Shawn Davis
3 years ago
parent
6df9a6f2fa
commit
d4935af4e0
13 changed files with 504 additions and 12 deletions
@ -0,0 +1,234 @@ |
||||
#! /usr/bin/env python |
||||
|
||||
from argparse import ArgumentParser, RawDescriptionHelpFormatter |
||||
from commonkit import highlight_code, smart_cast |
||||
from commonkit.logging import LoggingHelper |
||||
from commonkit.shell import EXIT |
||||
import sys |
||||
|
||||
sys.path.insert(0, "../") |
||||
|
||||
from scripttease.constants import LOGGER_NAME |
||||
from scripttease.lib.contexts import load_variables, Context |
||||
from scripttease.lib.loaders.ini import INILoader |
||||
from scripttease.lib.loaders.yaml import YMLLoader |
||||
from scripttease.version import DATE as VERSION_DATE, VERSION |
||||
|
||||
DEBUG = 10 |
||||
|
||||
logging = LoggingHelper(colorize=True, name=LOGGER_NAME) |
||||
log = logging.setup() |
||||
|
||||
|
||||
def execute(): |
||||
"""Process script configurations.""" |
||||
|
||||
__author__ = "Shawn Davis <shawn@develmaycare.com>" |
||||
__date__ = VERSION_DATE |
||||
__help__ = """NOTES |
||||
|
||||
This command is used to parse configuration files and output the commands. |
||||
|
||||
""" |
||||
__version__ = VERSION + "+new" |
||||
|
||||
# Main argument parser from which sub-commands are created. |
||||
parser = ArgumentParser(description=__doc__, epilog=__help__, formatter_class=RawDescriptionHelpFormatter) |
||||
|
||||
parser.add_argument( |
||||
"path", |
||||
default="steps.ini", |
||||
nargs="?", |
||||
help="The path to the configuration file." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-c", |
||||
"--color", |
||||
action="store_true", |
||||
dest="color_enabled", |
||||
help="Enable code highlighting for terminal output." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-C=", |
||||
"--context=", |
||||
action="append", |
||||
dest="variables", |
||||
help="Context variables for use in pre-parsing the config and templates. In the form of: name:value" |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-d", |
||||
"--docs", |
||||
action="store_true", |
||||
dest="docs_enabled", |
||||
help="Output documentation instead of code." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-D", |
||||
"--debug", |
||||
action="store_true", |
||||
dest="debug_enabled", |
||||
help="Enable debug output." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-f=", |
||||
"--filter=", |
||||
action="append", |
||||
dest="filters", |
||||
help="Filter the commands in the form of: attribute:value" |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-o=", |
||||
"--option=", |
||||
action="append", |
||||
dest="options", |
||||
help="Common command options in the form of: name:value" |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-P=", |
||||
"--profile=", |
||||
choices=["centos", "ubuntu"], |
||||
default="ubuntu", |
||||
dest="profile", |
||||
help="The OS profile to use." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-T=", |
||||
"--template-path=", |
||||
action="append", |
||||
dest="template_locations", |
||||
help="The location of template files that may be used with the template command." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-w=", |
||||
"--write=", |
||||
dest="output_file", |
||||
help="Write the output to disk." |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"-V=", |
||||
"--variables-file=", |
||||
dest="variables_file", |
||||
help="Load variables from a file." |
||||
) |
||||
|
||||
|
||||
|
||||
# Access to the version number requires special consideration, especially |
||||
# when using sub parsers. The Python 3.3 behavior is different. See this |
||||
