cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'joeyconfig'

This commit is contained in:
Joey Hess 2015-08-14 15:01:57 -04:00
parent 205114b108 eb76708b20
commit 00dead44a1
9 changed files with 54 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
config-joey.hs
View File

@ -145,29 +145,30 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
honeybee :: Host honeybee :: Host
honeybee = standardSystem "honeybee.kitenet.net" Testing "armhf" honeybee = standardSystem "honeybee.kitenet.net" Testing "armhf"
[ "Arm git-annex build box." ] [ "Arm git-annex build box." ]
-- I have to travel to get console access, so no automatic
-- upgrades, and try to be robust.
& "/etc/default/rcS" `File.containsLine` "FSCKFIX=yes"
& Apt.installed ["flash-kernel"]
& "/etc/flash-kernel/machine" `File.hasContent` ["Cubietech Cubietruck"]
& Apt.installed ["linux-image-armmp"]
& Network.dhcp "eth0" `requires` Network.cleanInterfacesFile
& Postfix.satellite
-- ipv6 used for remote access thru firewalls
& Apt.serviceInstalledRunning "aiccu"
& ipv6 "2001:4830:1600:187::2" & ipv6 "2001:4830:1600:187::2"
-- No unattended upgrades as there is currently no console access. -- In case compiler needs more than available ram
-- (Also, system is not currently running a stock kernel,
-- although it should be able to.)
& Postfix.satellite
& Apt.serviceInstalledRunning "aiccu"
& Apt.serviceInstalledRunning "swapspace" & Apt.serviceInstalledRunning "swapspace"
-- No hardware clock.
& Apt.serviceInstalledRunning "ntp" & Apt.serviceInstalledRunning "ntp"
-- Not using systemd-nspawn because it's broken (kernel issue?) & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
-- & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer GitAnnexBuilder.armAutoBuilder
-- GitAnnexBuilder.armAutoBuilder (System (Debian Unstable) "armel") Cron.Daily "22h")
-- builderos Cron.Daily "22h")
& Chroot.provisioned
(Chroot.debootstrapped builderos mempty "/var/lib/container/armel-git-annex-builder"
& "/etc/timezone" `File.hasContent` ["America/New_York"]
& GitAnnexBuilder.armAutoBuilder
builderos (Cron.Times "1 1 * * *") "12h"
)
where
-- Using unstable to get new enough ghc for TH on arm.
builderos = System (Debian Unstable) "armel"
-- This is not a complete description of kite, since it's a -- This is not a complete description of kite, since it's a
-- multiuser system with eg, user passwords that are not deployed -- multiuser system with eg, user passwords that are not deployed

8
debian/changelog vendored
View File

@ -1,3 +1,11 @@
propellor (2.7.1) unstable; urgency=medium
* Make sure that make is installed when bootstrapping propellor.
* Fix bug in Firewall's Port datatype to iptable parameter translation code.
Thanks, Antoine Eiche.
-- Joey Hess <id@joeyh.name> Fri, 14 Aug 2015 15:01:37 -0400
propellor (2.7.0) unstable; urgency=medium propellor (2.7.0) unstable; urgency=medium
* Ssh.permitRootLogin type changed to allow configuring WithoutPassword * Ssh.permitRootLogin type changed to allow configuring WithoutPassword

1
debian/control vendored
View File

@ -40,6 +40,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
libghc-transformers-dev, libghc-transformers-dev,
libghc-exceptions-dev (>= 0.6), libghc-exceptions-dev (>= 0.6),
git, git,
make,
Description: property-based host configuration management in haskell Description: property-based host configuration management in haskell
Propellor enures that the system it's run in satisfies a list of Propellor enures that the system it's run in satisfies a list of
properties, taking action as necessary when a property is not yet met. properties, taking action as necessary when a property is not yet met.

