doo-extras 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +7 -0
- data/lib/recipes/apache.rb +12 -0
- data/lib/recipes/backupninja.rb +37 -0
- data/lib/recipes/basic.rb +57 -0
- data/lib/recipes/jetty.rb +19 -0
- data/lib/recipes/memcached.rb +26 -0
- data/lib/recipes/mongodb.rb +14 -0
- data/lib/recipes/monit.rb +21 -0
- data/lib/recipes/munin.rb +37 -0
- data/lib/recipes/mysql.rb +34 -0
- data/lib/recipes/nginx.rb +39 -0
- data/lib/recipes/node.rb +14 -0
- data/lib/recipes/ntp.rb +3 -0
- data/lib/recipes/php.rb +32 -0
- data/lib/recipes/python.rb +3 -0
- data/lib/recipes/rails.rb +3 -0
- data/lib/recipes/redis.rb +33 -0
- data/lib/recipes/ruby.rb +14 -0
- data/lib/recipes/smtp.rb +44 -0
- data/lib/recipes/ssh.rb +22 -0
- data/lib/ubuntu.rb +13 -0
- metadata +97 -0
data/README.md
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
doo-extras is a package of commonly used doo recipes packaged up and ready to go. You can use these recipes in your doo project like so
|
|
2
|
+
|
|
3
|
+
require 'doo-extras/ubuntu'
|
|
4
|
+
|
|
5
|
+
That's it! You'll have access to a ton of built in recipes for installing and configuring everything from apache and nginx to mongodb and redis. Go to town!
|
|
6
|
+
|
|
7
|
+
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
set :apache do
|
|
2
|
+
if_fails "[ -x /usr/sbin/httpd ]" do
|
|
3
|
+
apt "apache2-mpm-prefork"
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
if defined? apache_config_files
|
|
7
|
+
apache_config_files.each do |file|
|
|
8
|
+
put file, "/etc/apache2/conf.d/#{File.basename file}", :sudo => true
|
|
9
|
+
end
|
|
10
|
+
sudo "service apache2 restart"
|
|
11
|
+
end
|
|
12
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
set :backupninja do
|
|
2
|
+
if_fails "[ -x /usr/sbin/backupninja ]" do
|
|
3
|
+
apt 'backupninja'
|
|
4
|
+
apt 'duplicity'
|
|
5
|
+
|
|
6
|
+
sudo "mkdir -p /root/.ssh"
|
|
7
|
+
sudo "chmod 700 /root/.ssh"
|
|
8
|
+
sudo "test -f /root/.ssh/id_rsa || sudo ssh-keygen -f /root/.ssh/id_rsa -P ''"
|
|
9
|
+
message <<-EOF
|
|
10
|
+
#{"*" * 78}
|
|
11
|
+
|
|
12
|
+
The following is a public key that needs to be manually appended to the chosen account
|
|
13
|
+
on the chosen backup server for this machine:
|
|
14
|
+
|
|
15
|
+
EOF
|
|
16
|
+
|
|
17
|
+
sudo "cat /root/.ssh/id_rsa.pub"
|
|
18
|
+
|
|
19
|
+
message <<-EOF
|
|
20
|
+
|
|
21
|
+
Please ensure that this key is installed, or backups won't work.
