propellor spin

This commit is contained in:
Joey Hess 2014-04-13 12:21:43 -04:00
parent ebfba3828c
commit 479045277b
Failed to extract signature
3 changed files with 23 additions and 15 deletions

View File

@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent ->
where where
desc = "privcontent " ++ f desc = "privcontent " ++ f
-- | Leaves the file world-readable.
hasPrivContentExposed :: FilePath -> Property
hasPrivContentExposed f = hasPrivContent f `onChange`
mode f (combineModes (ownerWriteMode:readModes))
-- | Ensures that a line is present in a file, adding it to the end if not. -- | Ensures that a line is present in a file, adding it to the end if not.
containsLine :: FilePath -> Line -> Property containsLine :: FilePath -> Line -> Property
f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f

View File

@ -4,7 +4,6 @@ import Propellor
import qualified Propellor.Property.File as File import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Service as Service
import Utility.FileMode
import Data.List import Data.List
import System.Posix.Files import System.Posix.Files
@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $
"define('SIMPLEID_BASE_URL', '"++url++"');" "define('SIMPLEID_BASE_URL', '"++url++"');"
| otherwise = l | otherwise = l
identfile u = combineProperties desc
[ File.hasPrivContent f
-- the identitites directory controls access, so open up -- the identitites directory controls access, so open up
-- file mode -- file mode
, File.mode f (combineModes (ownerWriteMode:readModes)) identfile u = File.hasPrivContentExposed $
] concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
where
f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]

View File

@ -85,18 +85,15 @@ hosts =
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" `requires` Ssh.authorizedKeys "family"
`requires` User.accountFor "family" `requires` User.accountFor "family"
& Apt.installed ["git", "git-annex", "rsync", "kgb-client"] & Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
& Git.daemonRunning "/srv/git" & Git.daemonRunning "/srv/git"
-- ssh keys for branchable and github repo hooks -- ssh keys for branchable and github repo hooks
-- TODO: upgrade to newer git-annex-shell for notification -- TODO: upgrade to newer git-annex-shell for notification
-- gitweb -- gitweb
& cname "kgb.kitenet.net" & cname "kgb.kitenet.net"
& Apt.serviceInstalledRunning "kgb-bot" & Docker.docked hosts "kgb-server"
& File.hasPrivContent "/etc/kgb-bot/kgb.conf" & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
& File.hasPrivContent "/etc/kgb-bot/kgb-client.conf"
& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
`onChange` Service.running "kgb-bot"
& cname "downloads.kitenet.net" & cname "downloads.kitenet.net"
& Apt.buildDep ["git-annex"] `period` Daily & Apt.buildDep ["git-annex"] `period` Daily
@ -128,6 +125,17 @@ hosts =
& OpenId.providerFor ["joey", "liw"] & OpenId.providerFor ["joey", "liw"]
"openid.kitenet.net:8081" "openid.kitenet.net:8081"
-- The kgb irc bot, in a container for security and because I need
-- features not in the stable version.
, standardContainer "kgb-server" Unstable "amd64"
& Docker.publish "9999:9999"
& Apt.serviceInstalledRunning "kgb-bot"
& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
`describe` "kgb bot enabled"
`onChange` Service.running "kgb-bot"
-- Exhibit: kite's 90's website.
, standardContainer "ancient-kitenet" Stable "amd64" , standardContainer "ancient-kitenet" Stable "amd64"
& Docker.publish "1994:80" & Docker.publish "1994:80"
& Apt.serviceInstalledRunning "apache2" & Apt.serviceInstalledRunning "apache2"