2
propellor.cabal
View File

@ -1,5 +1,5 @@
Name: propellor Name: propellor
Version: 2.7.0 Version: 2.7.1
Cabal-Version: >= 1.8 Cabal-Version: >= 1.8
License: BSD3 License: BSD3
Maintainer: Joey Hess <id@joeyh.name> Maintainer: Joey Hess <id@joeyh.name>

1
src/Propellor/Bootstrap.hs
View File

@ -81,6 +81,7 @@ depsCommand = "( " ++ intercalate " ; " (concat [osinstall, cabalinstall]) ++ "
, "libghc-mtl-dev" , "libghc-mtl-dev"
, "libghc-transformers-dev" , "libghc-transformers-dev"
, "libghc-exceptions-dev" , "libghc-exceptions-dev"
, "make"
] ]
installGitCommand :: ShellCommand installGitCommand :: ShellCommand

19
src/Propellor/Property/Firewall.hs
View File

@ -42,13 +42,18 @@ toIpTable r = map Param $
(toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ] (toIpTableArg (ruleRules r)) ++ [ "-j" , show $ ruleTarget r ]
toIpTableArg :: Rules -> [String] toIpTableArg :: Rules -> [String]
toIpTableArg Everything = [] toIpTableArg Everything = []
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
toIpTableArg (DPort port) = ["--dport", show port] toIpTableArg (DPort (Port port)) = ["--dport", show port]
toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] toIpTableArg (DPortRange (Port f, Port t)) =
toIpTableArg (IFace iface) = ["-i", iface] ["--dport", show f ++ ":" ++ show t]
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] toIpTableArg (IFace iface) = ["-i", iface]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' toIpTableArg (Ctstate states) =
[ "-m"
, "conntrack"
, "--ctstate", concat $ intersperse "," (map show states)
]
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
data Rule = Rule data Rule = Rule
{ ruleChain :: Chain { ruleChain :: Chain

9
src/Propellor/Property/Network.hs
View File

@ -27,6 +27,15 @@ cleanInterfacesFile = hasContent interfacesFile
] ]
`describe` ("clean " ++ interfacesFile) `describe` ("clean " ++ interfacesFile)
-- | Configures an interface to get its address via dhcp.
dhcp :: Interface -> Property NoInfo
dhcp iface = hasContent (interfaceDFile iface)
[ "auto " ++ iface
, "iface " ++ iface ++ " inet dhcp"
]
`describe` ("dhcp " ++ iface)
`requires` interfacesDEnabled
-- | Writes a static interface file for the specified interface. -- | Writes a static interface file for the specified interface.
-- --
-- The interface has to be up already. It could have been brought up by -- The interface has to be up already. It could have been brought up by

5
src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
View File

@ -115,8 +115,8 @@ standardAutoBuilder osver@(System _ arch) =
& User.accountFor (User builduser) & User.accountFor (User builduser)
& tree arch & tree arch
armAutoBuilder :: System -> Times -> TimeOut -> Property HasInfo armAutoBuilder :: System -> Property HasInfo
armAutoBuilder osver@(System _ arch) crontime timeout = armAutoBuilder osver =
propertyList "arm git-annex autobuilder" $ props propertyList "arm git-annex autobuilder" $ props
& standardAutoBuilder osver & standardAutoBuilder osver
& buildDepsNoHaskellLibs & buildDepsNoHaskellLibs
@ -126,7 +126,6 @@ armAutoBuilder osver@(System _ arch) crontime timeout =
-- Install patched haskell packages for portability to -- Install patched haskell packages for portability to
-- arm NAS's using old kernel versions. -- arm NAS's using old kernel versions.
& haskellPkgsInstalled "linux" & haskellPkgsInstalled "linux"
& autobuilder arch crontime timeout
androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container
androidAutoBuilderContainer crontimes timeout = androidAutoBuilderContainer crontimes timeout =

1
src/Propellor/Property/SiteSpecific/IABak.hs
View File

@ -36,6 +36,7 @@ gitServer knownhosts = propertyList "iabak git server" $ props
"/usr/local/IA.BAK/shardstats-all" "/usr/local/IA.BAK/shardstats-all"
& Cron.niceJob "shardmaint" Cron.Daily (User "root") "/" & Cron.niceJob "shardmaint" Cron.Daily (User "root") "/"
"/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint" "/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint"
& Apt.installed ["git-annex"]
registrationServer :: [Host] -> Property HasInfo registrationServer :: [Host] -> Property HasInfo
registrationServer knownhosts = propertyList "iabak registration server" $ props registrationServer knownhosts = propertyList "iabak registration server" $ props