propellor spin

Propellor/Property/Apache.hs

@@ -0,0 +1,28 @@
+module Propellor.Property.Apache where
+
+import Propellor
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Apt as Apt
+
+type ConfigFile = [String]
+
+siteEnabled :: HostName -> ConfigFile -> RevertableProperty
+siteEnabled hn cf = RevertableProperty enable disable
+  where
+	enable = siteAvailable hn cf
+		`onChange` cmdProperty "a2ensite" ["--quiet", hn]
+		`requires` Apt.installed ["apache2"]
+	disable = File.notPresent (siteCfg hn)
+		`onChange` cmdProperty "a2dissite" ["--quiet", hn]
+
+siteAvailable :: HostName -> ConfigFile -> Property
+siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf)
+	`describe` ("apache site available " ++ hn)
+  where
+	comment = "# deployed with propellor, do not modify"
+
+siteCfg :: HostName -> FilePath
+siteCfg hn = "/etc/apache2/sites-available/" ++ hn ++ ".conf"
+
+restart :: Property
+restart = cmdProperty "service" ["apache2", "restart"]

Propellor/Property/File.hs

@@ -31,11 +31,14 @@ hasPrivContentExposed f = hasPrivContent f `onChange`
 
 -- | Ensures that a line is present in a file, adding it to the end if not.
 containsLine :: FilePath -> Line -> Property
-f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f
+f `containsLine` l = f `containsLines` [l]
+
+containsLines :: FilePath -> [Line] -> Property
+f `containsLines` l = fileProperty (f ++ " contains:" ++ show l) go f
   where
 	go ls
-		| l `elem` ls = ls
+		| all (`elem` ls) l = ls
-		| otherwise = ls++[l]
+		| otherwise = ls++l
 
 -- | Ensures that a line is not present in a file.
 -- Note that the file is ensured to exist, so if it doesn't, an empty

Propellor/Property/SiteSpecific/JoeySites.hs

@@ -5,6 +5,14 @@ module Propellor.Property.SiteSpecific.JoeySites where
 
 import Propellor
 import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Gpg as Gpg
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Git as Git
+import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Obnam as Obnam
+import qualified Propellor.Property.Apache as Apache
 
 oldUseNetShellBox :: Property
 oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
@@ -21,3 +29,87 @@ oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
 			, "rm -rf /root/tmp/oldusenet"
 			] `describe` "olduse.net built"
 		]
+
+-- git.kitenet.net and git.joeyh.name
+gitServer :: [Host] -> Property
+gitServer hosts = propertyList "git.kitenet.net setup"
+	[ Obnam.backup "/srv/git" "33 3 * * *"
+		[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
+		, "--encrypt-with=1B169BE1"
+		, "--client-name=wren"
+		] Obnam.OnlyClient
+		`requires` Gpg.keyImported "1B169BE1" "root"
+		`requires` Ssh.keyImported SshRsa "root"
+		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
+		`requires` Ssh.authorizedKeys "family"
+		`requires` User.accountFor "family"
+	, Apt.installed ["git", "git-annex", "rsync", "kgb-client-git", "gitweb"]
+	, File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
+	, toProp $ Git.daemonRunning "/srv/git"
+	, "/etc/gitweb.conf" `File.containsLines`
+		[ "$projectroot = 'srv/git';"
+		, "@git_base_url_list = ('git://git.kitenet.net', 'http://git.kitenet.net/git', 'ssh://git.kitenet.net/srv/git');"
+		, "# disable snapshot download; overloads server"
+		, "$feature{'snapshot'}{'default'} = [];"
+		]
+		`describe` "gitweb configured"
+	, website "git.kitenet.net"
+	, website "git.joeyh.name"
+	-- ssh keys for branchable and github repo hooks
+	-- TODO: upgrade to newer git-annex-shell for notification
+	-- gitweb
+	]
+  where
+	website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn)
+
+gitapacheconf :: HostName -> Apache.ConfigFile
+gitapacheconf hn =
+	[ "<VirtualHost *:80>"
+	, "  ServerAdmin joey@kitenet.net"
+	, ""
+	, "  ServerName " ++ hn ++ ":80"
+	, ""
+	, "  DocumentRoot /srv/web/git.kitenet.net/"
+	, "  <Directory /srv/web/git.kitenet.net/>"
+	, "    Options Indexes ExecCGI FollowSymlinks"
+	, "    AllowOverride None"
+	, "    DirectoryIndex index.cgi"
+	, "  </Directory>"
+	, ""
+	, "  ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/"
+	, "  <Directory /usr/lib/cgi-bin>"
+	, "    SetHandler cgi-script"
+	, "    Options ExecCGI"
+	, "  </Directory>"
+	, ""
+	, "  ErrorLog /var/log/apache2/error.log"
+	, "  LogLevel warn"
+	, "  CustomLog /var/log/apache2/access.log combined"
+	, ""
+	, "  # Possible values include: debug, info, notice, warn, error, crit,"
+	, "  # alert, emerg."
+	, "  LogLevel warn"
+	, ""
+	, "  CustomLog /var/log/apache2/access.log combined"
+	, "  ServerSignature On"
+	, "  "
+	, "  <Directory \"/usr/share/apache2/icons\">"
+	, "      Options Indexes MultiViews"
+	, "      AllowOverride None"
+	, "      Order allow,deny"
+	, "      Allow from all"
+	, "  </Directory>"
+	, "</VirtualHost>"
+	]
+
+-- Note: needs debian unstable for new kgb
+kgbServer :: Property
+kgbServer = propertyList "kgb.kitenet.net setup"
+	[ Apt.serviceInstalledRunning "kgb-bot"
+	, File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+		`onChange` Service.restarted "kgb-bot"
+	, "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+		`describe` "kgb bot enabled"
+		`onChange` Service.running "kgb-bot"
+	]
+

