summaryrefslogtreecommitdiff
path: root/src/BaseServerSetup.php
diff options
context:
space:
mode:
authorDaniel Weipert <code@drogueronin.de>2021-04-20 12:43:20 +0200
committerDaniel Weipert <code@drogueronin.de>2021-04-20 12:43:20 +0200
commita9a428462acb8aecc4c335027d552a30bb7c49b5 (patch)
treeb3c4eaf9bcc00aefd39783b6bba17607196c2177 /src/BaseServerSetup.php
Initial commit
Diffstat (limited to 'src/BaseServerSetup.php')
-rw-r--r--src/BaseServerSetup.php96
1 files changed, 96 insertions, 0 deletions
diff --git a/src/BaseServerSetup.php b/src/BaseServerSetup.php
new file mode 100644
index 0000000..7ff1efb
--- /dev/null
+++ b/src/BaseServerSetup.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Dweipert\DevOps\BaseServerSetup;
+
+use PHPIAC\Module\State;
+use PHPIAC\Modules\AptModule;
+use PHPIAC\Modules\CopyModule;
+use PHPIAC\Modules\GitModule;
+use PHPIAC\Modules\TemplateModule;
+use PHPIAC\Modules\UfwModule;
+use PHPIAC\Modules\UserModule;
+use PHPIAC\Role\RoleInterface;
+use PHPIAC\Task;
+
+class BaseServerSetup implements RoleInterface
+{
+ public function __invoke(array $config = []): array
+ {
+ $config = array_replace_recursive(
+ include __DIR__ . '/unattended-upgrades/unattended-upgrades.php',
+ [
+ 'unattended_origins_patterns' => [
+ 'o=${distro_id},a=${distro_codename}',
+ 'o=${distro_id},a=${distro_codename}-security',
+ ],
+ 'unattended_mail' => $config['mail'],
+ 'unattended_automatic_reboot' => true,
+ 'unattended_syslog_enable' => true,
+ ],
+ $config
+ );
+
+ return [
+ # setup unattended upgrades
+ (new Task())->setModule(new AptModule([
+ 'package' => 'unattended-upgrades',
+ 'updateCache' => true,
+ ])),
+ (new Task())->setModule(new TemplateModule([
+ 'src' => __DIR__ . '/unattended-upgrades/auto-upgrades.twig',
+ 'dest' => '/etc/apt/apt.conf.d/20auto-upgrades',
+ 'vars' => $config,
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => 0644,
+ ])),
+ (new Task())->setModule(new TemplateModule([
+ 'src' => __DIR__ . '/unattended-upgrades/unattended-upgrades.twig',
+ 'dest' => '/etc/apt/apt.conf.d/50unattended-upgrades',
+ 'vars' => $config,
+ 'owner' => 'root',
+ 'group' => 'root',
+ 'mode' => 0644,
+ ])),
+
+ # setup user
+ (new Task())->setModule(new AptModule([
+ 'package' => 'zsh',
+ ])),
+ (new Task())->setModule(new UserModule([
+ 'username' => $config['username'],
+ 'password' => $config['password'],
+ 'groups' => ['sudo'],
+ 'append' => true,
+ 'shell' => '/bin/zsh',
+ ])),
+ (new Task())->setModule(new CopyModule([
+ 'src' => '~/.ssh',
+ 'dest' => '/home/' . $config['username'],
+ 'owner' => $config['username'],
+ 'group' => $config['username'],
+ 'remoteSrc' => true,
+ ])),
+ (new Task())->setModule(new GitModule([
+ 'repo' => 'https://github.com/ohmyzsh/ohmyzsh.git',
+ 'dest' => "/home/$config[username]/.oh-my-zsh",
+ 'owner' => $config['username'],
+ 'group' => $config['username'],
+ ])),
+ (new Task())->setModule(new CopyModule([
+ 'src' => "/home/$config[username]/.oh-my-zsh/templates/zshrc.zsh-template",
+ 'dest' => "/home/$config[username]/.zshrc",
+ 'owner' => $config['username'],
+ 'group' => $config['username'],
+ 'remoteSrc' => true,
+ ])),
+
+ # setup firewall
+ (new Task())->setModule(new UfwModule([
+ 'rule' => 'allow',
+ 'name' => 'OpenSSH',
+ 'state' => State::ENABLED,
+ ])),
+ ];
+ }
+}