diff options
author | Daniel Weipert <code@drogueronin.de> | 2021-04-20 12:43:20 +0200 |
---|---|---|
committer | Daniel Weipert <code@drogueronin.de> | 2021-04-20 12:43:20 +0200 |
commit | a9a428462acb8aecc4c335027d552a30bb7c49b5 (patch) | |
tree | b3c4eaf9bcc00aefd39783b6bba17607196c2177 /src/BaseServerSetup.php |
Initial commit
Diffstat (limited to 'src/BaseServerSetup.php')
-rw-r--r-- | src/BaseServerSetup.php | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/src/BaseServerSetup.php b/src/BaseServerSetup.php new file mode 100644 index 0000000..7ff1efb --- /dev/null +++ b/src/BaseServerSetup.php @@ -0,0 +1,96 @@ +<?php + +namespace Dweipert\DevOps\BaseServerSetup; + +use PHPIAC\Module\State; +use PHPIAC\Modules\AptModule; +use PHPIAC\Modules\CopyModule; +use PHPIAC\Modules\GitModule; +use PHPIAC\Modules\TemplateModule; +use PHPIAC\Modules\UfwModule; +use PHPIAC\Modules\UserModule; +use PHPIAC\Role\RoleInterface; +use PHPIAC\Task; + +class BaseServerSetup implements RoleInterface +{ + public function __invoke(array $config = []): array + { + $config = array_replace_recursive( + include __DIR__ . '/unattended-upgrades/unattended-upgrades.php', + [ + 'unattended_origins_patterns' => [ + 'o=${distro_id},a=${distro_codename}', + 'o=${distro_id},a=${distro_codename}-security', + ], + 'unattended_mail' => $config['mail'], + 'unattended_automatic_reboot' => true, + 'unattended_syslog_enable' => true, + ], + $config + ); + + return [ + # setup unattended upgrades + (new Task())->setModule(new AptModule([ + 'package' => 'unattended-upgrades', + 'updateCache' => true, + ])), + (new Task())->setModule(new TemplateModule([ + 'src' => __DIR__ . '/unattended-upgrades/auto-upgrades.twig', + 'dest' => '/etc/apt/apt.conf.d/20auto-upgrades', + 'vars' => $config, + 'owner' => 'root', + 'group' => 'root', + 'mode' => 0644, + ])), + (new Task())->setModule(new TemplateModule([ + 'src' => __DIR__ . '/unattended-upgrades/unattended-upgrades.twig', + 'dest' => '/etc/apt/apt.conf.d/50unattended-upgrades', + 'vars' => $config, + 'owner' => 'root', + 'group' => 'root', + 'mode' => 0644, + ])), + + # setup user + (new Task())->setModule(new AptModule([ + 'package' => 'zsh', + ])), + (new Task())->setModule(new UserModule([ + 'username' => $config['username'], + 'password' => $config['password'], + 'groups' => ['sudo'], + 'append' => true, + 'shell' => '/bin/zsh', + ])), + (new Task())->setModule(new CopyModule([ + 'src' => '~/.ssh', + 'dest' => '/home/' . $config['username'], + 'owner' => $config['username'], + 'group' => $config['username'], + 'remoteSrc' => true, + ])), + (new Task())->setModule(new GitModule([ + 'repo' => 'https://github.com/ohmyzsh/ohmyzsh.git', + 'dest' => "/home/$config[username]/.oh-my-zsh", + 'owner' => $config['username'], + 'group' => $config['username'], + ])), + (new Task())->setModule(new CopyModule([ + 'src' => "/home/$config[username]/.oh-my-zsh/templates/zshrc.zsh-template", + 'dest' => "/home/$config[username]/.zshrc", + 'owner' => $config['username'], + 'group' => $config['username'], + 'remoteSrc' => true, + ])), + + # setup firewall + (new Task())->setModule(new UfwModule([ + 'rule' => 'allow', + 'name' => 'OpenSSH', + 'state' => State::ENABLED, + ])), + ]; + } +} |