propellor spin

Propellor/Property/File.hs

@@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent ->
   where
 	desc = "privcontent " ++ f
 
+-- | Leaves the file world-readable.
+hasPrivContentExposed :: FilePath -> Property
+hasPrivContentExposed f = hasPrivContent f `onChange`
+	mode f (combineModes (ownerWriteMode:readModes))
+
 -- | Ensures that a line is present in a file, adding it to the end if not.
 containsLine :: FilePath -> Line -> Property
 f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f

Propellor/Property/OpenId.hs

@@ -4,7 +4,6 @@ import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
-import Utility.FileMode
 
 import Data.List
 import System.Posix.Files
@@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $
 			"define('SIMPLEID_BASE_URL', '"++url++"');"
 		| otherwise = l
 	
-	identfile u = combineProperties desc
+	-- the identitites directory controls access, so open up
-		[ File.hasPrivContent f
+	-- file mode
-		-- the identitites directory controls access, so open up
+	identfile u = File.hasPrivContentExposed $
-		-- file mode
+		concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
-		, File.mode f (combineModes (ownerWriteMode:readModes))
-		]
-	  where
-		f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]

config-joey.hs

@@ -85,18 +85,15 @@ hosts =
 			`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
 			`requires` Ssh.authorizedKeys "family"
 			`requires` User.accountFor "family"
-		& Apt.installed ["git", "git-annex", "rsync", "kgb-client"]
+		& Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
 		& Git.daemonRunning "/srv/git"
 		-- ssh keys for branchable and github repo hooks
 		-- TODO: upgrade to newer git-annex-shell for notification
 		-- gitweb
 
 		& cname "kgb.kitenet.net"
-		& Apt.serviceInstalledRunning "kgb-bot"
+		& Docker.docked hosts "kgb-server"
-		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+		& File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
-		& File.hasPrivContent "/etc/kgb-bot/kgb-client.conf"
-		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
-			`onChange` Service.running "kgb-bot"
 	
 		& cname "downloads.kitenet.net"
 		& Apt.buildDep ["git-annex"] `period` Daily
@@ -127,7 +124,18 @@ hosts =
 		& Docker.publish "8081:80"
 		& OpenId.providerFor ["joey", "liw"]
 			"openid.kitenet.net:8081"
+
+	-- The kgb irc bot, in a container for security and because I need
+	-- features not in the stable version.
+	, standardContainer "kgb-server" Unstable "amd64"
+		& Docker.publish "9999:9999"
+		& Apt.serviceInstalledRunning "kgb-bot"
+		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+			`describe` "kgb bot enabled"
+			`onChange` Service.running "kgb-bot"
 	
+	-- Exhibit: kite's 90's website.
 	, standardContainer "ancient-kitenet" Stable "amd64"
 		& Docker.publish "1994:80"
 		& Apt.serviceInstalledRunning "apache2"