mo8it/AdvLabDB
1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-12-20 23:41:20 +00:00
Code Releases Activity

Add logged_server_setup script

Browse source
This commit is contained in:
Mo 2022-04-26 02:20:57 +02:00
parent e95c5d6121
commit 21ffd6d094
2 changed files with 98 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

90
scripts/logged_server_setup.xsh Normal file
View file

@ -0,0 +1,90 @@
#!/usr/bin/env xonsh
from pathlib import Path
import sys
script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir))
from shared import step, install_latest_pipx, poetry_install_latest
logs_dir = Path("/var/log/advlabdb/")
step("Update system packages")
sudo apt update
sudo apt dist-upgrade
step("Remove unused packages")
sudo apt autoremove
step("Install needed system packages")
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
step("Install optional system packages")
sudo apt install htop
step("Setup firewall")
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
# sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status
step("Enable Gunicorn")
gunicorn_service_file = script_dir / "gunicorn.service"
sudo cp -v @(gunicorn_service_file) /etc/systemd/system/
sudo systemctl enable gunicorn
step("Setup Nginx")
for dir_appendix in ("available", "enabled"):
sudo rm -v /etc/nginx/sites-@(dir_appendix)/default
nginx_conf_file = script_dir / "advlabdb.conf"
sudo cp -v @(nginx_conf_file) /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx
step("Install pipx")
install_latest_pipx()
local_bin = Path("/home/admin/.local/bin/")
$PATH.insert(0, str(local_bin))
step("Install Poetry")
pipx install poetry
step("Install Certbot")
pipx install certbot
pipx inject certbot certbot-nginx
step("Setup Certbot")
certbot_bin = local_bin / "certbot"
sudo @(certbot_bin) --nginx
echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {certbot_bin} renew -q" | sudo tee -a /etc/crontab
step("Setup update cron jobs")
xonsh_bin = local_bin / "xonsh"
user_update_script = script_dir / "user_update.xsh"
user_update_log = logs_dir / "user_update.log"
root_update_script = script_dir / "root_update.xsh"
root_update_log = logs_dir / "root_update.log"
# Every Sunday at 04:00
echo f"0 4 * * 0 admin {xonsh_bin} {user_update_script} &>> {user_update_log}" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo f"15 4 * * 0 root {xonsh_bin} {root_update_script} &>> {root_update_log}" | sudo tee -a /etc/crontab
step("Install latest Poetry packages")
poetry_install_latest()
step("Deactivate the 'root' user")
sudo passwd -l root
step("Reboot")
sudo reboot

76
scripts/server_setup.xsh
View file

@ -1,77 +1,17 @@
#!/usr/bin/env xonsh #!/usr/bin/env xonsh
from pathlib import Path from pathlib import Path
import sys
script_dir = Path(__file__).parent.absolute() script_dir = Path(__file__).parent.absolute()
sys.path.insert(0, str(script_dir)) logs_dir = Path("/var/log/advlabdb/")
from shared import step, install_latest_pipx, poetry_install_latest # Create logs directory
sudo mkdir -v -p @(logs_dir)
sudo chown -R admin:admin @(logs_dir)
logs_dir = Path("/var/log/advlabdb") logged_server_setup_script = script_dir / "logged_server_setup.xsh"
log_file = logs_dir / "server_setup.log"
step("Update system packages") # Start actual server setup script with logging
sudo apt update xonsh @(logged_server_setup_script) | tee @(log_file)
sudo apt dist-upgrade
step("Remove unused packages")
sudo apt autoremove
step("Install needed system packages")
sudo apt install python3 python3-pip python3-venv ufw nginx systemd -y
step("Install optional system packages")
sudo apt install htop
step("Setup firewall")
sudo ufw default allow outgoing
sudo ufw default deny incoming
sudo ufw allow ssh
sudo ufw allow http/tcp
# TODO: Setup https
# sudo ufw allow https/tcp
sudo ufw enable
sudo ufw status
step("Enable Gunicorn")
sudo cp -v @(script_dir)/gunicorn.service /etc/systemd/system/
sudo systemctl enable gunicorn
step("Setup Nginx")
sudo rm -v /etc/nginx/sites-{available,enabled}/default
sudo cp -v @(script_dir)/advlabdb.conf /etc/nginx/sites-available/
sudo ln -v -s /etc/nginx/sites-available/advlabdb.conf /etc/nginx/sites-enabled/
sudo systemctl enable nginx
step("Install pipx")
install_latest_pipx()
local_bin = Path("/home/admin/.local/bin/")
$PATH.insert(0, str(local_bin))
step("Install Poetry")
pipx install poetry
step("Install Certbot")
pipx install certbot
pipx inject certbot certbot-nginx
step("Setup Certbot")
sudo @(local_bin)/certbot --nginx
echo f"0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo {local_bin}/certbot renew -q" | sudo tee -a /etc/crontab
step("Setup update cron jobs")
# Every Sunday at 04:00
echo f"0 4 * * 0 admin bash {script_dir}/user_update.sh &>> {logs_dir}/user_update.log" | sudo tee -a /etc/crontab
# Every Sunday at 04:15
echo f"15 4 * * 0 root bash {script_dir}/root_update.sh &>> {logs_dir}/root_update.log" | sudo tee -a /etc/crontab
step("Install latest Poetry packages")
poetry_install_latest()
step("Deactivate the 'root' user")
sudo passwd -l root
step("Reboot")
sudo reboot