2014-04-19 21:16:13 +00:00
|
|
|
-- This is the live config file used by propellor's author.
|
2014-05-01 13:48:33 +00:00
|
|
|
module Main where
|
2014-04-03 16:06:58 +00:00
|
|
|
|
|
|
|
|
import Propellor
|
|
|
|
|
import Propellor.CmdLine
|
2014-04-09 04:54:27 +00:00
|
|
|
import Propellor.Property.Scheduled
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.File as File
|
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
|
|
|
|
import qualified Propellor.Property.Network as Network
|
|
|
|
|
import qualified Propellor.Property.Ssh as Ssh
|
|
|
|
|
import qualified Propellor.Property.Cron as Cron
|
|
|
|
|
import qualified Propellor.Property.Sudo as Sudo
|
|
|
|
|
import qualified Propellor.Property.User as User
|
|
|
|
|
import qualified Propellor.Property.Hostname as Hostname
|
2014-04-11 03:20:12 +00:00
|
|
|
--import qualified Propellor.Property.Reboot as Reboot
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.Tor as Tor
|
2014-04-10 05:46:33 +00:00
|
|
|
import qualified Propellor.Property.Dns as Dns
|
2014-04-08 20:58:11 +00:00
|
|
|
import qualified Propellor.Property.OpenId as OpenId
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.Docker as Docker
|
2014-04-10 06:51:25 +00:00
|
|
|
import qualified Propellor.Property.Git as Git
|
2014-04-14 00:22:35 +00:00
|
|
|
import qualified Propellor.Property.Apache as Apache
|
2014-04-14 19:35:29 +00:00
|
|
|
import qualified Propellor.Property.Postfix as Postfix
|
2014-04-29 20:48:20 +00:00
|
|
|
import qualified Propellor.Property.Service as Service
|
2014-05-23 16:30:25 +00:00
|
|
|
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
|
|
|
|
|
import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
|
2014-04-03 16:06:58 +00:00
|
|
|
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
|
|
|
|
|
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
|
|
|
|
|
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
|
|
|
|
|
|
2014-04-19 15:23:09 +00:00
|
|
|
|
2014-05-28 05:32:54 +00:00
|
|
|
main :: IO () -- _ ______`| ,-.__
|
|
|
|
|
main = defaultMain hosts -- / \___-=O`/|O`/__| (____.'
|
|
|
|
|
{- Propellor -- \ / | / ) _.-"-._
|
|
|
|
|
Deployed -} -- `/-==__ _/__|/__=-| ( \_
|
|
|
|
|
hosts :: [Host] -- * \ | | '--------'
|
|
|
|
|
hosts = -- (o) `
|
2014-04-11 03:20:12 +00:00
|
|
|
-- My laptop
|
|
|
|
|
[ host "darkstar.kitenet.net"
|
2014-04-19 03:20:07 +00:00
|
|
|
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
|
2014-06-01 19:07:17 +00:00
|
|
|
|
2014-04-11 03:20:12 +00:00
|
|
|
& Apt.buildDep ["git-annex"] `period` Daily
|
2014-06-01 19:07:17 +00:00
|
|
|
& Docker.configured
|
2014-05-28 01:17:53 +00:00
|
|
|
& Docker.docked hosts "android-git-annex"
|
2014-04-11 03:20:12 +00:00
|
|
|
|
2014-07-05 19:21:19 +00:00
|
|
|
-- Unreliable server.
|
2014-04-13 19:34:01 +00:00
|
|
|
, standardSystem "clam.kitenet.net" Unstable "amd64"
|
2014-07-05 19:34:39 +00:00
|
|
|
& ipv4 "162.248.9.29"
|
2014-04-18 21:38:21 +00:00
|
|
|
|
2014-05-23 16:30:25 +00:00
|
|
|
& CloudAtCost.decruft
|
2014-04-11 01:09:20 +00:00
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
|
& Network.ipv6to4
|
|
|
|
|
& Tor.isBridge
|
2014-04-14 19:35:29 +00:00
|
|
|
& Postfix.satellite
|
2014-05-09 12:34:09 +00:00
|
|
|
|
2014-07-05 19:21:19 +00:00
|
|
|
& Docker.configured
|
2014-05-09 12:34:09 +00:00
|
|
|
& Docker.garbageCollected `period` Daily
|
2014-04-11 03:20:12 +00:00
|
|
|
|
2014-04-11 01:09:20 +00:00
|
|
|
-- Orca is the main git-annex build box.
