup Certbot"
sudo "$LOCAL_BIN/certbot" --nginx
echo "0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo $LOCAL_BIN/certbot renew -q" | sudo tee -a /etc/crontab
step "Setup update cron jobs"
# Every Sunday at 04:00
echo "0 4 * * 0 admin bash $SDIR/user_update.sh &>> $LOGS_DIR/user_update.log" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo "15 4 * * 0 root bash $SDIR/root_update.sh &>> $LOGS_DIR/root_update.log" | sudo tee -a /etc/crontab
step "Install latest Poetry packages"
poetry_install_latest
step "Deactivate the 'root' user"
sudo passwd -l root
step "Reboot"
sudo reboot

77
scripts/server_setup.xsh Normal file
View file

@ -0,0 +1,77 @@
#!/usr/bin/env xonsh
from pathlib import Path
import sys
script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir))
from shared import step, install_latest_pipx, poetry_install_latest
logs_dir = Path("/var/log/advlabdb")
step("Update system packages")
sudo apt update
sudo apt dist-upgrade
step("Remove unused packages")
sudo apt autoremove
step("Install needed system packages")
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
step("Install optional system packages")
sudo apt install htop
step("Setup firewall")
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
# sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status
step("Enable Gunicorn")
sudo cp -v @(script_dir)/gunicorn.service /etc/systemd/system/
sudo systemctl enable gunicorn
step("Setup Nginx")
sudo rm -v /etc/nginx/sites-{available,enabled}/default
sudo cp -v @(script_dir)/advlabdb.conf /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx
step("Install pipx")
install_latest_pipx()
local_bin = Path("/home/admin/.local/bin/")
$PATH.insert(0, str(local_bin))
step("Install Poetry")
pipx install poetry
step("Install Certbot")
pipx install certbot
pipx inject certbot certbot-nginx
step("Setup Certbot")
sudo @(local_bin)/certbot --nginx
echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {local_bin}/certbot renew -q" | sudo tee -a /etc/crontab
step("Setup update cron jobs")
# Every Sunday at 04:00
echo f"0 4 * * 0 admin bash {script_dir}/user_update.sh &>> {logs_dir}/user_update.log" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo f"15 4 * * 0 root bash {script_dir}/root_update.sh &>> {logs_dir}/root_update.log" | sudo tee -a /etc/crontab
step("Install latest Poetry packages")
poetry_install_latest()
step("Deactivate the 'root' user")
sudo passwd -l root
step("Reboot")
sudo reboot

View file

@ -1,35 +0,0 @@
#!/bin/bash
box() {
MESSAGE="$2$1"
SEPERATOR="==${MESSAGE//?/=}=="
echo
echo "$SEPERATOR"
echo "| $MESSAGE |"
echo "$SEPERATOR"
echo
}
step() {
CONTINUE_MESSAGE="-> Press ENTER to continue or Ctrl+C to interrupt the script <-"
UPPER_SEPERATOR="${CONTINUE_MESSAGE//?/_}"
echo
echo "$UPPER_SEPERATOR"
box "$1" "Next step: "
echo "$CONTINUE_MESSAGE"
read -s
echo
}
install_latest_pipx() {
pip install --user --upgrade pipx
}
poetry_install_latest() {
cd "$SDIR/.."
poetry install
}

40
scripts/shared.xsh Normal file
View file

@ -0,0 +1,40 @@
#!/usr/bin/env xonsh
def box(message, context=None):
text_line = "| "
if context is not None:
textline += context + ": "
text_line += message + " |"
seperator = "=" * (4 + len(text))
print()
print(seperator)
print(textline)
print(seperator)
print()
def step(message):
continue_message = "-> Press ENTER to continue or Ctrl+C to interrupt the script <-"
upper_seperator = "_" * len(continue_message)
print()
print(upper_seperator)
box(message, "Next step")
print(continue_message)
read -s
print()
def install_latest_pipx():
pip install --user --upgrade pipx
def poetry_install_latest(script_dir):
cd @(script_dir)/..
poetry install
def spaced_hl():
print("\n\n___________________\n\n")

View file

@ -1,20 +0,0 @@
#!/bin/bash
SDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd)"
source "$SDIR/shared.sh"
echo "\n\n___________________\n\n"
box "$(date)" "Update on: "
box "Upgrade pipx"
install_latest_pipx
box "Upgrade pipx packages"
pipx upgrade-all --include-injected
# TODO: Backup
box "Install latest Poetry packages"
poetry_install_latest

25
scripts/user_update.xsh Normal file
View file

@ -0,0 +1,25 @@
#!/usr/bin/env xonsh
from pathlib import Path
import sys
script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir))
from shared import box, install_latest_pipx, poetry_install_latest, spaced_hl
spaced_hl()
box($(date), "Update on")
box("Upgrade pipx")
install_latest_pipx()
box("Upgrade pipx packages")
pipx upgrade-all --include-injected
# TODO: Backup
box("Install latest Poetry packages")
poetry_install_latest()