infra: system.py annotate

annotate system.py @ 10:1fec9fe18a4e

more system.py cleanup; add pi /boot/config.txt

author	drewp@bigasterisk.com
date	Thu, 11 Nov 2021 22:22:34 -0800
parents	aa633eb49c63
children	15c5ce7c74b5

rev	line source
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	1 import os
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	2
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	3 from pyinfra import host
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	4 from pyinfra.facts.server import LinuxDistribution
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	5 from pyinfra.operations import apt, files, server, ssh, systemd
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	6
3 61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	7 bang_is_old = True # remove after upgrade
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	8 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	9 is_wifi_pi = host.name in ['frontdoor', 'living']
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	10
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	11 TZ = 'America/Los_Angeles'
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	12
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	13 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	14 # system
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	15 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	16
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	17 server.hostname(hostname=host.name)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	18 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	19 files.replace(path='/etc/timezone', match='.*', replace=TZ)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	20 apt.packages(update=True,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	21 cache_time=86400,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	22 packages=['tzdata'],
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	23 force=True,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	24 env={
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	25 'TZ': TZ,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	26 'LANG': 'en_US.UTF-8',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	27 'DEBIAN_FRONTEND': 'noninteractive'
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	28 })
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	29
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	30 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	31 # fstab
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	32 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	33
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	34 fstab_file = f'files/{host.name}_fstab'
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	35 if os.path.exists(fstab_file):
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	36 files.put(src=fstab_file, dest='/etc/fstab')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	37 if is_pi:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	38 for line in [
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	39 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	40 'tmpfs /tmp tmpfs defaults,noatime 0 0',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	41 ]:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	42 files.line(path="/etc/fstab", line=line, replace=line)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	43
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	44 # stop SD card corruption (along with some mounts in fstab)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	45 apt.packages(packages=['dphys-swapfile'], present=False)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	46
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	47 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	48 # pkgs
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	49 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	50
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	51 if not is_pi:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	52 apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	53
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	54 if is_pi:
6 aa633eb49c63 have pi use bullseye for working netplan.io pkg drewp@bigasterisk.com parents: 3 diff changeset	55 apt.packages(packages=['mandb', 'apt-listchanges'], present=False)
aa633eb49c63 have pi use bullseye for working netplan.io pkg drewp@bigasterisk.com parents: 3 diff changeset	56 files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye')
aa633eb49c63 have pi use bullseye for working netplan.io pkg drewp@bigasterisk.com parents: 3 diff changeset	57 # 'apt upgrade'?
aa633eb49c63 have pi use bullseye for working netplan.io pkg drewp@bigasterisk.com parents: 3 diff changeset	58 apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils'])
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	59
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	60 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	61 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	62 apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	63
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	64 files.file(path='/etc/apt/sources.list.d/raspi.list', present=False)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	65
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	66 if is_wifi_pi:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	67 files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	68 ssh.command(host.name, "iw wlan0 set power_save off")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	69
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	70 files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt')
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	71
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	72 if not is_pi and host.name != 'prime':
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	73 apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	74 apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	75
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	76 apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	77 apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	78
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	79 apt.ppa(src="ppa:savoury1/blender")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	80
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	81 apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	82 apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	83
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	84 apt.packages(packages=[
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	85 'build-essential',
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	86 # 'i2c-tools',
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	87 'rsync',
10 1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	88 'dstat',
1fec9fe18a4e more system.py cleanup; add pi /boot/config.txt drewp@bigasterisk.com parents: 6 diff changeset	89 'ifstat',
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	90 ])
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	91
2 7f7af7e2ba8d plocate is so much better! drewp@bigasterisk.com parents: 1 diff changeset	92 if not is_pi:
3 61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	93 apt.packages(packages=[
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	94 'keychain',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	95 'python3-docker',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	96 'python3-invoke',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	97 'python3-pip',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	98 'python3-virtualenv',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	99 'sysstat',
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	100 ])
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	101
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	102 if not is_pi and not bang_is_old:
2 7f7af7e2ba8d plocate is so much better! drewp@bigasterisk.com parents: 1 diff changeset	103 apt.packages(packages='mlocate', present=False)
7f7af7e2ba8d plocate is so much better! drewp@bigasterisk.com parents: 1 diff changeset	104 apt.packages(packages='plocate')
7f7af7e2ba8d plocate is so much better! drewp@bigasterisk.com parents: 1 diff changeset	105
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	106 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	107 # ssh
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	108 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	109
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	110 systemd.service(
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	111 service='ssh',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	112 running=True,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	113 enabled=True,
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	114 )
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	115
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	116 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	117
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	118 if is_pi:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	119 auth_keys = '/home/pi/.ssh/authorized_keys'
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	120 files.file(path=auth_keys, user='pi', group='pi', mode=600)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	121 for pubkey in [
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	122 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	123 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	124 ]:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	125 files.line(path=auth_keys, line=pubkey, replace=pubkey)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	126
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	127 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	128 # docker (delete this?)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	129 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	130
3 61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	131 # don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	132 if not is_pi:
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	133 apt.packages(packages=['docker.io'], no_recommends=True)
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	134 files.put(src='files/docker_daemon.json', dest='/etc/docker/daemon.json')
61945df2a392 updates to work on recent raspbian installs drewp@bigasterisk.com parents: 2 diff changeset	135 systemd.service(service='docker', running=True, enabled=True, restarted=True)
1 b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	136
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	137 if not is_pi:
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	138 files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	139
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	140 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no")
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	141 systemd.service(service='sshd', reloaded=True)
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	142
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	143 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	144 # special hosts
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	145 #
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	146
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	147 if host.name == "bang":
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	148 apt.packages(packages=[
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	149 'libzfs2linux',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	150 'zfsutils-linux',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	151 'zfs-zed',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	152 'zfs-auto-snapshot',
b664f1027992 system.py port from ansible drewp@bigasterisk.com parents: diff changeset	153 ])

Mercurial > code > home > repos > infra

annotate system.py @ 10:1fec9fe18a4e