propellor spin

2014-04-13 14:01:30 -04:00 · 2014-04-13 14:01:30 -04:00 · 1495db6cd1
parent f428ccd9b1
commit 1495db6cd1
6 changed files with 136 additions and 33 deletions
--- a/Propellor/Property/Apache.hs
+++ b/Propellor/Property/Apache.hs
@ -0,0 +1,28 @@
+module Propellor.Property.Apache where
+
+import Propellor
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Apt as Apt
+
+type ConfigFile = [String]
+
+siteEnabled :: HostName -> ConfigFile -> RevertableProperty
+siteEnabled hn cf = RevertableProperty enable disable
+  where
+	enable = siteAvailable hn cf
+		`onChange` cmdProperty "a2ensite" ["--quiet", hn]
+		`requires` Apt.installed ["apache2"]
+	disable = File.notPresent (siteCfg hn)
+		`onChange` cmdProperty "a2dissite" ["--quiet", hn]
+
+siteAvailable :: HostName -> ConfigFile -> Property
+siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf)
+	`describe` ("apache site available " ++ hn)
+  where
+	comment = "# deployed with propellor, do not modify"
+
+siteCfg :: HostName -> FilePath
+siteCfg hn = "/etc/apache2/sites-available/" ++ hn ++ ".conf"
+
+restart :: Property
+restart = cmdProperty "service" ["apache2", "restart"]
--- a/Propellor/Property/File.hs
+++ b/Propellor/Property/File.hs
@ -31,11 +31,14 @@ hasPrivContentExposed f = hasPrivContent f `onChange`

 -- | Ensures that a line is present in a file, adding it to the end if not.
 containsLine :: FilePath -> Line -> Property
-f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f
+f `containsLine` l = f `containsLines` [l]
+
+containsLines :: FilePath -> [Line] -> Property
+f `containsLines` l = fileProperty (f ++ " contains:" ++ show l) go f
  where
 	go ls
-		| l `elem` ls = ls
-		| otherwise = ls++[l]
+		| all (`elem` ls) l = ls
+		| otherwise = ls++l

 -- | Ensures that a line is not present in a file.
 -- Note that the file is ensured to exist, so if it doesn't, an empty
--- a/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/Propellor/Property/SiteSpecific/JoeySites.hs
@ -5,6 +5,14 @@ module Propellor.Property.SiteSpecific.JoeySites where

 import Propellor
 import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Gpg as Gpg
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Git as Git
+import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Obnam as Obnam
+import qualified Propellor.Property.Apache as Apache

 oldUseNetShellBox :: Property
 oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
@ -21,3 +29,87 @@ oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
 			, "rm -rf /root/tmp/oldusenet"
 			] `describe` "olduse.net built"
 		]
+
+-- git.kitenet.net and git.joeyh.name
+gitServer :: [Host] -> Property
+gitServer hosts = propertyList "git.kitenet.net setup"
+	[ Obnam.backup "/srv/git" "33 3 * * *"
+		[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
+		, "--encrypt-with=1B169BE1"
+		, "--client-name=wren"
+		] Obnam.OnlyClient
+		`requires` Gpg.keyImported "1B169BE1" "root"
+		`requires` Ssh.keyImported SshRsa "root"
+		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
+		`requires` Ssh.authorizedKeys "family"
+		`requires` User.accountFor "family"
+	, Apt.installed ["git", "git-annex", "rsync", "kgb-client-git", "gitweb"]
+	, File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
+	, toProp $ Git.daemonRunning "/srv/git"
+	, "/etc/gitweb.conf" `File.containsLines`
+		[ "$projectroot = 'srv/git';"
+		, "@git_base_url_list = ('git://git.kitenet.net', 'http://git.kitenet.net/git', 'ssh://git.kitenet.net/srv/git');"
+		, "# disable snapshot download; overloads server"
+		, "$feature{'snapshot'}{'default'} = [];"
+		]
+		`describe` "gitweb configured"
+	, website "git.kitenet.net"
+	, website "git.joeyh.name"
+	-- ssh keys for branchable and github repo hooks
+	-- TODO: upgrade to newer git-annex-shell for notification
+	-- gitweb
+	]
+  where
+	website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn)
+
+gitapacheconf :: HostName -> Apache.ConfigFile
+gitapacheconf hn =
+	[ "<VirtualHost *:80>"
+	, "  ServerAdmin joey@kitenet.net"
+	, ""
+	, "  ServerName " ++ hn ++ ":80"
+	, ""
+	, "  DocumentRoot /srv/web/git.kitenet.net/"
+	, "  <Directory /srv/web/git.kitenet.net/>"
+	, "    Options Indexes ExecCGI FollowSymlinks"
+	, "    AllowOverride None"
+	, "    DirectoryIndex index.cgi"
+	, "  </Directory>"
+	, ""
+	, "  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/"
+	, "  <Directory /usr/lib/cgi-bin>"
+	, "    SetHandler cgi-script"
+	, "    Options ExecCGI"
+	, "  </Directory>"
+	, ""
+	, "  ErrorLog /var/log/apache2/error.log"
+	, "  LogLevel warn"
+	, "  CustomLog /var/log/apache2/access.log combined"
+	, ""
+	, "  # Possible values include: debug, info, notice, warn, error, crit,"
+	, "  # alert, emerg."
+	, "  LogLevel warn"
+	, ""
+	, "  CustomLog /var/log/apache2/access.log combined"
+	, "  ServerSignature On"
+	, "  "
+	, "  <Directory \"/usr/share/apache2/icons\">"
+	, "      Options Indexes MultiViews"
+	, "      AllowOverride None"
+	, "      Order allow,deny"
+	, "      Allow from all"
+	, "  </Directory>"
+	, "</VirtualHost>"
+	]
+
+-- Note: needs debian unstable for new kgb
+kgbServer :: Property
+kgbServer = propertyList "kgb.kitenet.net setup"
+	[ Apt.serviceInstalledRunning "kgb-bot"
+	, File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+		`onChange` Service.restarted "kgb-bot"
+	, "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+		`describe` "kgb bot enabled"
+		`onChange` Service.running "kgb-bot"
+	]
+
--- a/config-joey.hs
+++ b/config-joey.hs
@ -5,7 +5,6 @@ import Propellor.CmdLine
 import Propellor.Property.Scheduled
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
-import qualified Propellor.Property.Service as Service
 import qualified Propellor.Property.Network as Network
 import qualified Propellor.Property.Ssh as Ssh
 import qualified Propellor.Property.Cron as Cron
@ -18,8 +17,6 @@ import qualified Propellor.Property.Dns as Dns
 import qualified Propellor.Property.OpenId as OpenId
 import qualified Propellor.Property.Docker as Docker
 import qualified Propellor.Property.Git as Git
-import qualified Propellor.Property.Gpg as Gpg
-import qualified Propellor.Property.Obnam as Obnam
 import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
 import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
 import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@ -48,15 +45,10 @@ hosts =
 		& cname "ancient.kitenet.net"
 		& Docker.docked hosts "ancient-kitenet"

