Mercurial > code > home > repos > infra

comparison system.py @ 12:15c5ce7c74b5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
refactor, cleanup, split large deploys
author drewp@bigasterisk.com
date Thu, 11 Nov 2021 23:31:21 -0800
parents 1fec9fe18a4e
children d4fb38f13c79
comparison
equal deleted inserted replaced
11:82e46d7ff527 12:15c5ce7c74b5
1 import os 1 import os
2 2
3 from pyinfra import host 3 from pyinfra import host
4 from pyinfra.facts.server import LinuxDistribution 4 from pyinfra.facts.server import LinuxDistribution
5 from pyinfra.operations import apt, files, server, ssh, systemd 5 from pyinfra.operations import apt, files, server, systemd
6 6
7 bang_is_old = True # remove after upgrade
8 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] 7 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
9 is_wifi_pi = host.name in ['frontdoor', 'living']
10 8
11 TZ = 'America/Los_Angeles' 9 TZ = 'America/Los_Angeles'
12 10
11 server.hostname(hostname=host.name)
12
13 # 13 #
14 # system 14 # timezone
15 # 15 #
16 16
17 server.hostname(hostname=host.name)
18 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') 17 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}')
19 files.replace(path='/etc/timezone', match='.*', replace=TZ) 18 files.replace(path='/etc/timezone', match='.*', replace=TZ)
20 apt.packages(update=True, 19 apt.packages(update=True,
21 cache_time=86400, 20 cache_time=86400,
22 packages=['tzdata'], 21 packages=['tzdata'],
29 28
30 # 29 #
31 # fstab 30 # fstab
32 # 31 #
33 32
34 fstab_file = f'files/{host.name}_fstab' 33 fstab_file = f'files/fstab/{host.name}'
35 if os.path.exists(fstab_file): 34 if os.path.exists(fstab_file):
36 files.put(src=fstab_file, dest='/etc/fstab') 35 files.put(src=fstab_file, dest='/etc/fstab')
37 if is_pi: 36 if is_pi:
38 for line in [ 37 for line in [
39 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', 38 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0',
41 ]: 40 ]:
42 files.line(path="/etc/fstab", line=line, replace=line) 41 files.line(path="/etc/fstab", line=line, replace=line)
43 42
44 # stop SD card corruption (along with some mounts in fstab) 43 # stop SD card corruption (along with some mounts in fstab)
45 apt.packages(packages=['dphys-swapfile'], present=False) 44 apt.packages(packages=['dphys-swapfile'], present=False)
46
47 #
48 # pkgs
49 #
50
51 if not is_pi:
52 apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
53
54 if is_pi:
55 apt.packages(packages=['mandb', 'apt-listchanges'], present=False)
56 files.template(src='templates/pi_sources.list.j2', dest='/etc/apt/sources.list', rel='bullseye')
57 # 'apt upgrade'?
58 apt.packages(update=True, packages=['dirmngr', 'gnupg2', 'apt-utils'])
59
60 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
61 apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
62 apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
63
64 files.file(path='/etc/apt/sources.list.d/raspi.list', present=False)
65
66 if is_wifi_pi:
67 files.put(dest="/etc/network/interfaces.d/wlan0", src="files/pi_wlan0_powersave")
68 ssh.command(host.name, "iw wlan0 set power_save off")
69
70 files.template(src='templates/boot_config.txt.j2', dest='/boot/config.txt')
71
72 if not is_pi and host.name != 'prime':
73 apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
74 apt.repo(src='deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main')
75
76 apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
77 apt.repo(src="deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code stable main")
78
79 apt.ppa(src="ppa:savoury1/blender")
80
81 apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
82 apt.repo(src="deb [arch=amd64,i386] https://repo.steampowered.com/steam/ stable steam")
83
84 apt.packages(packages=[
85 'build-essential',
86 # 'i2c-tools',
87 'rsync',
88 'dstat',
89 'ifstat',
90 ])
91
92 if not is_pi:
93 apt.packages(packages=[
94 'keychain',
95 'python3-docker',
96 'python3-invoke',
97 'python3-pip',
98 'python3-virtualenv',
99 'sysstat',
100 ])
101
102 if not is_pi and not bang_is_old:
103 apt.packages(packages='mlocate', present=False)
104 apt.packages(packages='plocate')
105
106 #
107 # ssh
108 #
109
110 systemd.service(
111 service='ssh',
112 running=True,
113 enabled=True,
114 )
115
116 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no")
117
118 if is_pi:
119 auth_keys = '/home/pi/.ssh/authorized_keys'
120 files.file(path=auth_keys, user='pi', group='pi', mode=600)
121 for pubkey in [
122 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNlR7hereUHqw/RHQau0F7+vQZKAxduM+SD4R76FhC+4Zi078Pv04ZLe9qdM/NBlB/grLGhG58vaGmnWPpJ3QJs= drewp@plus',
123 'ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOR+iV8Qm/rAfmq0epXYfnp5ZTfBl8eidFzw1GmyZ3fPUFAshWn839fQ5DPj9xDPtMy9kTtrB5bK1SnynFzDqzQ= drewp@bang',
124 ]:
125 files.line(path=auth_keys, line=pubkey, replace=pubkey)
126 45
127 # 46 #
128 # docker (delete this?) 47 # docker (delete this?)
129 # 48 #
130 49
137 if not is_pi: 56 if not is_pi:
138 files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal") 57 files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal")
139 58
140 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") 59 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no")
141 systemd.service(service='sshd', reloaded=True) 60 systemd.service(service='sshd', reloaded=True)
142
143 #
144 # special hosts
145 #
146
147 if host.name == "bang":
148 apt.packages(packages=[
149 'libzfs2linux',
150 'zfsutils-linux',
151 'zfs-zed',
152 'zfs-auto-snapshot',
153 ])