propellor spin

2014-04-13 12:21:43 -04:00 · 2014-04-13 12:21:43 -04:00 · 479045277b
parent ebfba3828c
commit 479045277b
3 changed files with 23 additions and 15 deletions
--- a/Propellor/Property/File.hs
+++ b/Propellor/Property/File.hs
@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent ->
  where
 	desc = "privcontent " ++ f

+-- | Leaves the file world-readable.
+hasPrivContentExposed :: FilePath -> Property
+hasPrivContentExposed f = hasPrivContent f `onChange`
+	mode f (combineModes (ownerWriteMode:readModes))
+
 -- | Ensures that a line is present in a file, adding it to the end if not.
 containsLine :: FilePath -> Line -> Property
 f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f
--- a/Propellor/Property/OpenId.hs
+++ b/Propellor/Property/OpenId.hs
@ -4,7 +4,6 @@ import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
-import Utility.FileMode

 import Data.List
 import System.Posix.Files
@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $
 			"define('SIMPLEID_BASE_URL', '"++url++"');"
 		| otherwise = l
 	
-	identfile u = combineProperties desc
-		[ File.hasPrivContent f
 	-- the identitites directory controls access, so open up
 	-- file mode
-		, File.mode f (combineModes (ownerWriteMode:readModes))
-		]
-	  where
-		f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
+	identfile u = File.hasPrivContentExposed $
+		concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
--- a/config-joey.hs
+++ b/config-joey.hs
@ -85,18 +85,15 @@ hosts =
 			`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
 			`requires` Ssh.authorizedKeys "family"
 			`requires` User.accountFor "family"
-		& Apt.installed ["git", "git-annex", "rsync", "kgb-client"]
+		& Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
 		& Git.daemonRunning "/srv/git"
 		-- ssh keys for branchable and github repo hooks
 		-- TODO: upgrade to newer git-annex-shell for notification
 		-- gitweb

 		& cname "kgb.kitenet.net"
-		& Apt.serviceInstalledRunning "kgb-bot"
-		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
-		& File.hasPrivContent "/etc/kgb-bot/kgb-client.conf"
-		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
-			`onChange` Service.running "kgb-bot"
+		& Docker.docked hosts "kgb-server"
+		& File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
 	
 		& cname "downloads.kitenet.net"
 		& Apt.buildDep ["git-annex"] `period` Daily
@ -128,6 +125,17 @@ hosts =
 		& OpenId.providerFor ["joey", "liw"]
 			"openid.kitenet.net:8081"

+	-- The kgb irc bot, in a container for security and because I need
+	-- features not in the stable version.
+	, standardContainer "kgb-server" Unstable "amd64"
+		& Docker.publish "9999:9999"
+		& Apt.serviceInstalledRunning "kgb-bot"
+		& File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+		& "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+			`describe` "kgb bot enabled"
+			`onChange` Service.running "kgb-bot"
+	
+	-- Exhibit: kite's 90's website.
 	, standardContainer "ancient-kitenet" Stable "amd64"
 		& Docker.publish "1994:80"
 		& Apt.serviceInstalledRunning "apache2"