|
|
22
|
+
|
|
23
|
+
You'll also have to run the first backup manually, in order to authorize
|
|
24
|
+
your backup host's key. Do this by running
|
|
25
|
+
|
|
26
|
+
sudo backupninja -n
|
|
27
|
+
|
|
28
|
+
#{"*" * 78}
|
|
29
|
+
EOF
|
|
30
|
+
|
|
31
|
+
replace "/etc/backupninja.conf", "reportsuccess = yes", "reportsuccess = no", :sudo => true
|
|
32
|
+
replace "/etc/backupninja.conf", "when = everyday at 01:00", "when = #{backup_time}", :sudo => true
|
|
33
|
+
|
|
34
|
+
run "mkdir -p /tmp/backup.d"
|
|
35
|
+
put "#{backup_files_directory}/*", "/etc/backup.d/", :sudo => true, :owner => "root", :group => "root", :mode => "u+Xrw,go-rwx"
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
set :package_updates do
|
|
2
|
+
sudo "DEBCONF_TERSE=yes DEBIAN_PRIORITY='critical' DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu update"
|
|
3
|
+
sudo "DEBCONF_TERSE=yes DEBIAN_PRIORITY='critical' DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu upgrade"
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
set :unattended_upgrades do
|
|
7
|
+
if_fails "[ -x /usr/bin/unattended-upgrade ]" do
|
|
8
|
+
|
|
9
|
+
apt "unattended-upgrades"
|
|
10
|
+
apt "wget"
|
|
11
|
+
|
|
12
|
+
replace "/etc/apt/apt.conf.d/50unattended-upgrades", "//.*\"Ubuntu lucid-updates\";", "\"Ubuntu lucid-updates\";", :sudo => true
|
|
13
|
+
replace "/etc/apt/apt.conf.d/50unattended-upgrades", "//Unattended-Upgrade::Mail \"root@localhost\";", "Unattended-Upgrade::Mail \"root@localhost\";", :sudo => true
|
|
14
|
+
|
|
15
|
+
append "/etc/apt/apt.conf.d/50unattended-upgrades", "APT::Periodic::Update-Package-Lists \"1\";", :sudo => true
|
|
16
|
+
append "/etc/apt/apt.conf.d/50unattended-upgrades", "APT::Periodic::Download-Upgradeable-Packages \"1\";", :sudo => true
|
|
17
|
+
append "/etc/apt/apt.conf.d/50unattended-upgrades", "APT::Periodic::Unattended-Upgrade \"1\";", :sudo => true
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
set :bash_completion do
|
|
22
|
+
apt "bash-completion"
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
set :vim do
|
|
26
|
+
apt "vim"
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
set :manpages do
|
|
30
|
+
apt "man-db"
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
set :htop do
|
|
34
|
+
apt "htop"
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
set :curl do
|
|
38
|
+
apt "curl"
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
set :traceroute do
|
|
42
|
+
apt "traceroute"
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
set :git do
|
|
46
|
+
apt "git-core"
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
set :passwordless_sudo do
|
|
50
|
+
append "/etc/sudoers", "#{user} ALL=NOPASSWD: ALL", :sudo => true
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
set :passwordless_commands do
|
|
54
|
+
password_free_commands.each do |command|
|
|
55
|
+
append "/etc/sudoers", "#{user} ALL=NOPASSWD: #{command}", :sudo => true
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
set :jetty do
|
|
2
|
+
|
|
3
|
+
if_fails "[ -d /usr/share/jetty ]" do
|
|
4
|
+
apt 'solr-jetty'
|
|
5
|
+
apt 'openjdk-6-jdk'
|
|
6
|
+
end
|
|
7
|
+
replace "/etc/dfault/jetty", "^NO_START=1", "NO_START=0", :sudo => true
