4 years ago · 82d7391e9d
--- a/.gitignore
+++ b/.gitignore
@@ -25,4 +25,5 @@
 
				 /node_modules/
			
 
				 
			
 
				 # vi
			
 
				-.swap
			
 
				+.swap
			
 
				+.env
			
--- a/app/article/mobile.css
+++ b/app/article/mobile.css
@@ -71,10 +71,10 @@ note:hover .ref {
 
				 }
			
 
				 .right_float_min #right_float_pannal {
			
 
				     position: fixed;
			
 
				-    top: 30%;
			
 
				+    top: 60%;
			
 
				     left: 0;
			
 
				     width: 100%;
			
 
				-    height: 70%;
			
 
				+    height: 40%;
			
 
				 }
			
 
				 #head_nav_right{
			
 
				 	flex-direction: column;
			
--- a/app/users_guide/zh-cn/grammar_aor.md
+++ b/app/users_guide/zh-cn/grammar_aor.md
@@ -1,4 +1,4 @@
 
				-## 不定过去
			
 
				+## 过去式
			
 
				 
			
 
				 **动词**变位之一，巴利语中表达过去发生动作的时态。
			
 
				 
			
--- a/deploy/.gitignore
+++ b/deploy/.gitignore
@@ -0,0 +1 @@
 
				+/clients/
			
--- a/deploy/.txt
+++ b/deploy/.txt
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -0,0 +1,32 @@
 
				+# Deployment
			
 
				+
			
 
				+## Setup a cluster
			
 
				+
			
 
				+```bash
			
 
				+# create cluster
			
 
				+mkdir -p clients/CLUSTER/.ssh
			
 
				+cd clients/CLUSTER
			
 
				+# append your cluster hosts
			
 
				+touch hosts
			
 
				+# generate ssh key
			
 
				+ssh-keygen -t ed25519 -f .ssh/id_ed25519
			
 
				+# upload the ssh public key to target host
			
 
				+ssh-copy-id -i .ssh/id_ed25519 USER@HOST
			
 
				+```
			
 
				+
			
 
				+## Deploy
			
 
				+
			
 
				+```bash
			
 
				+# test ssh connections
			
 
				+peony -i staging ping.yml
			
 
				+# run on all hosts
			
 
				+peony -i staging pi.yml
			
 
				+# run on only group
			
 
				+peony -i staging pi.yml -l GROUP
			
 
				+```
			
 
				+
			
 
				+## System image
			
 
				+
			
 
				+- [Raspberry Pi OS Lite](https://www.raspberrypi.com/software/operating-systems/)
			
 
				+- [Armbian](https://www.armbian.com/download/)
			
 
				+- [wiringPi for Orange Pi](https://github.com/orangepi-xunlong/WiringOP)
			
--- a/deploy/group_vars/all.yml
+++ b/deploy/group_vars/all.yml
@@ -0,0 +1,9 @@
 
				+ansible_user: "deploy"
			
 
				+ansible_python_interpreter: /usr/bin/python3
			
 
				+ansible_ssh_private_key_file: "{{inventory_dir}}/.ssh/id_ed25519"
			
 
				+#ansible_ssh_private_key_file: "{{inventory_dir}}/.ssh/id_rsa"
			
 
				+
			
 
				+app_deploy_target: "/opt/{{ app_vendor }}/{{ ansible_date_time.iso8601_basic }}"
			
 
				+app_downloads: "{{ ansible_env.HOME }}/downloads"
			
 
				+app_backup: "{{ ansible_env.HOME }}/backup"
			
 
				+app_python_version: "3.11"
			
--- a/deploy/group_vars/nano_pi.yml
+++ b/deploy/group_vars/nano_pi.yml
@@ -0,0 +1,2 @@
 
				+ansible_user: "pi"
			
 
				+ansible_sudo_pass: "pi"
			
--- a/deploy/group_vars/orange_pi.yml
+++ b/deploy/group_vars/orange_pi.yml
@@ -0,0 +1 @@
 
				+ansible_user: "root"
			
--- a/deploy/group_vars/raspbarry_pi.yml
+++ b/deploy/group_vars/raspbarry_pi.yml
@@ -0,0 +1 @@
 
				+ansible_user: "pi"
			
--- a/deploy/mint.yml
+++ b/deploy/mint.yml
@@ -0,0 +1,12 @@
 
				+- hosts: all
			
 
				+  roles:
			
