Mercurial > code > home > repos > infra
diff system.py @ 91:ab1e0cbe8009
refactor and add podman registries
| author | drewp@bigasterisk.com |
|---|---|
| date | Fri, 15 Jul 2022 14:26:37 -0700 |
| parents | 1ac08aba5ae5 |
| children | 69058ad170be |
line wrap: on
line diff
--- a/system.py Fri Jul 15 14:25:58 2022 -0700 +++ b/system.py Fri Jul 15 14:26:37 2022 -0700 @@ -10,30 +10,25 @@ server.hostname(hostname=host.name) -# -# timezone -# +def timezone(): + files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') + files.replace(path='/etc/timezone', text='.*', replace=TZ) + apt.packages(update=True, + cache_time=86400, + packages=['tzdata'], + force=True, + _env={ + 'TZ': TZ, + 'LANG': 'en_US.UTF-8', + 'DEBIAN_FRONTEND': 'noninteractive' + }) -files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}') -files.replace(path='/etc/timezone', text='.*', replace=TZ) -apt.packages(update=True, - cache_time=86400, - packages=['tzdata'], - force=True, - _env={ - 'TZ': TZ, - 'LANG': 'en_US.UTF-8', - 'DEBIAN_FRONTEND': 'noninteractive' - }) +def fstab(): + fstab_file = f'files/fstab/{host.name}' + if os.path.exists(fstab_file): + files.put(src=fstab_file, dest='/etc/fstab') -# -# fstab -# - -fstab_file = f'files/fstab/{host.name}' -if os.path.exists(fstab_file): - files.put(src=fstab_file, dest='/etc/fstab') -if is_pi and host.name != 'pipe': +def pi_tmpfs(): for line in [ 'tmpfs /var/log tmpfs defaults,noatime,mode=0755 0 0', 'tmpfs /tmp tmpfs defaults,noatime 0 0', @@ -43,33 +38,22 @@ # stop SD card corruption (along with some mounts in fstab) apt.packages(packages=['dphys-swapfile'], present=False) -# -# docker (delete this?) -# # don't try to get aufs-dkms on rpi-- https://github.com/docker/for-linux/issues/709 -if False and not is_pi: # maybe add podman? but do it in packages.py - apt.packages(packages=['docker.io'], no_recommends=True) - files.put(src='files/docker_daemon.json', dest='/etc/docker/daemon.json') - systemd.service(service='docker', running=True, enabled=True, restarted=True) - -if not is_pi: - files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal") - - files.line(path='/etc/ssh/sshd_config', line="^UseDNS\b", replace="UseDNS no") - systemd.service(service='sshd', reloaded=True) +def podman_inecure_registry(): + files.template(src='templates/kube/podman_registries.conf.j2', dest='/etc/containers/registries.conf.d/bang.conf') -if host.name in ['bang', 'pipe']: +def no_sleep(): server.shell(commands=['systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target']) -if host.name == 'bang': +def nfs_server(): apt.packages(packages=['nfs-kernel-server']) files.template(src='templates/bang_exports.j2', dest='/etc/exports') # sudo zfs set sharenfs="rw=10.5.0.0/16" stor6 -if host.name == 'prime': +def smaller_journals(): files.line(name='shorter systemctl log window, for disk space', path='/etc/systemd/journald.conf', line='MaxFileSec', @@ -78,3 +62,24 @@ for port in [80, 443]: files.template(src="templates/webforward.service.j2", dest=f"/etc/systemd/system/web_forward_{port}.service", port=port) systemd.service(service=f'web_forward_{port}', enabled=True, restarted=True) + +timezone() +fstab() + +if not is_pi: + files.line(path='/etc/update-manager/release-upgrades', line="^Prompt=", replace="Prompt=normal") + +if is_pi and host.name != 'pipe': + pi_tmpfs() + +if not is_pi: + podman_inecure_registry() + +if host.name in ['bang', 'pipe']: + no_sleep() + +if host.name == 'bang': + nfs_server() + +if host.name == 'prime': + smaller_journals() \ No newline at end of file