|
|
8
|
+
if defined? jetty_bind_address
|
|
9
|
+
replace "/etc/dfault/jetty", "^JETTY_HOST=.*", "JETTY_HOST=#{jetty_bind_address}", :sudo => true
|
|
10
|
+
end
|
|
11
|
+
if defined? jetty_bind_port
|
|
12
|
+
replace "/etc/dfault/jetty", "^JETTY_PORT=.*", "JETTY_PORT=#{jetty_bind_port}", :sudo => true
|
|
13
|
+
end
|
|
14
|
+
if defined? jetty_max_memory
|
|
15
|
+
replace "/etc/dfault/jetty", "^JAVA_OPTIONS=.*", "JAVA_OPTIONS=\\\"-Xmx#{jetty_max_memory} -Djava.awt.headless=true\\\"", :sudo => true
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
sudo "service jetty --full-restart"
|
|
19
|
+
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
set :memcached_munin do
|
|
2
|
+
sudo "wget -O /usr/share/munin/plugins/memcached_multi http://exchange.munin-monitoring.org/plugins/memcached-multigraph/version/2/download"
|
|
3
|
+
sudo "chmod +x /usr/share/munin/plugins/memcached_multi"
|
|
4
|
+
|
|
5
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_bytes"
|
|
6
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_commands"
|
|
7
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_conns"
|
|
8
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_evictions"
|
|
9
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_items"
|
|
10
|
+
sudo "ln -sf /usr/share/munin/plugins/memcached_multi /etc/munin/plugins/memcached_multi_memory"
|
|
11
|
+
|
|
12
|
+
sudo "service munin-node restart"
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
set :memcached do
|
|
16
|
+
if_fails "[ -x /usr/bin/memcached ]" do
|
|
17
|
+
apt "memcached"
|
|
18
|
+
|
|
19
|
+
if defined? memcached_memory
|
|
20
|
+
replace "/etc/memcached.conf", "^-m.*", "-m #{memcached_memory}", :sudo => true
|
|
21
|
+
sudo "service memcached restart"
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
memcached_munin
|
|
26
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
set :mongo_server do
|
|
2
|
+
source = "deb http://downloads.mongodb.org/distros/ubuntu 10.4 10gen"
|
|
3
|
+
if_fails "grep '#{source}' /etc/apt/sources.list" do
|
|
4
|
+
append "/etc/apt/sources.list", source, :sudo => true
|
|
5
|
+
sudo "DEBCONF_TERSE='yes' DEBIAN_PRIORITY='critical' DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu update"
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
apt "mongodb-stable"
|
|
9
|
+
|
|
10
|
+
if defined? mongo_bind_address
|
|
11
|
+
append "/etc/mongodb.conf", "bind_ip = #{mongo_bind_address}", :sudo => true
|
|
12
|
+
sudo "/etc/init.d/mongodb restart", :pty => false
|
|
13
|
+
end
|
|
14
|
+
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
set :monit do
|
|
2
|
+
if defined? monitrc_file
|
|
3
|
+
if_fails "[ -x /usr/sbin/monit ]" do
|
|
4
|
+
apt 'monit'
|
|
5
|
+
|
|
6
|
+
replace "/etc/default/monit", "^startup=0", "startup=1", :sudo => true
|
|
7
|
+
|
|
8
|
+
put monitrc_file, "/etc/monit/monitrc", :sudo => true, :owner => "root", :group => "root"
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
sudo "service monit restart"
|
|
12
|
+
|
|
13
|
+
if defined? monit_extras
|
|
14
|
+
[monit_extras].flatten.each do |extra|
|
|
15
|
+
put extra, "/etc/monit/conf.d/#{File.basename(extra)}", :sudo => true, :owner => "root", :group => "root"