|
2014-04-13 19:34:01 +00:00
|
|
|
, standardSystem "orca.kitenet.net" Unstable "amd64"
|
2014-04-18 21:38:21 +00:00
|
|
|
& ipv4 "138.38.108.179"
|
|
|
|
|
|
2014-04-11 01:09:20 +00:00
|
|
|
& Hostname.sane
|
|
|
|
|
& Apt.unattendedUpgrades
|
2014-04-14 19:35:29 +00:00
|
|
|
& Postfix.satellite
|
2014-04-11 01:09:20 +00:00
|
|
|
& Docker.configured
|
2014-04-11 03:20:12 +00:00
|
|
|
& Docker.docked hosts "amd64-git-annex-builder"
|
|
|
|
|
& Docker.docked hosts "i386-git-annex-builder"
|
2014-05-21 17:07:36 +00:00
|
|
|
& Docker.docked hosts "armel-git-annex-builder-companion"
|
|
|
|
|
& Docker.docked hosts "armel-git-annex-builder"
|
2014-05-24 04:05:47 +00:00
|
|
|
& Docker.docked hosts "android-git-annex-builder"
|
2014-04-11 01:09:20 +00:00
|
|
|
& Docker.garbageCollected `period` Daily
|
|
|
|
|
& Apt.buildDep ["git-annex"] `period` Daily
|
2014-04-11 03:20:12 +00:00
|
|
|
|
2014-07-07 05:46:07 +00:00
|
|
|
-- Main kite server.
|
2014-07-07 06:26:03 +00:00
|
|
|
, standardSystem "kite.kitenet.net" Unstable "amd64"
|
2014-07-07 05:34:22 +00:00
|
|
|
& ipv4 "66.228.36.95"
|
|
|
|
|
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
|
2014-07-07 05:40:02 +00:00
|
|
|
|
2014-07-07 06:22:38 +00:00
|
|
|
& Hostname.sane
|
|
|
|
|
& Apt.unattendedUpgrades
|
2014-07-07 05:40:02 +00:00
|
|
|
& Apt.installed ["linux-image-amd64", "pv-grub-menu"]
|
2014-07-07 06:32:05 +00:00
|
|
|
& Apt.installed ["systemd"]
|
2014-07-07 05:34:22 +00:00
|
|
|
|
2014-04-11 01:09:20 +00:00
|
|
|
-- Important stuff that needs not too much memory or CPU.
|
2014-07-06 22:12:38 +00:00
|
|
|
, let ctx = Context "diatom.kitenet.net"
|
2014-07-06 19:56:56 +00:00
|
|
|
in standardSystem "diatom.kitenet.net" Stable "amd64"
|
2014-04-18 21:38:21 +00:00
|
|
|
& ipv4 "107.170.31.195"
|
|
|
|
|
|
2014-05-23 16:30:25 +00:00
|
|
|
& DigitalOcean.distroKernel
|
2014-04-11 01:09:20 +00:00
|
|
|
& Hostname.sane
|
2014-07-06 19:56:56 +00:00
|
|
|
& Ssh.hostKey SshDsa ctx
|
|
|
|
|
& Ssh.hostKey SshRsa ctx
|
|
|
|
|
& Ssh.hostKey SshEcdsa ctx
|
2014-04-11 01:09:20 +00:00
|
|
|
& Apt.unattendedUpgrades
|
|
|
|
|
& Apt.serviceInstalledRunning "ntp"
|
2014-04-14 19:35:29 +00:00
|
|
|
& Postfix.satellite
|
2014-04-21 15:10:14 +00:00
|
|
|
|
|
|
|
|
-- Diatom has 500 mb of memory, so tune for that.
