2014-04-19 21:16:13 +00:00
|
|
|
-- This is the live config file used by propellor's author.
|
2014-08-29 23:07:18 +00:00
|
|
|
-- https://propellor.branchable.com/
|
2014-05-01 13:48:33 +00:00
|
|
|
module Main where
|
2014-04-03 16:06:58 +00:00
|
|
|
|
|
|
|
import Propellor
|
|
|
|
import Propellor.CmdLine
|
2014-04-09 04:54:27 +00:00
|
|
|
import Propellor.Property.Scheduled
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.File as File
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
|
|
|
import qualified Propellor.Property.Network as Network
|
2014-09-09 17:58:01 +00:00
|
|
|
import qualified Propellor.Property.Service as Service
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.Ssh as Ssh
|
|
|
|
import qualified Propellor.Property.Cron as Cron
|
|
|
|
import qualified Propellor.Property.Sudo as Sudo
|
|
|
|
import qualified Propellor.Property.User as User
|
|
|
|
import qualified Propellor.Property.Hostname as Hostname
|
|
|
|
import qualified Propellor.Property.Tor as Tor
|
2014-04-10 05:46:33 +00:00
|
|
|
import qualified Propellor.Property.Dns as Dns
|
2014-04-08 20:58:11 +00:00
|
|
|
import qualified Propellor.Property.OpenId as OpenId
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.Docker as Docker
|
2014-04-10 06:51:25 +00:00
|
|
|
import qualified Propellor.Property.Git as Git
|
2014-04-14 19:35:29 +00:00
|
|
|
import qualified Propellor.Property.Postfix as Postfix
|
2014-07-07 06:58:34 +00:00
|
|
|
import qualified Propellor.Property.Grub as Grub
|
2014-07-17 19:06:24 +00:00
|
|
|
import qualified Propellor.Property.Obnam as Obnam
|
2014-11-15 21:02:25 +00:00
|
|
|
import qualified Propellor.Property.Gpg as Gpg
|
2014-11-21 16:17:03 +00:00
|
|
|
import qualified Propellor.Property.Systemd as Systemd
|
2015-01-22 03:28:47 +00:00
|
|
|
import qualified Propellor.Property.Journald as Journald
|
2014-11-27 15:49:23 +00:00
|
|
|
import qualified Propellor.Property.OS as OS
|
2014-05-23 16:30:25 +00:00
|
|
|
import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
|
2014-07-07 07:08:12 +00:00
|
|
|
import qualified Propellor.Property.HostingProvider.Linode as Linode
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
|
|
|
|
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
|
|
|
|
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
|
|
|
|
|
2014-04-19 15:23:09 +00:00
|
|
|
|
2014-05-28 05:32:54 +00:00
|
|
|
main :: IO () -- _ ______`| ,-.__
|
|
|
|
main = defaultMain hosts -- / \___-=O`/|O`/__| (____.'
|
|
|
|
{- Propellor -- \ / | / ) _.-"-._
|
|
|
|
Deployed -} -- `/-==__ _/__|/__=-| ( \_
|
|
|
|
hosts :: [Host] -- * \ | | '--------'
|
2014-08-29 17:15:44 +00:00
|
|
|
hosts = -- (o) `
|
|
|
|
[ darkstar
|
|
|
|
, clam
|
|
|
|
, orca
|
|
|
|
, kite
|
|
|
|
, elephant
|
2015-02-01 20:19:37 +00:00
|
|
|
, beaver
|
2014-11-20 03:11:34 +00:00
|
|
|
] ++ monsters
|
2014-08-29 17:15:44 +00:00
|
|
|
|
2014-11-27 15:49:23 +00:00
|
|
|
testvm :: Host
|
|
|
|
testvm = host "testvm.kitenet.net"
|
2014-12-04 21:11:15 +00:00
|
|
|
& os (System (Debian Unstable) "amd64")
|
|
|
|
& OS.cleanInstallOnce (OS.Confirmed "testvm.kitenet.net")
|
|
|
|
`onChange` propertyList "fixing up after clean install"
|
2014-12-05 20:33:23 +00:00
|
|
|
[ OS.preserveRootSshAuthorized
|
2014-12-05 20:22:11 +00:00
|
|
|
, OS.preserveResolvConf
|
|
|
|
, Apt.update
|
|
|
|
, Grub.boots "/dev/sda"
|
|
|
|
`requires` Grub.installed Grub.PC
|
2014-12-04 21:11:15 +00:00
|
|
|
]
|
2014-12-05 20:22:11 +00:00
|
|
|
& Hostname.sane
|
|
|
|
& Hostname.searchDomain
|
|
|
|
& Apt.installed ["linux-image-amd64"]
|
|
|
|
& Apt.installed ["ssh"]
|
2014-12-06 19:50:42 +00:00
|
|
|
& User.hasPassword "root"
|
2014-11-27 15:49:23 +00:00
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
darkstar :: Host
|
|
|
|
darkstar = host "darkstar.kitenet.net"
|
|
|
|
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
|
|
|
|
|
|
|
