start

2026-05-21 14:02:15 +00:00 · 2023-12-02 23:42:09 +01:00
commit 28f6d4f73a
16 changed files with 464 additions and 0 deletions
--- a/openfreemaps/init.py
+++ b/openfreemaps/init.py
--- a/openfreemaps/config.py
+++ b/openfreemaps/config.py
@@ -0,0 +1,5 @@
+from pathlib import Path
+
+
+base = Path(__file__).parent.parent
+templates = base / 'templates'
--- a/openfreemaps/kernel.py
+++ b/openfreemaps/kernel.py
@@ -0,0 +1,22 @@
+from openfreemaps.config import templates
+from openfreemaps.utils import apt_get_install, apt_get_purge, put, put_str
+
+
+def setup_kernel_settings(c):
+    put(c, f'{templates}/sysctl/60-optim.conf', '/etc/sysctl.d/')
+
+    set_cpu_governor(c)
+
+
+def set_cpu_governor(c):
+    apt_get_install(c, 'cpufrequtils')
+    apt_get_purge(c, 'linux-tools-*')
+
+    put_str(
+        c,
+        '/etc/default/cpufrequtils',
+        'GOVERNOR="performance"',
+    )
+
+    # check after reboot
+    # cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
--- a/openfreemaps/nginx.py
+++ b/openfreemaps/nginx.py
@@ -0,0 +1,61 @@
+from openfreemaps.config import templates
+from openfreemaps.utils import (
+    apt_get_install,
+    apt_get_purge,
+    apt_get_update,
+    exists,
+    put,
+    put_str,
+    sudo_cmd,
+    ubuntu_codename,
+)
+
+
+def nginx(c):
+    codename = ubuntu_codename(c)
+
+    if not exists(c, '/usr/sbin/nginx'):
+        put_str(
+            c,
+            '/etc/apt/sources.list.d/nginx.list',
+            f'deb http://nginx.org/packages/mainline/ubuntu {codename} nginx',
+        )
+        sudo_cmd(
+            c,
+            'wget --quiet -O - http://nginx.org/keys/nginx_signing.key | apt-key add -',
+        )
+        apt_get_update(c)
+        apt_get_install(c, 'nginx')
+
+    c.sudo('rm -rf /data/nginx/config')
+    c.sudo('mkdir -p /data/nginx/config')
+
+    c.sudo('rm -rf /data/nginx/logs')
+    c.sudo('mkdir -p /data/nginx/logs')
+
+    c.sudo('mkdir -p /data/nginx/sites')
+
+    if not exists(c, '/etc/nginx/ssl/dummy.crt'):
+        c.sudo('mkdir -p /etc/nginx/ssl')
+        c.sudo(
+            'openssl req -x509 -nodes -days 365 -newkey rsa:2048 '
+            '-keyout /etc/nginx/ssl/dummy.key -out /etc/nginx/ssl/dummy.crt '
+            '-subj "/C=US/ST=Dummy/L=Dummy/O=Dummy/CN=example.com"'
+        )
+
+    put(c, f'{templates}/nginx/nginx.conf', '/etc/nginx/')
+    put(c, f'{templates}/nginx/default_disable.conf', '/data/nginx/sites')
+
+    c.sudo('service nginx restart')
+
+
+def certbot(c):
+    # https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
+    apt_get_install(c, 'snapd')
+    c.run('snap install core', warn=True)
+    c.run('snap refresh core', warn=True)
+
+    apt_get_purge(c, 'certbot')
+    c.run('snap install --classic certbot', warn=True)
+    c.run('snap set certbot trust-plugin-with-root=ok')
+    c.run('snap install certbot-dns-cloudflare')
--- a/openfreemaps/utils.py
+++ b/openfreemaps/utils.py
@@ -0,0 +1,103 @@
+import os
+import secrets
+import string
+
+
+def put(c, local_path, remote_path, permissions=None, owner='root', group=None):
+    tmp_path = f'/tmp/fabtmp_{random_string(8)}'
+    c.put(local_path, tmp_path)
+
+    if is_dir(c, remote_path):
+        if not remote_path.endswith('/'):
+            remote_path += '/'
+
+        filename = os.path.basename(local_path)
+        remote_path += filename
+
+    c.sudo(f"mv '{tmp_path}' '{remote_path}'")
+    c.sudo(f"rm -rf '{tmp_path}'")
+
+    set_permission(c, remote_path, permissions, owner, group)
+
+
+def put_str(c, remote_path, str_):
+    tmp_file = 'tmp.txt'
+    with open(tmp_file, 'w') as outfile:
+        outfile.write(str_ + '\n')
+    put(c, tmp_file, remote_path)
+    os.remove(tmp_file)
+
+
+def append_str(c, remote_path, str_):
+    tmp_path = f'/tmp/fabtmp_{random_string(8)}'
+    put_str(c, tmp_path, str_)
+
+    sudo_cmd(c, f"cat '{tmp_path}' >> '{remote_path}'")
+    c.sudo(f'rm -f {tmp_path}')
+
+
+def sudo_cmd(c, cmd):
+    cmd = cmd.replace('"', '\\"')
+    c.sudo(f'bash -c "{cmd}"')
+
+
+def set_permission(c, path, permissions=None, owner=None, group=None):
+    if owner:
+        if not group:
+            group = owner
+
+        c.sudo(f"chown {owner}:{group} '{path}'")
+
+    if permissions:
+        c.sudo(f"chmod {permissions} '{path}'")
+
+
+def reboot(c):
+    print('Rebooting')
+    try:
+        c.sudo('reboot')
+    except Exception:
+        pass
+
+
+def exists(c, path):
+    return c.sudo(f"test -e '{path}'", hide=True, warn=True).ok
+
+
+def is_dir(c, path):
+    return c.sudo(f"test -d '{path}'", hide=True, warn=True).ok
+
+
+def random_string(length):
+    return ''.join(secrets.choice(string.ascii_uppercase + string.digits) for _ in range(length))
+
+
+def ubuntu_release(c):
+    return c.run('lsb_release -rs').stdout.strip()[:2]
+
+
+def ubuntu_codename(c):
+    return c.run('lsb_release -cs').stdout.strip()
+
+
+def apt_get_update(c):
+    c.sudo('apt-get update')
+
+
+def apt_get_install(c, pkgs, warn=False):
+    c.sudo(
+        f'DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends {pkgs}',
+        warn=warn,
+    )
+
+
+def apt_get_purge(c, pkgs):
+    c.sudo(f'DEBIAN_FRONTEND=noninteractive apt-get purge -y {pkgs}')
+
+
+def apt_get_autoremove(c):
+    c.sudo('DEBIAN_FRONTEND=noninteractive apt-get autoremove -y')
+
+
+def get_username(c):
+    return c.run('whoami').stdout.strip()