|
2014-04-21 05:00:59 +00:00
|
|
|
& JoeySites.obnamLowMem
|
2014-04-21 15:10:14 +00:00
|
|
|
& Apt.serviceInstalledRunning "swapspace"
|
2014-04-14 00:22:35 +00:00
|
|
|
|
2014-04-11 01:09:20 +00:00
|
|
|
& Apt.serviceInstalledRunning "apache2"
|
2014-07-06 19:56:56 +00:00
|
|
|
& File.hasPrivContent "/etc/ssl/certs/web.pem" (Context "kitenet.net")
|
|
|
|
|
& File.hasPrivContent "/etc/ssl/private/web.pem" (Context "kitenet.net")
|
|
|
|
|
& File.hasPrivContent "/etc/ssl/certs/startssl.pem" (Context "kitenet.net")
|
2014-04-14 00:22:35 +00:00
|
|
|
& Apache.modEnabled "ssl"
|
2014-04-14 01:04:34 +00:00
|
|
|
& Apache.multiSSL
|
2014-04-13 20:53:33 +00:00
|
|
|
& File.ownerGroup "/srv/web" "joey" "joey"
|
2014-04-23 20:30:48 +00:00
|
|
|
& Apt.installed ["analog"]
|
2014-04-13 07:09:00 +00:00
|
|
|
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "git.kitenet.net"
|
|
|
|
|
& alias "git.joeyh.name"
|
2014-04-13 18:01:30 +00:00
|
|
|
& JoeySites.gitServer hosts
|
2014-04-13 15:58:22 +00:00
|
|
|
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "downloads.kitenet.net"
|
2014-04-13 21:03:21 +00:00
|
|
|
& JoeySites.annexWebSite hosts "/srv/git/downloads.git"
|
2014-04-13 20:38:58 +00:00
|
|
|
"downloads.kitenet.net"
|
|
|
|
|
"840760dc-08f0-11e2-8c61-576b7e66acfd"
|
|
|
|
|
[("turtle", "ssh://turtle.kitenet.net/~/lib/downloads/")]
|
2014-04-21 15:10:14 +00:00
|
|
|
& JoeySites.gitAnnexDistributor
|
2014-04-13 20:38:58 +00:00
|
|
|
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "tmp.kitenet.net"
|
2014-04-13 21:03:21 +00:00
|
|
|
& JoeySites.annexWebSite hosts "/srv/git/joey/tmp.git"
|
2014-04-13 20:38:58 +00:00
|
|
|
"tmp.kitenet.net"
|
2014-04-13 21:03:21 +00:00
|
|
|
"26fd6e38-1226-11e2-a75f-ff007033bdba"
|
2014-04-13 20:38:58 +00:00
|
|
|
[]
|
2014-04-14 18:40:57 +00:00
|
|
|
& JoeySites.twitRss
|
2014-04-13 20:38:58 +00:00
|
|
|
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "nntp.olduse.net"
|
2014-04-19 06:08:00 +00:00
|
|
|
& alias "resources.olduse.net"
|
2014-04-18 03:32:42 +00:00
|
|
|
& JoeySites.oldUseNetServer hosts
|
|
|
|
|
|
2014-04-19 15:23:09 +00:00
|
|
|
& alias "ns2.kitenet.net"
|
2014-04-21 02:38:59 +00:00
|
|
|
& myDnsPrimary "kitenet.net" []
|
2014-04-21 02:21:55 +00:00
|
|
|
& myDnsPrimary "joeyh.name" []
|
|
|
|
|
& myDnsPrimary "ikiwiki.info" []
|
|
|
|
|
& myDnsPrimary "olduse.net"
|
|
|
|
|
[ (RelDomain "article",
|
|
|
|
|
CNAME $ AbsDomain "virgil.koldfront.dk") ]
|
2014-04-21 02:38:59 +00:00
|
|
|
|
|
|
|
|
& alias "ns3.branchable.com"
|
2014-04-21 02:42:20 +00:00
|
|
|
& branchableSecondary
|
2014-04-23 18:27:26 +00:00
|
|
|
|
|
|
|
|
& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
|
2014-04-19 05:26:38 +00:00
|
|
|
|
2014-06-01 06:27:32 +00:00
|
|
|
-- storage and backup server
|
2014-07-06 19:56:56 +00:00
|
|
|
, let ctx = Context "elephant.kitenet.net"
|
|
|
|
|
in standardSystem "elephant.kitenet.net" Unstable "amd64"
|
2014-06-01 06:27:32 +00:00
|
|
|
& ipv4 "193.234.225.114"
|
2014-06-01 19:07:17 +00:00
|
|
|
|
2014-06-01 11:47:40 +00:00
|
|
|
& Hostname.sane
|
2014-06-01 12:06:34 +00:00
|
|
|
& Postfix.satellite
|
2014-06-01 18:47:32 +00:00
|
|
|
& Apt.unattendedUpgrades
|
2014-07-06 19:56:56 +00:00
|
|
|
& Ssh.hostKey SshDsa ctx
|
|
|
|
|
& Ssh.hostKey SshRsa ctx
|
|
|
|
|
& Ssh.hostKey SshEcdsa ctx
|
|
|
|
|
& Ssh.keyImported SshRsa "joey" ctx
|
2014-06-01 18:37:44 +00:00
|
|
|
|
2014-06-07 02:08:52 +00:00
|
|
|
-- PV-grub chaining
|
|
|
|
|
-- http://notes.pault.ag/linode-pv-grub-chainning/
|
2014-06-07 02:23:36 +00:00
|
|
|
