propellor spin

This commit is contained in:
Joey Hess 2014-04-17 22:09:29 -04:00
parent 0485387aa0
commit 0e0a70f794
Failed to extract signature
4 changed files with 93 additions and 9 deletions

View File

@ -17,6 +17,8 @@ sourcesList = "/etc/apt/sources.list"
type Url = String type Url = String
type Section = String type Section = String
type SourcesGenerator = DebianSuite -> [Line]
showSuite :: DebianSuite -> String showSuite :: DebianSuite -> String
showSuite Stable = "stable" showSuite Stable = "stable"
showSuite Testing = "testing" showSuite Testing = "testing"
@ -39,7 +41,7 @@ srcLine l = case words l of
stdSections :: [Section] stdSections :: [Section]
stdSections = ["main", "contrib", "non-free"] stdSections = ["main", "contrib", "non-free"]
binandsrc :: String -> DebianSuite -> [Line] binandsrc :: String -> SourcesGenerator
binandsrc url suite binandsrc url suite
| isStable suite = [l, srcLine l, bl, srcLine bl] | isStable suite = [l, srcLine l, bl, srcLine bl]
| otherwise = [l, srcLine l] | otherwise = [l, srcLine l]
@ -47,14 +49,14 @@ binandsrc url suite
l = debLine (showSuite suite) url stdSections l = debLine (showSuite suite) url stdSections
bl = debLine backportSuite url stdSections bl = debLine backportSuite url stdSections
debCdn :: DebianSuite -> [Line] debCdn :: SourcesGenerator
debCdn = binandsrc "http://cdn.debian.net/debian" debCdn = binandsrc "http://cdn.debian.net/debian"
kernelOrg :: DebianSuite -> [Line] kernelOrg :: SourcesGenerator
kernelOrg = binandsrc "http://mirrors.kernel.org/debian" kernelOrg = binandsrc "http://mirrors.kernel.org/debian"
-- | Only available for Stable and Testing -- | Only available for Stable and Testing
securityUpdates :: DebianSuite -> [Line] securityUpdates :: SourcesGenerator
securityUpdates suite securityUpdates suite
| isStable suite || suite == Testing = | isStable suite || suite == Testing =
let l = "deb http://security.debian.org/ " ++ showSuite suite ++ "/updates " ++ unwords stdSections let l = "deb http://security.debian.org/ " ++ showSuite suite ++ "/updates " ++ unwords stdSections
@ -67,9 +69,14 @@ securityUpdates suite
-- Since the CDN is sometimes unreliable, also adds backup lines using -- Since the CDN is sometimes unreliable, also adds backup lines using
-- kernel.org. -- kernel.org.
stdSourcesList :: DebianSuite -> Property stdSourcesList :: DebianSuite -> Property
stdSourcesList suite = setSourcesList stdSourcesList suite = stdSourcesList' suite []
(concatMap (\gen -> gen suite) [debCdn, kernelOrg, securityUpdates])
stdSourcesList' :: DebianSuite -> [SourcesGenerator] -> Property
stdSourcesList' suite more = setSourcesList
(concatMap (\gen -> gen suite) generators)
`describe` ("standard sources.list for " ++ show suite) `describe` ("standard sources.list for " ++ show suite)
where
generators = [debCdn, kernelOrg, securityUpdates] ++ more
setSourcesList :: [Line] -> Property setSourcesList :: [Line] -> Property
setSourcesList ls = sourcesList `File.hasContent` ls `onChange` update setSourcesList ls = sourcesList `File.hasContent` ls `onChange` update
@ -208,3 +215,21 @@ reConfigure package vals = reconfigure `requires` setselections
-- package names. -- package names.
serviceInstalledRunning :: Package -> Property serviceInstalledRunning :: Package -> Property
serviceInstalledRunning svc = Service.running svc `requires` installed [svc] serviceInstalledRunning svc = Service.running svc `requires` installed [svc]
data AptKey = AptKey
{ keyname :: String
, pubkey :: String
}
trustsKey :: AptKey -> RevertableProperty
trustsKey k = RevertableProperty trust untrust
where
desc = "apt trusts key " ++ keyname k
f = "/etc/apt/trusted.gpg.d" </> keyname k ++ ".gpg"
untrust = File.notPresent f
trust = check (not <$> doesFileExist f) $ Property desc $ makeChange $ do
withHandle StdinHandle createProcessSuccess
(proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do
hPutStr h (pubkey k)
hClose h
nukeFile $ f ++ "~" -- gpg dropping

