propellor/src/Propellor/Property/Apache.hs

96 lines
2.8 KiB
Haskell
Raw Normal View History

2014-04-13 18:01:30 +00:00
module Propellor.Property.Apache where
import Propellor
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
2014-04-13 18:36:19 +00:00
import qualified Propellor.Property.Service as Service
import Utility.SafeCommand
2014-04-13 18:01:30 +00:00
type ConfigFile = [String]
siteEnabled :: HostName -> ConfigFile -> RevertableProperty
siteEnabled hn cf = enable <!> disable
2014-04-13 18:01:30 +00:00
where
enable = combineProperties ("apache site enabled " ++ hn)
[ siteAvailable hn cf
`requires` installed
`onChange` reloaded
, check (not <$> isenabled) $
cmdProperty "a2ensite" ["--quiet", hn]
`requires` installed
`onChange` reloaded
]
disable = combineProperties
2014-07-22 19:25:07 +00:00
("apache site disabled " ++ hn)
(map File.notPresent (siteCfg hn))
2014-04-13 18:01:30 +00:00
`onChange` cmdProperty "a2dissite" ["--quiet", hn]
2014-04-13 18:36:19 +00:00
`requires` installed
`onChange` reloaded
isenabled = boolSystem "a2query" [Param "-q", Param "-s", Param hn]
2014-04-13 18:01:30 +00:00
siteAvailable :: HostName -> ConfigFile -> Property NoInfo
2014-07-22 19:25:07 +00:00
siteAvailable hn cf = combineProperties ("apache site available " ++ hn) $
map (`File.hasContent` (comment:cf)) (siteCfg hn)
2014-04-13 18:01:30 +00:00
where
comment = "# deployed with propellor, do not modify"
2014-04-13 18:36:19 +00:00
modEnabled :: String -> RevertableProperty
modEnabled modname = enable <!> disable
2014-04-13 18:36:19 +00:00
where
enable = check (not <$> isenabled) $
cmdProperty "a2enmod" ["--quiet", modname]
`describe` ("apache module enabled " ++ modname)
`requires` installed
`onChange` reloaded
disable = check isenabled $
cmdProperty "a2dismod" ["--quiet", modname]
`describe` ("apache module disabled " ++ modname)
`requires` installed
`onChange` reloaded
isenabled = boolSystem "a2query" [Param "-q", Param "-m", Param modname]
2014-04-13 18:36:19 +00:00
2014-07-22 19:25:07 +00:00
-- This is a list of config files because different versions of apache
-- use different filenames. Propellor simply writes them all.
2014-07-22 19:25:07 +00:00
siteCfg :: HostName -> [FilePath]
siteCfg hn =
-- Debian pre-2.4
[ "/etc/apache2/sites-available/" ++ hn
-- Debian 2.4+
, "/etc/apache2/sites-available/" ++ hn ++ ".conf"
]
2014-04-13 18:36:19 +00:00
installed :: Property NoInfo
2014-04-13 18:36:19 +00:00
installed = Apt.installed ["apache2"]
restarted :: Property NoInfo
restarted = Service.restarted "apache2"
2014-04-13 18:01:30 +00:00
reloaded :: Property NoInfo
2014-04-13 18:36:19 +00:00
reloaded = Service.reloaded "apache2"
2014-04-14 01:04:34 +00:00
-- | Configure apache to use SNI to differentiate between
-- https hosts.
multiSSL :: Property NoInfo
2014-04-14 01:04:34 +00:00
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
[ "NameVirtualHost *:443"
, "SSLStrictSNIVHostCheck off"
]
`describe` "apache SNI enabled"
`onChange` reloaded
2014-07-22 20:40:11 +00:00
-- | Config file fragment that can be inserted into a <Directory>
-- stanza to allow global read access to the directory.
--
-- Works with multiple versions of apache that have different ways to do
-- it.
allowAll :: String
allowAll = unlines
[ "<IfVersion < 2.4>"
, "Order allow,deny"
, "allow from all"
, "</IfVersion>"
, "<IfVersion >= 2.4>"
, "Require all granted"
, "</IfVersion>"
]