|
& Apt.buildDep ["git-annex"] `period` Daily
|
|
|
|
& Docker.configured
|
2014-11-20 03:11:34 +00:00
|
|
|
! Docker.docked gitAnnexAndroidDev
|
2014-08-29 17:15:44 +00:00
|
|
|
|
2015-01-09 02:44:36 +00:00
|
|
|
& JoeySites.postfixClientRelay (Context "darkstar.kitenet.net")
|
|
|
|
& JoeySites.dkimMilter
|
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
clam :: Host
|
|
|
|
clam = standardSystem "clam.kitenet.net" Unstable "amd64"
|
|
|
|
[ "Unreliable server. Anything here may be lost at any time!" ]
|
2015-01-01 20:59:38 +00:00
|
|
|
& ipv4 "167.88.41.194"
|
2014-08-29 17:15:44 +00:00
|
|
|
|
|
|
|
& CloudAtCost.decruft
|
2015-01-04 21:15:29 +00:00
|
|
|
& Ssh.randomHostKeys
|
2014-08-29 17:15:44 +00:00
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
& Network.ipv6to4
|
2015-02-27 22:55:51 +00:00
|
|
|
& Tor.isRelay
|
|
|
|
& Tor.named "kite1"
|
2015-02-27 23:14:20 +00:00
|
|
|
& Tor.bandwidthRate (Tor.PerMonth "400 GB")
|
2014-08-29 17:15:44 +00:00
|
|
|
|
|
|
|
& Docker.configured
|
|
|
|
& Docker.garbageCollected `period` Daily
|
2014-11-20 03:11:34 +00:00
|
|
|
& Docker.docked webserver
|
2014-08-29 23:17:28 +00:00
|
|
|
& File.dirExists "/var/www/html"
|
2014-08-29 23:24:16 +00:00
|
|
|
& File.notPresent "/var/www/html/index.html"
|
2014-08-29 23:22:51 +00:00
|
|
|
& "/var/www/index.html" `File.hasContent` ["hello, world"]
|
2014-08-29 23:09:12 +00:00
|
|
|
& alias "helloworld.kitenet.net"
|
2014-12-22 01:01:46 +00:00
|
|
|
& Docker.docked oldusenetShellBox
|
2014-08-29 23:07:18 +00:00
|
|
|
|
2014-09-23 17:25:47 +00:00
|
|
|
-- ssh on some extra ports to deal with horrible networks
|
|
|
|
-- while travelling
|
|
|
|
& alias "travelling.kitenet.net"
|
|
|
|
! Ssh.listenPort 80
|
|
|
|
! Ssh.listenPort 443
|
2014-11-20 00:41:35 +00:00
|
|
|
|
2014-11-21 16:17:03 +00:00
|
|
|
& Systemd.persistentJournal
|
2014-11-20 18:06:55 +00:00
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
orca :: Host
|
|
|
|
orca = standardSystem "orca.kitenet.net" Unstable "amd64"
|
|
|
|
[ "Main git-annex build box." ]
|
|
|
|
& ipv4 "138.38.108.179"
|
|
|
|
|
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
& Postfix.satellite
|
2014-11-22 03:23:07 +00:00
|
|
|
& Systemd.persistentJournal
|
2014-08-29 17:15:44 +00:00
|
|
|
& Docker.configured
|
2014-11-20 03:11:34 +00:00
|
|
|
& Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h")
|
|
|
|
& Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h")
|
|
|
|
& Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
|
2015-02-01 21:34:04 +00:00
|
|
|
& Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
|
|
|
|
& Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h")
|
2014-08-29 17:15:44 +00:00
|
|
|
& Docker.garbageCollected `period` Daily
|
|
|
|
& Apt.buildDep ["git-annex"] `period` Daily
|
2015-01-04 22:32:39 +00:00
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
-- This is not a complete description of kite, since it's a
|
|
|
|
-- multiuser system with eg, user passwords that are not deployed
|
|
|
|
-- with propellor.
|
|
|
|
kite :: Host
|
2014-11-28 15:40:03 +00:00
|
|
|
kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
|
2015-02-12 16:35:15 +00:00
|
|
|
[ "Welcome to kite!" ]
|
2014-10-08 17:17:11 +00:00
|
|
|
& ipv4 "66.228.36.95"
|
2014-09-08 15:56:35 +00:00
|
|
|
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
|
2014-09-08 14:56:08 +00:00
|
|
|
& alias "kitenet.net"
|
|
|
|
& alias "wren.kitenet.net" -- temporary
|
2014-08-29 17:15:44 +00:00
|
|
|
& Ssh.hostKeys (Context "kitenet.net")
|
2015-01-04 20:54:43 +00:00
|
|
|
[ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAO9tnPUT4p+9z7K6/OYuiBNHaij4Nzv5YVBih1vMl+ALz0gYAj8RWJzXmqp5buFAyfgOoLw+H9s1bBS01Sy3i07Dm6cx1fWG4RXL/E/3w1tavX99GD2bBxDBu890ebA5Tp+eFRJkS9+JwSvFiF6CP7NbVjifCagoUO56Ig048RwDAAAAFQDPY2xM3q6KwsVQliel23nrd0rV2QAAAIEAga3hj1hL00rYPNnAUzT8GAaSP62S4W68lusErH+KPbsMwFBFY/Ib1FVf8k6Zn6dZLh/HH/RtJi0JwdzPI1IFW+lwVbKfwBvhQ1lw9cH2rs1UIVgi7Wxdgfy8gEWxf+QIqn62wG+Ulf/HkWGvTrRpoJqlYRNS/gnOWj9Z/4s99koAAACBAM/uJIo2I0nK15wXiTYs/NYUZA7wcErugFn70TRbSgduIFH6U/CQa3rgHJw9DCPCQJLq7pwCnFH7too/qaK+czDk04PsgqV0+Jc7957gU5miPg50d60eJMctHV4eQ1FpwmGGfXxRBR9k2ZvikWYatYir3L6/x1ir7M0bA9IzNU45")
