propellor/Propellor.hs

import Common
import HostName
import qualified Property.File as File
import qualified Property.Apt as Apt
import qualified Property.Ssh as Ssh
import qualified Property.User as User
import qualified Property.Hostname as Hostname
import qualified Property.Reboot as Reboot
import qualified Property.Tor as Tor
import qualified Property.GitHome as GitHome

main :: IO ()
main = ensureProperties . getProperties =<< getHostName

{- This is where the system's HostName, either as returned by uname
 - or one specified on the command line, is converted into a list of
 - Properties for that system. -}
getProperties :: HostName -> [Property]
getProperties hostname@"clam.kitenet.net" =
	[ cleanCloudAtCost hostname
	, standardSystem Apt.Unstable
	-- Clam is a tor bridge.
	, Tor.isBridge
	-- This is not an important system so I don't want to need to 
	-- manually upgrade it.
	, Apt.unattendedUpgrades True
	-- Should come last as it reboots.
	, Apt.installed ["systemd-sysv"] `onChange` Reboot.now
	]
-- add more hosts here...
--getProperties "foo" =
getProperties h = error $ unwords
	[ "Unknown host:", h
	, "(perhaps you should specify the real hostname on the command line?)"
	]

-- This is my standard system setup
standardSystem :: Apt.Suite -> Property
standardSystem suite = propertyList "standard system"
	[ Apt.stdSourcesList suite `onChange` Apt.upgrade
	, Apt.installed ["etckeeper"]
	, Apt.installed ["ssh"]
	, GitHome.installedFor "root"
	-- Harden the system, but only once root's authorized_keys
	-- is safely in place.
	, check (Ssh.hasAuthorizedKeys "root") $
		Ssh.passwordAuthentication False
	, check (Ssh.hasAuthorizedKeys "root") $
		User.lockedPassword "root"
	, Apt.installed ["vim"]
	, User.sshAccountFor "joey"
	, Apt.installed ["sudo"]
	-- nopasswd because no password is set up for joey.
	, "/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
		`describe` "sudoer joey"
	, GitHome.installedFor "joey"
	-- I use postfix, or no MTA.
	, Apt.removed ["exim4"] `onChange` Apt.autoRemove
	]

-- Clean up a system as installed by cloudatcost.com
cleanCloudAtCost :: HostName -> Property
cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
	[ User.nuked "user"
	, Hostname.set hostname
	, Ssh.uniqueHostKeys
	, "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
		`onChange` cmdProperty "update-grub" []
		`onChange` cmdProperty "update-initramfs" [Param "-u"]
		`describe` "work around grub/lvm boot bug #743126"
	, combineProperties
		[ File.notPresent "/etc/rc.local"
		, File.notPresent "/etc/init.d/S97-setup.sh"
		] `describe` "nuked cloudatcost cruft"
	]
refactor 2014-03-30 19:31:57 +00:00			`import Common`
cabalized and added a wrapper program 2014-03-30 04:08:02 +00:00			`import HostName`
split out Property.FIle 2014-03-30 17:12:33 +00:00			`import qualified Property.File as File`
initial check-in too young to have a name 2014-03-30 03:10:52 +00:00			`import qualified Property.Apt as Apt`
			`import qualified Property.Ssh as Ssh`
			`import qualified Property.User as User`
configure hostname etc 2014-03-30 03:45:48 +00:00			`import qualified Property.Hostname as Hostname`
install systemd on clam and then reboot 2014-03-30 03:24:40 +00:00			`import qualified Property.Reboot as Reboot`
tor bridge 2014-03-30 04:38:16 +00:00			`import qualified Property.Tor as Tor`
			`import qualified Property.GitHome as GitHome`
initial check-in too young to have a name 2014-03-30 03:10:52 +00:00
cabalized and added a wrapper program 2014-03-30 04:08:02 +00:00			`main :: IO ()`
			`main = ensureProperties . getProperties =<< getHostName`

