From 56ce7fe4167cce90347039cee357220352a5ac07 Mon Sep 17 00:00:00 2001
From: Dennis Eriksen <d@ennis.no>
Date: Sun, 6 Sep 2020 20:45:53 +0200
Subject: Initial commit

---
 .gitignore                                         |  3 +
 mkosi.default                                      | 17 ++++++
 mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades     |  9 +++
 .../etc/apt/apt.conf.d/50unattended-upgrades       | 34 ++++++++++++
 mkosi.extra/root/env.samble                        |  2 +
 mkosi.nspawn                                       | 15 +++++
 mkosi.postinst                                     | 64 ++++++++++++++++++++++
 7 files changed, 144 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 mkosi.default
 create mode 100644 mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades
 create mode 100644 mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades
 create mode 100644 mkosi.extra/root/env.samble
 create mode 100644 mkosi.nspawn
 create mode 100755 mkosi.postinst

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..491fb8b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+# mkosi cache
+mkosi.cache/*
+mkosi.extra/root/env
diff --git a/mkosi.default b/mkosi.default
new file mode 100644
index 0000000..e86c87a
--- /dev/null
+++ b/mkosi.default
@@ -0,0 +1,17 @@
+[Distribution]
+Distribution=ubuntu
+Release=focal
+Repositories=main,universe
+Mirror=http://no.archive.ubuntu.com/ubuntu
+
+[Output]
+Format=directory
+Output=/var/lib/machines/mayan-edms
+
+[Packages]
+WithNetwork=yes
+Packages=
+    unattended-upgrades
+    ca-certificates
+    locales
+    sudo
diff --git a/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades
new file mode 100644
index 0000000..4c725ab
--- /dev/null
+++ b/mkosi.extra/etc/apt/apt.conf.d/20auto-upgrades
@@ -0,0 +1,9 @@
+APT::Periodic::Unattended-Upgrade "1";
+
+APT::Periodic::Update-Package-Lists "1";
+
+
+APT::Periodic::AutocleanInterval "7";
+
+
+
diff --git a/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades
new file mode 100644
index 0000000..768347b
--- /dev/null
+++ b/mkosi.extra/etc/apt/apt.conf.d/50unattended-upgrades
@@ -0,0 +1,34 @@
+// Unattended-Upgrade::Origins-Pattern controls which packages are
+// upgraded.
+Unattended-Upgrade::Origins-Pattern {
+      "origin=Ubuntu,archive=${distro_codename}-security";
+      "o=Ubuntu,a=${distro_codename}";
+      "o=Ubuntu,a=${distro_codename}-updates";
+      "o=Ubuntu,a=${distro_codename}-proposed-updates";
+      "o=Ubuntu,n=${distro_codename}-backports";
+  };
+
+// List of packages to not update (regexp are supported)
+Unattended-Upgrade::Package-Blacklist {
+};
+
+
+// Split the upgrade into the smallest possible chunks so that
+// they can be interrupted with SIGUSR1. This makes the upgrade
+// a bit slower but it has the benefit that shutdown while a upgrade
+// is running is possible (with a small delay)
+Unattended-Upgrade::MinimalSteps "true";
+
+
+// Do automatic removal of new unused dependencies after the upgrade
+// (equivalent to apt-get autoremove)
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
+
+// Do upgrade application even if it requires restart after upgrade
+// I.e. "XB-Upgrade-Requires: app-restart" is set in the debian/control file
+Unattended-Upgrade::IgnoreAppsRequireRestart "true";
+
+// Automatically run "dpkg --force-confold --configure -a".