# answer: http://stackoverflow.com/questions/8521612/argparse-optional-subparser-for-version |
||||
parser.add_argument( |
||||
"-v", |
||||
action="version", |
||||
help="Show version number and exit.", |
||||
version=__version__ |
||||
) |
||||
|
||||
parser.add_argument( |
||||
"--version", |
||||
action="version", |
||||
help="Show verbose version information and exit.", |
||||
version="%(prog)s" + " %s %s by %s" % (__version__, __date__, __author__) |
||||
) |
||||
|
||||
# Parse arguments. |
||||
args = parser.parse_args() |
||||
|
||||
if args.debug_enabled: |
||||
log.setLevel(DEBUG) |
||||
|
||||
log.debug("Namespace: %s" % args) |
||||
|
||||
# Create the global context. |
||||
context = Context() |
||||
|
||||
if args.variables_file: |
||||
variables = load_variables(args.variables_file) |
||||
for v in variables: |
||||
context.variables[v.name] = v |
||||
|
||||
if args.variables: |
||||
for token in args.variables: |
||||
try: |
||||
key, value = token.split(":") |
||||
context.add(key, smart_cast(value)) |
||||
except ValueError: |
||||
context.add(token, True) |
||||
|
||||
# Capture filters. |
||||
if args.filters: |
||||
filters = dict() |
||||
for token in args.filters: |
||||
key, value = token.split(":") |
||||
if key not in filters: |
||||
filters[key] = list() |
||||
|
||||
filters[key].append(value) |
||||
|
||||
# Handle options. |
||||
options = dict() |
||||
if args.options: |
||||
for token in args.options: |
||||
try: |
||||
key, value = token.split(":") |
||||
options[key] = smart_cast(value) |
||||
except ValueError: |
||||
options[token] = True |
||||
|
||||
# Load the commands. |
||||
if args.path.endswith(".ini"): |
||||
loader = INILoader( |
||||
args.path, |
||||
context=context, |
||||
locations=args.template_locations, |
||||
profile=args.profile, |
||||
**options |
||||
) |
||||
elif args.path.endswith(".yml"): |
||||
loader = YMLLoader( |
||||
args.path, |
||||
context=context, |
||||
locations=args.template_locations, |
||||
profile=args.profile, |
||||
**options |
||||
) |
||||
else: |
||||
log.error("Unsupported file format: %s" % args.path) |
||||
exit(EXIT.ERROR) |
||||
|
||||
# noinspection PyUnboundLocalVariable |
||||
if not loader.load(): |
||||
exit(EXIT.ERROR) |
||||
|
||||
# Generate output. |
||||
if args.docs_enabled: |
||||
pass |
||||
else: |
||||
commands = list() |
||||
for snippet in loader.get_snippets(): |
||||
statement = snippet.get_statement() |
||||
if statement is not None: |
||||
commands.append(statement) |
||||
commands.append("") |
||||
|
||||
if args.color_enabled: |
||||
print(highlight_code("\n".join(commands), language="bash")) |
||||
else: |
||||
print("\n".join(commands)) |
||||
|
||||
exit(EXIT.OK) |
||||
|
||||
|
||||
if __name__ == '__main__': |
||||
execute() |
||||
|
||||
|
||||
@ -0,0 +1,180 @@ |
||||
[update system repos] |
||||
system.update: |
||||
|
||||
[install apache] |
||||
install: apache2 |
||||
|
||||
[install certbot] |
||||
install: certbot |
||||
|
||||
[make sure a maintenance root exists] |
||||
mkdir: /var/www/maint/www |
||||
group: {{ apache_group }} |
||||
owner: {{ apache_user }} |
||||
recursive: yes |
||||
|
||||
[disable the default site] |
||||
apache.disable: 000-default |
||||
|
||||
[install postgres] |
||||
install: postgresql |
||||
|
||||
[install php and related resources] |
||||
install: $item |
||||
items: php, libapache2-mod-php, php-pgsql |
||||
|
||||
[install php modules] |
||||
install: $item |
||||
items: php-curl, php-dom, php-gd, php-json, php-mbstring, php-pdo-pgsql, php-zip |
||||
|
||||
[create the document root for the domain] |
||||
dir: /var/www/{{ domain_tld }}/www |
||||
group: {{ apache_group }} |
||||