|
|
|
|
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
|
|
|
|
, (SshEcdsa, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLF+dzqBJZix+CWUkAd3Bd3cofFCKwHMNRIfwx1G7dL4XFe6fMKxmrNetQcodo2edyufwoPmCPr3NmnwON9vyh0=")
|
2015-01-04 22:14:40 +00:00
|
|
|
, (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZftKMnH/zH29BHMKbcBO4QsgTrstYFVhbrzrlRzBO3")
|
2015-01-04 20:54:43 +00:00
|
|
|
]
|
2015-01-04 22:32:39 +00:00
|
|
|
|
2015-01-23 05:18:47 +00:00
|
|
|
& Network.static "eth0" `requires` Network.cleanInterfacesFile
|
2015-01-04 22:32:39 +00:00
|
|
|
& Apt.installed ["linux-image-amd64"]
|
|
|
|
& Linode.chainPVGrub 5
|
2015-02-10 14:02:37 +00:00
|
|
|
& Linode.mlocateEnabled
|
2015-01-04 22:32:39 +00:00
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
& Systemd.installed
|
|
|
|
& Systemd.persistentJournal
|
2015-01-22 03:22:42 +00:00
|
|
|
& Journald.systemMaxUse "500MiB"
|
2014-09-10 19:43:32 +00:00
|
|
|
& Ssh.passwordAuthentication True
|
2014-08-29 17:15:44 +00:00
|
|
|
-- Since ssh password authentication is allowed:
|
|
|
|
& Apt.serviceInstalledRunning "fail2ban"
|
2015-02-01 21:34:04 +00:00
|
|
|
& Obnam.backupEncrypted "/" (Cron.Times "33 1 * * *")
|
2014-08-29 17:15:44 +00:00
|
|
|
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
|
|
|
, "--client-name=kitenet.net"
|
|
|
|
, "--exclude=/var/cache"
|
|
|
|
, "--exclude=/var/tmp"
|
|
|
|
, "--exclude=/home/joey/lib"
|
|
|
|
, "--exclude=.*/tmp/"
|
|
|
|
, "--one-file-system"
|
2014-11-15 21:02:25 +00:00
|
|
|
] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
|
2014-08-29 17:15:44 +00:00
|
|
|
`requires` Ssh.keyImported SshRsa "root"
|
|
|
|
(Context "kite.kitenet.net")
|
|
|
|
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
|
2014-09-08 18:44:34 +00:00
|
|
|
& Apt.serviceInstalledRunning "ntp"
|
2014-09-08 18:48:42 +00:00
|
|
|
& "/etc/timezone" `File.hasContent` ["US/Eastern"]
|
2014-08-29 17:15:44 +00:00
|
|
|
|
2014-09-08 14:56:08 +00:00
|
|
|
& alias "smtp.kitenet.net"
|
|
|
|
& alias "imap.kitenet.net"
|
|
|
|
& alias "pop.kitenet.net"
|
|
|
|
& alias "mail.kitenet.net"
|
2014-08-29 17:15:44 +00:00
|
|
|
& JoeySites.kiteMailServer
|
2014-12-31 17:15:09 +00:00
|
|
|
|
2015-02-11 01:46:31 +00:00
|
|
|
& JoeySites.kitenetHttps
|
|
|
|
& JoeySites.legacyWebSites
|
2015-02-11 01:55:39 +00:00
|
|
|
& File.ownerGroup "/srv/web" "joey" "joey"
|
|
|
|
& Apt.installed ["analog"]
|
2015-02-11 01:46:31 +00:00
|
|
|
|
|
|
|
& alias "git.kitenet.net"
|
|
|
|
& alias "git.joeyh.name"
|
|
|
|
& JoeySites.gitServer hosts
|
|
|
|
|
|
|
|
& JoeySites.downloads hosts
|
|
|
|
& JoeySites.gitAnnexDistributor
|
|
|
|
& JoeySites.tmp
|
2014-08-29 17:15:44 +00:00
|
|
|
|
2014-09-09 17:39:24 +00:00
|
|
|
& alias "bitlbee.kitenet.net"
|
|
|
|
& Apt.serviceInstalledRunning "bitlbee"
|
2014-09-09 17:51:04 +00:00
|
|
|
& "/etc/bitlbee/bitlbee.conf" `File.hasContent`
|
|
|
|
[ "[settings]"
|
|
|
|
, "User = bitlbee"
|
|
|
|
, "AuthMode = Registered"
|
|
|
|
, "[defaults]"
|
2014-09-09 19:21:47 +00:00
|
|
|
]
|
|
|
|
`onChange` Service.restarted "bitlbee"
|
|
|
|
& "/etc/default/bitlbee" `File.containsLine` "BITLBEE_PORT=\"6767\""
|
|
|
|
`onChange` Service.restarted "bitlbee"
|
2014-09-09 17:39:24 +00:00
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
& Apt.installed
|
2015-01-04 22:32:39 +00:00
|
|
|
[ "git-annex", "myrepos"
|
2014-08-29 17:15:44 +00:00
|
|
|
, "build-essential", "make"
|
2014-09-08 18:58:34 +00:00
|
|
|
, "rss2email", "archivemail"
|
|
|
|
, "devscripts"
|
2014-08-29 17:15:44 +00:00
|
|
|
-- Some users have zsh as their login shell.