 
				+    - os
			
 
				+    - ubuntu
			
 
				+    - python3
			
 
				+    - php
			
 
				+
			
 
				+- hosts: db
			
 
				+  roles:
			
 
				+
			
 
				+- hosts: www
			
 
				+  roles:
			
--- a/deploy/php.sh
+++ b/deploy/php.sh
@@ -1,33 +0,0 @@
 
				-#!/bin/bash
			
 
				-
			
 
				-set -e
			
 
				-
			
 
				-export PHP_VERSION="8.0"
			
 
				-
			
 
				-declare -a plugins=(
			
 
				-    "cli"
			
 
				-    "fpm"
			
 
				-    "xml"
			
 
				-    # https://php.watch/versions/8.0/ext-json
			
 
				-    # "json"
			
 
				-    "imap"
			
 
				-    "intl"
			
 
				-    "mbstring"
			
 
				-    "bz2"
			
 
				-    "zip"
			
 
				-    "curl"
			
 
				-    "gd"
			
 
				-    "imagick"
			
 
				-    "mysql"
			
 
				-    "pgsql"
			
 
				-    "sqlite3"
			
 
				-    "redis"
			
 
				-    "bcmath"
			
 
				-)
			
 
				-
			
 
				-for i in "${plugins[@]}"
			
 
				-do
			
 
				-    sudo apt install -y php${PHP_VERSION}-$i
			
 
				-done
			
 
				-
			
 
				-echo 'done.'
			
--- a/deploy/ping.yml
+++ b/deploy/ping.yml
@@ -0,0 +1,4 @@
 
				+- hosts: all
			
 
				+  roles:
			
 
				+    - ping
			
 
				+
			
--- a/deploy/roles/os/tasks/init.yml
+++ b/deploy/roles/os/tasks/init.yml
@@ -0,0 +1,21 @@
 
				+- name: create deploy folder
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    path: "{{ app_deploy_target }}"
			
 
				+    state: directory
			
 
				+    owner: "{{ ansible_user }}"
			
 
				+
			
 
				+- name: create downloads folder
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    path: "{{ app_downloads }}"
			
 
				+    state: directory
			
 
				+    owner: "{{ ansible_user }}"
			
 
				+
			
 
				+- name: create backup folder
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    path: "{{ app_backup }}"
			
 
				+    state: directory
			
 
				+    owner: "{{ ansible_user }}"
			
 
				+
			
--- a/deploy/roles/os/tasks/main.yml
+++ b/deploy/roles/os/tasks/main.yml
@@ -0,0 +1,42 @@
 
				+- include: init.yml
			
 
				+- include: sshd.yml
			
 
				+- include: ulimits.yml
			
 
				+
			
 
				+- name: Setup sudo without password 
			
 
				+  become: true
			
 
				+  ansible.builtin.template:
			
 
				+    src: sudo.conf.j2
			
 
				+    dest: /etc/sudoers.d/100-{{ ansible_user }}
			
 
				+    owner: root
			
 
				+    group: root
			
 
				+    mode: 0440
			
 
				+  when: ansible_distribution != 'Raspbian' and ansible_user != 'root'
			
 
				+
			
 
				+- name: Reset root password
			
 
				+  become: true
			
 
				+  shell: echo "root:$(pwgen 32 1)" | chpasswd
			
 
				+
			
 
				+- name: Reset {{ ansible_user }} password
			
 
				+  become: true
			
 
				+  shell: echo "{{ ansible_user }}:$(pwgen 32 1)" | chpasswd
			
 
				+  when: ansible_user != 'root'
			
 
				+
			
 
				+- name: Set timezone
			
 
				+  become: true
			
 
				+  shell: timedatectl set-timezone UTC
			
 
				+
			
 
				+- name: Setup journald storage 
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/journald.conf
			
 
				+    regexp: '^#Storage='
			
 
				+    line: Storage=persistent
			
 
				+
			
 
				+# https://www.linode.com/docs/quick-answers/linux/how-to-use-journalctl/
			
 
				+- name: Setup journald storage keep-free
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/journald.conf
			
 
				+    state: present
			
 
				+    regexp: '^#SystemKeepFree='
			
 
				+    line: SystemKeepFree=6%
			
--- a/deploy/roles/os/tasks/sshd.yml
+++ b/deploy/roles/os/tasks/sshd.yml
@@ -0,0 +1,22 @@
 
				+- name: Backup sshd_config
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /etc/ssh/sshd_config
			