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
sudo "service monit restart"
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
set :munin_server do
|
|
2
|
+
apt "munin"
|
|
3
|
+
|
|
4
|
+
if defined? munin_nginx_config
|
|
5
|
+
apt "nginx"
|
|
6
|
+
sudo "rm -f /etc/nginx/sites-enabled/default"
|
|
7
|
+
put munin_nginx_config, "/etc/nginx/sites-available/#{File.basename(munin_nginx_config)}", :sudo => true
|
|
8
|
+
sudo "ln -sf /etc/nginx/sites-available/#{File.basename(munin_nginx_config)} /etc/nginx/sites-enabled/"
|
|
9
|
+
sudo "service nginx restart"
|
|
10
|
+
end
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
set :munin_node do
|
|
14
|
+
if defined? munin_extra_libs
|
|
15
|
+
apt munin_extra_libs.join(" ")
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
apt "munin-node"
|
|
19
|
+
|
|
20
|
+
append "/etc/munin/munin-node.conf", "allow #{munin_master}", :sudo => true
|
|
21
|
+
|
|
22
|
+
if defined? munin_bind_address
|
|
23
|
+
replace "/etc/munin/munin-node.conf", "^host \\*$", "host #{munin_bind_address}", :sudo => true
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
sudo "service munin-node restart"
|
|
27
|
+
|
|
28
|
+
message <<-EOF
|
|
29
|
+
You'll want to add a stanza like the following on your munin-master server:
|
|
30
|
+
#{"*" * 78}
|
|
31
|
+
[#{host}]
|
|
32
|
+
address [The IP of the host in question]
|
|
33
|
+
use_node_name yes
|
|
34
|
+
#{"*" * 78}
|
|
35
|
+
EOF
|
|
36
|
+
end
|
|
37
|
+
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
set :db do
|
|
2
|
+
if_fails "grep 'deb http://repo.percona.com/apt lucid main' /etc/apt/sources.list" do
|
|
3
|
+
append "/etc/apt/sources.list", "deb http://repo.percona.com/apt lucid main", :sudo => true
|
|
4
|
+
sudo "DEBCONF_TERSE='yes' DEBIAN_PRIORITY='critical' DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu update"
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
if_fails "[ -x /usr/sbin/mysqld ]" do
|
|
8
|
+
apt 'percona-server-server maatkit'
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
if defined? mysql_config_file
|
|
12
|
+
put mysql_config_file, "/etc/mysql/conf.d/wellca.cnf", :sudo => true
|
|
13
|
+
sudo "service mysql restart"
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
set :db_lockdown do
|
|
18
|
+
if_fails "[ -e .mysql_locked_down ]" do
|
|
19
|
+
message <<-EOF
|
|
20
|
+
#{"*" * 78}
|
|
21
|
+
In the following interactive session, select the following options.
|
|
22
|
+
Note that all selections listed below are the default options presented
|
|
23
|
+
by mysql_secure_installation. Note that the initial root password is empty.
|
|
24
|
+
- DO change the root password to a well defined secret
|
|
25
|
+
- DO remove anonymous user
|
|
26
|
+
- DO disallow remote root access
|
|
27
|
+
- DO remove test database
|
|
28
|
+
- DO reload privilege tables
|
|
29
|
+
#{"*" * 78}
|
|
30
|
+
EOF
|
|
31
|
+
sudo 'mysql_secure_installation'
|
|
32
|
+
run "touch .mysql_locked_down"
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
set :nginx_munin do
|
|
2
|
+
sudo "wget -O /usr/share/munin/plugins/nginx_request http://exchange.munin-monitoring.org/plugins/nginx_request/version/2/download"
|
|
3
|
