propellor/HostProp.hs

50 lines
1.8 KiB
Haskell
Raw Normal View History

import Property
2014-03-30 04:08:02 +00:00
import HostName
import qualified Property.Apt as Apt
import qualified Property.Ssh as Ssh
import qualified Property.User as User
2014-03-30 03:45:48 +00:00
import qualified Property.Hostname as Hostname
import qualified Property.Reboot as Reboot
2014-03-30 04:38:16 +00:00
import qualified Property.Tor as Tor
import qualified Property.GitHome as GitHome
2014-03-30 04:08:02 +00:00
main :: IO ()
main = ensureProperties . getProperties =<< getHostName
{- This is where the system's HostName, either as returned by uname
- or one specified on the command line is converted into a list of
- Properties for that system. -}
getProperties :: HostName -> [Property]
2014-03-30 05:17:19 +00:00
getProperties "clam.kitenet.net" =
2014-03-30 04:28:56 +00:00
-- Clean up the system as installed by cloudatcost.com
[ User.nuked "user"
, Apt.removed ["exim4"] `onChange` Apt.autoRemove
2014-03-30 03:45:48 +00:00
, Hostname.set "clam.kitenet.net"
, Ssh.uniqueHostKeys
2014-03-30 04:28:56 +00:00
-- This is my standard system setup
, Apt.stdSourcesList Apt.Unstable `onChange` Apt.upgrade
, Apt.installed ["etckeeper"]
, Apt.installed ["ssh"]
, GitHome.installedFor "root"
2014-03-30 04:28:56 +00:00
-- Harden the system, but only once root's authorized_keys
-- is safely in place.
, check (Ssh.hasAuthorizedKeys "root") $
Ssh.passwordAuthentication False
2014-03-30 04:17:44 +00:00
, check (Ssh.hasAuthorizedKeys "root") $
User.lockedPassword "root"
, User.nonsystem "joey"
, Apt.installed ["sudo"]
2014-03-30 04:28:56 +00:00
, lineInFile "/etc/sudoers" "joey ALL=(ALL:ALL) ALL"
, GitHome.installedFor "joey"
2014-03-30 04:28:56 +00:00
-- Clam is a tor bridge.
2014-03-30 04:38:16 +00:00
, Tor.isBridge
2014-03-30 05:44:36 +00:00
-- This is not an important system so I don't want to need to
-- manually upgrade it.
, Apt.unattendedUpgrades True
2014-03-30 04:28:56 +00:00
-- Should come last as it reboots.
, Apt.installed ["systemd-sysv"] `onChange` Reboot.scheduled "+10"
]
2014-03-30 04:08:02 +00:00
-- add more hosts here...
--getProperties "foo" =
getProperties h = error $ "Unknown host: " ++ h ++ " (perhaps you should specify the real hostname on the command line?)"