 
				+    dest: "{{ app_backup }}/etc_sshd_config"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: Disable dns for sshd
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/ssh/sshd_config
			
 
				+    regexp: '^UseDNS '
			
 
				+    line: UseDNS no
			
 
				+
			
 
				+- name: Disable GSS api auth for sshd
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/ssh/sshd_config
			
 
				+    regexp: '^GSSAPIAuthentication '
			
 
				+    line: GSSAPIAuthentication no
			
 
				+
			
--- a/deploy/roles/os/tasks/ulimits.yml
+++ b/deploy/roles/os/tasks/ulimits.yml
@@ -0,0 +1,80 @@
 
				+- name: Backup system.conf
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /etc/systemd/system.conf
			
 
				+    dest: "{{ app_backup }}/etc_systemd_system"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: Setup nofile for system
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/system.conf
			
 
				+    regexp: "^DefaultLimitNOFILE="
			
 
				+    line: DefaultLimitNOFILE=2097152
			
 
				+
			
 
				+- name: Setup nproc for system
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/system.conf
			
 
				+    regexp: "^DefaultLimitNPROC"
			
 
				+    line: DefaultLimitNPROC=524288
			
 
				+
			
 
				+- name: Backup user.conf
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /etc/systemd/user.conf
			
 
				+    dest: "{{ app_backup }}/etc_systemd_user.conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: Setup nofile for user
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/user.conf
			
 
				+    regexp: "^DefaultLimitNOFILE="
			
 
				+    line: DefaultLimitNOFILE=1048576
			
 
				+
			
 
				+- name: Setup nproc for user
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/systemd/user.conf
			
 
				+    regexp: "^DefaultLimitNPROC"
			
 
				+    line: DefaultLimitNPROC=262144
			
 
				+
			
 
				+- name: Backup limits.conf
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /etc/security/limits.conf
			
 
				+    dest: "{{ app_backup }}/etc_security_limits.conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: Set user level ppen file limits for root
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/security/limits.conf
			
 
				+    line: root        soft nofile 10240
			
 
				+
			
 
				+- name: Set user level ppen file limits for {{ansible_user}}
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/security/limits.conf
			
 
				+    line: "{{ansible_user}}        soft nofile 10240"
			
 
				+
			
 
				+# https://docs.oracle.com/en/database/oracle/oracle-database/12.2/ladbi/changing-kernel-parameter-values.html#GUID-FB0CC366-61C9-4AA2-9BE7-233EB6810A31
			
 
				+- name: Setup file max
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: "/etc/sysctl.d/100-{{app_vendor}}.conf"
			
 
				+    state: present
			
 
				+    line: fs.file-max = 6815744
			
 
				+    create: true
			
 
				+
			
 
				+- name: Setup file max
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: "/etc/sysctl.d/100-{{app_vendor}}.conf"
			
 
				+    state: present
			
 
				+    line: fs.inotify.max_user_watches = 512000
			
 
				+    create: true
			
--- a/deploy/roles/os/templates/sudo.conf.j2
+++ b/deploy/roles/os/templates/sudo.conf.j2
@@ -0,0 +1 @@
 
				+{{ ansible_user }} ALL=(ALL) NOPASSWD:ALL
			
--- a/deploy/roles/php/tasks/main.yml
+++ b/deploy/roles/php/tasks/main.yml
@@ -0,0 +1,32 @@
 
				+- name: Add php repository
			
 
				+  become: true
			
 
				+  ansible.builtin.apt_repository:
			
 
				+    repo: ppa:ondrej/php
			
 
				+
			
 
				+- name: Install php packages
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    pkg:
			
 
				+      - php-cli
			
 
				+      - php-fpm
			
 
				+      - php-xml
			
 
				+      - php-imap
			
 
				+      - php-intl
			
 
				+      - php-mbstring
			
 
				+      - php-bz2
			
 
				+      - php-zip
			
 
				+      - php-curl
			
 
				+      - php-gd
			
 
				+      - php-imagick
			
 
				+      - php-mysql
			
 
				+      - php-pgsql
			
 
				+      - php-sqlite3
			
 
				+      - php-redis
			
 
				+      - php-bcmath
			
 
				+
			
 
				+# https://getcomposer.org/doc/00-intro.md#installation-linux-unix-macos
			
 
				+- name: Download composer
			
 
				+  get_url:
			
 
				+    url: https://getcomposer.org/download/latest-stable/composer.phar
			
 
				+    dest: "{{ ansible_env.HOME }}/.local/bin/composer"
			
