This commit is contained in:
Joey Hess 2014-08-29 10:15:44 -07:00
parent 70e1df98c5
commit 4c1c41d1a2
1 changed files with 187 additions and 179 deletions

View File

@ -35,209 +35,216 @@ main = defaultMain hosts -- / \___-=O`/|O`/__| (____.'
{- Propellor -- \ / | / ) _.-"-._ {- Propellor -- \ / | / ) _.-"-._
Deployed -} -- `/-==__ _/__|/__=-| ( \_ Deployed -} -- `/-==__ _/__|/__=-| ( \_
hosts :: [Host] -- * \ | | '--------' hosts :: [Host] -- * \ | | '--------'
hosts = -- (o) ` hosts = -- (o) `
[ host "darkstar.kitenet.net" [ darkstar
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel , clam
, orca
, kite
, diatom
, elephant
] ++ containers ++ monsters
& Apt.buildDep ["git-annex"] `period` Daily darkstar :: Host
& Docker.configured darkstar = host "darkstar.kitenet.net"
! Docker.docked hosts "android-git-annex" & ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
, standardSystem "clam.kitenet.net" Unstable "amd64" & Apt.buildDep ["git-annex"] `period` Daily
[ "Unreliable server. Anything here may be lost at any time!" ] & Docker.configured
& ipv4 "162.248.9.29" ! Docker.docked hosts "android-git-annex"
& CloudAtCost.decruft clam :: Host
& Apt.unattendedUpgrades clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Network.ipv6to4 [ "Unreliable server. Anything here may be lost at any time!" ]
& Tor.isBridge & ipv4 "162.248.9.29"
& Postfix.satellite
& Docker.configured & CloudAtCost.decruft
& Docker.garbageCollected `period` Daily & Apt.unattendedUpgrades
& Network.ipv6to4
& Tor.isBridge
& Postfix.satellite
-- ssh on some extra ports to deal with horrible networks & Docker.configured
-- while travelling & Docker.garbageCollected `period` Daily
& alias "travelling.kitenet.net"
& Ssh.listenPort 80
& Ssh.listenPort 443
-- Orca is the main git-annex build box. -- ssh on some extra ports to deal with horrible networks
, standardSystem "orca.kitenet.net" Unstable "amd64" -- while travelling
[ "Main git-annex build box." ] & alias "travelling.kitenet.net"
& ipv4 "138.38.108.179" & Ssh.listenPort 80
& Ssh.listenPort 443
& Apt.unattendedUpgrades orca :: Host
& Postfix.satellite orca = standardSystem "orca.kitenet.net" Unstable "amd64"
& Docker.configured [ "Main git-annex build box." ]
& Docker.docked hosts "amd64-git-annex-builder" & ipv4 "138.38.108.179"
& Docker.docked hosts "i386-git-annex-builder"
& Docker.docked hosts "android-git-annex-builder"
& Docker.docked hosts "armel-git-annex-builder-companion"
& Docker.docked hosts "armel-git-annex-builder"
& Docker.garbageCollected `period` Daily
& Apt.buildDep ["git-annex"] `period` Daily
-- This is not a complete description of kite, since it's a & Apt.unattendedUpgrades
-- multiuser system with eg, user passwords that are not deployed & Postfix.satellite
-- with propellor. & Docker.configured
, standardSystemUnhardened "kite.kitenet.net" Unstable "amd64" & Docker.docked hosts "amd64-git-annex-builder"
[ "Welcome to the new kitenet.net server!" & Docker.docked hosts "i386-git-annex-builder"
, "This is still under construction and not yet live.." & Docker.docked hosts "android-git-annex-builder"
& Docker.docked hosts "armel-git-annex-builder-companion"
& Docker.docked hosts "armel-git-annex-builder"
& Docker.garbageCollected `period` Daily
& Apt.buildDep ["git-annex"] `period` Daily
-- This is not a complete description of kite, since it's a
-- multiuser system with eg, user passwords that are not deployed
-- with propellor.
kite :: Host
kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
[ "Welcome to the new kitenet.net server!"
, "This is still under construction and not yet live.."
]
& ipv4 "66.228.36.95"
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
-- & alias "kitenet.net" -- not yet live!
& Apt.installed ["linux-image-amd64"]
& Linode.chainPVGrub 5
& Apt.unattendedUpgrades
& Apt.installed ["systemd"]
& Ssh.hostKeys (Context "kitenet.net")
-- Since ssh password authentication is allowed:
& Apt.serviceInstalledRunning "fail2ban"
& Obnam.backup "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net"
, "--encrypt-with="
, "--exclude=/var/cache"
, "--exclude=/var/tmp"
, "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/"
, "--one-file-system"
] Obnam.OnlyClient
`requires` Gpg.keyImported "98147487" "root"
`requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
-- & alias "smtp.kitenet.net" -- not yet live!
-- & alias "imap.kitenet.net" -- not yet live!
-- & alias "mail.kitenet.net" -- not yet live!
& JoeySites.kiteMailServer
& JoeySites.legacyWebSites
& Apt.installed
["git-annex", "myrepos"
, "build-essential", "make"
-- Some users have zsh as their login shell.
, "zsh"
] ]
& ipv4 "66.228.36.95"
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
-- & alias "kitenet.net" -- not yet live!