+
sudo "wget -O /usr/share/munin/plugins/nginx_status http://exchange.munin-monitoring.org/plugins/nginx_status/version/3/download"
|
|
4
|
+
sudo "wget -O /usr/share/munin/plugins/nginx_memory http://exchange.munin-monitoring.org/plugins/nginx_memory/version/1/download"
|
|
5
|
+
|
|
6
|
+
sudo "chmod +x /usr/share/munin/plugins/nginx_request"
|
|
7
|
+
sudo "chmod +x /usr/share/munin/plugins/nginx_status"
|
|
8
|
+
sudo "chmod +x /usr/share/munin/plugins/nginx_memory"
|
|
9
|
+
|
|
10
|
+
sudo "ln -sf /usr/share/munin/plugins/nginx_request /etc/munin/plugins/nginx_request"
|
|
11
|
+
sudo "ln -sf /usr/share/munin/plugins/nginx_status /etc/munin/plugins/nginx_status"
|
|
12
|
+
sudo "ln -sf /usr/share/munin/plugins/nginx_memory /etc/munin/plugins/nginx_memory"
|
|
13
|
+
|
|
14
|
+
append "/etc/munin/plugin-conf.d/nginx", "[nginx*]
|
|
15
|
+
env.url http://localhost/nginx_status", :sudo => true
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
set :nginx do
|
|
19
|
+
if_fails "[ -f /usr/sbin/nginx ]" do
|
|
20
|
+
apt 'nginx'
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
if defined? nginx_config_files
|
|
24
|
+
nginx_config_files.each do |file|
|
|
25
|
+
put file, "/etc/nginx/conf.d/#{File.basename file}", :sudo => true
|
|
26
|
+
end
|
|
27
|
+
sudo "service nginx restart"
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
append "/etc/nginx/nginx.conf", "worker_rlimit_nofile 30000;", :sudo => true
|
|
31
|
+
append "/etc/sysctl.conf", "fs.file-max = 70000", :sudo => true
|
|
32
|
+
append "/etc/security/limits.conf", "www-data soft nofile 10000 ", :sudo => true
|
|
33
|
+
append "/etc/security/limits.conf", "www-data hard nofile 30000 ", :sudo => true
|
|
34
|
+
sudo "sysctl -p"
|
|
35
|
+
sudo "service nginx restart"
|
|
36
|
+
|
|
37
|
+
|
|
38
|
+
nginx_munin
|
|
39
|
+
end
|
data/lib/recipes/node.rb
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
set :node do
|
|
2
|
+
|
|
3
|
+
# Install node.js from source, since there aren't any debs for it yet
|
|
4
|
+
%w( g++ curl libssl-dev apache2-utils ).each do |pkg|
|
|
5
|
+
apt pkg
|
|
6
|
+
end
|
|
7
|
+
run 'mkdir -p src'
|
|
8
|
+
run 'cd src; [ -d node ] || git clone git://github.com/joyent/node.git'
|
|
9
|
+
run 'cd src/node && git pull && ./configure --prefix=/usr/local && make && sudo make install'
|
|
10
|
+
|
|
11
|
+
# Install the node package manager
|
|
12
|
+
run 'cd src; [ -d npm ] || git clone git://github.com/isaacs/npm.git'
|
|
13
|
+
run 'cd src/npm && git pull && sudo make install'
|
|
14
|
+
end
|
data/lib/recipes/ntp.rb
ADDED
data/lib/recipes/php.rb
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
set :php_config do
|
|
2
|
+
if defined? php_config_files
|
|
3
|
+
php_config_files.each do |file|
|
|
4
|
+
put file, "/etc/php5/conf.d/#{File.basename file}", :sudo => true
|
|
5
|
+
end
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
set :php do
|
|
10
|
+
%w( php5 php5-cli php5-mysql php5-memcache php5-curl php-pear php5-gd php-apc php5-geoip php5-sqlite php5-dev ).each do |pkg|
|
|
11
|
+
apt pkg
|
|
12
|
+
end
|
|
13
|
+
php_config
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
set :php_zmq do
|
|
17
|
+