View File

@ -94,3 +94,58 @@ restored dir params = Property (dir ++ " restored by obnam") go
return MadeChange return MadeChange
, return FailedChange , return FailedChange
) )
-- | apt sources.list lines for obnam.
--
-- Only adds anything for Stable; use in order to get a newer version of
-- obnam than is is Stable.
aptSources :: Apt.SourcesGenerator
aptSources Stable = ["deb http://code.liw.fi/debian wheezy main"]
aptSources _ = []
-- | Key used by the code.liw.fi repository.
aptKey :: Apt.AptKey
aptKey = Apt.AptKey "obnam" $ unlines
[ "-----BEGIN PGP PUBLIC KEY BLOCK-----"
, "Version: GnuPG v1.4.9 (GNU/Linux)"
, ""
, "mQGiBEfzuTgRBACcVNG/H6QJqLx5qiQs2zmPe6D6BWOWHfgNgG4IWzNstm21YDxb"
, "KqwFG0gxcnZJGHkXAhkSfqTokYd0lc5eBemcA1pkceNjzMEX8wwiZ810HzJD4eEH"
, "sjoWR8+qKrZeixzZqReAfqztcXoBGKQ0u1R1vpg1txUa75OM4BUqaUbsmwCgmS4x"
, "DjMxSaUSPuu6vQ7ZGZBXSP0D/RQw8DBHMfsv3DiaqFqk8tkuUkpMFPIekHidSHlO"
, "EACbncqbbyHksyCpFNVNcQIDHrOLjOZK9BAXkSd8I3ww7U+nLdDcCblrW8CZnJtm"
, "ZYrxfaXaHZ/It9/RCAsQ+c8xtmyUPjsf//4Vf8olxNQHzgBSe5/LJRi4Vd53he+K"
, "YP4LA/9IZbjvVmm8+8Y0pQrTHlI6nTImtzdBXHc4+T3lLBj9XODHLozC2kSBOQky"
, "q/EisTITHTXL8vYg4NsKm5RTbPAuBwdtxcny8CXfOqKtGOdrebmKotGllTozzdPv"
, "9p53cuce6oJ2oMUodc074JOGTWwDSgLiJX4nViGcU1wy/vtQnrQkY29kZS5saXcu"
, "ZmkgYXJjaGl2ZSBrZXkgPGxpd0BsaXcuZmk+iGAEExECACAFAkfzuTgCGwMGCwkI"
, "BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBG53tJR95LscKrAJ0ZtKqa2x6Kplwa2mzx"
, "ItImbIGMJACdETqofDYzUN91yLAFlOnxAyrE+UyIRgQQEQIABgUCSFd5GgAKCRAf"
, "u5W/LZrMjqr8AJ4xPVHpW8ZNlgMwDSVb075RnA2DiACgg2SR69jAHFQOWV6xfLRr"
, "vh0bLKGJAhwEEAEIAAYFAktEyIwACgkQ61zh116FEfm7Lg//Wiy3TjWAk8YHUddv"
, "zOioYzCxQ985GsVhJGAVPqSGOc9vfTWBJZ8J3l0NnYTRpEGucmbF9G+mAt9iGXu6"
, "7yZkxyFdvbo7EDsqMU1wLOM6PiU+Un63MKlbTNmFn7OKE8aXPRAFgcyUO/qjdqoD"
, "sa9FgU5Z0f60m9qah6BPXH6IzMLHYoiP7t8rCBIwLgyl3w2w+Fjt1DFpbW9Kb7jz"
, "i8jFvC8jPmxV8xh2OSgVZyNk4qg6hIV8GVQY7AJt8OurZSckgQd7ifHK9JTGohtF"
, "tXCiqeDEvnMF4A9HI/TcXJBzonZ8ds1JCq42nSSKmL+8TyjtUSD/xHygazuc0CK0"
, "hFnQWBub60IfyV6F0oTagJ8cmARv2sezHAeHDkzPHE8RdjgktazH1eJrA4LheEd6"
, "KeSnVtYWpw8dgMv5PleFyQiAj/t3C/N50fd15tUyfnH15G7nFjMQV2Yx35uwSxOj"
, "376OWnDN/YGTNk283XXULbyVJYR8Q2unso20XQ94yQ2A5EpHHPrHoLxrL/ydM08d"
, "nvKstLZIZtal1seiMkymtlSiGz25A5oqsclwS6VZCKdWA8HO/wlElOMcaHyl6Y1y"
, "gYP7y9O5yFYKFOrCH0nFjJbwmkRiBLsxuuWsYgJigVGq/atSrtawkHdshpCw0HCY"
, "N/RFcWkJ864BdsO0C0sDzueNkQO5Ag0ER/O5RBAIAJiwPH9tyJTgXcC2Y4XWboOq"
, "rx5CkOnr5b45oS9cK2eIJ8TKxE3XgKLxUr3mIH0QR2kZgDOwNl0WY+7/CXjn+Spn"
, "BokPg54rafEUePodGpGdUXdgrHhAMHYjh8fXFJ1SlQcg46/zc1wDI7jBCkGrK3V8"
, "5cXDqwTFTN5LcjoSRWeM4Voa6pEfDdL3rMlnOw9R9gDHRBBb6CDSjWXqM86pR889"
, "5QrR0SDwiJNrMoyxSjMXFKGBQAsYHJ82myZrlbuZbroZjVp5Uh7eB1ZiPljNVtcr"
, "sksACIWBCo1rvLzrPXsLYOeV3cDDtYAkSwGfuzC1Etbe+qgfIroFTOqdefMw4s8A"
, "AwUH/0KLXm4MS54QQspg3evu4Q4U/E8Hem5/FqB0GhBCitQ4rUsucKyY8/ItpUn5"
, "ismLE60bQqka+Mzd/Zw18TCTzImv0ozAaZ2sNtBado7f6jcC8EDfY5zzK1ukcsAr"
, "Qc5hdLHYuTQW5KpA6fKaW969OUzIwPbdVaCOLOBpxKC6N6iBspQYd6uiQtLw6EUO"
, "50oQqUiJABf0eOocvdw5e2KQQpuC3205+VMYtyl4w3pdJihK8NK0AikGXzDVsbQt"
, "l8kmB5ZrN4WIKhMke1FxbqQC5Q3XATvYRzpzzisZb/HYGNti8W6du5EUwJ0D2NRh"
, "cu+twocOzW0VKfmrDApfifJ9OsSISQQYEQIACQUCR/O5RAIbDAAKCRBG53tJR95L"
, "seQOAJ95KUyzjRjdYgZkDC69Mgu25L86UACdGduINUaRly43ag4kwUXxpqswBBM="
, "=i2c3"
, "-----END PGP PUBLIC KEY BLOCK-----"
]