 
				+    mode: 0755
			
--- a/deploy/roles/ping/tasks/main.yml
+++ b/deploy/roles/ping/tasks/main.yml
@@ -0,0 +1,6 @@
 
				+- name: Test ssh connection
			
 
				+  ping:
			
 
				+
			
 
				+- name: Show facts available on the system
			
 
				+  ansible.builtin.debug:
			
 
				+    var: ansible_facts
			
--- a/deploy/roles/python3/roles/main.yml
+++ b/deploy/roles/python3/roles/main.yml
@@ -0,0 +1,30 @@
 
				+- name: Add python3 repository
			
 
				+  become: true
			
 
				+  ansible.builtin.apt_repository:
			
 
				+    repo: ppa:deadsnakes/ppa
			
 
				+
			
 
				+- name: make sure {{ app_downloads }} exists
			
 
				+  become: true
			
 
				+  file:
			
 
				+    state: absent
			
 
				+    path: "{{ app_downloads }}"
			
 
				+
			
 
				+# https://pip.pypa.io/en/stable/installation/
			
 
				+- name: Download get-pip
			
 
				+  get_url:
			
 
				+    url: https://bootstrap.pypa.io/get-pip.py
			
 
				+    dest: "{{ app_downloads }}/get-pip.py"
			
 
				+    mode: 0644
			
 
				+
			
 
				+- name: Run get-pip
			
 
				+  ansible.builtin.command: "python3{{ app_python_version }} {{ app_downloads }}/get-pip.py"
			
 
				+  args:
			
 
				+    creates: "{{ ansible_env.HOME }}/.local/bin/pip"
			
 
				+
			
 
				+- name: Install python packages
			
 
				+  pip:
			
 
				+    name:
			
 
				+      - cmake
			
 
				+      - boto3
			
 
				+    extra_args: --user
			
 
				+    executable: "{{ ansible_env.HOME }}/.local/bin/pip"
			
--- a/deploy/roles/reboot/tasks/main.yml
+++ b/deploy/roles/reboot/tasks/main.yml
@@ -0,0 +1,5 @@
 
				+
			
 
				+- name: Reboot
			
 
				+  become: true
			
 
				+  reboot:
			
 
				+    reboot_timeout: 120
			
--- a/deploy/roles/ubuntu/tasks/armbian.yml
+++ b/deploy/roles/ubuntu/tasks/armbian.yml
@@ -0,0 +1,15 @@
 
				+- name: backup /boot/armbianEnv.txt
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /boot/armbianEnv.txt
			
 
				+    dest: "{{ app_backup }}/boot_armbianEnv_txt"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+  
			
 
				+- name: enable uart for armbian
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /boot/armbianEnv.txt
			
 
				+    regexp: '^overlays='
			
 
				+    line: overlays=usbhost2 usbhost3 uart1 uart2 analog-codec
			
 
				+
			
--- a/deploy/roles/ubuntu/tasks/clean.yml
+++ b/deploy/roles/ubuntu/tasks/clean.yml
@@ -0,0 +1,14 @@
 
				+- name: Remove useless packages from the cache
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    autoclean: yes
			
 
				+
			
 
				+- name: Remove dependencies that are no longer required
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    autoremove: yes
			
 
				+
			
 
				+- name: Force systemd to reread configs
			
 
				+  become: true
			
 
				+  systemd:
			
 
				+    daemon_reload: yes
			
--- a/deploy/roles/ubuntu/tasks/friendly-core.yml
+++ b/deploy/roles/ubuntu/tasks/friendly-core.yml
@@ -0,0 +1,60 @@
 
				+
			
 
				+- name: backup serial-getty@ttyAMA0.service.d/autologin.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
			
 
				+    dest: "{{ app_backup }}/ttyAMA0_autologin_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: disable autologin for ttyAMA0
			
 
				+  become: true
			
 
				+  ansible.builtin.replace:
			
 
				+    path: /etc/systemd/system/serial-getty@ttyAMA0.service.d/autologin.conf
			
 
				+    regexp: ' --autologin pi '
			
 
				+    replace: ' '
			
 
				+
			
 
				+- name: backup getty@tty1.service.d/autologin.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/systemd/system/getty@tty1.service.d/autologin.conf
			
 
				+    dest: "{{ app_backup }}/tty1_autologin_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: disable autologin for tty1
			
