1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
<?php
namespace Dweipert\DevOps\BaseServerSetup;
use PHPIAC\Module\State;
use PHPIAC\Modules\AptModule;
use PHPIAC\Modules\CopyModule;
use PHPIAC\Modules\GitModule;
use PHPIAC\Modules\TemplateModule;
use PHPIAC\Modules\UfwModule;
use PHPIAC\Modules\UserModule;
use PHPIAC\Role\RoleInterface;
use PHPIAC\Task;
class BaseServerSetup implements RoleInterface
{
public function __invoke(array $config = []): array
{
$config = array_replace_recursive(
include __DIR__ . '/unattended-upgrades/unattended-upgrades.php',
[
'unattended_origins_patterns' => [
'o=${distro_id},a=${distro_codename}',
'o=${distro_id},a=${distro_codename}-security',
],
'unattended_mail' => $config['mail'],
'unattended_automatic_reboot' => true,
'unattended_syslog_enable' => true,
],
$config
);
return [
# setup unattended upgrades
(new Task())->setModule(new AptModule([
'package' => 'unattended-upgrades',
'updateCache' => true,
])),
(new Task())->setModule(new TemplateModule([
'src' => __DIR__ . '/unattended-upgrades/auto-upgrades.twig',
'dest' => '/etc/apt/apt.conf.d/20auto-upgrades',
'vars' => $config,
'owner' => 'root',
'group' => 'root',
'mode' => 0644,
])),
(new Task())->setModule(new TemplateModule([
'src' => __DIR__ . '/unattended-upgrades/unattended-upgrades.twig',
'dest' => '/etc/apt/apt.conf.d/50unattended-upgrades',
'vars' => $config,
'owner' => 'root',
'group' => 'root',
'mode' => 0644,
])),
# setup user
(new Task())->setModule(new AptModule([
'package' => 'zsh',
])),
(new Task())->setModule(new UserModule([
'username' => $config['username'],
'password' => $config['password'],
'groups' => ['sudo'],
'append' => true,
'shell' => '/bin/zsh',
])),
(new Task())->setModule(new CopyModule([
'src' => '~/.ssh',
'dest' => '/home/' . $config['username'],
'owner' => $config['username'],
'group' => $config['username'],
'remoteSrc' => true,
])),
(new Task())->setModule(new GitModule([
'repo' => 'https://github.com/ohmyzsh/ohmyzsh.git',
'dest' => "/home/$config[username]/.oh-my-zsh",
'owner' => $config['username'],
'group' => $config['username'],
])),
(new Task())->setModule(new CopyModule([
'src' => "/home/$config[username]/.oh-my-zsh/templates/zshrc.zsh-template",
'dest' => "/home/$config[username]/.zshrc",
'owner' => $config['username'],
'group' => $config['username'],
'remoteSrc' => true,
])),
# setup firewall
(new Task())->setModule(new UfwModule([
'rule' => 'allow',
'name' => 'OpenSSH',
'state' => State::ENABLED,
])),
];
}
}
|