run 'cd src; [ -d php-zmq ] || git clone git://github.com/mkoppanen/php-zmq.git'
|
|
18
|
+
run 'cd src/php-zmq; git pull && phpize && ./configure && make && sudo make install'
|
|
19
|
+
append "/etc/php5/conf.d/zmq.ini", "extension=zmq.so", :sudo => true
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
set :php_mongo do
|
|
23
|
+
sudo 'pecl install mongo'
|
|
24
|
+
append "/etc/php5/conf.d/mongo.ini", "extension=mongo.so", :sudo => true
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
set :php_cli do
|
|
28
|
+
%w( php5-cli php5-mysql php5-curl ).each do |pkg|
|
|
29
|
+
apt pkg
|
|
30
|
+
end
|
|
31
|
+
php_config
|
|
32
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
set :redis_munin do
|
|
2
|
+
sudo "wget -O /usr/share/munin/plugins/redis http://exchange.munin-monitoring.org/plugins/redis/version/3/download"
|
|
3
|
+
sudo "chmod +x /usr/share/munin/plugins/redis"
|
|
4
|
+
|
|
5
|
+
sudo "ln -sf /usr/share/munin/plugins/redis /etc/munin/plugins/redis_connected_clients"
|
|
6
|
+
sudo "ln -sf /usr/share/munin/plugins/redis /etc/munin/plugins/redis_per_sec"
|
|
7
|
+
sudo "ln -sf /usr/share/munin/plugins/redis /etc/munin/plugins/redis_used_memory"
|
|
8
|
+
|
|
9
|
+
sudo "service munin-node restart"
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
set :redis do
|
|
13
|
+
["deb http://archive.ubuntu.com/ubuntu maverick main restricted universe",
|
|
14
|
+
"deb http://archive.ubuntu.com/ubuntu maverick-updates main restricted universe",
|
|
15
|
+
"deb http://archive.ubuntu.com/ubuntu maverick-security main restricted universe"].each do |source|
|
|
16
|
+
if_fails "grep '#{source}' /etc/apt/sources.list" do
|
|
17
|
+
append "/etc/apt/sources.list", source, :sudo => true
|
|
18
|
+
sudo "DEBCONF_TERSE='yes' DEBIAN_PRIORITY='critical' DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu update"
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
append "/etc/apt/apt.conf.d/99lucidpin", "APT::Default-Release \"lucid\";", :sudo => true
|
|
23
|
+
|
|
24
|
+
if_fails "[ -x /usr/bin/redis-server ]" do
|
|
25
|
+
apt "redis-server/maverick"
|
|
26
|
+
if defined? redis_bind_address
|
|
27
|
+
replace "/etc/redis/redis.conf", "^bind 127.0.0.1", "bind #{redis_bind_address}", :sudo => true
|
|
28
|
+
sudo "/etc/init.d/redis-server restart", :pty => false
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
redis_munin
|
|
33
|
+
end
|
data/lib/recipes/ruby.rb
ADDED
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
set :ruby do
|
|
2
|
+
%w(build-essential bison openssl libreadline6 libreadline6-dev curl git-core zlib1g zlib1g-dev libssl-dev libyaml-dev libsqlite3-0 libsqlite3-dev sqlite3 libxml2-dev libxslt-dev autoconf libc6-dev).each do |pkg|
|
|
3
|
+
apt pkg
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
run "sudo bash < <(curl -L http://bit.ly/rvm-install-system-wide)"
|
|
7
|
+
|
|
8
|
+
append "/etc/profile.d/rvm.sh", "[[ -s \"/usr/local/lib/rvm\" ]] && source \"/usr/local/lib/rvm\"", :sudo => true
|
|
9
|
+
sudo "chmod +x /etc/profile.d/rvm.sh"
|
|
10
|
+
sudo "rvm install 1.9.2"
|
|
11
|
+
sudo "rvm --default use 1.9.2"
|
|
12
|
+
sudo "adduser #{user} rvm"
|
|
13
|
+
end
|
|
14
|
+
|
data/lib/recipes/smtp.rb
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