|
|
|
|
, "zsh"
|
2014-07-07 07:22:53 +00:00
|
|
|
]
|
2014-10-25 17:20:14 +00:00
|
|
|
|
|
|
|
& Docker.configured
|
|
|
|
& Docker.garbageCollected `period` Daily
|
2015-02-10 23:59:09 +00:00
|
|
|
! Docker.docked oldusenetShellBox
|
2015-02-11 01:55:39 +00:00
|
|
|
|
2015-02-11 02:34:27 +00:00
|
|
|
& alias "nntp.olduse.net"
|
2015-02-11 01:55:39 +00:00
|
|
|
& JoeySites.oldUseNetServer hosts
|
2015-02-11 02:31:00 +00:00
|
|
|
|
2015-02-11 02:39:02 +00:00
|
|
|
& alias "ns4.kitenet.net"
|
|
|
|
& myDnsPrimary True "kitenet.net" []
|
|
|
|
& myDnsPrimary True "joeyh.name" []
|
|
|
|
& myDnsPrimary True "ikiwiki.info" []
|
|
|
|
& myDnsPrimary True "olduse.net"
|
|
|
|
[ (RelDomain "article", CNAME $ AbsDomain "virgil.koldfront.dk")
|
|
|
|
]
|
|
|
|
& alias "ns4.branchable.com"
|
|
|
|
& branchableSecondary
|
2015-02-11 02:31:00 +00:00
|
|
|
& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
|
2015-02-11 01:41:19 +00:00
|
|
|
|
2014-08-29 17:15:44 +00:00
|
|
|
elephant :: Host
|
|
|
|
elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
|
2014-10-08 17:17:11 +00:00
|
|
|
[ "Storage, big data, and backups, omnomnom!"
|
2014-08-29 17:15:44 +00:00
|
|
|
, "(Encrypt all data stored here.)"
|
|
|
|
]
|
|
|
|
& ipv4 "193.234.225.114"
|
2014-12-07 19:21:55 +00:00
|
|
|
& Ssh.hostKeys hostContext
|
2015-01-04 20:54:43 +00:00
|
|
|
[ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBANxXGWac0Yz58akI3UbLkphAa8VPDCGswTS0CT3D5xWyL9OeArISAi/OKRIvxA4c+9XnWtNXS7nYVFDJmzzg8v3ZMx543AxXK82kXCfvTOc/nAlVz9YKJAA+FmCloxpmOGrdiTx1k36FE+uQgorslGW/QTxnOcO03fDZej/ppJifAAAAFQCnenyJIw6iJB1+zuF/1TSLT8UAeQAAAIEA1WDrI8rKnxnh2rGaQ0nk+lOcVMLEr7AxParnZjgC4wt2mm/BmkF/feI1Fjft2z4D+V1W7MJHOqshliuproxhFUNGgX9fTbstFJf66p7h7OLAlwK8ZkpRk/uV3h5cIUPel6aCwjL5M2gN6/yq+gcCTXeHLq9OPyUTmlN77SBL71UAAACBAJJiCHWxPAGooe7Vv3W7EIBbsDyf7b2kDH3bsIlo+XFcKIN6jysBu4kn9utjFlrlPeHUDzGQHe+DmSqTUQQ0JPCRGcAcuJL8XUqhJi6A6ye51M9hVt51cJMXmERx9TjLOP/adkEuxpv3Fj20FxRUr1HOmvRvewSHrJ1GeA1bjbYL")
|
|
|
|
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrEQ7aNmRYyLKY7xHILQsyV/w0B3++D98vn5IvjHkDnitrUWjB+vPxlS7LYKLzN9Jx7Hb14R2lg7+wdgtFMxLZZukA8b0tqFpTdRFBvBYGh8IM8Id1iE/6io/NZl+hTQEDp0LJP+RljH1CLfz7J3qtc+v6NbfTP5cOgH104mWYoLWzJGaZ4p53jz6THRWnVXy5nPO3dSBr2f/SQgRuJQWHNIh0jicRGD8H2kzOQzilpo+Y46PWtkufl3Yu3UsP5UMAyLRIXwZ6nNRZqRiVWrX44hoNfDbooTdFobbHlqMl+y6291bOXaOA6PACk8B4IVcC89/gmc9Oe4EaDuszU5kD")
|
|
|
|
, (SshEcdsa, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0=")
|
2015-01-04 22:20:18 +00:00
|
|
|
, (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6VtXi0uygxZeCo26n6PuCTlSFCBcwRifv6N8HdWh2Z")
|
2015-01-04 20:54:43 +00:00
|
|
|
]
|
2015-01-04 22:32:39 +00:00
|
|
|
|
|
|
|
& Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
|
|
|
|
& Postfix.satellite
|
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
& Systemd.installed
|
|
|
|
& Systemd.persistentJournal
|
2014-12-07 19:21:55 +00:00
|
|
|
& Ssh.keyImported SshRsa "joey" hostContext
|
2014-08-29 17:15:44 +00:00