-		-- I'd rather this were on diatom, but I use features
-		-- not available in stable.
+		-- I'd rather this were on diatom, but it needs unstable.
 		& cname "kgb.kitenet.net"
-		& Apt.serviceInstalledRunning "kgb-bot"
-		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
-			`onChange` Service.restarted "kgb-bot"
-		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
-			`describe` "kgb bot enabled"
-			`onChange` Service.running "kgb-bot"
+		& JoeySites.kgbServer
+
 		& Docker.garbageCollected `period` Daily
 		& Apt.installed ["git-annex", "mtr", "screen"]
 	
@ -75,31 +67,17 @@ hosts =
 	-- Important stuff that needs not too much memory or CPU.
  	, standardSystem "diatom.kitenet.net" Stable
 		& Hostname.sane
+		& Ssh.hostKey SshDsa
+		& Ssh.hostKey SshRsa
+		& Ssh.hostKey SshEcdsa
 		& Apt.unattendedUpgrades
 		& Apt.serviceInstalledRunning "ntp"
 		& Dns.zones myDnsSecondary
 		& Apt.serviceInstalledRunning "apache2"

 		& cname "git.kitenet.net"
-		& Ssh.hostKey SshDsa
-		& Ssh.hostKey SshRsa
-		& Ssh.hostKey SshEcdsa
-		& Obnam.backup "/srv/git" "33 3 * * *"
-			[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
-			, "--encrypt-with=1B169BE1"
-			, "--client-name=wren"
-			] Obnam.OnlyClient
-			`requires` Gpg.keyImported "1B169BE1" "root"
-			`requires` Ssh.keyImported SshRsa "root"
-			`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
-			`requires` Ssh.authorizedKeys "family"
-			`requires` User.accountFor "family"
-		& Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
-		& File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
-		& Git.daemonRunning "/srv/git"
-		-- ssh keys for branchable and github repo hooks
-		-- TODO: upgrade to newer git-annex-shell for notification
-		-- gitweb
+		& cname "git.joeyh.name"
+		& JoeySites.gitServer hosts
 	
 		& cname "downloads.kitenet.net"
 		& Apt.buildDep ["git-annex"] `period` Daily
--- a/debian/changelog
+++ b/debian/changelog
@ -3,6 +3,7 @@ propellor (0.3.1) UNRELEASED; urgency=medium
  * Merge scheduler bug fix from git-annex.
  * Support for provisioning hosts with ssh and gpg keys.
  * Obnam support.
+  * Apache support.

 -- Joey Hess <joeyh@debian.org>  Fri, 11 Apr 2014 15:00:11 -0400

--- a/propellor.cabal
+++ b/propellor.cabal
@ -68,6 +68,7 @@ Library
  Exposed-Modules:
    Propellor
    Propellor.Property
+    Propellor.Property.Apache
    Propellor.Property.Apt
    Propellor.Property.Cmd
    Propellor.Property.Hostname