sysadmin/openfreemap
1
0
Fork 0
mirror of https://github.com/hyperknot/openfreemap.git synced 2026-05-21 14:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

work

Browse Source
This commit is contained in:
Zsolt Ero
2023-12-04 22:56:27 +01:00
parent c12ed48275
commit f9649c50fc
13 changed files with 150 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -4,3 +4,4 @@
.DS_Store .DS_Store
/venv /venv
/.idea /.idea
/temp

11
.ruff.toml
View File

@@ -1,6 +1,6 @@
target-version = "py310" target-version = "py310"
line-length = 100 line-length = 100
extend-exclude = ["temp"]
select = [ select = [
"E", # pycodestyle errors "E", # pycodestyle errors
@@ -19,24 +19,25 @@ select = [
] ]
ignore = [ ignore = [
'A003',
'E501', 'E501',
'E711', 'E711',
'E712', 'E712',
'E741', 'E741',
'A003', 'F401',
'F841',
'PT004', 'PT004',
'SIM108',
'SIM102', 'SIM102',
'SIM105', 'SIM105',
'SIM108',
'SIM115', 'SIM115',
'F841',
] ]
[format] [format]
quote-style = "single" quote-style = "single"
[isort] [isort]
known-first-party = ["openfreemaps"] known-first-party = ["lib"]
lines-after-imports = 2 lines-after-imports = 2
[flake8-comprehensions] [flake8-comprehensions]

29
init-server.py
View File

@@ -2,28 +2,31 @@
from fabric import Connection from fabric import Connection
from openfreemaps.nginx import certbot, nginx from lib.nginx import certbot, nginx
from openfreemaps.pkg_base import pkg_base, pkg_clean, pkg_upgrade from lib.pkg_base import pkg_base, pkg_clean, pkg_upgrade
from openfreemaps.planetiler import install_planetiler from lib.planetiler import install_planetiler
from openfreemaps.system import set_cpu_governor, setup_kernel_settings, setup_time from lib.system1 import set_cpu_governor, setup_kernel_settings, setup_time
from lib.utils import add_user
def prepare_server(c): def prepare_server(c):
pkg_upgrade(c) add_user(c, 'ofm')
pkg_clean(c)
pkg_base(c)
setup_time(c) # pkg_upgrade(c)
setup_kernel_settings(c) # pkg_clean(c)
set_cpu_governor(c) # pkg_base(c)
nginx(c) # setup_time(c)
certbot(c) # setup_kernel_settings(c)
# set_cpu_governor(c)
# nginx(c)
# certbot(c)
install_planetiler(c) install_planetiler(c)
c = Connection(host='map128', port=22) c = Connection(host='ofm-o-ca-1', port=22, user='ubuntu')
prepare_server(c) prepare_server(c)
# reboot(c) # reboot(c)

0
openfreemaps/__init__.py → lib/__init__.py
View File

0
openfreemaps/config.py → lib/config.py
View File

29
lib/dns.py Normal file
View File

@@ -0,0 +1,29 @@
import time
from lib.utils import apt_get_purge, exists, put_str
def setup_dns(c):
if exists(c, '/etc/network/interfaces'):
c.sudo("sed -i '/dns-nameservers/d' /etc/network/interfaces")
apt_get_purge(c, 'resolvconf')
c.sudo('rm -rf /etc/resolvconf')
c.sudo('systemctl stop systemd-resolved')
c.sudo('systemctl disable systemd-resolved')
print('chattr -i')
c.sudo('chattr -i /etc/resolv.conf', warn=True)
c.sudo('rm -f /etc/resolv.conf')
put_str(
c,
'/etc/resolv.conf',
'nameserver 1.1.1.1\nnameserver 1.0.0.1\nnameserver 2606:4700:4700::1111\nnameserver 2606:4700:4700::1001',
)
time.sleep(1)
print('chattr +i')
c.sudo('chattr +i /etc/resolv.conf')
apt_get_purge(c, 'bind9*')
c.sudo('rm -rf /var/cache/bind')

