Pyinfra that deploy my LXD server.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

88 lines
2.5 KiB

from pyinfra import host
from pyinfra.operations import server, files, systemd, apt
SUDO = True
apt.packages(
name='Install packages',
packages=['certbot', 'haproxy', 'nginx'],
update=False,
)
files.put(
name='Upload Nginx default vhost',
src='files/nginx.default',
dest='/etc/nginx/sites-available/default',
user='root',
group='root',
mode='644',
)
systemd.service(
name='Restart and enable nginx service',
service='nginx.service',
running=True,
restarted=True,
enabled=True,
)
files.put(
name='Upload HAProxy config',
src='files/haproxy.cfg',
dest='/etc/haproxy/haproxy.cfg',
user='root',
group='root',
mode='644',
)
files.directory(
name='Ensure /etc/ssl/haproxy exists',
path='/etc/ssl/haproxy',
user='root',
group='root',
mode=700
)
if not host.fact.file('/etc/haproxy/dhparam'):
server.shell(
name='Generate dhparam',
commands=['openssl dhparam 2048 > /etc/haproxy/dhparam']
)
systemd.service(
name='Restart and enable HAProxy service',
service='haproxy.service',
running=True,
restarted=True,
enabled=True,
)
if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):
server.shell(
name='Add certificate mo-f.fr',
commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d mo-f.fr -d download.mo-f.fr -d ipv4.mo-f.fr -d oppai.mo-f.fr -d static-uploads.mo-f.fr -d www.mo-f.fr'],
)
if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):
server.shell(
name='Add certificate play.benpro.fr',
commands=['certbot certonly --non-interactive --email certbot@benpro.fr --agree-tos --webroot --webroot-path /var/www/html/ -d play.benpro.fr'],
)
if not host.fact.directory('/etc/letsencrypt/live/mo-f.fr'):
server.shell(
name='Add certificate mo-f.fr to HAProxy',
commands=['cat /etc/letsencrypt/live/mo-f.fr/fullchain.pem /etc/letsencrypt/live/mo-f.fr/privkey.pem > /etc/ssl/haproxy/mo-f.fr.pem']
)
if not host.fact.directory('/etc/letsencrypt/live/play.benpro.fr'):
server.shell(
name='Add certificate play.benpro.fr to HAProxy',
commands=['cat /etc/letsencrypt/live/play.benpro.fr/fullchain.pem /etc/letsencrypt/live/play.benpro.fr/privkey.pem > /etc/ssl/haproxy/play.benpro.fr.pem']
)
systemd.service(
name='Reload HAProxy service',
service='haproxy.service',
reloaded=True,
)