From a9a428462acb8aecc4c335027d552a30bb7c49b5 Mon Sep 17 00:00:00 2001
From: Daniel Weipert <code@drogueronin.de>
Date: Tue, 20 Apr 2021 12:43:20 +0200
Subject: Initial commit

---
 src/BaseServerSetup.php | 96 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 src/BaseServerSetup.php

(limited to 'src/BaseServerSetup.php')

diff --git a/src/BaseServerSetup.php b/src/BaseServerSetup.php
new file mode 100644
index 0000000..7ff1efb
--- /dev/null
+++ b/src/BaseServerSetup.php
@@ -0,0 +1,96 @@
+<?php
+
+namespace Dweipert\DevOps\BaseServerSetup;
+
+use PHPIAC\Module\State;
+use PHPIAC\Modules\AptModule;
+use PHPIAC\Modules\CopyModule;
+use PHPIAC\Modules\GitModule;
+use PHPIAC\Modules\TemplateModule;
+use PHPIAC\Modules\UfwModule;
+use PHPIAC\Modules\UserModule;
+use PHPIAC\Role\RoleInterface;
+use PHPIAC\Task;
+
+class BaseServerSetup implements RoleInterface
+{
+    public function __invoke(array $config = []): array
+    {
+        $config = array_replace_recursive(
+            include __DIR__ . '/unattended-upgrades/unattended-upgrades.php',
+            [
+                'unattended_origins_patterns' => [
+                    'o=${distro_id},a=${distro_codename}',
+                    'o=${distro_id},a=${distro_codename}-security',
+                ],
+                'unattended_mail' => $config['mail'],
+                'unattended_automatic_reboot' => true,
+                'unattended_syslog_enable' => true,
+            ],
+            $config
+        );
+
+        return [
+            # setup unattended upgrades
+            (new Task())->setModule(new AptModule([
+                'package' => 'unattended-upgrades',
+                'updateCache' => true,
+            ])),
+            (new Task())->setModule(new TemplateModule([
+                'src' => __DIR__ . '/unattended-upgrades/auto-upgrades.twig',
+                'dest' => '/etc/apt/apt.conf.d/20auto-upgrades',
+                'vars' => $config,
+                'owner' => 'root',
+                'group' => 'root',
+                'mode' => 0644,
+            ])),
+            (new Task())->setModule(new TemplateModule([
+                'src' => __DIR__ . '/unattended-upgrades/unattended-upgrades.twig',
+                'dest' => '/etc/apt/apt.conf.d/50unattended-upgrades',
+                'vars' => $config,
+                'owner' => 'root',
+                'group' => 'root',
+                'mode' => 0644,
+            ])),
+
+            # setup user
+            (new Task())->setModule(new AptModule([
+                'package' => 'zsh',
+            ])),
+            (new Task())->setModule(new UserModule([
+                'username' => $config['username'],
+                'password' => $config['password'],
+                'groups' => ['sudo'],
+                'append' => true,
+                'shell' => '/bin/zsh',
+            ])),
+            (new Task())->setModule(new CopyModule([
+                'src' => '~/.ssh',
+                'dest' => '/home/' . $config['username'],
+                'owner' => $config['username'],
+                'group' => $config['username'],
+                'remoteSrc' => true,
+            ])),
+            (new Task())->setModule(new GitModule([
+                'repo' => 'https://github.com/ohmyzsh/ohmyzsh.git',
+                'dest' => "/home/$config[username]/.oh-my-zsh",
+                'owner' => $config['username'],
+                'group' => $config['username'],
+            ])),
+            (new Task())->setModule(new CopyModule([
+                'src' => "/home/$config[username]/.oh-my-zsh/templates/zshrc.zsh-template",
+                'dest' => "/home/$config[username]/.zshrc",
+                'owner' => $config['username'],
+                'group' => $config['username'],
+                'remoteSrc' => true,
+            ])),
+
+            # setup firewall
+            (new Task())->setModule(new UfwModule([
+                'rule' => 'allow',
+                'name' => 'OpenSSH',
+                'state' => State::ENABLED,
+            ])),
+        ];
+    }
+}
-- 
cgit v1.2.3