19
openfreemaps/system.py → lib/kernel.py
View File

@@ -1,28 +1,15 @@
from openfreemaps.config import templates from lib.config import templates
from openfreemaps.utils import ( from lib.utils import apt_get_install, apt_get_purge, put, put_str
apt_get_install,
apt_get_purge,
put,
put_str,
)
def setup_time(c):
apt_get_install(c, 'dbus')
c.sudo('timedatectl set-local-rtc 0')
c.sudo('timedatectl set-ntp 1')
c.sudo('timedatectl set-timezone UTC')
def setup_kernel_settings(c): def setup_kernel_settings(c):
put(c, f'{templates}/sysctl/60-optim.conf', '/etc/sysctl.d/') put(c, f'{templates}/sysctl/60-optim.conf', '/etc/sysctl.d/')
def set_cpu_governor(c): def set_cpu_governor(c):
apt_get_install(c, 'cpufrequtils') apt_get_install(c, 'cpufrequtils')
apt_get_purge(c, 'linux-tools-*') apt_get_purge(c, 'linux-tools-*')
# c.run('systemctl disable ondemand') # not working on 22
put_str( put_str(
c, c,

15
openfreemaps/nginx.py → lib/nginx.py
View File

@@ -1,5 +1,5 @@
from openfreemaps.config import templates from lib.config import templates
from openfreemaps.utils import ( from lib.utils import (
apt_get_install, apt_get_install,
apt_get_purge, apt_get_purge,
apt_get_update, apt_get_update,
@@ -45,6 +45,7 @@ def nginx(c):
put(c, f'{templates}/nginx/nginx.conf', '/etc/nginx/') put(c, f'{templates}/nginx/nginx.conf', '/etc/nginx/')
put(c, f'{templates}/nginx/default_disable.conf', '/data/nginx/sites') put(c, f'{templates}/nginx/default_disable.conf', '/data/nginx/sites')
put(c, f'{templates}/nginx/cloudflare.conf', '/data/nginx/config')
c.sudo('service nginx restart') c.sudo('service nginx restart')
@@ -52,10 +53,10 @@ def nginx(c):
def certbot(c): def certbot(c):
# https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx # https://certbot.eff.org/lets-encrypt/ubuntubionic-nginx
apt_get_install(c, 'snapd') apt_get_install(c, 'snapd')
c.run('snap install core', warn=True) c.sudo('snap install core', warn=True)
c.run('snap refresh core', warn=True) c.sudo('snap refresh core', warn=True)
apt_get_purge(c, 'certbot') apt_get_purge(c, 'certbot')
c.run('snap install --classic certbot', warn=True) c.sudo('snap install --classic certbot', warn=True)
c.run('snap set certbot trust-plugin-with-root=ok') c.sudo('snap set certbot trust-plugin-with-root=ok')
c.run('snap install certbot-dns-cloudflare') c.sudo('snap install certbot-dns-cloudflare')

9
openfreemaps/pkg_base.py → lib/pkg_base.py
View File

@@ -1,4 +1,4 @@
from openfreemaps.utils import ( from lib.utils import (
apt_get_autoremove, apt_get_autoremove,
apt_get_install, apt_get_install,
apt_get_purge, apt_get_purge,
@@ -20,11 +20,18 @@ def pkg_clean(c):
'ufw', 'ufw',
'nftables', 'nftables',
'firewalld', 'firewalld',
'iptables-persistent',
# bloat
'ntfs-3g',
'popularity-contest',
'landscape*',
'ubuntu-advantage-tools',
] ]
apt_get_purge(c, ' '.join(clean_list)) apt_get_purge(c, ' '.join(clean_list))
apt_get_autoremove(c) apt_get_autoremove(c)
sudo_cmd(c, 'dpkg --list | grep "^rc" | cut -d " " -f 3 | xargs -r dpkg --purge') sudo_cmd(c, 'dpkg --list | grep "^rc" | cut -d " " -f 3 | xargs -r dpkg --purge')
c.sudo('iptables -L')
def pkg_base(c): def pkg_base(c):