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+ 
diff --git a/mkosi.extra/root/env.samble b/mkosi.extra/root/env.samble
new file mode 100644
index 0000000..3b73f1c
--- /dev/null
+++ b/mkosi.extra/root/env.samble
@@ -0,0 +1,2 @@
+export MAYAN_DATABASES="{'default':{'ENGINE':'django.db.backends.postgresql','NAME':'mayan','PASSWORD':'myanuserpass','USER':'mayan','HOST':'127.0.0.1'}}"
+export MAYAN_REDIS_PASSWORD='mayanredispassword'
diff --git a/mkosi.nspawn b/mkosi.nspawn
new file mode 100644
index 0000000..43b9888
--- /dev/null
+++ b/mkosi.nspawn
@@ -0,0 +1,15 @@
+[Exec]
+Hostname=mayan-edms
+ResolvConf=copy-host
+Timezone=copy
+# 65536*435
+PrivateUsers=28508160
+NoNewPrivileges=yes
+
+[Files]
+PrivateUsersChown=yes
+Bind=/var/local/mayan-edms/media:/opt/mayan-edms/media
+
+[Network]
+VirtualEthernet=no
+
diff --git a/mkosi.postinst b/mkosi.postinst
new file mode 100755
index 0000000..a742824
--- /dev/null
+++ b/mkosi.postinst
@@ -0,0 +1,64 @@
+#export DEBIAN_FRONTEND=noninteractive!/bin/sh
+set -ex
+export DEBIAN_FRONTEND=noninteractive
+
+# motd
+chmod 644 /etc/update-motd.d/*
+systemctl mask motd-news.service
+systemctl mask motd-news.timer
+
+# Add update- and security-repositories, and perform upgrade
+RELEASE=$(grep DISTRIB_CODENAME /etc/lsb-release | awk -F'=' '{print $2}')
+echo "deb http://no.archive.ubuntu.com/ubuntu ${RELEASE}-security main universe" >> /etc/apt/sources.list
+echo "deb http://no.archive.ubuntu.com/ubuntu ${RELEASE}-updates main universe" >> /etc/apt/sources.list
+apt-get update && apt-get --yes full-upgrade && apt-get --yes autoremove
+
+# locales
+sed -i 's/# en_IE.UTF-8 UTF-8/en_IE.UTF-8 UTF-8/' /etc/locale.gen
+locale-gen
+
+
+# Installing
+# From https://docs.mayan-edms.com/chapters/deploying.html
+
+apt-get install exiftool g++ gcc coreutils ghostscript gnupg1 graphviz libfuse2 libjpeg-dev libmagic1 libpq-dev libpng-dev libreoffice libtiff-dev poppler-utils postgresql-client python3-dev python3-virtualenv redis-server sane-utils supervisor tesseract-ocr zlib1g-dev -y
+
+# Create user
+groupadd --system mayan
+useradd --system --home-dir /opt/mayan-edms --create-home --shell /usr/sbin/nologin --gid mayan mayan
+mv /root/env /opt/mayan-edms/
+virtualenv /opt/mayan-edms -p /usr/bin/python3
+chown mayan:mayan /opt/mayan-edms -R
+
+# variables
+export MAYAN_MEDIA_ROOT=/opt/mayan-edms/media
+export MAYAN_STATIC_ROOT=/opt/mayan-edms/static
+. /opt/mayan-edms/env
+
+# Install application
+sudo -u mayan /opt/mayan-edms/bin/pip install -U pip
+sudo -u mayan /opt/mayan-edms/bin/pip install --use-feature=2020-resolver mayan-edms
+sudo -u mayan /opt/mayan-edms/bin/pip install psycopg2==2.8.4 redis==3.4.1
+
+# Bootstrap mayan
+#sudo --preserve-env -u mayan /opt/mayan-edms/bin/mayan-edms.py initialsetup
+sudo --preserve-env -u mayan /opt/mayan-edms/bin/mayan-edms.py installdependencies
+sudo --preserve-env -u mayan /opt/mayan-edms/bin/mayan-edms.py preparestatic
+
+# supervisor
+sudo --preserve-env -u mayan /opt/mayan-edms/bin/mayan-edms.py platformtemplate supervisord | sudo sh -c "cat > /etc/supervisor/conf.d/mayan.conf"
+sed -i "/MAYAN_MEDIA_ROOT/a \ \ \ \ MAYAN_STATIC_ROOT=\"${MAYAN_STATIC_ROOT}\"," /etc/supervisor/conf.d/mayan.conf
+sed -i 's/8000/8311/' /etc/supervisor/conf.d/mayan.conf
+
+systemctl enable supervisor
+
+# Redis
+sed -i "s/mayanredispassword/${MAYAN_REDIS_PASSWORD}/" /etc/supervisor/conf.d/mayan.conf
+echo "maxmemory-policy allkeys-lru" >> /etc/redis/redis.conf
+echo "save \"\"" >> /etc/redis/redis.conf
+echo "databases 2" >> /etc/redis/redis.conf
+echo "requirepass ${MAYAN_REDIS_PASSWORD}" >> /etc/redis/redis.conf
+
+# Some cleanup
+apt remove --yes --purge libjpeg-dev libpq-dev libpng-dev libtiff-dev zlib1g-dev
+rm /opt/mayan-edms/env
-- 
cgit v1.2.3