-- (Adapted to use xvda1/hd0,0 instead of xvda/hd0)
|
2014-06-07 02:08:52 +00:00
|
|
|
& "/boot/grub/menu.lst" `File.hasContent`
|
|
|
|
|
[ "default 1"
|
|
|
|
|
, "timeout 30"
|
|
|
|
|
, ""
|
|
|
|
|
, "title grub-xen shim"
|
|
|
|
|
, "root (hd0,0)"
|
|
|
|
|
, "kernel /boot/xen-shim"
|
|
|
|
|
, "boot"
|
|
|
|
|
]
|
|
|
|
|
& "/boot/load.cf" `File.hasContent`
|
2014-06-07 02:23:36 +00:00
|
|
|
[ "configfile (xen/xvda1)/boot/grub/grub.cfg" ]
|
2014-06-07 02:08:52 +00:00
|
|
|
& Apt.installed ["grub-xen"]
|
2014-06-07 02:23:36 +00:00
|
|
|
& flagFile (scriptProperty ["update-grub; grub-mkimage --prefix '(xen/xvda1)/boot/grub' -c /boot/load.cf -O x86_64-xen /usr/lib/grub/x86_64-xen/*.mod > /boot/xen-shim"]) "/boot/xen-shim"
|
2014-07-06 21:23:55 +00:00
|
|
|
`describe` "/boot-xen-shim"
|
2014-06-07 02:08:52 +00:00
|
|
|
|
2014-06-01 18:37:44 +00:00
|
|
|
& alias "eubackup.kitenet.net"
|
|
|
|
|
& Apt.installed ["obnam", "sshfs", "rsync"]
|
2014-06-01 18:47:32 +00:00
|
|
|
& JoeySites.githubBackup
|
2014-06-07 02:46:31 +00:00
|
|
|
& JoeySites.obnamRepos ["wren", "pell"]
|
2014-06-07 04:07:08 +00:00
|
|
|
& Ssh.knownHost hosts "usw-s002.rsync.net" "joey"
|
2014-06-01 18:47:32 +00:00
|
|
|
|
|
|
|
|
& alias "podcatcher.kitenet.net"
|
|
|
|
|
& Apt.installed ["git-annex"]
|
2014-06-01 17:07:31 +00:00
|
|
|
|
2014-07-05 19:21:19 +00:00
|
|
|
& alias "znc.kitenet.net"
|
|
|
|
|
& JoeySites.ircBouncer
|
|
|
|
|
|
|
|
|
|
-- I'd rather this were on diatom, but it needs unstable.
|
|
|
|
|
& alias "kgb.kitenet.net"
|
|
|
|
|
& JoeySites.kgbServer
|
|
|
|
|
|
|
|
|
|
& alias "mumble.kitenet.net"
|
|
|
|
|
& JoeySites.mumbleServer hosts
|
|
|
|
|
|
|
|
|
|
& alias "ns3.kitenet.net"
|
|
|
|
|
& myDnsSecondary
|
|
|
|
|
|
2014-06-01 18:47:32 +00:00
|
|
|
& Docker.configured
|
2014-07-05 19:21:19 +00:00
|
|
|
|
|
|
|
|
& Docker.docked hosts "oldusenet-shellbox"
|
|
|
|
|
& Docker.docked hosts "openid-provider"
|
|
|
|
|
`requires` Apt.serviceInstalledRunning "ntp"
|
|
|
|
|
& Docker.docked hosts "ancient-kitenet"
|
|
|
|
|
|
2014-06-01 18:47:32 +00:00
|
|
|
& Docker.garbageCollected `period` (Weekly (Just 1))
|
2014-07-05 19:21:19 +00:00
|
|
|
|
|
|
|
|
-- For https port 443, shellinabox with ssh login to
|
|
|
|
|
-- kitenet.net
|
|
|
|
|
& alias "shell.kitenet.net"
|
|
|
|
|
& JoeySites.kiteShellBox
|
|
|
|
|
-- Nothing is using http port 80, so listen on
|
|
|
|
|
-- that port for ssh, for traveling on bad networks that
|
|
|
|
|
-- block 22.
|
|
|
|
|
& "/etc/ssh/sshd_config" `File.containsLine` "Port 80"
|
|
|
|
|
`onChange` Service.restarted "ssh"
|
|
|
|
|
|
2014-06-01 12:06:34 +00:00
|
|
|
|
2014-04-13 01:34:25 +00:00
|
|
|
--' __|II| ,.
|
|
|
|
|
---- __|II|II|__ ( \_,/\
|
|
|
|
|
------'\o/-'-.-'-.-'-.- __|II|II|II|II|___/ __/ -'-.-'-.-'-.-'-.-'-
|
|
|
|
|
----------------------- | [Docker] / ----------------------
|
|
|
|
|
----------------------- : / -----------------------
|
|
|
|
|
------------------------ \____, o ,' ------------------------
|
|
|
|
|
------------------------- '--,___________,' -------------------------
|
2014-04-11 03:20:12 +00:00
|
|
|
|
2014-04-08 20:58:11 +00:00
|
|
|
-- Simple web server, publishing the outside host's /var/www
|
2014-04-11 03:20:12 +00:00
|
|
|
, standardContainer "webserver" Stable "amd64"
|
|
|
|
|
& Docker.publish "8080:80"
|
|
|
|
|
& Docker.volume "/var/www:/var/www"
|
|
|
|
|
& Apt.serviceInstalledRunning "apache2"
|
2014-04-08 21:10:52 +00:00
|
|
|
|
2014-04-08 20:58:11 +00:00
|
|
|
-- My own openid provider. Uses php, so containerized for security
|
|
|
|
|
-- and administrative sanity.
