propellor spin

config-joey.hs

@@ -21,6 +21,8 @@ import qualified Propellor.Property.Git as Git
 import qualified Propellor.Property.Apache as Apache
 import qualified Propellor.Property.Postfix as Postfix
 import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
+import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
 import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
 import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
 import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -46,7 +48,7 @@ hosts =               --                  (o)  `
 		& ipv4 "162.248.143.249"
 		& ipv6 "2002:5044:5531::1"
 
-		& cleanCloudAtCost
+		& CloudAtCost.decruft
 		& Apt.unattendedUpgrades
 		& Network.ipv6to4
 		& Tor.isBridge
@@ -103,6 +105,7 @@ hosts =               --                  (o)  `
   	, standardSystem "diatom.kitenet.net" Stable "amd64"
 		& ipv4 "107.170.31.195"
 
+		& DigitalOcean.distroKernel
 		& Hostname.sane
 		& Ssh.hostKey SshDsa
 		& Ssh.hostKey SshRsa
@@ -234,38 +237,6 @@ dockerImage (System (Debian Unstable) arch) = "joeyh/debian-unstable-" ++ arch
 dockerImage (System (Debian Stable) arch) = "joeyh/debian-stable-" ++ arch
 dockerImage _ = "debian-stable-official" -- does not currently exist!
 
--- Digital Ocean does not provide any way to boot
--- the kernel provided by the distribution, except using kexec.
--- Without this, some old, and perhaps insecure kernel will be used.
---
--- Note that this only causes the new kernel to be loaded on reboot.
--- If the power is cycled, the old kernel still boots up.
--- TODO: detect this and reboot immediately?
-digitalOceanDistroKernel :: Property
-digitalOceanDistroKernel = propertyList "digital ocean distro kernel hack"
-	[ Apt.installed ["grub-pc", "kexec-tools"]
-	, "/etc/default/kexec" `File.containsLines`
-		[ "LOAD_KEXEC=true"
-		, "USE_GRUB_CONFIG=true"
-		]
-	]
-
--- Clean up a system as installed by cloudatcost.com
-cleanCloudAtCost :: Property
-cleanCloudAtCost = propertyList "cloudatcost cleanup"
-	[ Hostname.sane
-	, Ssh.randomHostKeys
-	, "worked around grub/lvm boot bug #743126" ==>
-		"/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
-		`onChange` cmdProperty "update-grub" []
-		`onChange` cmdProperty "update-initramfs" ["-u"]
-	, combineProperties "nuked cloudatcost cruft"
-		[ File.notPresent "/etc/rc.local"
-		, File.notPresent "/etc/init.d/S97-setup.sh"
-		, User.nuked "user" User.YesReallyDeleteHome
-		]
-	]
-
 myDnsSecondary :: Property
 myDnsSecondary = propertyList "dns secondary for all my domains" $ map toProp
 	[ Dns.secondary hosts "kitenet.net"

debian/changelog

@@ -3,6 +3,7 @@ propellor (0.5.3) UNRELEASED; urgency=medium
   * Fix unattended-upgrades config for !stable.
   * Ensure that kernel hostname is same as /etc/hostname when configuring
     hostname.
+  * Added modules for some hosting providers (DigitalOcean, CloudAtCost).
 
  -- Joey Hess <joeyh@debian.org>  Sun, 18 May 2014 13:44:00 -0400
 

propellor.cabal

@@ -92,6 +92,8 @@ Library
     Propellor.Property.Sudo
     Propellor.Property.Tor
     Propellor.Property.User
+    Propellor.Property.HostingProvider.DigitalOcean
+    Propellor.Property.HostingProvider.CloudAtCost
     Propellor.Property.SiteSpecific.GitHome
     Propellor.Property.SiteSpecific.JoeySites
     Propellor.Property.SiteSpecific.GitAnnexBuilder

src/Propellor/Property/HostingProvider/CloudAtCost.hs

@@ -0,0 +1,24 @@
+module Propellor.Property.HostingProvider.CloudAtCost where
+
+import Propellor
+import qualified Propellor.Property.Hostname as Hostname
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.User as User
+
+-- Clean up a system as installed by cloudatcost.com
+decruft :: Property
+decruft = propertyList "cloudatcost cleanup"
+	[ Hostname.sane
+	, Ssh.randomHostKeys
+	, "worked around grub/lvm boot bug #743126" ==>
+		"/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
+		`onChange` cmdProperty "update-grub" []
+		`onChange` cmdProperty "update-initramfs" ["-u"]
+	, combineProperties "nuked cloudatcost cruft"
+		[ File.notPresent "/etc/rc.local"
+		, File.notPresent "/etc/init.d/S97-setup.sh"
+		, User.nuked "user" User.YesReallyDeleteHome
+		]
+	]
+

src/Propellor/Property/HostingProvider/DigitalOcean.hs

@@ -0,0 +1,21 @@
+module Propellor.Property.HostingProvider.DigitalOcean where
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+
+-- Digital Ocean does not provide any way to boot
+-- the kernel provided by the distribution, except using kexec.
+-- Without this, some old, and perhaps insecure kernel will be used.
+--
+-- Note that this only causes the new kernel to be loaded on reboot.
+-- If the power is cycled, the old kernel still boots up.
+-- TODO: detect this and reboot immediately?
+distroKernel :: Property
+distroKernel = propertyList "digital ocean distro kernel hack"
+	[ Apt.installed ["grub-pc", "kexec-tools"]
+	, "/etc/default/kexec" `File.containsLines`
+		[ "LOAD_KEXEC=true"
+		, "USE_GRUB_CONFIG=true"
+		]
+	]

src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs

@@ -140,4 +140,4 @@ armelContainer dockerImage crontimes timeout = Docker.container "armel-git-annex
   where
 	writecompanionaddress = scriptProperty
 		[ "echo \"$COMPANION_PORT_22_TCP_ADDR\" > " ++ homedir </> "companion_address"
-		]
+		] `describe` "companion_address file"