|
|
|
& Apt.serviceInstalledRunning "swapspace"
|
2014-11-22 03:23:07 +00:00
|
|
|
|
|
|
|
& alias "eubackup.kitenet.net"
|
2014-08-29 17:15:44 +00:00
|
|
|
& Apt.installed ["obnam", "sshfs", "rsync"]
|
|
|
|
& JoeySites.obnamRepos ["wren", "pell", "kite"]
|
|
|
|
& JoeySites.githubBackup
|
|
|
|
& JoeySites.rsyncNetBackup hosts
|
2014-11-22 03:23:07 +00:00
|
|
|
|
|
|
|
& alias "podcatcher.kitenet.net"
|
2014-08-29 17:15:44 +00:00
|
|
|
& JoeySites.podcatcher
|
|
|
|
|
|
|
|
& alias "znc.kitenet.net"
|
|
|
|
& JoeySites.ircBouncer
|
|
|
|
& alias "kgb.kitenet.net"
|
|
|
|
& JoeySites.kgbServer
|
2014-11-22 03:23:07 +00:00
|
|
|
|
|
|
|
& alias "mumble.kitenet.net"
|
2014-08-29 17:15:44 +00:00
|
|
|
& JoeySites.mumbleServer hosts
|
|
|
|
|
|
|
|
& alias "ns3.kitenet.net"
|
|
|
|
& myDnsSecondary
|
|
|
|
|
|
|
|
& Docker.configured
|
2014-11-20 03:11:34 +00:00
|
|
|
& Docker.docked oldusenetShellBox
|
|
|
|
& Docker.docked openidProvider
|
2014-10-08 17:17:11 +00:00
|
|
|
`requires` Apt.serviceInstalledRunning "ntp"
|
2014-11-20 03:11:34 +00:00
|
|
|
& Docker.docked ancientKitenet
|
2015-01-08 19:30:11 +00:00
|
|
|
& Docker.docked jerryPlay
|
2014-08-29 17:15:44 +00:00
|
|
|
& Docker.garbageCollected `period` (Weekly (Just 1))
|
|
|
|
|
|
|
|
-- For https port 443, shellinabox with ssh login to
|
|
|
|
-- kitenet.net
|
|
|
|
& alias "shell.kitenet.net"
|
|
|
|
& JoeySites.kiteShellBox
|
|
|
|
-- Nothing is using http port 80, so listen on
|
|
|
|
-- that port for ssh, for traveling on bad networks that
|
|
|
|
-- block 22.
|
|
|
|
& Ssh.listenPort 80
|
2014-07-05 19:21:19 +00:00
|
|
|
|
2015-02-01 20:19:37 +00:00
|
|
|
beaver :: Host
|
|
|
|
beaver = host "beaver.kitenet.net"
|
|
|
|
& ipv6 "2001:4830:1600:195::2"
|
2015-02-01 21:34:04 +00:00
|
|
|
& Apt.serviceInstalledRunning "aiccu"
|
2015-02-01 20:19:37 +00:00
|
|
|
& Apt.installed ["ssh"]
|
|
|
|
& Ssh.pubKey SshDsa "ssh-dss AAAAB3NzaC1kc3MAAACBAIrLX260fY0Jjj/p0syNhX8OyR8hcr6feDPGOj87bMad0k/w/taDSOzpXe0Wet7rvUTbxUjH+Q5wPd4R9zkaSDiR/tCb45OdG6JsaIkmqncwe8yrU+pqSRCxttwbcFe+UU+4AAcinjVedZjVRDj2rRaFPc9BXkPt7ffk8GwEJ31/AAAAFQCG/gOjObsr86vvldUZHCteaJttNQAAAIB5nomvcqOk/TD07DLaWKyG7gAcW5WnfY3WtnvLRAFk09aq1EuiJ6Yba99Zkb+bsxXv89FWjWDg/Z3Psa22JMyi0HEDVsOevy/1sEQ96AGH5ijLzFInfXAM7gaJKXASD7hPbVdjySbgRCdwu0dzmQWHtH+8i1CMVmA2/a5Y/wtlJAAAAIAUZj2US2D378jBwyX1Py7e4sJfea3WSGYZjn4DLlsLGsB88POuh32aOChd1yzF6r6C2sdoPBHQcWBgNGXcx4gF0B5UmyVHg3lIX2NVSG1ZmfuLNJs9iKNu4cHXUmqBbwFYQJBvB69EEtrOw4jSbiTKwHFmqdA/mw1VsMB+khUaVw=="
|
|
|
|
& alias "usbackup.kitenet.net"
|
2015-02-01 20:54:01 +00:00
|
|
|
& JoeySites.backupsBackedupFrom hosts "eubackup.kitenet.net" "/home/joey/lib/backup"
|
2015-02-01 21:34:04 +00:00
|
|
|
& Apt.serviceInstalledRunning "anacron"
|
|
|
|
& Cron.niceJob "system disk backed up" Cron.Weekly "root" "/"
|
|
|
|
"rsync -a -x / /home/joey/lib/backup/beaver.kitenet.net/"
|
|
|
|
|
2014-06-01 12:06:34 +00:00
|
|
|
|
2015-01-16 00:35:40 +00:00
|
|
|
--' __|II| ,.