|
2014-04-11 03:20:12 +00:00
|
|
|
, standardContainer "openid-provider" Stable "amd64"
|
2014-05-31 22:35:17 +00:00
|
|
|
& alias "openid.kitenet.net"
|
2014-04-11 03:20:12 +00:00
|
|
|
& Docker.publish "8081:80"
|
|
|
|
|
& OpenId.providerFor ["joey", "liw"]
|
|
|
|
|
"openid.kitenet.net:8081"
|
2014-04-13 16:21:43 +00:00
|
|
|
|
|
|
|
|
-- Exhibit: kite's 90's website.
|
2014-04-11 03:20:12 +00:00
|
|
|
, standardContainer "ancient-kitenet" Stable "amd64"
|
2014-05-31 22:35:17 +00:00
|
|
|
& alias "ancient.kitenet.net"
|
2014-04-11 03:20:12 +00:00
|
|
|
& Docker.publish "1994:80"
|
|
|
|
|
& Apt.serviceInstalledRunning "apache2"
|
2014-04-20 02:22:23 +00:00
|
|
|
& Git.cloned "root" "git://kitenet-net.branchable.com/" "/var/www"
|
2014-04-13 00:21:33 +00:00
|
|
|
(Just "remotes/origin/old-kitenet.net")
|
2014-04-10 15:02:29 +00:00
|
|
|
|
2014-05-31 17:44:28 +00:00
|
|
|
, standardContainer "oldusenet-shellbox" Stable "amd64"
|
2014-05-31 20:48:14 +00:00
|
|
|
& alias "shell.olduse.net"
|
2014-05-31 22:35:17 +00:00
|
|
|
& Docker.publish "4200:4200"
|
2014-05-31 17:44:28 +00:00
|
|
|
& JoeySites.oldUseNetShellBox
|
|
|
|
|
|
2014-04-11 03:20:12 +00:00
|
|
|
-- git-annex autobuilder containers
|
2014-05-28 01:17:53 +00:00
|
|
|
, GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h"
|
|
|
|
|
, GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h"
|
2014-05-23 01:42:57 +00:00
|
|
|
, GitAnnexBuilder.armelCompanionContainer dockerImage
|
2014-05-28 01:17:53 +00:00
|
|
|
, GitAnnexBuilder.armelAutoBuilderContainer dockerImage "1 3 * * *" "5h"
|
|
|
|
|
, GitAnnexBuilder.androidAutoBuilderContainer dockerImage "1 1 * * *" "3h"
|
|
|
|
|
|
2014-05-28 14:38:29 +00:00
|
|
|
-- for development of git-annex for android, using my git-annex
|
|
|
|
|
-- work tree
|
|
|
|
|
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
|
|
|
|
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
|
|
|
|
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
2014-06-01 17:07:31 +00:00
|
|
|
|
2014-06-01 17:40:06 +00:00
|
|
|
-- temp for an acquantance
|
2014-04-14 06:31:58 +00:00
|
|
|
] ++ monsters
|
2014-04-03 16:06:58 +00:00
|
|
|
|
2014-04-11 04:14:50 +00:00
|
|
|
-- This is my standard system setup.
|
2014-04-13 19:34:01 +00:00
|
|
|
standardSystem :: HostName -> DebianSuite -> Architecture -> Host
|
|
|
|
|
standardSystem hn suite arch = host hn
|
|
|
|
|
& os (System (Debian suite) arch)
|
2014-06-05 21:01:32 +00:00
|
|
|
& Apt.stdSourcesList `onChange` Apt.upgrade
|
2014-06-01 06:53:42 +00:00
|
|
|
& Apt.cacheCleaned
|
2014-04-10 04:10:08 +00:00
|
|
|
& Apt.installed ["etckeeper"]
|
|
|
|
|
& Apt.installed ["ssh"]
|
|
|
|
|
& GitHome.installedFor "root"
|
2014-07-06 19:56:56 +00:00
|
|
|
& User.hasSomePassword "root" (Context hn)
|
2014-04-10 04:10:08 +00:00
|
|
|
-- Harden the system, but only once root's authorized_keys
|
|
|
|
|
-- is safely in place.
