Mercurial > code > home > repos > infra
comparison system.py @ 91:ab1e0cbe8009
refactor and add podman registries
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 15 Jul 2022 14:26:37 -0700 |
| parents | 1ac08aba5ae5 |
| children | 69058ad170be |
comparison
equal
deleted
inserted
replaced
| 90:376ab3be6e94 | 91:ab1e0cbe8009 |
|---|---|
| 8 | 8 |
| 9 TZ = 'America/Los_Angeles' | 9 TZ = 'America/Los_Angeles' |
| 10 | 10 |
| 11 server.hostname(hostname=host.name) | 11 server.hostname(hostname=host.name) |
| 12 | 12 |
| 13 # | 13 def timezone(): |
| 14 # timezone | 14 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') |
| 15 # | 15 files.replace(path='/etc/timezone', text='.*', replace=TZ) |
| 16 apt.packages(update=True, | |
| 17 cache_time=86400, | |
| 18 packages=['tzdata'], | |
| 19 force=True, | |
| 20 _env={ | |
| 21 'TZ': TZ, | |
| 22 'LANG': 'en_US.UTF-8', | |
| 23 'DEBIAN_FRONTEND': 'noninteractive' | |
| 24 }) | |
| 16 | 25 |
| 17 files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') | 26 def fstab(): |
| 18 files.replace(path='/etc/timezone', text='.*', replace=TZ) | 27 fstab_file = f'files/fstab/{host.name}' |
| 19 apt.packages(update=True, | 28 if os.path.exists(fstab_file): |
| 20 cache_time=86400, | 29 files.put(src=fstab_file, dest='/etc/fstab') |
| 21 packages=['tzdata'], | |
| 22 force=True, | |
| 23 _env={ | |
| 24 'TZ': TZ, | |
| 25 'LANG': 'en_US.UTF-8', | |
| 26 'DEBIAN_FRONTEND': 'noninteractive' | |
| 27 }) | |
| 28 | 30 |
| 29 # | 31 def pi_tmpfs(): |
| 30 # fstab | |
| 31 # | |
| 32 | |
| 33 fstab_file = f'files/fstab/{host.name}' | |
| 34 if os.path.exists(fstab_file): | |
| 35 files.put(src=fstab_file, dest='/etc/fstab') | |
| 36 if is_pi and host.name != 'pipe': | |
| 37 for line in [ | 32 for line in [ |
| 38 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', | 33 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', |
| 39 'tmpfs /tmp tmpfs defaults,noatime 0 0', | 34 'tmpfs /tmp tmpfs defaults,noatime 0 0', |
| 40 ]: | 35 ]: |
| 41 files.line(path="/etc/fstab", line=line, replace=line) | 36 files.line(path="/etc/fstab", line=line, replace=line) |
| 42 | 37 |
| 43 # stop SD card corruption (along with some mounts in fstab) | 38 # stop SD card corruption (along with some mounts in fstab) |
| 44 apt.packages(packages=['dphys-swapfile'], present=False) | 39 apt.packages(packages=['dphys-swapfile'], present=False) |
| 45 | 40 |
| 46 # | |
| 47 # docker (delete this?) | |
| 48 # | |
| 49 | 41 |
| 50 # don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709 | 42 # don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709 |
| 51 if False and not is_pi: # maybe add podman? but do it in packages.py | 43 def podman_inecure_registry(): |
| 52 apt.packages(packages=['docker.io'], no_recommends=True) | 44 files.template(src='templates/kube/podman_registries.conf.j2', dest='/etc/containers/registries.conf.d/bang.conf') |
| 53 files.put(src='files/docker_daemon.json', dest='/etc/docker/daemon.json') | |
| 54 systemd.service(service='docker', running=True, enabled=True, restarted=True) | |
| 55 | |
| 56 if not is_pi: | |
| 57 files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal") | |
| 58 | |
| 59 files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") | |
| 60 systemd.service(service='sshd', reloaded=True) | |
| 61 | 45 |
| 62 | 46 |
| 63 if host.name in ['bang', 'pipe']: | 47 def no_sleep(): |
| 64 server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) | 48 server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) |
| 65 | 49 |
| 66 if host.name == 'bang': | 50 def nfs_server(): |
| 67 apt.packages(packages=['nfs-kernel-server']) | 51 apt.packages(packages=['nfs-kernel-server']) |
| 68 files.template(src='templates/bang_exports.j2', dest='/etc/exports') | 52 files.template(src='templates/bang_exports.j2', dest='/etc/exports') |
| 69 | 53 |
| 70 # sudo zfs set sharenfs="rw=10.5.0.0/16" stor6 | 54 # sudo zfs set sharenfs="rw=10.5.0.0/16" stor6 |
| 71 | 55 |
| 72 if host.name == 'prime': | 56 def smaller_journals(): |
| 73 files.line(name='shorter systemctl log window, for disk space', | 57 files.line(name='shorter systemctl log window, for disk space', |
| 74 path='/etc/systemd/journald.conf', | 58 path='/etc/systemd/journald.conf', |
| 75 line='MaxFileSec', | 59 line='MaxFileSec', |
| 76 replace="MaxFileSec=7day") | 60 replace="MaxFileSec=7day") |
| 77 | 61 |
| 78 for port in [80, 443]: | 62 for port in [80, 443]: |
| 79 files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) | 63 files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) |
| 80 systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True) | 64 systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True) |
| 65 | |
| 66 timezone() | |
| 67 fstab() | |
| 68 | |
| 69 if not is_pi: | |
| 70 files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal") | |
| 71 | |
| 72 if is_pi and host.name != 'pipe': | |
| 73 pi_tmpfs() | |
| 74 | |
| 75 if not is_pi: | |
| 76 podman_inecure_registry() | |
| 77 | |
| 78 if host.name in ['bang', 'pipe']: | |
| 79 no_sleep() | |
| 80 | |
| 81 if host.name == 'bang': | |
| 82 nfs_server() | |
| 83 | |
| 84 if host.name == 'prime': | |
| 85 smaller_journals() |