|
|
|
|
---- __|II|II|__ ( \_,/\
|
|
|
|
--'-------'\o/-'-.-'-.-'-.- __|II|II|II|II|___/ __/ -'-.-'-.-'-.-'-.-'-.-'-
|
|
|
|
-------------------------- | [Docker] / --------------------------
|
|
|
|
-------------------------- : / ---------------------------
|
|
|
|
--------------------------- \____, o ,' ----------------------------
|
|
|
|
---------------------------- '--,___________,' -----------------------------
|
|
|
|
|
2014-11-20 03:11:34 +00:00
|
|
|
-- Simple web server, publishing the outside host's /var/www
|
|
|
|
webserver :: Docker.Container
|
|
|
|
webserver = standardStableContainer "webserver"
|
|
|
|
& Docker.publish "80:80"
|
|
|
|
& Docker.volume "/var/www:/var/www"
|
|
|
|
& Apt.serviceInstalledRunning "apache2"
|
|
|
|
|
|
|
|
-- My own openid provider. Uses php, so containerized for security
|
|
|
|
-- and administrative sanity.
|
|
|
|
openidProvider :: Docker.Container
|
|
|
|
openidProvider = standardStableContainer "openid-provider"
|
|
|
|
& alias "openid.kitenet.net"
|
|
|
|
& Docker.publish "8081:80"
|
|
|
|
& OpenId.providerFor ["joey", "liw"]
|
|
|
|
"openid.kitenet.net:8081"
|
|
|
|
|
|
|
|
-- Exhibit: kite's 90's website.
|
|
|
|
ancientKitenet :: Docker.Container
|
|
|
|
ancientKitenet = standardStableContainer "ancient-kitenet"
|
|
|
|
& alias "ancient.kitenet.net"
|
|
|
|
& Docker.publish "1994:80"
|
|
|
|
& Apt.serviceInstalledRunning "apache2"
|
|
|
|
& Git.cloned "root" "git://kitenet-net.branchable.com/" "/var/www"
|
|
|
|
(Just "remotes/origin/old-kitenet.net")
|
|
|
|
|
|
|
|
oldusenetShellBox :: Docker.Container
|
|
|
|
oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
|
|
|
|
& alias "shell.olduse.net"
|
|
|
|
& Docker.publish "4200:4200"
|
|
|
|
& JoeySites.oldUseNetShellBox
|
|
|
|
|
|
|
|
-- for development of git-annex for android, using my git-annex work tree
|
|
|
|
gitAnnexAndroidDev :: Docker.Container
|
|
|
|
gitAnnexAndroidDev = GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
|
|
|
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
|
|
|
where
|
|
|
|
gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
2015-01-08 19:30:11 +00:00
|
|
|
|
|
|
|
jerryPlay :: Docker.Container
|
|
|
|
jerryPlay = standardContainer "jerryplay" Unstable "amd64"
|
|
|
|
& alias "jerryplay.kitenet.net"
|
|
|
|
& Docker.publish "2202:22"
|
|
|
|
& Docker.publish "8001:80"
|
|
|
|
& Apt.installed ["ssh"]
|
|
|
|
& User.hasSomePassword "root"
|
2015-01-08 19:54:14 +00:00
|
|
|
& Ssh.permitRootLogin True
|
2014-04-03 16:06:58 +00:00
|
|
|
|
2014-07-07 07:22:53 +00:00
|
|
|
type Motd = [String]
|
|
|
|
|
2014-04-11 04:14:50 +00:00
|
|
|
-- This is my standard system setup.
|
2014-07-07 07:22:53 +00:00
|
|
|
standardSystem :: HostName -> DebianSuite -> Architecture -> Motd -> Host
|
2014-07-18 06:08:13 +00:00
|
|
|
standardSystem hn suite arch motd = standardSystemUnhardened hn suite arch motd
|
|
|
|
-- Harden the system, but only once root's authorized_keys
|
|
|
|
-- is safely in place.
|
|
|
|
& check (Ssh.hasAuthorizedKeys "root")
|
|
|
|
(Ssh.passwordAuthentication False)
|
|
|
|
|
|
|
|
standardSystemUnhardened :: HostName -> DebianSuite -> Architecture -> Motd -> Host
|
|
|
|
standardSystemUnhardened hn suite arch motd = host hn
|
2014-04-13 19:34:01 +00:00
|
|
|
& os (System (Debian suite) arch)
|
2014-07-18 04:20:09 +00:00
|
|
|
& Hostname.sane
|
|
|
|
& Hostname.searchDomain
|
2014-07-07 07:22:53 +00:00
|
|
|
& File.hasContent "/etc/motd" ("":motd++[""])
|
2014-06-05 21:01:32 +00:00
|
|
|
& Apt.stdSourcesList `onChange` Apt.upgrade
|
2014-06-01 06:53:42 +00:00
|
|
|
& Apt.cacheCleaned
|
2014-04-10 04:10:08 +00:00
|
|
|
& Apt.installed ["etckeeper"]
|
|
|
|
& Apt.installed ["ssh"]
|
|
|
|
& GitHome.installedFor "root"
|
2014-11-23 20:39:49 +00:00
|
|
|
& User.hasSomePassword "root"
|
2014-04-10 04:10:08 +00:00
|
|
|
& User.accountFor "joey"
|
2014-11-23 20:39:49 +00:00
|
|
|
& User.hasSomePassword "joey"
|
2014-04-10 04:10:08 +00:00
|
|
|
& Sudo.enabledFor "joey"
|
|
|
|
& GitHome.installedFor "joey"
|
|
|
|
& Apt.installed ["vim", "screen", "less"]
|
2015-02-01 21:34:04 +00:00
|
|
|
& Cron.runPropellor (Cron.Times "30 * * * *")
|
2014-04-10 04:10:08 +00:00
|
|
|
-- I use postfix, or no MTA.