|
|
|
|
|
& check (Ssh.hasAuthorizedKeys "root")
|
|
|
|
|
(Ssh.passwordAuthentication False)
|
|
|
|
|
& User.accountFor "joey"
|
2014-07-06 19:56:56 +00:00
|
|
|
& User.hasSomePassword "joey" (Context hn)
|
2014-04-10 04:10:08 +00:00
|
|
|
& Sudo.enabledFor "joey"
|
|
|
|
|
& GitHome.installedFor "joey"
|
|
|
|
|
& Apt.installed ["vim", "screen", "less"]
|
|
|
|
|
& Cron.runPropellor "30 * * * *"
|
|
|
|
|
-- I use postfix, or no MTA.
|
|
|
|
|
& Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"]
|
|
|
|
|
`onChange` Apt.autoRemove
|
|
|
|
|
|
2014-04-09 01:28:15 +00:00
|
|
|
-- This is my standard container setup, featuring automatic upgrades.
|
2014-04-11 03:20:12 +00:00
|
|
|
standardContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Host
|
2014-05-23 01:42:57 +00:00
|
|
|
standardContainer name suite arch = Docker.container name (dockerImage system)
|
2014-06-05 21:01:32 +00:00
|
|
|
& os system
|
|
|
|
|
& Apt.stdSourcesList `onChange` Apt.upgrade
|
2014-06-05 20:24:47 +00:00
|
|
|
& Apt.installed ["systemd"]
|
2014-04-11 03:20:12 +00:00
|
|
|
& Apt.unattendedUpgrades
|
2014-06-01 06:53:42 +00:00
|
|
|
& Apt.cacheCleaned
|
2014-04-11 03:20:12 +00:00
|
|
|
where
|
|
|
|
|
system = System (Debian suite) arch
|
|
|
|
|
|
2014-04-19 21:16:13 +00:00
|
|
|
-- Docker images I prefer to use.
|
2014-05-23 01:42:57 +00:00
|
|
|
dockerImage :: System -> Docker.Image
|
|
|
|
|
dockerImage (System (Debian Unstable) arch) = "joeyh/debian-unstable-" ++ arch
|
2014-06-10 04:53:54 +00:00
|
|
|
dockerImage (System (Debian Testing) arch) = "joeyh/debian-unstable-" ++ arch
|
2014-05-23 01:42:57 +00:00
|
|
|
dockerImage (System (Debian Stable) arch) = "joeyh/debian-stable-" ++ arch
|
|
|
|
|
dockerImage _ = "debian-stable-official" -- does not currently exist!
|
2014-04-08 23:42:54 +00:00
|
|
|
|
2014-04-19 05:26:38 +00:00
|
|
|
myDnsSecondary :: Property
|
2014-04-19 15:00:48 +00:00
|
|
|
myDnsSecondary = propertyList "dns secondary for all my domains" $ map toProp
|
2014-04-21 02:52:18 +00:00
|
|
|
[ Dns.secondary hosts "kitenet.net"
|
|
|
|
|
, Dns.secondary hosts "joeyh.name"
|
|
|
|
|
, Dns.secondary hosts "ikiwiki.info"
|
2014-04-19 05:55:32 +00:00
|
|
|
, Dns.secondary hosts "olduse.net"
|
2014-04-10 05:46:33 +00:00
|
|
|
]
|
2014-04-21 02:42:20 +00:00
|
|
|
|
|
|
|
|
branchableSecondary :: RevertableProperty
|
|
|
|
|
branchableSecondary = Dns.secondaryFor ["branchable.com"] hosts "branchable.com"
|
2014-04-11 01:09:20 +00:00
|
|
|
|
2014-04-21 02:38:59 +00:00
|
|
|
-- Currently using diatom (ns2) as primary with secondaries
|
2014-07-05 19:21:19 +00:00
|
|
|
-- elephant (ns3) and gandi.
|
2014-04-21 02:21:55 +00:00
|
|
|
-- kite handles all mail.