owner: {{ apache_user }} |
||||
recursive: yes |
||||
|
||||
[prevent browsing of document root] |
||||
file: /var/www/{{ domain_tld }}/www/index.html |
||||
group: {{ apache_group }} |
||||
owner: {{ apache_user }} |
||||
|
||||
[create the initial apache config file] |
||||
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
|
||||
[enable the site] |
||||
apache.enable: {{ domain_name }} |
||||
|
||||
[enable mod rewrite] |
||||
apache.enable_module: rewrite |
||||
|
||||
[enable SSL engine] |
||||
apache.enable_module: ssl |
||||
|
||||
[enable php ctype] |
||||
run: "phpenmod ctype" |
||||
|
||||
[enable php curl] |
||||
run: "phpenmod curl" |
||||
|
||||
[enable php dom] |
||||
run: "phpenmod dom" |
||||
|
||||
[enable php GD] |
||||
run: "phpenmod gd" |
||||
|
||||
[enable php JSON] |
||||
run: "phpenmod json" |
||||
|
||||
[enable php PGSQL] |
||||
run: "phpenmod pdo_pgsql" |
||||
|
||||
[enable php SimpleXML] |
||||
run: "phpenmod simplexml" |
||||
|
||||
[enable php posix] |
||||
run: "phpenmod posix" |
||||
|
||||
[enable php XMLReader] |
||||
run: "phpenmod xmlreader" |
||||
|
||||
[enable php XMLWriter] |
||||
run: "phpenmod xmlwriter" |
||||
|
||||
[enable php zip] |
||||
run: "phpenmod zip" |
||||
|
||||
;PHP module libxml (Linux package libxml2 must be >=2.7.0) |
||||
;php -i | grep -i libxml |
||||
|
||||
; https://askubuntu.com/questions/323005/php-openssl-extension-has-a-package |
||||
; php -i | grep -i openssl |
||||
;PHP module openssl |
||||
|
||||
;php -i | grep -i openssl |
||||
;PHP module session |
||||
|
||||
;php -i | grep -i zlib |
||||
;PHP module zlib |
||||
|
||||
[reload apache] |
||||
apache.reload: |
||||
|
||||
[get an SSL cert] |
||||
ssl: {{ domain_name }} |
||||
email: {{ webmaster_email }} |
||||
|
||||
[create the SSL version of the apache config file] |
||||
template: httpd.conf /etc/apache2/sites-available/{{ domain_name }}.conf |
||||
ssl_enabled: yes |
||||
|
||||
[restart apache] |
||||
apache.restart: |
||||
|
||||
[create the install path for nextcloud] |
||||
dir: /var/www/{{ domain_tld }}/www{{ install_path }} |
||||
group: {{ apache_group }} |
||||
owner: {{ apache_user }} |
||||
recursive: yes |
||||
|
||||
[get the nextcloud installer] |
||||
run: "wget https://download.nextcloud.com/server/installer/setup-nextcloud.php" |
||||
cd: /var/www/{{ domain_tld }}/www{{ install_path }} |
||||
|
||||
; createuser -U postgres -DRS {{ install_path }}_nextcloud |
||||
; createdb -U postgres -O diff6_nextcloud diff6_nextcloud |
||||
; psql -U postgres -c "ALTER USER diff6_nextcloud WITH ENCRYPTED PASSWORD '******'" |
||||
|
||||
; https://docs.nextcloud.com/server/latest/admin_manual/installation/source_installation.html |
||||
; Recommended packages: |
||||
; |
||||
;PHP module fileinfo (highly recommended, enhances file analysis performance) |
||||
; |
||||
;PHP module bz2 (recommended, required for extraction of apps) |
||||
; |
||||
;PHP module intl (increases language translation performance and fixes sorting of non-ASCII characters) |
||||
; |
||||
;Required for specific apps: |
||||
; |
||||
;PHP module ldap (for LDAP integration) |
||||
; |
||||
;PHP module smbclient (SMB/CIFS integration, see SMB/CIFS) |
||||
; |
||||
;PHP module ftp (for FTP storage / external user authentication) |
||||
; |
||||
;PHP module imap (for external user authentication) |
||||
; |
||||
;PHP module bcmath (for passwordless login) |
||||
; |
||||
;PHP module gmp (for passwordless login) |
||||
; |
||||
;Recommended for specific apps (optional): |
||||
; |
||||
;PHP module gmp (for SFTP storage) |
||||
; |
||||
;PHP module exif (for image rotation in pictures app) |
||||
; |
||||
