propellor spin
This commit is contained in:
Joey Hess
parent
a920555ed1
commit
1c65b86f83
2
Makefile
2
Makefile
|
|
@ -24,3 +24,5 @@ clean:
|
|||
# hothasktags chokes on some template haskell etc, so ignore errors
|
||||
tags:
|
||||
find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$$' | xargs hothasktags > tags 2>/dev/null
|
||||
|
||||
.PHONY: tags
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ import CmdLine
|
|||
import qualified Property.File as File
|
||||
import qualified Property.Apt as Apt
|
||||
import qualified Property.Ssh as Ssh
|
||||
import qualified Property.Sudo as Sudo
|
||||
import qualified Property.User as User
|
||||
import qualified Property.Hostname as Hostname
|
||||
import qualified Property.Reboot as Reboot
|
||||
|
|
@ -48,11 +49,8 @@ standardSystem suite = propertyList "standard system"
|
|||
, check (Ssh.hasAuthorizedKeys "root") $
|
||||
Ssh.passwordAuthentication False
|
||||
, User.sshAccountFor "joey"
|
||||
, Apt.installed ["sudo"]
|
||||
-- nopasswd because no password is set up for joey.
|
||||
, "sudoer joey" ==>
|
||||
"/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||
, User.hasSomePassword "joey"
|
||||
, Sudo.enabledFor "joey"
|
||||
, GitHome.installedFor "joey"
|
||||
, Apt.installed ["vim", "screen"]
|
||||
-- I use postfix, or no MTA.
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
module Property.Sudo where
|
||||
|
||||
import Data.List
|
||||
|
||||
import Common
|
||||
import Property.File
|
||||
import qualified Property.Apt as Apt
|
||||
import Property.User
|
||||
|
||||
{- Allows a user to sudo. If the user has a password, sudo is configured
|
||||
- to require it. If not, NOPASSWORD is enabled for the user. -}
|
||||
enabledFor :: UserName -> Property
|
||||
enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
|
||||
where
|
||||
go = do
|
||||
locked <- isLockedPassword user
|
||||
ensureProperty $
|
||||
fileProperty desc
|
||||
(modify locked . filter (wanted locked))
|
||||
"/etc/sudoers"
|
||||
desc = user ++ " is sudoer"
|
||||
sudobaseline = user ++ " ALL=(ALL:ALL)"
|
||||
sudoline True = sudobaseline ++ " NOPASSWD:ALL"
|
||||
sudoline False = sudobaseline
|
||||
wanted locked l
|
||||
| not (sudobaseline `isPrefixOf` l) = True
|
||||
| "NOPASSWD" `isInfixOf` l = locked
|
||||
| otherwise = True
|
||||
modify locked ls
|
||||
| sudoline locked `elem` ls = ls
|
||||
| otherwise = ls ++ [sudoline locked]
|
||||
Loading…
Reference in New Issue