|
|
|
|
|
myDnsPrimary :: Domain -> [(BindDomain, Record)] -> RevertableProperty
|
|
|
|
|
myDnsPrimary domain extras = Dns.primary hosts domain
|
|
|
|
|
(Dns.mkSOA "ns2.kitenet.net" 100) $
|
|
|
|
|
[ (RootDomain, NS $ AbsDomain "ns2.kitenet.net")
|
2014-07-05 19:21:19 +00:00
|
|
|
, (RootDomain, NS $ AbsDomain "ns3.kitenet.net")
|
2014-04-21 02:21:55 +00:00
|
|
|
, (RootDomain, NS $ AbsDomain "ns6.gandi.net")
|
|
|
|
|
, (RootDomain, MX 0 $ AbsDomain "kitenet.net")
|
|
|
|
|
, (RootDomain, TXT "v=spf1 a ?all")
|
|
|
|
|
] ++ extras
|
2014-04-14 06:24:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
-- o
|
|
|
|
|
-- ___ o o
|
|
|
|
|
{-----\ / o \ ___o o
|
|
|
|
|
{ \ __ \ / _ (X___>-- __o
|
|
|
|
|
_____________________{ ______\___ \__/ | \__/ \____ |X__>
|
|
|
|
|
< \___//|\\___/\ \____________ _
|
|
|
|
|
\ ___/ | \___ # # \ (-)
|
2014-04-14 06:45:58 +00:00
|
|
|
\ O O O # | \ # >=)
|
2014-04-14 06:24:55 +00:00
|
|
|
\______________________________# # / #__________________/ (-}
|
|
|
|
|
|
|
|
|
|
|
2014-04-14 06:31:58 +00:00
|
|
|
monsters :: [Host] -- Systems I don't manage with propellor,
|
2014-04-18 21:38:21 +00:00
|
|
|
monsters = -- but do want to track their public keys etc.
|
2014-04-14 06:31:58 +00:00
|
|
|
[ host "usw-s002.rsync.net"
|
|
|
|
|
& sshPubKey "ssh-dss AAAAB3NzaC1kc3MAAAEBAI6ZsoW8a+Zl6NqUf9a4xXSMcV1akJHDEKKBzlI2YZo9gb9YoCf5p9oby8THUSgfh4kse7LJeY7Nb64NR6Y/X7I2/QzbE1HGGl5mMwB6LeUcJ74T3TQAlNEZkGt/MOIVLolJHk049hC09zLpkUDtX8K0t1yaCirC9SxDGLTCLEhvU9+vVdVrdQlKZ9wpLUNbdAzvbra+O/IVvExxDZ9WCHrnfNA8ddVZIGEWMqsoNgiuCxiXpi8qL+noghsSQNFTXwo7W2Vp9zj1JkCt3GtSz5IzEpARQaXEAWNEM0n1nJ686YUOhou64iRM8bPC1lp3QXvvZNgj3m+QHhIempx+de8AAAAVAKB5vUDaZOg14gRn7Bp81ja/ik+RAAABACPH/bPbW912x1NxNiikzGR6clLh+bLpIp8Qie3J7DwOr8oC1QOKjNDK+UgQ7mDQEgr4nGjNKSvpDi4c1QCw4sbLqQgx1y2VhT0SmUPHf5NQFldRQyR/jcevSSwOBxszz3aq9AwHiv9OWaO3XY18suXPouiuPTpIcZwc2BLDNHFnDURQeGEtmgqj6gZLIkTY0iw7q9Tj5FOyl4AkvEJC5B4CSzaWgey93Wqn1Imt7KI8+H9lApMKziVL1q+K7xAuNkGmx5YOSNlE6rKAPtsIPHZGxR7dch0GURv2jhh0NQYvBRn3ukCjuIO5gx56HLgilq59/o50zZ4NcT7iASF76TcAAAEAC6YxX7rrs8pp13W4YGiJHwFvIO1yXLGOdqu66JM0plO4J1ItV1AQcazOXLiliny3p2/W+wXZZKd5HIRt52YafCA8YNyMk/sF7JcTR4d4z9CfKaAxh0UpzKiAk+0j/Wu3iPoTOsyt7N0j1+dIyrFodY2sKKuBMT4TQ0yqQpbC+IDQv2i1IlZAPneYGfd5MIGygs2QMfaMQ1jWAKJvEO0vstZ7GB6nDAcg4in3ZiBHtomx3PL5w+zg48S4Ed69BiFXLZ1f6MnjpUOP75pD4MP6toS0rgK9b93xCrEQLgm4oD/7TCHHBo2xR7wwcsN2OddtwWsEM2QgOkt/jdCAoVCqwQ=="
|
|
|
|
|
, host "github.com"
|
|
|
|
|
& sshPubKey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
|
2014-04-23 19:04:35 +00:00
|
|
|
, host "ns6.gandi.net"
|
|
|
|
|
& ipv4 "217.70.177.40"
|
2014-04-18 21:38:21 +00:00
|
|
|
, host "turtle.kitenet.net"
|
|
|
|
|
& ipv4 "67.223.19.96"
|
|
|
|
|
& ipv6 "2001:4978:f:2d9::2"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "backup.kitenet.net"
|
2014-04-18 21:38:21 +00:00
|
|
|