config-joey.hs

@@ -5,7 +5,6 @@ import Propellor.CmdLine
 import Propellor.Property.Scheduled
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
-import qualified Propellor.Property.Service as Service
 import qualified Propellor.Property.Network as Network
 import qualified Propellor.Property.Ssh as Ssh
 import qualified Propellor.Property.Cron as Cron
@@ -18,8 +17,6 @@ import qualified Propellor.Property.Dns as Dns
 import qualified Propellor.Property.OpenId as OpenId
 import qualified Propellor.Property.Docker as Docker
 import qualified Propellor.Property.Git as Git
-import qualified Propellor.Property.Gpg as Gpg
-import qualified Propellor.Property.Obnam as Obnam
 import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
 import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
 import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -48,15 +45,10 @@ hosts =
 		& cname "ancient.kitenet.net"
 		& Docker.docked hosts "ancient-kitenet"
 
-		-- I'd rather this were on diatom, but I use features
+		-- I'd rather this were on diatom, but it needs unstable.
-		-- not available in stable.
 		& cname "kgb.kitenet.net"
-		& Apt.serviceInstalledRunning "kgb-bot"
+		& JoeySites.kgbServer
-		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+
-			`onChange` Service.restarted "kgb-bot"
-		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
-			`describe` "kgb bot enabled"
-			`onChange` Service.running "kgb-bot"
 		& Docker.garbageCollected `period` Daily
 		& Apt.installed ["git-annex", "mtr", "screen"]
 	
@@ -75,31 +67,17 @@ hosts =
 	-- Important stuff that needs not too much memory or CPU.
   	, standardSystem "diatom.kitenet.net" Stable
 		& Hostname.sane
+		& Ssh.hostKey SshDsa
+		& Ssh.hostKey SshRsa
+		& Ssh.hostKey SshEcdsa
 		& Apt.unattendedUpgrades
 		& Apt.serviceInstalledRunning "ntp"
 		& Dns.zones myDnsSecondary
 		& Apt.serviceInstalledRunning "apache2"
 
 		& cname "git.kitenet.net"
-		& Ssh.hostKey SshDsa
+		& cname "git.joeyh.name"
-		& Ssh.hostKey SshRsa
+		& JoeySites.gitServer hosts
-		& Ssh.hostKey SshEcdsa
-		& Obnam.backup "/srv/git" "33 3 * * *"
-			[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
-			, "--encrypt-with=1B169BE1"
-			, "--client-name=wren"
-			] Obnam.OnlyClient
-			`requires` Gpg.keyImported "1B169BE1" "root"
-			`requires` Ssh.keyImported SshRsa "root"
-			`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
-			`requires` Ssh.authorizedKeys "family"
-			`requires` User.accountFor "family"
-		& Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
-		& File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
-		& Git.daemonRunning "/srv/git"
-		-- ssh keys for branchable and github repo hooks
-		-- TODO: upgrade to newer git-annex-shell for notification
-		-- gitweb
 	
 		& cname "downloads.kitenet.net"
 		& Apt.buildDep ["git-annex"] `period` Daily

debian/changelog

@@ -3,6 +3,7 @@ propellor (0.3.1) UNRELEASED; urgency=medium
   * Merge scheduler bug fix from git-annex.
   * Support for provisioning hosts with ssh and gpg keys.
   * Obnam support.
+  * Apache support.
 
  -- Joey Hess <joeyh@debian.org>  Fri, 11 Apr 2014 15:00:11 -0400
 

propellor.cabal

@@ -68,6 +68,7 @@ Library
   Exposed-Modules:
     Propellor
     Propellor.Property
+    Propellor.Property.Apache
     Propellor.Property.Apt
     Propellor.Property.Cmd
     Propellor.Property.Hostname