 
				+  become: true
			
 
				+  ansible.builtin.replace:
			
 
				+    path: /etc/systemd/system/getty@tty1.service.d/autologin.conf
			
 
				+    regexp: ' --autologin pi '
			
 
				+    replace: ' '
			
 
				+
			
 
				+- name: backup serial-getty@ttyS0.service.d/autologin.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
			
 
				+    dest: "{{ app_backup }}/ttyS0_autologin_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: disable autologin for ttyS0
			
 
				+  become: true
			
 
				+  ansible.builtin.replace:
			
 
				+    path: /etc/systemd/system/serial-getty@ttyS0.service.d/autologin.conf
			
 
				+    regexp: ' --autologin pi '
			
 
				+    replace: ' '
			
 
				+
			
 
				+- name: backup serial-getty@ttySAC0.service.d/autologin.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
			
 
				+    dest: "{{ app_backup }}/ttySAC0_autologin_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: disable autologin for ttySAC0
			
 
				+  become: true
			
 
				+  ansible.builtin.replace:
			
 
				+    path: /etc/systemd/system/serial-getty@ttySAC0.service.d/autologin.conf
			
 
				+    regexp: ' --autologin pi '
			
 
				+    replace: ' '
			
--- a/deploy/roles/ubuntu/tasks/locales.yml
+++ b/deploy/roles/ubuntu/tasks/locales.yml
@@ -0,0 +1,38 @@
 
				+- name: Backup locale.gen
			
 
				+  become: true
			
 
				+  copy:
			
 
				+    src: /etc/locale.gen
			
 
				+    dest: "{{ app_backup }}/etc_locale.gen"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: Enable en-US locale
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/locale.gen
			
 
				+    state: present
			
 
				+    line: en_US.UTF-8 UTF-8
			
 
				+
			
 
				+
			
 
				+- name: Enable zh-CN locale
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/locale.gen
			
 
				+    state: present
			
 
				+    line: zh_CN.UTF-8 UTF-8
			
 
				+
			
 
				+- name: Enable zh-TW locale
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /etc/locale.gen
			
 
				+    state: present
			
 
				+    line: zh_TW.UTF-8 UTF-8
			
 
				+
			
 
				+
			
 
				+- name: Generate locales
			
 
				+  become: true
			
 
				+  shell: locale-gen
			
 
				+
			
 
				+- name: Use en_US as default locale
			
 
				+  become: true
			
 
				+  shell: update-locale LANG=en_US.UTF-8
			
--- a/deploy/roles/ubuntu/tasks/main.yml
+++ b/deploy/roles/ubuntu/tasks/main.yml
@@ -0,0 +1,166 @@
 
				+# - name: Remove postfix at first
			
 
				+#   become: true
			
 
				+#   apt:
			
 
				+#     name: postfix
			
 
				+#     state: absent
			
 
				+#     purge: yes
			
 
				+
			
 
				+# - name: Backup /etc/apt/sources.list.d
			
 
				+#   become: true
			
 
				+#   copy:
			
 
				+#     src: /etc/apt/sources.list.d
			
 
				+#     dest: "{{ app_backup }}/etc_apt_sources_list_d"
			
 
				+#     remote_src: yes
			
 
				+#     backup: yes
			
 
				+
			
 
				+# - name: Delete /etc/apt/sources.list.d
			
 
				+#   become: true
			
 
				+#   file:
			
 
				+#     state: absent
			
 
				+#     path: /etc/apt/sources.list.d
			
 
				+
			
 
				+- name: add PPA for Ubuntu Toolchain
			
 
				+  become: true
			
 
				+  ansible.builtin.apt_repository:
			
 
				+    repo: ppa:ubuntu-toolchain-r/test
			
 
				+  when: ansible_distribution == 'Ubuntu'
			
 
				+
			
 
				+- name: Update system
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    upgrade: yes
			
 
				+    update_cache: yes
			
 
				+    cache_valid_time: 3600
			
 
				+
			
 
				+- name: Install dependicy packages
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    pkg:
			