& sshPubKey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAokMXQiX/NZjA1UbhMdgAscnS5dsmy+Q7bWrQ6tsTZ/o+6N/T5cbjoBHOdpypXJI3y/PiJTDJaQtXIhLa8gFg/EvxMnMz/KG9skADW1361JmfCc4BxicQIO2IOOe6eilPr+YsnOwiHwL0vpUnuty39cppuMWVD25GzxXlS6KQsLCvXLzxLLuNnGC43UAM0q4UwQxDtAZEK1dH2o3HMWhgMP2qEQupc24dbhpO3ecxh2C9678a3oGDuDuNf7mLp3s7ptj5qF3onitpJ82U5o7VajaHoygMaSRFeWxP2c13eM57j3bLdLwxVXFhePcKXARu1iuFTLS5uUf3hN6MkQcOGw=="
|
|
|
|
|
, host "wren.kitenet.net"
|
|
|
|
|
& ipv4 "80.68.85.49"
|
|
|
|
|
& ipv6 "2001:41c8:125:49::10"
|
2014-04-19 15:23:09 +00:00
|
|
|
& alias "kitenet.net"
|
|
|
|
|
& alias "ns1.kitenet.net"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "ftp.kitenet.net"
|
|
|
|
|
& alias "mail.kitenet.net"
|
|
|
|
|
& alias "smtp.kitenet.net"
|
|
|
|
|
& alias "sows-ear.kitenet.net"
|
|
|
|
|
& alias "www.sows-ear.kitenet.net"
|
|
|
|
|
& alias "wortroot.kitenet.net"
|
|
|
|
|
& alias "www.wortroot.kitenet.net"
|
|
|
|
|
& alias "joey.kitenet.net"
|
2014-05-31 17:15:38 +00:00
|
|
|
& alias "anna.kitenet.net"
|
2014-05-09 13:17:39 +00:00
|
|
|
& alias "bitlbee.kitenet.net"
|
2014-05-31 17:15:38 +00:00
|
|
|
{- Remaining services on kite:
|
|
|
|
|
-
|
|
|
|
|
- mail
|
|
|
|
|
- postfix
|
|
|
|
|
- postgrey
|
|
|
|
|
- mailman
|
|
|
|
|
- spamassassin
|
|
|
|
|
- sqwebmail
|
|
|
|
|
- courier
|
|
|
|
|
- imap
|
|
|
|
|
- tls
|
|
|
|
|
- apache
|
|
|
|
|
- some static websites
|
|
|
|
|
- bitlbee
|
|
|
|
|
- prosody
|
2014-07-05 19:21:19 +00:00
|
|
|
- (used by daddy's git-annex)
|
2014-05-31 17:15:38 +00:00
|
|
|
- named
|
|
|
|
|
- (branchable is still pushing to here
|
|
|
|
|
- (thinking it's ns2.branchable.com), but it's no
|
|
|
|
|
- longer a primary or secondary for anything)
|
|
|
|
|
- ftpd (EOL)
|
|
|
|
|
-
|
|
|
|
|
- user shell stuff:
|
2014-05-31 17:41:28 +00:00
|
|
|
- pine, zsh, make, git-annex, myrepos, ...
|
2014-05-31 17:15:38 +00:00
|
|
|
-}
|
2014-04-21 02:21:55 +00:00
|
|
|
, host "mouse.kitenet.net"
|
|
|
|
|
& ipv6 "2001:4830:1600:492::2"
|
2014-04-21 03:02:46 +00:00
|
|
|
, host "beaver.kitenet.net"
|
2014-04-21 02:21:55 +00:00
|
|
|
& ipv6 "2001:4830:1600:195::2"
|
|
|
|
|
, host "hydra.kitenet.net"
|
|
|
|
|
& ipv4 "192.25.206.60"
|
2014-04-19 01:58:23 +00:00
|
|
|
, host "branchable.com"
|
2014-04-18 21:38:21 +00:00
|
|
|
& ipv4 "66.228.46.55"
|
|
|
|
|
& ipv6 "2600:3c03::f03c:91ff:fedf:c0e5"
|
2014-04-19 05:28:46 +00:00
|
|
|
& alias "olduse.net"
|
|
|
|
|
& alias "www.olduse.net"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "www.kitenet.net"
|
2014-04-21 01:55:40 +00:00
|
|
|
& alias "joeyh.name"
|
|
|
|
|
& alias "campaign.joeyh.name"
|
|
|
|
|
& alias "ikiwiki.info"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "git.ikiwiki.info"
|
2014-04-21 01:55:40 +00:00
|
|
|
& alias "l10n.ikiwiki.info"
|
2014-04-21 02:21:55 +00:00
|
|
|
& alias "dist-bugs.kitenet.net"
|
|
|
|
|
& alias "family.kitenet.net"
|
2014-04-23 18:27:26 +00:00
|
|
|
, host "animx"
|
|
|
|
|
& ipv4 "76.7.162.101"
|
2014-04-23 23:26:02 +00:00
|
|
|
& ipv4 "76.7.162.186"
|
2014-04-14 06:31:58 +00:00
|
|
|
]
|