|
|
|
|
& Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"]
|
|
|
|
`onChange` Apt.autoRemove
|
|
|
|
|
2014-11-20 03:11:34 +00:00
|
|
|
standardStableContainer :: Docker.ContainerName -> Docker.Container
|
2014-10-10 15:27:54 +00:00
|
|
|
standardStableContainer name = standardContainer name (Stable "wheezy") "amd64"
|
|
|
|
|
2015-01-04 22:32:39 +00:00
|
|
|
-- This is my standard container setup, Featuring automatic upgrades.
|
2014-11-20 03:11:34 +00:00
|
|
|
standardContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Docker.Container
|
2014-05-23 01:42:57 +00:00
|
|
|
standardContainer name suite arch = Docker.container name (dockerImage system)
|
2014-06-05 21:01:32 +00:00
|
|
|
& os system
|
|
|
|
& Apt.stdSourcesList `onChange` Apt.upgrade
|
2014-04-11 03:20:12 +00:00
|
|
|
& Apt.unattendedUpgrades
|
2014-06-01 06:53:42 +00:00
|
|
|
& Apt.cacheCleaned
|
2014-09-19 03:50:13 +00:00
|
|
|
& Docker.tweaked
|
2014-04-11 03:20:12 +00:00
|
|
|
where
|
|
|
|
system = System (Debian suite) arch
|
|
|
|
|
2014-04-19 21:16:13 +00:00
|
|
|
-- Docker images I prefer to use.
|
2014-05-23 01:42:57 +00:00
|
|
|
dockerImage :: System -> Docker.Image
|
|
|
|
dockerImage (System (Debian Unstable) arch) = "joeyh/debian-unstable-" ++ arch
|
2014-06-10 04:53:54 +00:00
|
|
|
dockerImage (System (Debian Testing) arch) = "joeyh/debian-unstable-" ++ arch
|
2014-10-10 15:27:54 +00:00
|
|
|
dockerImage (System (Debian (Stable _)) arch) = "joeyh/debian-stable-" ++ arch
|
2014-05-23 01:42:57 +00:00
|
|
|
dockerImage _ = "debian-stable-official" -- does not currently exist!
|
2014-04-08 23:42:54 +00:00
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
myDnsSecondary :: Property HasInfo
|
|
|
|
myDnsSecondary = propertyList "dns secondary for all my domains" $ props
|
|
|
|
& Dns.secondary hosts "kitenet.net"
|
|
|
|
& Dns.secondary hosts "joeyh.name"
|
|
|
|
& Dns.secondary hosts "ikiwiki.info"
|
|
|
|
& Dns.secondary hosts "olduse.net"
|
2014-04-21 02:42:20 +00:00
|
|
|
|
|
|
|
branchableSecondary :: RevertableProperty
|
|
|
|
branchableSecondary = Dns.secondaryFor ["branchable.com"] hosts "branchable.com"
|
2014-04-11 01:09:20 +00:00
|
|
|
|
2015-02-11 02:56:52 +00:00
|
|
|
-- Currently using kite (ns4) as primary with secondaries
|
|
|
|
-- elephant (ns3) and gandi.
|
2014-04-21 02:21:55 +00:00
|
|
|
-- kite handles all mail.
|
2015-01-04 19:00:40 +00:00
|
|
|
myDnsPrimary :: Bool -> Domain -> [(BindDomain, Record)] -> RevertableProperty
|
|
|
|
myDnsPrimary dnssec domain extras = (if dnssec then Dns.signedPrimary (Weekly Nothing) else Dns.primary) hosts domain
|
2015-02-11 02:56:52 +00:00
|
|
|
(Dns.mkSOA "ns4.kitenet.net" 100) $
|
|
|
|
[ (RootDomain, NS $ AbsDomain "ns4.kitenet.net")
|
2014-07-05 19:21:19 +00:00
|
|
|
, (RootDomain, NS $ AbsDomain "ns3.kitenet.net")
|
2014-04-21 02:21:55 +00:00
|
|
|
, (RootDomain, NS $ AbsDomain "ns6.gandi.net")
|
|
|
|
, (RootDomain, MX 0 $ AbsDomain "kitenet.net")
|
2015-01-16 01:00:54 +00:00
|
|
|
, (RootDomain, TXT "v=spf1 a a:kitenet.net ~all")
|
2015-01-09 01:41:55 +00:00
|
|
|
, JoeySites.domainKey
|
2014-04-21 02:21:55 +00:00
|
|
|
] ++ extras
|
2014-04-14 06:24:55 +00:00
|
|
|
|
|
|
|
|
2014-04-14 06:31:58 +00:00
|
|
|
monsters :: [Host] -- Systems I don't manage with propellor,
|
2014-10-08 17:17:11 +00:00
|
|
|
monsters = -- but do want to track their public keys etc.