10
openfreemaps/planetiler.py → lib/planetiler.py
View File

@@ -1,5 +1,5 @@
from openfreemaps.config import templates from lib.config import templates
from openfreemaps.utils import apt_get_install, apt_get_update, put from lib.utils import apt_get_install, apt_get_update, put
PLANETILER_VERSION = '0.7.0' PLANETILER_VERSION = '0.7.0'
@@ -12,12 +12,12 @@ def install_planetiler(c):
apt_get_update(c) apt_get_update(c)
apt_get_install(c, 'openjdk-17-jdk') apt_get_install(c, 'openjdk-17-jdk')
c.run('mkdir -p /data/planetiler/bin') c.sudo('mkdir -p /data/planetiler/bin')
c.run( c.sudo(
f'wget -q https://github.com/onthegomap/planetiler/releases/download/v{PLANETILER_VERSION}/planetiler.jar ' f'wget -q https://github.com/onthegomap/planetiler/releases/download/v{PLANETILER_VERSION}/planetiler.jar '
f'-O {PLANETILER_PATH}', f'-O {PLANETILER_PATH}',
) )
c.run(f'java -jar {PLANETILER_PATH} --help') c.sudo(f'java -jar {PLANETILER_PATH} --help')
put(c, templates / 'planetiler' / 'run_planet.sh', PLANETILER_DIR, permissions='755') put(c, templates / 'planetiler' / 'run_planet.sh', PLANETILER_DIR, permissions='755')

42
openfreemaps/utils.py → lib/utils.py
View File

@@ -101,3 +101,45 @@ def apt_get_autoremove(c):
def get_username(c): def get_username(c):
return c.run('whoami').stdout.strip() return c.run('whoami').stdout.strip()
def add_user(c, username, passwd=None):
# ssh-key login only
c.sudo(f'adduser --disabled-password --gecos "" {username}', warn=True)
if passwd:
c.sudo(f'echo "{username}:{passwd}" | chpasswd')
def remove_user(c, username):
c.sudo(f'userdel -r {username}', warn=True)
c.sudo(f'rm -rf /home/{username}')
def enable_sudo(c, username):
c.sudo(f'usermod -aG sudo {username}')
def ssh_copy_id(c, username, key_file_path):
with open(key_file_path) as fp:
public_key_str = fp.read()
if username == 'root':
home_dir = '/root'
else:
home_dir = f'/home/{username}'
ssh_dir = f'{home_dir}/.ssh'
c.sudo(f'mkdir -p {ssh_dir}')
c.sudo(f'chown {username}:{username} {ssh_dir}')
put_str(c, f'{ssh_dir}/authorized_keys', public_key_str)
set_permission(c, f'{ssh_dir}/authorized_keys', '400', username, username)
def setup_time(c):
apt_get_install(c, 'dbus')
c.sudo('timedatectl set-local-rtc 0')
c.sudo('timedatectl set-ntp 1')
c.sudo('timedatectl set-timezone UTC')

4
setup.py
View File

@@ -6,6 +6,6 @@ requirements = ['fabric', 'ruff']
setup( setup(
python_requires='>=3.10', python_requires='>=3.10',
install_requires=requirements, install_requires=requirements,
name='openfreemaps', name='lib',
packages=['openfreemaps'], packages=['lib'],
) )

30
templates/nginx/cloudflare.conf Normal file
View File

@@ -0,0 +1,30 @@
# https://www.cloudflare.com/ips/
set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/13;
set_real_ip_from 104.24.0.0/14;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 2400:cb00::/32;
set_real_ip_from 2405:8100::/32;
set_real_ip_from 2405:b500::/32;
set_real_ip_from 2606:4700::/32;
set_real_ip_from 2803:f800::/32;
set_real_ip_from 2a06:98c0::/29;
set_real_ip_from 2c0f:f248::/32;
# use any of the following two
real_ip_header CF-Connecting-IP;
#real_ip_header X-Forwarded-For;