;For enhanced server performance (optional) select one of the following memcaches: |
||||
; |
||||
;PHP module apcu (>= 4.0.6) |
||||
; |
||||
;PHP module memcached |
||||
; |
||||
;PHP module redis (>= 2.2.6, required for Transactional File Locking) |
||||
; |
||||
;See Memory caching to learn how to select and configure a memcache. |
||||
; |
||||
;For preview generation (optional): |
||||
; |
||||
;PHP module imagick |
||||
; |
||||
;avconv or ffmpeg |
||||
; |
||||
;OpenOffice or LibreOffice |
||||
; |
||||
;For command line processing (optional): |
||||
; |
||||
;PHP module pcntl (enables command interruption by pressing ctrl-c) |
||||
; |
||||
;For command line updater (optional): |
||||
; |
||||
;PHP module phar (upgrades Nextcloud by running sudo -u www-data php /var/www/nextcloud/updater/updater.phar) |
||||
@ -0,0 +1,28 @@ |
||||
# The port 80 host is required for renewing Let's Encrypt certificates. |
||||
<VirtualHost *:80> |
||||
ServerName {{ domain_name }} |
||||
ServerAlias *.{{ domain_name }} |
||||
ServerAdmin {{ webmaster_email }} |
||||
RewriteEngine On |
||||
RewriteCond %{HTTPS} off |
||||
RewriteCond %{REQUEST_URI} !^/.well-known [NC] |
||||
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L] |
||||
DocumentRoot /var/www/maint/www |
||||
</VirtualHost> |
||||
|
||||
{% if ssl_enabled %} |
||||
# The 443 host is where the project is actually served. |
||||
<VirtualHost *:443> |
||||
ServerName {{ domain_name }} |
||||
ServerAdmin {{ webmaster_email }} |
||||
DocumentRoot /var/www/{{ domain_tld }}/www |
||||
|
||||
ErrorLog ${APACHE_LOG_DIR}/error.log |
||||
CustomLog ${APACHE_LOG_DIR}/access.log combined |
||||
|
||||
SSLEngine on |
||||
SSLCertificateKeyFile /etc/letsencrypt/live/{{ domain_name }}/privkey.pem |
||||
SSLCertificateFile /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem |
||||
|
||||
</VirtualHost> |
||||
{% endif %} |
||||
@ -0,0 +1,23 @@ |
||||
[apache_user] |
||||
comment = The name of the user that runs Apache. |
||||
value = www-data |
||||
|
||||
[apache_group] |
||||
comment = The name of the group to which the Apache user is assigned. |
||||
value = www-data |
||||
|
||||
[domain_name] |
||||
comment = The domain name to use for the NextCloud host. |
||||
value = cloud.example.com |
||||
|
||||
[domain_tld] |
||||
comment = The domain name as a directory. |
||||
value = cloud_example_com |
||||
|
||||
[webmaster_email] |
||||
comment = The webmaster's email address. Used when setting up SSL. |
||||
value = webmaster@example.com |
||||
|
||||
[install_path] |
||||
comment = The path relative to document root where NextCloud will be installed. |
||||
value = / |
||||
@ -0,0 +1,2 @@ |
||||
[create pg_hba.conf file] |
||||
template: pg_hba.conf /etc/postgresql/{{ pgsql_version}}/main/pg_hba.conf |
||||
@ -0,0 +1,8 @@ |
||||
# TYPE DATABASE USER ADDRESS METHOD |
||||
local all postgres trust |
||||
local sameuser all md5 |
||||
host all postgres ::1/128 trust |
||||
host all postgres localhost trust |
||||
host sameuser all ::1/128 md5 |
||||
host sameuser all localhost md5 |
||||
host sameuser all 127.0.0.1/32 md5 |
||||
@ -0,0 +1,3 @@ |
||||
[pgsql_version] |
||||
comment = The current version of PostgreSQL. |
||||
value = 12 |
||||
@ -0,0 +1,2 @@ |
||||
[setup restricted ssh] |
||||
template: sshd_config /etc/ssh/sshd_config |
||||
@ -0,0 +1,10 @@ |
||||
Port 4894 |
||||
AddressFamily inet |
||||
PermitRootLogin no |
||||
PasswordAuthentication no |
||||
ChallengeResponseAuthentication no |
||||
UsePAM yes |
||||
X11Forwarding yes |
||||
PrintMotd no |
||||
AcceptEnv LANG LC_* |
||||
Subsystem sftp /usr/lib/openssh/sftp-server |
||||
Loading…
Reference in new issue