 
				+      - apt-transport-https
			
 
				+      - software-properties-common
			
 
				+      - gnupg
			
 
				+      - openssh-server
			
 
				+      - openssh-client
			
 
				+      - sshpass
			
 
				+      - wpasupplicant
			
 
				+      - rsync
			
 
				+      - at
			
 
				+      - sysstat
			
 
				+      - libtool
			
 
				+      - ethtool
			
 
				+      - dnsutils
			
 
				+      - dnsmasq
			
 
				+      - uuid-runtime
			
 
				+      - lshw
			
 
				+      - tcpdump
			
 
				+      - lm-sensors
			
 
				+      - hddtemp
			
 
				+      - dmidecode
			
 
				+      - net-tools
			
 
				+      - iputils-arping
			
 
				+      - iputils-ping
			
 
				+      - telnet
			
 
				+      - vim
			
 
				+      - git
			
 
				+      - pwgen
			
 
				+      - locales
			
 
				+      - ntpdate
			
 
				+      - imagemagick
			
 
				+      - mpg123
			
 
				+      - ffmpeg
			
 
				+      - sqlite3
			
 
				+      - tree
			
 
				+      - alsa-utils
			
 
				+      - pulseaudio
			
 
				+      - zsh
			
 
				+      - wget
			
 
				+      - curl
			
 
				+      - zip
			
 
				+      - unzip
			
 
				+      - nginx
			
 
				+      - openvpn
			
 
				+      - snmpd
			
 
				+      - systemd-cron
			
 
				+      - systemd-timesyncd
			
 
				+      - screen
			
 
				+      - tmux
			
 
				+      - python3
			
 
				+      - python3-pip
			
 
				+      - python3-distutils
			
 
				+      - python3-dev
			
 
				+      - libpq5
			
 
				+      
			
 
				+
			
 
				+- include: locales.yml
			
 
				+
			
 
				+- name: Set default editor to vim
			
 
				+  become: true
			
 
				+  shell: update-alternatives --set editor /usr/bin/vim.basic
			
 
				+
			
 
				+- name: Set timezone
			
 
				+  become: true
			
 
				+  shell: timedatectl set-timezone Asia/Shanghai
			
 
				+
			
 
				+- name: Set git rebase mode
			
 
				+  become: true
			
 
				+  shell: git config --global pull.rebase false
			
 
				+
			
 
				+- include: zsh.yml
			
 
				+
			
 
				+# ---------------------------------------------------
			
 
				+
			
 
				+- name: check if friendlyelec
			
 
				+  ansible.builtin.stat:
			
 
				+    path: /etc/friendlyelec-release
			
 
				+  register: app_os_friendlyelec
			
 
				+
			
 
				+- include: friendly-core.yml
			
 
				+  when: app_os_friendlyelec.stat.islnk is defined and app_os_friendlyelec.stat.isreg
			
 
				+
			
 
				+- name: check if armbian
			
 
				+  ansible.builtin.stat:
			
 
				+    path: /etc/armbian-release
			
 
				+  register: app_os_armbian
			
 
				+
			
 
				+- include: armbian.yml
			
 
				+  when: app_os_armbian.stat.islnk is defined and app_os_armbian.stat.isreg
			
 
				+
			
 
				+- include: raspbian.yml
			
 
				+  when: ansible_distribution == 'Raspbian'
			
 
				+
			
 
				+- include: pi.yml
			
 
				+  when: ansible_distribution == 'Raspbian' or (app_os_armbian.stat.islnk is defined and app_os_armbian.stat.isreg) or (app_os_friendlyelec.stat.islnk is defined and app_os_friendlyelec.stat.isreg)
			
 
				+
			
 
				+# ---------------------------------------------------
			
 
				+
			
 
				+- name: enable nginx service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: nginx
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+
			
 
				+- name: enable cron service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: cron-target
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+- name: enable ssh service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: ssh
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+- name: enable systemd-timesyncd service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: systemd-timesyncd
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+
			
 
				+- include: clean.yml
			
--- a/deploy/roles/ubuntu/tasks/pi.yml
+++ b/deploy/roles/ubuntu/tasks/pi.yml
@@ -0,0 +1,133 @@
 
				+- name: Install dependicy packages
			
 
				+  become: true
			
 
				+  apt:
			
 
				+    pkg:
			
 
				+      - espeak-ng
			
 
				+
			
 
				+# ------------------------------------------------
			
 
				+
			
 
				+- name: backup /etc/snmp/snmpd.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/snmp/snmpd.conf
			
 
				+    dest: "{{ app_backup }}/etc_snmp_snmpd_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+
			
 
				+- name: enable snmpd agent
			
 
				+  become: true
			
 
				+  ansible.builtin.lineinfile:
			
 
				+    path: /etc/snmp/snmpd.conf
			
 
				+    regexp: '^agentAddress '
			
 
				+    line: "agentAddress udp:161"
			
