|
|
|
|
@ -3,19 +3,19 @@ from pyinfra.operations import apt, server, files, systemd
|
|
|
|
|
|
|
|
|
|
SUDO = True
|
|
|
|
|
|
|
|
|
|
server.user(
|
|
|
|
|
name='Add user benpro',
|
|
|
|
|
user='benpro',
|
|
|
|
|
groups=['sudo'],
|
|
|
|
|
public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
|
|
|
|
|
shell='/bin/bash',
|
|
|
|
|
present=True,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
server.hostname(
|
|
|
|
|
name='Set the hostname',
|
|
|
|
|
hostname='dns.benpro.fr',
|
|
|
|
|
)
|
|
|
|
|
#server.user(
|
|
|
|
|
# name='Add user benpro',
|
|
|
|
|
# user='benpro',
|
|
|
|
|
# groups=['sudo'],
|
|
|
|
|
# public_keys='ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7yO0auvwFL8HTLMUq6lET6DMYLhqhd32rqFfZUsjL openpgp:0xA32E99AD',
|
|
|
|
|
# shell='/bin/bash',
|
|
|
|
|
# present=True,
|
|
|
|
|
#)
|
|
|
|
|
#
|
|
|
|
|
#server.hostname(
|
|
|
|
|
# name='Set the hostname',
|
|
|
|
|
# hostname='dns.benpro.fr',
|
|
|
|
|
#)
|
|
|
|
|
|
|
|
|
|
apt.update(
|
|
|
|
|
name='Update apt repositories',
|
|
|
|
|
@ -25,34 +25,34 @@ apt.upgrade(
|
|
|
|
|
name='Upgrade apt packages',
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
apt.packages(
|
|
|
|
|
name='Install ufw',
|
|
|
|
|
packages=['ufw'],
|
|
|
|
|
update=False,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
files.line(
|
|
|
|
|
name='Set port 28 for SSH',
|
|
|
|
|
path='/etc/ssh/sshd_config',
|
|
|
|
|
line=r'Port .*',
|
|
|
|
|
replace='Port 28',
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
systemd.service(
|
|
|
|
|
name='Reload sshd',
|
|
|
|
|
service='ssh.service',
|
|
|
|
|
reloaded=True,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
server.shell(
|
|
|
|
|
name='Add ufw rules',
|
|
|
|
|
commands=['ufw limit 28', 'ufw allow 80', 'ufw allow 443', 'ufw allow 853'],
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
server.shell(
|
|
|
|
|
name='Enable ufw',
|
|
|
|
|
commands=['yes | ufw enable'],
|
|
|
|
|
)
|
|
|
|
|
#apt.packages(
|
|
|
|
|
# name='Install ufw',
|
|
|
|
|
# packages=['ufw'],
|
|
|
|
|
# update=False,
|
|
|
|
|
#)
|
|
|
|
|
#
|
|
|
|
|
#files.line(
|
|
|
|
|
# name='Set port 28 for SSH',
|
|
|
|
|
# path='/etc/ssh/sshd_config',
|
|
|
|
|
# line=r'Port .*',
|
|
|
|
|
# replace='Port 28',
|
|
|
|
|
#)
|
|
|
|
|
#
|
|
|
|
|
#systemd.service(
|
|
|
|
|
# name='Reload sshd',
|
|
|
|
|
# service='ssh.service',
|
|
|
|
|
# reloaded=True,
|
|
|
|
|
#)
|
|
|
|
|
#
|
|
|
|
|
#server.shell(
|
|
|
|
|
# name='Add ufw rules',
|
|
|
|
|
# commands=['ufw limit 28', 'ufw allow 80', 'ufw allow 443', 'ufw allow 853'],
|
|
|
|
|
#)
|
|
|
|
|
#
|
|
|
|
|
#server.shell(
|
|
|
|
|
# name='Enable ufw',
|
|
|
|
|
# commands=['yes | ufw enable'],
|
|
|
|
|
#)
|
|
|
|
|
|
|
|
|
|
server.shell(
|
|
|
|
|
name='Install certbot',
|
|
|
|
|
|
Benoit S
1 year ago