View File

@ -51,13 +51,13 @@ kgbServer = withOS desc $ \o -> case o of
gitServer :: [Host] -> Property gitServer :: [Host] -> Property
gitServer hosts = propertyList "git.kitenet.net setup" gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.backup "/srv/git" "33 3 * * *" [ Obnam.backup "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" [ "--repository=sftp://joey@turtle.kitenet.net/~/lib/backup/git.kitenet.net.obnam"
, "--encrypt-with=1B169BE1" , "--encrypt-with=1B169BE1"
, "--client-name=wren" , "--client-name=wren"
] Obnam.OnlyClient ] Obnam.OnlyClient
`requires` Gpg.keyImported "1B169BE1" "root" `requires` Gpg.keyImported "1B169BE1" "root"
`requires` Ssh.keyImported SshRsa "root" `requires` Ssh.keyImported SshRsa "root"
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.knownHost hosts "turtle.kitenet.net" "root"
`requires` Ssh.authorizedKeys "family" `requires` Ssh.authorizedKeys "family"
`requires` User.accountFor "family" `requires` User.accountFor "family"
, Apt.installed ["git", "rsync", "kgb-client-git", "gitweb"] , Apt.installed ["git", "rsync", "kgb-client-git", "gitweb"]

View File

@ -19,6 +19,7 @@ import qualified Propellor.Property.Docker as Docker
import qualified Propellor.Property.Git as Git import qualified Propellor.Property.Git as Git
import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Obnam as Obnam
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@ -171,7 +172,10 @@ gitAnnexBuilder arch buildminute = Docker.container (arch ++ "-git-annex-builder
standardSystem :: HostName -> DebianSuite -> Architecture -> Host standardSystem :: HostName -> DebianSuite -> Architecture -> Host
standardSystem hn suite arch = host hn standardSystem hn suite arch = host hn
& os (System (Debian suite) arch) & os (System (Debian suite) arch)
& Apt.stdSourcesList suite `onChange` Apt.upgrade & Apt.trustsKey Obnam.aptKey
& Apt.stdSourcesList' suite
[ Obnam.aptSources ]
`onChange` Apt.upgrade
& Apt.installed ["etckeeper"] & Apt.installed ["etckeeper"]
& Apt.installed ["ssh"] & Apt.installed ["ssh"]
& GitHome.installedFor "root" & GitHome.installedFor "root"