Mercurial > code > home > repos > infra
comparison system/system.py @ 326:5b88b38f2471
huge reorg, reog toplevel functions in preparation of a ui with nice task lists
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 20 Jan 2025 21:55:08 -0800 |
| parents | system.py@9e15c07d5258 |
| children | 2bbcf00b8d2a |
comparison
equal
deleted
inserted
replaced
| 325:4d1b6a6e65d2 | 326:5b88b38f2471 |
|---|---|
| 1 import os | |
| 2 from io import StringIO | |
| 3 from typing import cast | |
| 4 | |
| 5 import pyinfra | |
| 6 from pyinfra.context import host | |
| 7 from pyinfra.operations import apt, files, server, systemd | |
| 8 | |
| 9 TZ = 'America/Los_Angeles' | |
| 10 | |
| 11 | |
| 12 def sshServer(): | |
| 13 systemd.service( | |
| 14 service='ssh', | |
| 15 running=True, | |
| 16 enabled=True, | |
| 17 ) | |
| 18 | |
| 19 files.line(path='/etc/ssh/ssh_config', line="HashKnownHosts", replace="HashKnownHosts no") | |
| 20 | |
| 21 if 'pi' not in host.groups: | |
| 22 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") | |
| 23 # MAYBE plus needs this fix: adding ListenAddress 0.0.0.0 to /etc/ssh/sshd_config | |
| 24 systemd.service(service='sshd', reloaded=True) | |
| 25 | |
| 26 | |
| 27 def timezone(): | |
| 28 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') | |
| 29 files.replace(path='/etc/timezone', text='.*', replace=TZ) | |
| 30 | |
| 31 | |
| 32 def fstab(): | |
| 33 fstab_file = f'system/fstabs/{host.name}' | |
| 34 if os.path.exists(fstab_file): | |
| 35 files.put(src=fstab_file, dest='/etc/fstab') | |
| 36 | |
| 37 | |
| 38 def pi_tmpfs(): | |
| 39 if 'pi' not in host.groups: | |
| 40 return | |
| 41 | |
| 42 for line in [ | |
| 43 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', | |
| 44 'tmpfs /tmp tmpfs defaults,noatime 0 0', | |
| 45 ]: | |
| 46 files.line(path="/etc/fstab", line=line, replace=line) | |
| 47 | |
| 48 # stop SD card corruption (along with some mounts in fstab) | |
| 49 apt.packages(packages=['dphys-swapfile'], present=False) | |
| 50 | |
| 51 | |
| 52 def no_sleep(): | |
| 53 if host.name not in ['bang', 'pipe', 'ditto']: | |
| 54 return | |
| 55 | |
| 56 server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) | |
| 57 | |
| 58 | |
| 59 def nfs_server(): | |
| 60 if host.name != 'ditto': | |
| 61 return | |
| 62 | |
| 63 # remove when we're on longhorn | |
| 64 apt.packages(packages=['nfs-kernel-server']) | |
| 65 files.put(src='system/files/ditto_exports', dest='/etc/exports') | |
| 66 | |
| 67 | |
| 68 def smaller_journals(): | |
| 69 if host.name not in ['prime', 'ditto', 'pipe']: | |
| 70 return | |
| 71 files.line(name='shorter systemctl log window, for disk space', | |
| 72 path='/etc/systemd/journald.conf', | |
| 73 line='MaxFileSec', | |
| 74 replace="MaxFileSec=7day") | |
| 75 | |
| 76 | |
| 77 def web_forward(): | |
| 78 if host.name != 'prime': | |
| 79 return | |
| 80 for port in [80, 443]: | |
| 81 svc = f'web_forward_{port}' | |
| 82 files.template(src="system/templates/webforward.service.j2", | |
| 83 dest=f"/etc/systemd/system/{svc}.service", | |
| 84 serv_host='bang', | |
| 85 port=port, | |
| 86 name='web', | |
| 87 fam='tcp') | |
| 88 systemd.service(service=svc, enabled=True, restarted=True) | |
| 89 | |
| 90 | |
| 91 def minecraft_forward(): | |
| 92 if host.name != 'prime': | |
| 93 return | |
| 94 port = 25765 | |
| 95 for fam in ['tcp', 'udp']: | |
| 96 svc = f'mc_smp_{fam}_forward_{port}' | |
| 97 files.template(src="system/templates/webforward.service.j2", | |
| 98 dest=f"/etc/systemd/system/{svc}.service", | |
| 99 serv_host='ditto', | |
| 100 port=port, | |
| 101 name='mc_smp', | |
| 102 fam=fam) | |
| 103 systemd.service(service=svc, enabled=True, restarted=True) | |
| 104 | |
| 105 | |
| 106 def pigpiod(): | |
| 107 if 'pi' not in host.groups: | |
| 108 return | |
| 109 files.put(src="system/files/pigpiod.service", dest="/etc/systemd/system/pigpiod.service") | |
| 110 systemd.service(service='pigpiod', daemon_reload=True, enabled=True) | |
| 111 | |
| 112 | |
| 113 def rpi_iscsi_volumes(): | |
| 114 if host.name != 'ditto': | |
| 115 return | |
| 116 | |
| 117 iscsi_dir = '/d2/rpi-iscsi' | |
| 118 for pi_hostname in cast(list, pyinfra.inventory.get_group(name='pi')): | |
| 119 out = f'{iscsi_dir}/{pi_hostname}.disk' | |
| 120 files.directory(path=iscsi_dir) | |
| 121 server.shell(commands=f'dd if=/dev/zero of={out} count=0 bs=1 seek=10G conv=excl || true') | |
| 122 files.put(dest=f"/etc/tgt/conf.d/{pi_hostname}.conf", | |
| 123 src=StringIO(f""" | |
| 124 <target iqn.2024-03.com.bigasterisk:{pi_hostname}.target> | |
| 125 backing-store {out} | |
| 126 initiator-name iqn.2024-03.com.bigasterisk:{pi_hostname}.initiator | |
| 127 </target> | |
| 128 """)) | |
| 129 # restarting is disruptive to connected pis, and they might need to be | |
| 130 # visited: | |
| 131 #systemd.service(service='tgt.service', running=True, restarted=True) | |
| 132 | |
| 133 | |
| 134 def hostname(): | |
| 135 server.hostname(hostname=host.name) | |
| 136 | |
| 137 | |
| 138 | |
| 139 operations = [ | |
| 140 hostname, | |
| 141 timezone, | |
| 142 fstab, | |
| 143 rpi_iscsi_volumes, | |
| 144 pi_tmpfs, | |
| 145 no_sleep, | |
| 146 nfs_server, | |
| 147 smaller_journals, | |
| 148 web_forward, | |
| 149 minecraft_forward, | |
| 150 pigpiod, | |
| 151 ] | |
| 152 # for space, consider: | |
| 153 # k3s crictl rmi --prune | |
| 154 # snap list --all | while read snapname ver rev trk pub notes; do if [[ $notes = *disabled* ]]; then snap remove "$snapname" --revision="$rev"; fi; done | |
| 155 # podman system reset |