|
2014-04-14 06:31:58 +00:00
|
|
|
[ host "usw-s002.rsync.net"
|
2015-01-04 19:55:53 +00:00
|
|
|
& Ssh.pubKey SshDsa "ssh-dss AAAAB3NzaC1kc3MAAAEBAI6ZsoW8a+Zl6NqUf9a4xXSMcV1akJHDEKKBzlI2YZo9gb9YoCf5p9oby8THUSgfh4kse7LJeY7Nb64NR6Y/X7I2/QzbE1HGGl5mMwB6LeUcJ74T3TQAlNEZkGt/MOIVLolJHk049hC09zLpkUDtX8K0t1yaCirC9SxDGLTCLEhvU9+vVdVrdQlKZ9wpLUNbdAzvbra+O/IVvExxDZ9WCHrnfNA8ddVZIGEWMqsoNgiuCxiXpi8qL+noghsSQNFTXwo7W2Vp9zj1JkCt3GtSz5IzEpARQaXEAWNEM0n1nJ686YUOhou64iRM8bPC1lp3QXvvZNgj3m+QHhIempx+de8AAAAVAKB5vUDaZOg14gRn7Bp81ja/ik+RAAABACPH/bPbW912x1NxNiikzGR6clLh+bLpIp8Qie3J7DwOr8oC1QOKjNDK+UgQ7mDQEgr4nGjNKSvpDi4c1QCw4sbLqQgx1y2VhT0SmUPHf5NQFldRQyR/jcevSSwOBxszz3aq9AwHiv9OWaO3XY18suXPouiuPTpIcZwc2BLDNHFnDURQeGEtmgqj6gZLIkTY0iw7q9Tj5FOyl4AkvEJC5B4CSzaWgey93Wqn1Imt7KI8+H9lApMKziVL1q+K7xAuNkGmx5YOSNlE6rKAPtsIPHZGxR7dch0GURv2jhh0NQYvBRn3ukCjuIO5gx56HLgilq59/o50zZ4NcT7iASF76TcAAAEAC6YxX7rrs8pp13W4YGiJHwFvIO1yXLGOdqu66JM0plO4J1ItV1AQcazOXLiliny3p2/W+wXZZKd5HIRt52YafCA8YNyMk/sF7JcTR4d4z9CfKaAxh0UpzKiAk+0j/Wu3iPoTOsyt7N0j1+dIyrFodY2sKKuBMT4TQ0yqQpbC+IDQv2i1IlZAPneYGfd5MIGygs2QMfaMQ1jWAKJvEO0vstZ7GB6nDAcg4in3ZiBHtomx3PL5w+zg48S4Ed69BiFXLZ1f6MnjpUOP75pD4MP6toS0rgK9b93xCrEQLgm4oD/7TCHHBo2xR7wwcsN2OddtwWsEM2QgOkt/jdCAoVCqwQ=="
|
2014-04-14 06:31:58 +00:00
|
|
|
, host "github.com"
|
2015-01-04 19:55:53 +00:00
|
|
|
& Ssh.pubKey SshRsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
|
2014-04-23 19:04:35 +00:00
|
|
|
, host "ns6.gandi.net"
|
|
|
|
& ipv4 "217.70.177.40"
|
2014-04-18 21:38:21 +00:00
|
|
|
, host "turtle.kitenet.net"
|
|
|
|
& ipv4 "67.223.19.96"
|
|
|
|
& ipv6 "2001:4978:f:2d9::2"
|
2014-04-21 02:21:55 +00:00
|
|
|
, host "mouse.kitenet.net"
|
|
|
|
& ipv6 "2001:4830:1600:492::2"
|
2014-04-19 01:58:23 +00:00
|
|
|
, host "branchable.com"
|
2014-04-18 21:38:21 +00:00
|
|
|
& ipv4 "66.228.46.55"
|
|
|
|
& ipv6 "2600:3c03::f03c:91ff:fedf:c0e5"
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "olduse.net"
|
|
|
|
& alias "www.olduse.net"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "www.kitenet.net"
|
2014-04-21 01:55:40 +00:00
|
|
|
& alias "joeyh.name"
|
|
|
|
& alias "campaign.joeyh.name"
|
|
|
|
& alias "ikiwiki.info"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "git.ikiwiki.info"
|
2014-04-21 01:55:40 +00:00
|
|
|
& alias "l10n.ikiwiki.info"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "dist-bugs.kitenet.net"
|
|
|
|
& alias "family.kitenet.net"
|
2014-04-23 18:27:26 +00:00
|
|
|
, host "animx"
|
|
|
|
& ipv4 "76.7.162.101"
|
2014-04-23 23:26:02 +00:00
|
|
|
& ipv4 "76.7.162.186"
|
2014-04-14 06:31:58 +00:00
|
|
|
]
|
2015-01-16 00:35:40 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- o
|
|
|
|
-- ___ o o
|
|
|
|
{-----\ / o \ ___o o
|
|
|
|
{ \ __ \ / _ (X___>-- __o
|
|
|
|
_____________________{ ______\___ \__/ | \__/ \____ |X__>
|
|
|
|
< \___//|\\___/\ \____________ _
|
|
|
|
\ ___/ | \___ # # \ (-)
|
|
|
|
\ O O O # | \ # >=)
|
|
|
|
\______________________________# # / #__________________/ (-}
|
|
|
|
|
|
|
|
|