			`{- This is where the system's HostName, either as returned by uname`
property lists 2014-03-30 06:26:23 +00:00			`- or one specified on the command line, is converted into a list of`
cabalized and added a wrapper program 2014-03-30 04:08:02 +00:00			`- Properties for that system. -}`
			`getProperties :: HostName -> [Property]`
property lists 2014-03-30 06:26:23 +00:00			`getProperties hostname@"clam.kitenet.net" =`
			`[ cleanCloudAtCost hostname`
improved 2014-03-30 06:12:48 +00:00			`, standardSystem Apt.Unstable`
tweaks 2014-03-30 20:15:27 +00:00			`-- Clam is a tor bridge.`
			`, Tor.isBridge`
improved 2014-03-30 06:12:48 +00:00			`-- This is not an important system so I don't want to need to`
			`-- manually upgrade it.`
			`, Apt.unattendedUpgrades True`
			`-- Should come last as it reboots.`
add workaround for #612402 2014-03-30 17:39:09 +00:00			, Apt.installed ["systemd-sysv"] `onChange` Reboot.now
improved 2014-03-30 06:12:48 +00:00			`]`
			`-- add more hosts here...`
			`--getProperties "foo" =`
tweaks 2014-03-30 20:15:27 +00:00			`getProperties h = error $ unwords`
			`[ "Unknown host:", h`
			`, "(perhaps you should specify the real hostname on the command line?)"`
			`]`
improved 2014-03-30 06:12:48 +00:00
			`-- This is my standard system setup`
property lists 2014-03-30 06:26:23 +00:00			`standardSystem :: Apt.Suite -> Property`
			`standardSystem suite = propertyList "standard system"`
improved 2014-03-30 06:12:48 +00:00			[ Apt.stdSourcesList suite `onChange` Apt.upgrade
improvements 2014-03-30 04:28:56 +00:00			`, Apt.installed ["etckeeper"]`
			`, Apt.installed ["ssh"]`
install systemd on clam and then reboot 2014-03-30 03:24:40 +00:00			`, GitHome.installedFor "root"`
improvements 2014-03-30 04:28:56 +00:00			`-- Harden the system, but only once root's authorized_keys`
			`-- is safely in place.`
initial check-in too young to have a name 2014-03-30 03:10:52 +00:00			`, check (Ssh.hasAuthorizedKeys "root") $`
			`Ssh.passwordAuthentication False`
password locking 2014-03-30 04:17:44 +00:00			`, check (Ssh.hasAuthorizedKeys "root") $`
			`User.lockedPassword "root"`
fix ssh config 2014-03-30 05:49:11 +00:00			`, Apt.installed ["vim"]`
better descriptions for properties 2014-03-30 19:53:35 +00:00			`, User.sshAccountFor "joey"`
install systemd on clam and then reboot 2014-03-30 03:24:40 +00:00			`, Apt.installed ["sudo"]`
improved 2014-03-30 06:12:48 +00:00			`-- nopasswd because no password is set up for joey.`
split out Property.FIle 2014-03-30 17:12:33 +00:00			, "/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
better descriptions for properties 2014-03-30 19:53:35 +00:00			`describe` "sudoer joey"
install systemd on clam and then reboot 2014-03-30 03:24:40 +00:00			`, GitHome.installedFor "joey"`
tweaks 2014-03-30 20:15:27 +00:00			`-- I use postfix, or no MTA.`
			, Apt.removed ["exim4"] `onChange` Apt.autoRemove
initial check-in too young to have a name 2014-03-30 03:10:52 +00:00			`]`
property lists 2014-03-30 06:26:23 +00:00
			`-- Clean up a system as installed by cloudatcost.com`
			`cleanCloudAtCost :: HostName -> Property`
			`cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"`
			`[ User.nuked "user"`
			`, Hostname.set hostname`
			`, Ssh.uniqueHostKeys`
add workaround for #612402 2014-03-30 17:39:09 +00:00			, "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
			`onChange` cmdProperty "update-grub" []
			`onChange` cmdProperty "update-initramfs" [Param "-u"]
better descriptions for properties 2014-03-30 19:53:35 +00:00			`describe` "work around grub/lvm boot bug #743126"
more description improvements 2014-03-30 20:11:00 +00:00			`, combineProperties`
			`[ File.notPresent "/etc/rc.local"`
			`, File.notPresent "/etc/init.d/S97-setup.sh"`
			] `describe` "nuked cloudatcost cruft"
property lists 2014-03-30 06:26:23 +00:00			`]`