chore: bootstrap lean sysadmin-chronicles repo
Import the runnable game code, content, docs, scripts, and repo guidance while leaving local agent state, dependency installs, build output, and backup copies out of the published tree.
This commit is contained in:
Executable
+158
@@ -0,0 +1,158 @@
|
||||
#!/usr/bin/env bash
|
||||
# Profile: sc-web-server (hermes)
|
||||
# Role: nginx web/app server — staging and demo environment for AxiomFlow.
|
||||
# Distro: Debian 12 (bookworm) cloud image
|
||||
|
||||
DOMAIN="sc-web-server"
|
||||
HOSTNAME="hermes"
|
||||
RAM_MB=512
|
||||
VCPUS=1
|
||||
DISK_SIZE="8G"
|
||||
GRAPHICS="vnc"
|
||||
BASE_URL="https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2"
|
||||
BASE_IMAGE="$SC_BASE_DIR/debian-12-genericcloud-amd64.qcow2"
|
||||
|
||||
generate_user_data() {
|
||||
cat <<EOF
|
||||
#cloud-config
|
||||
hostname: ${HOSTNAME}
|
||||
fqdn: ${HOSTNAME}.axiomworks.internal
|
||||
manage_etc_hosts: false
|
||||
ssh_pwauth: false
|
||||
package_update: true
|
||||
package_upgrade: false
|
||||
packages:
|
||||
- qemu-guest-agent
|
||||
- openssh-server
|
||||
- sudo
|
||||
- nginx
|
||||
- logrotate
|
||||
- rsync
|
||||
- curl
|
||||
- wget
|
||||
- git
|
||||
- python3
|
||||
- jq
|
||||
- vim
|
||||
- nano
|
||||
- htop
|
||||
- procps
|
||||
- psmisc
|
||||
- iproute2
|
||||
- iputils-ping
|
||||
- dnsutils
|
||||
- netcat-openbsd
|
||||
- tcpdump
|
||||
- lsof
|
||||
- strace
|
||||
- less
|
||||
- tree
|
||||
- unzip
|
||||
- bash-completion
|
||||
users:
|
||||
- default
|
||||
- name: player
|
||||
gecos: Axiom Works Operator
|
||||
groups: [sudo]
|
||||
shell: /bin/bash
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
|
||||
ssh_authorized_keys:
|
||||
- ${PUBKEY}
|
||||
write_files:
|
||||
- path: /etc/hosts
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
content: |
|
||||
127.0.0.1 localhost
|
||||
127.0.1.1 hermes hermes.axiomworks.internal
|
||||
${GAME_HOST_IP} axiomworks.internal portal.axiomworks.internal
|
||||
- path: /etc/sudoers.d/99-player
|
||||
owner: root:root
|
||||
permissions: '0440'
|
||||
content: |
|
||||
player ALL=(ALL) NOPASSWD:ALL
|
||||
- path: /etc/nginx/sites-available/axiomworks.conf
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
content: |
|
||||
server {
|
||||
listen 80;
|
||||
server_name hermes hermes.axiomworks.internal _;
|
||||
|
||||
root /var/www/axiomworks;
|
||||
index index.html;
|
||||
|
||||
access_log /var/log/nginx/axiomworks.access.log;
|
||||
error_log /var/log/nginx/axiomworks.error.log;
|
||||
|
||||
location / {
|
||||
try_files \$uri \$uri/ =404;
|
||||
}
|
||||
}
|
||||
- path: /var/www/axiomworks/index.html
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
content: |
|
||||
<!doctype html>
|
||||
<html><head><title>AxiomFlow</title></head>
|
||||
<body><h1>AxiomFlow Staging</h1><p>Build not yet deployed.</p></body>
|
||||
</html>
|
||||
- path: /opt/deploy/deploy.sh
|
||||
owner: root:root
|
||||
permissions: '0755'
|
||||
content: |
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
SRC="\${1:-/home/player/build/dist}"
|
||||
rsync -av --delete "\$SRC/" /var/www/axiomworks/
|
||||
echo "\$(date) Deploy from \$SRC complete." >> /var/log/axiomworks/deploy.log
|
||||
- path: /home/player/.bashrc
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
content: |
|
||||
[ -z "\$PS1" ] && return
|
||||
export TERM=xterm-256color
|
||||
export EDITOR=vim
|
||||
PS1='\[\e[0;33m\]\u@\h\[\e[0m\]:\[\e[0;34m\]\w\[\e[0m\]\$ '
|
||||
HISTSIZE=5000
|
||||
HISTFILESIZE=10000
|
||||
HISTCONTROL=ignoredups:erasedups
|
||||
shopt -s histappend
|
||||
alias ll='ls -lh --color=auto'
|
||||
alias la='ls -lha --color=auto'
|
||||
alias grep='grep --color=auto'
|
||||
alias ..='cd ..'
|
||||
alias nginx-test='nginx -t'
|
||||
alias nginx-reload='systemctl reload nginx'
|
||||
alias logs='journalctl -f'
|
||||
if [ -f /usr/share/bash-completion/bash_completion ]; then
|
||||
. /usr/share/bash-completion/bash_completion
|
||||
fi
|
||||
- path: /etc/sysctl.d/99-sc-hermes.conf
|
||||
owner: root:root
|
||||
permissions: '0644'
|
||||
content: |
|
||||
vm.swappiness=10
|
||||
vm.vfs_cache_pressure=50
|
||||
vm.dirty_ratio=15
|
||||
vm.dirty_background_ratio=3
|
||||
net.ipv6.conf.all.disable_ipv6=1
|
||||
net.ipv6.conf.default.disable_ipv6=1
|
||||
runcmd:
|
||||
- ln -sf /etc/nginx/sites-available/axiomworks.conf /etc/nginx/sites-enabled/axiomworks.conf
|
||||
- rm -f /etc/nginx/sites-enabled/default
|
||||
- mkdir -p /var/www/axiomworks /var/log/axiomworks /opt/deploy
|
||||
- chown -R www-data:www-data /var/www/axiomworks
|
||||
- touch /var/log/axiomworks/deploy.log
|
||||
- chown www-data:www-data /var/log/axiomworks/deploy.log
|
||||
- chown -R player:player /home/player
|
||||
- fallocate -l 512M /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo '/swapfile none swap sw 0 0' >> /etc/fstab
|
||||
- sysctl -p /etc/sysctl.d/99-sc-hermes.conf
|
||||
- systemctl enable --now qemu-guest-agent ssh nginx
|
||||
- systemctl disable --now unattended-upgrades || true
|
||||
- systemctl disable --now apt-daily.timer apt-daily-upgrade.timer || true
|
||||
- systemctl disable --now ModemManager || true
|
||||
- systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
|
||||
final_message: "Hermes web server is ready."
|
||||
EOF
|
||||
}
|
||||
Reference in New Issue
Block a user