src/BaseServerSetup.php


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

<?php

namespace Dweipert\DevOps\BaseServerSetup;

use Dweipert\DevOps\UnattendedUpgrades\UnattendedUpgrades;
use PHPIAC\Module\State;
use PHPIAC\Modules\AptModule;
use PHPIAC\Modules\CopyModule;
use PHPIAC\Modules\GitModule;
use PHPIAC\Modules\UfwModule;
use PHPIAC\Modules\UserModule;
use PHPIAC\Role\RoleInterface;
use PHPIAC\Task;

class BaseServerSetup implements RoleInterface
{
    public function __invoke(array $config = []): array
    {
        $config = array_replace_recursive(
            ['unattended_upgrades' => [
                'unattended_origins_patterns' => [
                    'o=${distro_id},a=${distro_codename}',
                    'o=${distro_id},a=${distro_codename}-security',
                ],
                'unattended_mail' => $config['mail'],
                'unattended_automatic_reboot' => true,
                'unattended_syslog_enable' => true,
            ]],
            $config
        );

        return [
            # setup unattended upgrades
            ...(new UnattendedUpgrades())($config['unattended_upgrades']),

            # setup user
            (new Task())->setModule(new AptModule([
                'package' => 'zsh',
            ])),
            (new Task())->setModule(new UserModule([
                'username' => $config['username'],
                'password' => $config['password'],
                'groups' => ['sudo'],
                'append' => true,
                'shell' => '/bin/zsh',
            ])),
            (new Task())->setModule(new CopyModule([
                'src' => '~/.ssh',
                'dest' => '/home/' . $config['username'] . '/.ssh',
                'owner' => $config['username'],
                'group' => $config['username'],
                'remoteSrc' => true,
            ])),
            (new Task())->setModule(new GitModule([
                'repo' => 'https://github.com/ohmyzsh/ohmyzsh.git',
                'dest' => "/home/$config[username]/.oh-my-zsh",
                'owner' => $config['username'],
                'group' => $config['username'],
            ])),
            (new Task())->setModule(new CopyModule([
                'src' => "/home/$config[username]/.oh-my-zsh/templates/zshrc.zsh-template",
                'dest' => "/home/$config[username]/.zshrc",
                'owner' => $config['username'],
                'group' => $config['username'],
                'remoteSrc' => true,
            ])),

            # setup firewall
            (new Task())->setModule(new UfwModule([
                'rule' => 'allow',
                'name' => 'OpenSSH',
                'state' => State::ENABLED,
            ])),
        ];
    }
}