cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2014-03-30 20:46:31 -04:00
parent a920555ed1
commit 1c65b86f83
3 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -24,3 +24,5 @@ clean:
# hothasktags chokes on some template haskell etc, so ignore errors # hothasktags chokes on some template haskell etc, so ignore errors
tags: tags:
find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$$' | xargs hothasktags > tags 2>/dev/null find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$$' | xargs hothasktags > tags 2>/dev/null
.PHONY: tags

6
Propellor.hs
View File

@ -3,6 +3,7 @@ import CmdLine
import qualified Property.File as File import qualified Property.File as File
import qualified Property.Apt as Apt import qualified Property.Apt as Apt
import qualified Property.Ssh as Ssh import qualified Property.Ssh as Ssh
import qualified Property.Sudo as Sudo
import qualified Property.User as User import qualified Property.User as User
import qualified Property.Hostname as Hostname import qualified Property.Hostname as Hostname
import qualified Property.Reboot as Reboot import qualified Property.Reboot as Reboot
@ -48,11 +49,8 @@ standardSystem suite = propertyList "standard system"
, check (Ssh.hasAuthorizedKeys "root") $ , check (Ssh.hasAuthorizedKeys "root") $
Ssh.passwordAuthentication False Ssh.passwordAuthentication False
, User.sshAccountFor "joey" , User.sshAccountFor "joey"
, Apt.installed ["sudo"]
-- nopasswd because no password is set up for joey.
, "sudoer joey" ==>
"/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
, User.hasSomePassword "joey" , User.hasSomePassword "joey"
, Sudo.enabledFor "joey"
, GitHome.installedFor "joey" , GitHome.installedFor "joey"
, Apt.installed ["vim", "screen"] , Apt.installed ["vim", "screen"]
-- I use postfix, or no MTA. -- I use postfix, or no MTA.

31
Property/Sudo.hs Normal file
View File

@ -0,0 +1,31 @@
module Property.Sudo where
import Data.List
import Common
import Property.File
import qualified Property.Apt as Apt
import Property.User
{- Allows a user to sudo. If the user has a password, sudo is configured
- to require it. If not, NOPASSWORD is enabled for the user. -}
enabledFor :: UserName -> Property
enabledFor user = Property desc go `requires` Apt.installed ["sudo"]
where
go = do
locked <- isLockedPassword user
ensureProperty $
fileProperty desc
(modify locked . filter (wanted locked))
"/etc/sudoers"
desc = user ++ " is sudoer"
sudobaseline = user ++ " ALL=(ALL:ALL)"
sudoline True = sudobaseline ++ " NOPASSWD:ALL"
sudoline False = sudobaseline
wanted locked l
| not (sudobaseline `isPrefixOf` l) = True
| "NOPASSWD" `isInfixOf` l = locked
| otherwise = True
modify locked ls
| sudoline locked `elem` ls = ls
| otherwise = ls ++ [sudoline locked]