2014-04-01 05:12:05 +00:00
|
|
|
-- | This is the main configuration file for Propellor, and is used to build
|
|
|
|
-- the propellor program.
|
2014-04-01 22:56:56 +00:00
|
|
|
--
|
|
|
|
-- This is the live config file used by propellor's author.
|
|
|
|
-- For a simpler starting point, see config.hs.simple.
|
2014-03-31 03:59:07 +00:00
|
|
|
|
2014-03-31 03:55:59 +00:00
|
|
|
import Propellor
|
2014-03-31 03:37:54 +00:00
|
|
|
import Propellor.CmdLine
|
|
|
|
import qualified Propellor.Property.File as File
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
|
|
|
import qualified Propellor.Property.Network as Network
|
|
|
|
import qualified Propellor.Property.Ssh as Ssh
|
2014-03-31 05:29:47 +00:00
|
|
|
import qualified Propellor.Property.Cron as Cron
|
2014-03-31 03:37:54 +00:00
|
|
|
import qualified Propellor.Property.Sudo as Sudo
|
|
|
|
import qualified Propellor.Property.User as User
|
|
|
|
import qualified Propellor.Property.Hostname as Hostname
|
|
|
|
import qualified Propellor.Property.Reboot as Reboot
|
|
|
|
import qualified Propellor.Property.Tor as Tor
|
|
|
|
import qualified Propellor.Property.Docker as Docker
|
2014-04-01 20:58:11 +00:00
|
|
|
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
|
|
|
|
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
|
|
|
|
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
|
2014-03-30 03:10:52 +00:00
|
|
|
|
2014-03-30 04:08:02 +00:00
|
|
|
main :: IO ()
|
2014-04-01 05:12:05 +00:00
|
|
|
main = defaultMain [host, Docker.containerProperties container]
|
2014-03-30 04:08:02 +00:00
|
|
|
|
2014-04-01 05:12:05 +00:00
|
|
|
-- | This is where the system's HostName, either as returned by uname
|
|
|
|
-- or one specified on the command line, is converted into a list of
|
|
|
|
-- Properties for that system.
|
|
|
|
--
|
|
|
|
-- Edit this to configure propellor!
|
|
|
|
host :: HostName -> Maybe [Property]
|
|
|
|
host hostname@"clam.kitenet.net" = Just
|
2014-03-30 06:26:23 +00:00
|
|
|
[ cleanCloudAtCost hostname
|
2014-04-01 20:58:11 +00:00
|
|
|
, standardSystem Unstable
|
2014-03-31 14:43:51 +00:00
|
|
|
, Apt.unattendedUpgrades True
|
2014-03-31 03:02:10 +00:00
|
|
|
, Network.ipv6to4
|
2014-03-31 05:13:08 +00:00
|
|
|
-- Clam is a tor bridge, and an olduse.net shellbox and other
|
|
|
|
-- fun stuff.
|
2014-03-30 20:15:27 +00:00
|
|
|
, Tor.isBridge
|
2014-03-31 02:14:14 +00:00
|
|
|
, JoeySites.oldUseNetshellBox
|
2014-03-31 01:01:18 +00:00
|
|
|
, Docker.configured
|
2014-04-01 05:12:05 +00:00
|
|
|
, File.dirExists "/var/www"
|
2014-04-01 20:58:11 +00:00
|
|
|
, Docker.docked container hostname "webserver"
|
2014-03-31 05:16:01 +00:00
|
|
|
, Apt.installed ["git-annex", "mtr"]
|
2014-03-30 06:12:48 +00:00
|
|
|
-- Should come last as it reboots.
|
2014-03-30 17:39:09 +00:00
|
|
|
, Apt.installed ["systemd-sysv"] `onChange` Reboot.now
|
2014-03-30 06:12:48 +00:00
|
|
|
]
|
2014-04-01 20:58:11 +00:00
|
|
|
host hostname@"orca.kitenet.net" = Just
|
|
|
|
[ standardSystem Unstable
|
2014-03-31 14:43:51 +00:00
|
|
|
, Apt.unattendedUpgrades True
|
2014-03-31 23:22:49 +00:00
|
|
|
, Docker.configured
|
2014-04-01 20:58:11 +00:00
|
|
|
, Docker.docked container hostname "git-annex-amd64-builder"
|
2014-03-31 14:43:51 +00:00
|
|
|
]
|
2014-03-30 06:12:48 +00:00
|
|
|
-- add more hosts here...
|
2014-04-01 05:12:05 +00:00
|
|
|
--host "foo.example.com" =
|
|
|
|
host _ = Nothing
|
|
|
|
|
|
|
|
-- | This is where Docker containers are set up. A container
|
|
|
|
-- can vary by hostname where it's used, or be the same everywhere.