set :smtp_base do
|
|
2
|
+
if_fails "[ -x /usr/sbin/postfix ]" do
|
|
3
|
+
apt "postfix"
|
|
4
|
+
end
|
|
5
|
+
|
|
6
|
+
if_fails "[ -x /usr/bin/bsd-mailx ]" do
|
|
7
|
+
apt "bsd-mailx"
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
append "/etc/aliases", "root: #{admin_email}", :sudo => true
|
|
11
|
+
sudo "newaliases"
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
set :smtp_local do
|
|
15
|
+
smtp_base
|
|
16
|
+
replace "/etc/postfix/main.cf", "inet_interfaces =.*", "inet_interfaces = loopback-only", :sudo => true
|
|
17
|
+
replace "/etc/postfix/main.cf", "relayhost =.*", "relayhost = #{smtp_relay_host}", :sudo => true
|
|
18
|
+
sudo "service postfix restart"
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
set :smtp_relay do
|
|
22
|
+
smtp_base
|
|
23
|
+
|
|
24
|
+
if_fails "[ -x /usr/sbin/opendkim ]" do
|
|
25
|
+
apt "opendkim"
|
|
26
|
+
opendkim_conf_files.each do |file|
|
|
27
|
+
put file, "/etc/#{File.basename(file)}", :sudo => true, :owner => "root", :group => "opendkim"
|
|
28
|
+
end
|
|
29
|
+
sudo "service opendkim restart"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
["smtpd_authorized_verp_clients = $mynetworks",
|
|
33
|
+
"milter_default_action = accept",
|
|
34
|
+
"milter_protocol = 2",
|
|
35
|
+
"smtpd_milters = inet:localhost:8891",
|
|
36
|
+
"non_smtpd_milters = inet:localhost:8891"].each do |line|
|
|
37
|
+
append "/etc/postfix/main.cf", line, :sudo => true
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
replace "/etc/postfix/main.cf", "myhostname =.*", "myhostname = #{smtp_external_hostname}", :sudo => true
|
|
41
|
+
replace "/etc/postfix/main.cf", "mydestination =.*", "mydestination = #{smtp_destination}", :sudo => true
|
|
42
|
+
replace "/etc/postfix/main.cf", "mynetworks =.*", "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 #{relay_network}", :sudo => true
|
|
43
|
+
sudo "service postfix restart"
|
|
44
|
+
end
|
data/lib/recipes/ssh.rb
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
set :ssh do
|
|
2
|
+
if_fails "[ -x /usr/sbin/sshd ]" do
|
|
3
|
+
apt "openssh-server"
|
|
4
|
+
end
|
|
5
|
+
if defined? ssh_bind_address
|
|
6
|
+
replace "/etc/ssh/sshd_config", "#ListenAddress 0.0.0.0", "ListenAddress #{ssh_bind_address}\\nListenAddress 127.0.0.1", :sudo => true
|
|
7
|
+
sudo "service ssh restart"
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
if_fails "[ -e .ssh/authorized_keys ]" do
|
|
11
|
+
run "mkdir -m 700 -p .ssh"
|
|
12
|
+
put authorized_keys, ".ssh/authorized_keys", :mode => 600
|
|
13
|
+
end
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
set :ssh_lockdown do
|
|
17
|
+
replace "/etc/ssh/sshd_config", ".*PasswordAuthentication yes", "PasswordAuthentication no", :sudo => true
|
|
18
|
+
replace "/etc/ssh/sshd_config", ".*PermitRootLogin yes", "PermitRootLogin no", :sudo => true
|
|
19
|
+
append "/etc/ssh/sshd_config", "PermitTunnel yes", :sudo => true
|
|
20
|
+
sudo "service ssh restart"
|
|
21
|
+
end
|
|
22
|
+
|
data/lib/ubuntu.rb
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'doo'
|
|
2
|
+
|
|
3
|
+
# Define the apt method as it exists on Ubuntu
|
|
4
|
+
def apt(package, opts = {})
|
|
5
|
+
if opts[:interactive]
