propellor/config.hs

121 lines
4.3 KiB
Haskell
Raw Normal View History

-- | This is the main configuration file for Propellor, and is used to build
-- the propellor program.
2014-04-01 22:56:56 +00:00
--
-- This is the live config file used by propellor's author.
-- For a simpler starting point, see config.hs.simple.
2014-03-31 03:59:07 +00:00
2014-03-31 03:55:59 +00:00
import Propellor
2014-03-31 03:37:54 +00:00
import Propellor.CmdLine
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Network as Network
import qualified Propellor.Property.Ssh as Ssh
2014-03-31 05:29:47 +00:00
import qualified Propellor.Property.Cron as Cron
2014-03-31 03:37:54 +00:00
import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.User as User
import qualified Propellor.Property.Hostname as Hostname
import qualified Propellor.Property.Reboot as Reboot
import qualified Propellor.Property.Tor as Tor
import qualified Propellor.Property.Docker as Docker
2014-04-01 20:58:11 +00:00
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
2014-03-30 04:08:02 +00:00
main :: IO ()
main = defaultMain [host, Docker.containerProperties container]
2014-03-30 04:08:02 +00:00
-- | This is where the system's HostName, either as returned by uname
-- or one specified on the command line, is converted into a list of
-- Properties for that system.
--
-- Edit this to configure propellor!
host :: HostName -> Maybe [Property]
host hostname@"clam.kitenet.net" = Just
2014-03-30 06:26:23 +00:00
[ cleanCloudAtCost hostname
2014-04-01 20:58:11 +00:00
, standardSystem Unstable
2014-03-31 14:43:51 +00:00
, Apt.unattendedUpgrades True
2014-03-31 03:02:10 +00:00
, Network.ipv6to4
2014-03-31 05:13:08 +00:00
-- Clam is a tor bridge, and an olduse.net shellbox and other
-- fun stuff.
2014-03-30 20:15:27 +00:00
, Tor.isBridge
2014-03-31 02:14:14 +00:00
, JoeySites.oldUseNetshellBox
2014-03-31 01:01:18 +00:00
, Docker.configured
, File.dirExists "/var/www"
2014-04-01 20:58:11 +00:00
, Docker.docked container hostname "webserver"
2014-03-31 05:16:01 +00:00
, Apt.installed ["git-annex", "mtr"]
2014-03-30 06:12:48 +00:00
-- Should come last as it reboots.
2014-03-30 17:39:09 +00:00
, Apt.installed ["systemd-sysv"] `onChange` Reboot.now
2014-03-30 06:12:48 +00:00
]
2014-04-01 20:58:11 +00:00
host hostname@"orca.kitenet.net" = Just
[ standardSystem Unstable
2014-03-31 14:43:51 +00:00
, Apt.unattendedUpgrades True
2014-03-31 23:22:49 +00:00
, Docker.configured
2014-04-01 20:58:11 +00:00
, Docker.docked container hostname "git-annex-amd64-builder"
2014-03-31 14:43:51 +00:00
]
2014-03-30 06:12:48 +00:00
-- add more hosts here...
--host "foo.example.com" =
host _ = Nothing
-- | This is where Docker containers are set up. A container
-- can vary by hostname where it's used, or be the same everywhere.
container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container)
2014-04-01 20:58:11 +00:00
container _ "webserver" = Just $ Docker.containerFrom
(image $ System (Debian Unstable) Amd64)
2014-04-01 18:54:06 +00:00
[ Docker.publish "8080:80"
, Docker.volume "/var/www:/var/www"
2014-04-01 15:59:48 +00:00
, Docker.inside
[ serviceRunning "apache2"
`requires` Apt.installed ["apache2"]
]
]
2014-04-01 20:58:11 +00:00
container _ "git-annex-amd64-builder" = Just $ Docker.containerFrom
(image $ System (Debian Unstable) Amd64)
2014-04-01 22:06:02 +00:00
[ Docker.inside [ GitAnnexBuilder.builder Amd64 "15 * * * *" ] ]
container _ _ = Nothing
2014-03-30 06:12:48 +00:00
2014-04-01 20:58:11 +00:00
-- | Docker images I prefer to use.
-- Edit as suites you, or delete this function and just put the image names
-- above.
image :: System -> Docker.Image
image (System (Debian Unstable) Amd64) = "joeyh/debian-unstable"
image (System (Debian Unstable) I386) = "joeyh/debian-i386"
image _ = "debian"
2014-03-30 06:12:48 +00:00
-- This is my standard system setup
2014-04-01 20:58:11 +00:00
standardSystem :: DebianSuite -> Property
2014-03-30 06:26:23 +00:00
standardSystem suite = propertyList "standard system"
2014-03-30 06:12:48 +00:00
[ Apt.stdSourcesList suite `onChange` Apt.upgrade
2014-03-30 04:28:56 +00:00
, Apt.installed ["etckeeper"]
, Apt.installed ["ssh"]
, GitHome.installedFor "root"
2014-03-31 00:18:45 +00:00
, User.hasSomePassword "root"
2014-03-30 04:28:56 +00:00
-- Harden the system, but only once root's authorized_keys
-- is safely in place.
, check (Ssh.hasAuthorizedKeys "root") $
Ssh.passwordAuthentication False
2014-04-01 20:58:11 +00:00
, User.accountFor "joey"
2014-03-31 00:18:45 +00:00
, User.hasSomePassword "joey"
2014-03-31 00:46:31 +00:00
, Sudo.enabledFor "joey"
, GitHome.installedFor "joey"
2014-04-01 23:33:06 +00:00
, Apt.installed ["vim", "screen", "less"]
2014-03-31 05:29:47 +00:00
, Cron.runPropellor "30 * * * *"
2014-03-30 20:15:27 +00:00
-- I use postfix, or no MTA.
, Apt.removed ["exim4"] `onChange` Apt.autoRemove
]
2014-03-30 06:26:23 +00:00
-- Clean up a system as installed by cloudatcost.com
cleanCloudAtCost :: HostName -> Property
cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
2014-03-30 20:53:31 +00:00
[ Hostname.set hostname
2014-03-30 06:26:23 +00:00
, Ssh.uniqueHostKeys
2014-03-30 20:49:59 +00:00
, "worked around grub/lvm boot bug #743126" ==>
"/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
2014-03-30 17:39:09 +00:00
`onChange` cmdProperty "update-grub" []
2014-03-31 03:55:59 +00:00
`onChange` cmdProperty "update-initramfs" ["-u"]
2014-04-01 21:32:37 +00:00
, combineProperties "nuked cloudatcost cruft"
2014-03-30 20:53:31 +00:00
[ File.notPresent "/etc/rc.local"
, File.notPresent "/etc/init.d/S97-setup.sh"
, User.nuked "user" User.YesReallyDeleteHome
]
2014-03-30 06:26:23 +00:00
]