 
				+
			
 
				+- name: enable snmpd view
			
 
				+  become: true
			
 
				+  ansible.builtin.lineinfile:
			
 
				+    path: /etc/snmp/snmpd.conf
			
 
				+    line: "view systemonly included .1.3.6.1.4.1.2021"
			
 
				+
			
 
				+- name: enable snmpd service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: snmpd
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+
			
 
				+# --------------------------------------------
			
 
				+
			
 
				+- name: backup /etc/dhcp/dhclient.conf
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /etc/dhcp/dhclient.conf
			
 
				+    dest: "{{ app_backup }}/etc_dhcp_dhclient_conf"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+
			
 
				+- name: enable option 72 for dhclient
			
 
				+  become: true
			
 
				+  ansible.builtin.lineinfile:
			
 
				+    path: /etc/dhcp/dhclient.conf
			
 
				+    line: "also request www-server;"
			
 
				+
			
 
				+
			
 
				+# --------------------------------------------
			
 
				+
			
 
				+- name: delete /etc/systemd/network
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    path: /etc/systemd/network
			
 
				+    state: absent
			
 
				+
			
 
				+- name: create /etc/systemd/network
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    path: /etc/systemd/network
			
 
				+    state: directory
			
 
				+
			
 
				+- name: Create a symbolic link
			
 
				+  become: true
			
 
				+  ansible.builtin.file:
			
 
				+    src: /run/systemd/resolve/resolv.conf
			
 
				+    dest: /etc/resolv.conf
			
 
				+    state: link
			
 
				+
			
 
				+- name: disable dnsmasq service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: dnsmasq
			
 
				+    enabled: no
			
 
				+    masked: yes
			
 
				+
			
 
				+
			
 
				+- name: disable NetworkManager service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: NetworkManager
			
 
				+    enabled: no
			
 
				+    masked: yes
			
 
				+
			
 
				+- name: enable systemd-networkd service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: systemd-networkd
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+- name: enable systemd-resolved service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: systemd-resolved
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+- name: enable wpa_supplicant@wlan0service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: wpa_supplicant@wlan0
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+- name: enable openvpn@client service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: openvpn@client
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+
			
 
				+
			
 
				+- name: Reboot
			
 
				+  become: true
			
 
				+  reboot:
			
 
				+    reboot_timeout: 120
			
 
				+
			
 
				+- name: enable pulseaudio service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: pulseaudio
			
 
				+    enabled: yes
			
 
				+    masked: no
			
 
				+    scope: user
			
--- a/deploy/roles/ubuntu/tasks/raspbian.yml
+++ b/deploy/roles/ubuntu/tasks/raspbian.yml
@@ -0,0 +1,52 @@
 
				+# https://www.raspberrypi.org/documentation/configuration/uart.md
			
 
				+
			
 
				+- name: backup /boot/config.txt
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /boot/config.txt
			
 
				+    dest: "{{ app_backup }}/boot_config_txt"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: enable uart
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /boot/config.txt
			
 
				+    regexp: '^enable_uart='
			
 
				+    line: enable_uart=1
			
 
				+
			
 
				+- name: disable bluetooth
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /boot/config.txt
			
 
				+    regexp: '^dtoverlay='
			
 
				+    line: dtoverlay=disable-bt
			
 
				+
			
 
				+- name: hidden splash message
			
 
				+  become: true
			
 
				+  lineinfile:
			
 
				+    path: /boot/config.txt
			
 
				+    regexp: '^disable_splash='
			
 
				+    line: disable_splash=1 
			
 
				+
			
 
				+- name: backup /boot/cmdline.txt
			
 
				+  become: true
			
 
				+  ansible.builtin.copy:
			
 
				+    src: /boot/cmdline.txt
			
 
				+    dest: "{{ app_backup }}/boot_cmdline_txt"
			
 
				+    remote_src: yes
			
 
				+    backup: yes
			
 
				+
			
 
				+- name: disable debug port & logo
			
 
				+  become: true
			
 
				+  ansible.builtin.replace:
			
 
				+    path: /boot/cmdline.txt
			
 
				+    regexp: 'console=serial0,115200'
			
 
				+    replace: 'loglevel=3 logo.nologo'
			
 
				+
			
 
				+- name: disable hciuart service
			
 
				+  become: true
			
 
				+  ansible.builtin.systemd:
			