|
|
6
|
+
sudo "DEBIAN_PRIORITY=critical apt-get install #{package}"
|
|
7
|
+
else
|
|
8
|
+
sudo "DEBCONF_TERSE=yes DEBIAN_PRIORITY=critical DEBIAN_FRONTEND=noninteractive apt-get --force-yes -qyu install #{package}"
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
# Now load all of our recipes in
|
|
13
|
+
Dir[File.join(File.dirname(__FILE__), 'recipes', '*.rb')].each { |file| load file }
|
metadata
ADDED
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: doo-extras
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 0
|
|
7
|
+
- 0
|
|
8
|
+
- 1
|
|
9
|
+
version: 0.0.1
|
|
10
|
+
platform: ruby
|
|
11
|
+
authors:
|
|
12
|
+
- Mat Trudel
|
|
13
|
+
autorequire:
|
|
14
|
+
bindir: bin
|
|
15
|
+
cert_chain: []
|
|
16
|
+
|
|
17
|
+
date: 2011-03-23 00:00:00 -04:00
|
|
18
|
+
default_executable:
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
21
|
+
name: doo
|
|
22
|
+
prerelease: false
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
none: false
|
|
25
|
+
requirements:
|
|
26
|
+
- - ">="
|
|
27
|
+
- !ruby/object:Gem::Version
|
|
28
|
+
segments:
|
|
29
|
+
- 0
|
|
30
|
+
version: "0"
|
|
31
|
+
type: :runtime
|
|
32
|
+
version_requirements: *id001
|
|
33
|
+
description: doo-extras provides a base set of recipes for doo for building out common daemons and configuration models on Ubuntu based servers
|
|
34
|
+
email:
|
|
35
|
+
- mat@geeky.net
|
|
36
|
+
executables: []
|
|
37
|
+
|
|
38
|
+
extensions: []
|
|
39
|
+
|
|
40
|
+
extra_rdoc_files:
|
|
41
|
+
- README.md
|
|
42
|
+
files:
|
|
43
|
+
- README.md
|
|
44
|
+
- lib/ubuntu.rb
|
|
45
|
+
- lib/recipes/apache.rb
|
|
46
|
+
- lib/recipes/backupninja.rb
|
|
47
|
+
- lib/recipes/basic.rb
|
|
48
|
+
- lib/recipes/jetty.rb
|
|
49
|
+
- lib/recipes/memcached.rb
|
|
50
|
+
- lib/recipes/mongodb.rb
|
|
51
|
+
- lib/recipes/monit.rb
|
|
52
|
+
- lib/recipes/munin.rb
|
|
53
|
+
- lib/recipes/mysql.rb
|
|
54
|
+
- lib/recipes/nginx.rb
|
|
55
|
+
- lib/recipes/node.rb
|
|
56
|
+
- lib/recipes/ntp.rb
|
|
57
|
+
- lib/recipes/php.rb
|
|
58
|
+
- lib/recipes/python.rb
|
|
59
|
+
- lib/recipes/rails.rb
|
|
60
|
+
- lib/recipes/redis.rb
|
|
61
|
+
- lib/recipes/ruby.rb
|
|
62
|
+
- lib/recipes/smtp.rb
|
|
63
|
+
- lib/recipes/ssh.rb
|
|
64
|
+
has_rdoc: true
|
|
65
|
+
homepage: http://github.com/mtrudel/doo-extras
|
|
66
|
+
licenses: []
|
|
67
|
+
|
|
68
|
+
post_install_message:
|
|
69
|
+
rdoc_options: []
|
|
70
|
+
|
|
71
|
+
require_paths:
|
|
72
|
+
- lib
|
|
73
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
74
|
+
none: false
|
|
75
|
+
requirements:
|
|
76
|
+
- - ">="
|
|
77
|
+
- !ruby/object:Gem::Version
|
|
78
|
+
segments:
|
|
79
|
+
- 0
|
|
80
|
+
version: "0"
|
|
81
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
82
|
+
none: false
|
|
83
|
+
requirements:
|
|
84
|
+
- - ">="
|
|
85
|
+
- !ruby/object:Gem::Version
|
|
86
|
+
segments:
|
|
87
|
+
- 0
|
|
88
|
+
version: "0"
|
|
89
|
+
requirements: []
|
|
90
|
+
|
|
91
|
+
rubyforge_project:
|
|
92
|
+
rubygems_version: 1.3.7
|
|
93
|
+
signing_key:
|
|
94
|
+
specification_version: 3
|
|
95
|
+
summary: A base set of recipes for building out common daemons using doo
|
|
96
|
+
test_files: []
|
|
97
|
+
|