|
|
|
|
container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container)
|
2014-04-01 20:58:11 +00:00
|
|
|
container _ "webserver" = Just $ Docker.containerFrom
|
|
|
|
(image $ System (Debian Unstable) Amd64)
|
2014-04-01 18:54:06 +00:00
|
|
|
[ Docker.publish "8080:80"
|
2014-04-01 05:12:05 +00:00
|
|
|
, Docker.volume "/var/www:/var/www"
|
2014-04-01 15:59:48 +00:00
|
|
|
, Docker.inside
|
|
|
|
[ serviceRunning "apache2"
|
|
|
|
`requires` Apt.installed ["apache2"]
|
|
|
|
]
|
2014-04-01 05:12:05 +00:00
|
|
|
]
|
2014-04-01 20:58:11 +00:00
|
|
|
container _ "git-annex-amd64-builder" = Just $ Docker.containerFrom
|
|
|
|
(image $ System (Debian Unstable) Amd64)
|
2014-04-01 22:06:02 +00:00
|
|
|
[ Docker.inside [ GitAnnexBuilder.builder Amd64 "15 * * * *" ] ]
|
2014-04-01 05:12:05 +00:00
|
|
|
container _ _ = Nothing
|
2014-03-30 06:12:48 +00:00
|
|
|
|
2014-04-01 20:58:11 +00:00
|
|
|
-- | Docker images I prefer to use.
|
|
|
|
-- Edit as suites you, or delete this function and just put the image names
|
|
|
|
-- above.
|
|
|
|
image :: System -> Docker.Image
|
|
|
|
image (System (Debian Unstable) Amd64) = "joeyh/debian-unstable"
|
|
|
|
image (System (Debian Unstable) I386) = "joeyh/debian-i386"
|
|
|
|
image _ = "debian"
|
|
|
|
|
2014-03-30 06:12:48 +00:00
|
|
|
-- This is my standard system setup
|
2014-04-01 20:58:11 +00:00
|
|
|
standardSystem :: DebianSuite -> Property
|
2014-03-30 06:26:23 +00:00
|
|
|
standardSystem suite = propertyList "standard system"
|
2014-03-30 06:12:48 +00:00
|
|
|
[ Apt.stdSourcesList suite `onChange` Apt.upgrade
|
2014-03-30 04:28:56 +00:00
|
|
|
, Apt.installed ["etckeeper"]
|
|
|
|
, Apt.installed ["ssh"]
|
2014-03-30 03:24:40 +00:00
|
|
|
, GitHome.installedFor "root"
|
2014-03-31 00:18:45 +00:00
|
|
|
, User.hasSomePassword "root"
|
2014-03-30 04:28:56 +00:00
|
|
|
-- Harden the system, but only once root's authorized_keys
|
|
|
|
-- is safely in place.
|
2014-03-30 03:10:52 +00:00
|
|
|
, check (Ssh.hasAuthorizedKeys "root") $
|
|
|
|
Ssh.passwordAuthentication False
|
2014-04-01 20:58:11 +00:00
|
|
|
, User.accountFor "joey"
|
2014-03-31 00:18:45 +00:00
|
|
|
, User.hasSomePassword "joey"
|
2014-03-31 00:46:31 +00:00
|
|
|
, Sudo.enabledFor "joey"
|
2014-03-30 03:24:40 +00:00
|
|
|
, GitHome.installedFor "joey"
|
2014-04-01 23:33:06 +00:00
|
|
|
, Apt.installed ["vim", "screen", "less"]
|
2014-03-31 05:29:47 +00:00
|
|
|
, Cron.runPropellor "30 * * * *"
|
2014-03-30 20:15:27 +00:00
|
|
|
-- I use postfix, or no MTA.
|
|
|
|
, Apt.removed ["exim4"] `onChange` Apt.autoRemove
|
2014-03-30 03:10:52 +00:00
|
|
|
]
|
2014-03-30 06:26:23 +00:00
|
|
|
|
|
|
|
-- Clean up a system as installed by cloudatcost.com
|
|
|
|
cleanCloudAtCost :: HostName -> Property
|
|
|
|
cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
|
2014-03-30 20:53:31 +00:00
|
|
|
[ Hostname.set hostname
|
2014-03-30 06:26:23 +00:00
|
|
|
, Ssh.uniqueHostKeys
|
2014-03-30 20:49:59 +00:00
|
|
|
, "worked around grub/lvm boot bug #743126" ==>
|
|
|
|
"/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
|
2014-03-30 17:39:09 +00:00
|
|
|
`onChange` cmdProperty "update-grub" []
|
2014-03-31 03:55:59 +00:00
|
|
|
`onChange` cmdProperty "update-initramfs" ["-u"]
|
2014-04-01 21:32:37 +00:00
|
|
|
, combineProperties "nuked cloudatcost cruft"
|
2014-03-30 20:53:31 +00:00
|
|
|
[ File.notPresent "/etc/rc.local"
|
|
|
|
, File.notPresent "/etc/init.d/S97-setup.sh"
|
|
|
|
, User.nuked "user" User.YesReallyDeleteHome
|
|
|
|
]
|
2014-03-30 06:26:23 +00:00
|
|
|
]
|