 
				+    name: hciuart
			
 
				+    enabled: no
			
 
				+    masked: yes
			
--- a/deploy/roles/ubuntu/tasks/zsh.yml
+++ b/deploy/roles/ubuntu/tasks/zsh.yml
@@ -0,0 +1,26 @@
 
				+- name: Clone oh-my-zsh
			
 
				+  git:
			
 
				+    repo: https://github.com/robbyrussell/oh-my-zsh.git
			
 
				+    dest: "{{ansible_env.HOME}}/.oh-my-zsh"
			
 
				+
			
 
				+# - name: Extract ohmyzsh
			
 
				+#   unarchive:
			
 
				+#     src: ohmyzsh-master.zip
			
 
				+#     dest: "{{ansible_env.HOME}}/"
			
 
				+
			
 
				+# - name: Rename ohmyzsh
			
 
				+#   command: mv ohmyzsh-master .oh-my-zsh
			
 
				+#   args:
			
 
				+#     chdir: "{{ansible_env.HOME}}"
			
 
				+#     creates: .oh-my-zsh
			
 
				+
			
 
				+- name: Setup .zshrc
			
 
				+  copy:
			
 
				+    src: "{{ansible_env.HOME}}/.oh-my-zsh/templates/zshrc.zsh-template"
			
 
				+    dest: "{{ansible_env.HOME}}/.zshrc"
			
 
				+    remote_src: true
			
 
				+    mode: 0600
			
 
				+
			
 
				+- name: Use zsh
			
 
				+  become: true
			
 
				+  shell: chsh -s /bin/zsh {{ansible_user}}
			
--- a/deploy/staging/.gitignore
+++ b/deploy/staging/.gitignore
@@ -0,0 +1 @@
 
				+/.ssh/
			
--- a/deploy/staging/hosts
+++ b/deploy/staging/hosts
@@ -0,0 +1,14 @@
 
				+[www]
			
 
				+
			
 
				+[db]
			
 
				+
			
 
				+[cache]
			
 
				+
			
 
				+[mq]
			
 
				+
			
 
				+
			
 
				+[all:vars]
			
 
				+app_vendor="iapt-platform.mint"
			
 
				+; openssl rand -base64 32
			
 
				+app_secret_key="4i3WKUvKtSGl59htK7XjUNsjalhkG5s7RJCmZruT2m4="
			
 
				+
			
--- a/docker/README.md
+++ b/docker/README.md
@@ -14,9 +14,9 @@
 
				   # clear outdated images
			
 
				   podman rmi -a -f
			
 
				   # uncompress image files
			
 
				-  cat palm.tar.xz.a* | tar xj
			
 
				+  cat palm-spring.tar.xz.a* | tar xj
			
 
				   # import new podman image
			
 
				-  podman load -q -i mint-TIMESTAMP.tar  
			
 
				+  podman load -q -i palm-spring-TIMESTAMP.tar  
			
 
				   ```
			
 
				 
			
 
				 - Enjoy it!
			
@@ -25,11 +25,8 @@
 
				   ![start](documents/start.png)
			
 
				 
			
 
				   ```bash
			
 
				-  # for the first time start
			
 
				-  ./docker/first.sh
			
 
				-  # fot the next time start
			
 
				-  ./docker/next.sh
			
 
				-  
			
 
				+  # start container
			
 
				+  ./docker/start.sh
			
 
				   # start servers
			
 
				   > sudo supervisord -c /etc/supervisor/supervisord.conf
			
 
				 
			
--- a/docker/first.sh
+++ b/docker/first.sh
@@ -1,2 +0,0 @@
 
				-#!/bin/sh
			
 
				-podman run --name mint -it --userns=keep-id --hostname=palm --user=$(id -ur):$(id -gr) --network host --events-backend=file -v $PWD/..:/workspace:z palm
			
--- a/docker/next.sh
+++ b/docker/next.sh
@@ -1,2 +0,0 @@
 
				-#!/bin/sh
			
 
				-podman start -i -a --events-backend=file mint
			
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -0,0 +1,10 @@
 
				+#!/bin/sh
			
 
				+
			
 
				+NAME=mint
			
 
				+
			
 
				+if podman container exists $NAME
			
 
				+then
			
 
				+    podman start -i -a --events-backend=file $NAME
			
 
				+else
			
 
				+    podman run --name $NAME -it --userns=keep-id --hostname=palm --user=$(id -ur):$(id -gr) --network host --events-backend=file -v $PWD:/workspace:z palm-spring
			
 
				+fi