& Apt.installed ["linux-image-amd64"] diatom :: Host
& Linode.chainPVGrub 5 diatom = standardSystem "diatom.kitenet.net" Stable "amd64"
& Apt.unattendedUpgrades [ "Important stuff that needs not too much memory or CPU." ]
& Apt.installed ["systemd"] & ipv4 "107.170.31.195"
& Ssh.hostKeys (Context "kitenet.net")
-- Since ssh password authentication is allowed:
& Apt.serviceInstalledRunning "fail2ban"
& Obnam.backup "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net"
, "--encrypt-with="
, "--exclude=/var/cache"
, "--exclude=/var/tmp"
, "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/"
, "--one-file-system"
] Obnam.OnlyClient
`requires` Gpg.keyImported "98147487" "root"
`requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
-- & alias "smtp.kitenet.net" -- not yet live! & DigitalOcean.distroKernel
-- & alias "imap.kitenet.net" -- not yet live! & Ssh.hostKeys (Context "diatom.kitenet.net")
-- & alias "mail.kitenet.net" -- not yet live! & Apt.unattendedUpgrades
& JoeySites.kiteMailServer & Apt.serviceInstalledRunning "ntp"
& Postfix.satellite
& JoeySites.legacyWebSites -- Diatom has 500 mb of memory, so tune for that.
& JoeySites.obnamLowMem
& Apt.serviceInstalledRunning "swapspace"
& Apt.installed & Apt.serviceInstalledRunning "apache2"
["git-annex", "myrepos" & JoeySites.kitenetHttps
, "build-essential", "make" & Apache.multiSSL
-- Some users have zsh as their login shell. & File.ownerGroup "/srv/web" "joey" "joey"
, "zsh" & Apt.installed ["analog"]
]
, standardSystem "diatom.kitenet.net" Stable "amd64" & alias "git.kitenet.net"
[ "Important stuff that needs not too much memory or CPU." ] & alias "git.joeyh.name"
& ipv4 "107.170.31.195" & JoeySites.gitServer hosts
& DigitalOcean.distroKernel
& Ssh.hostKeys (Context "diatom.kitenet.net")
& Apt.unattendedUpgrades
& Apt.serviceInstalledRunning "ntp"
& Postfix.satellite
-- Diatom has 500 mb of memory, so tune for that.
& JoeySites.obnamLowMem
& Apt.serviceInstalledRunning "swapspace"
& Apt.serviceInstalledRunning "apache2"
& JoeySites.kitenetHttps
& Apache.multiSSL
& File.ownerGroup "/srv/web" "joey" "joey"
& Apt.installed ["analog"]
& alias "git.kitenet.net"
& alias "git.joeyh.name"
& JoeySites.gitServer hosts
& alias "downloads.kitenet.net"
& JoeySites.annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
[("usbackup", "ssh://usbackup.kitenet.net/~/lib/downloads/")]
`requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net")
`requires` Ssh.knownHost hosts "usbackup.kitenet.net" "joey"
& JoeySites.gitAnnexDistributor
& alias "downloads.kitenet.net"
& JoeySites.annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
[("usbackup", "ssh://usbackup.kitenet.net/~/lib/downloads/")]
`requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net")
`requires` Ssh.knownHost hosts "usbackup.kitenet.net" "joey"
& JoeySites.gitAnnexDistributor
& alias "tmp.kitenet.net" & alias "tmp.kitenet.net"
& JoeySites.annexWebSite "/srv/git/joey/tmp.git" & JoeySites.annexWebSite "/srv/git/joey/tmp.git"
"tmp.kitenet.net" "tmp.kitenet.net"
"26fd6e38-1226-11e2-a75f-ff007033bdba" "26fd6e38-1226-11e2-a75f-ff007033bdba"
[] []
& JoeySites.twitRss & JoeySites.twitRss
& JoeySites.pumpRss & JoeySites.pumpRss
& alias "nntp.olduse.net" & alias "nntp.olduse.net"
& alias "resources.olduse.net" & alias "resources.olduse.net"
& JoeySites.oldUseNetServer hosts & JoeySites.oldUseNetServer hosts
& alias "ns2.kitenet.net" & alias "ns2.kitenet.net"
& myDnsPrimary "kitenet.net" [] & myDnsPrimary "kitenet.net" []
& myDnsPrimary "joeyh.name" [] & myDnsPrimary "joeyh.name" []
& myDnsPrimary "ikiwiki.info" [] & myDnsPrimary "ikiwiki.info" []
& myDnsPrimary "olduse.net" & myDnsPrimary "olduse.net"
[ (RelDomain "article", [ (RelDomain "article",
CNAME $ AbsDomain "virgil.koldfront.dk") ] CNAME $ AbsDomain "virgil.koldfront.dk") ]
& alias "ns3.branchable.com" & alias "ns3.branchable.com"
& branchableSecondary & branchableSecondary
& Dns.secondaryFor ["animx"] hosts "animx.eu.org" & Dns.secondaryFor ["animx"] hosts "animx.eu.org"
, let ctx = Context "elephant.kitenet.net"
in standardSystem "elephant.kitenet.net" Unstable "amd64"
[ "Storage, big data, and backups, omnomnom!"
, "(Encrypt all data stored here.)"
]
& ipv4 "193.234.225.114"
elephant :: Host
elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
[ "Storage, big data, and backups, omnomnom!"
, "(Encrypt all data stored here.)"
]
& ipv4 "193.234.225.114"
& Grub.chainPVGrub "hd0,0" "xen/xvda1" 30 & Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
& Postfix.satellite & Postfix.satellite
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Ssh.hostKeys ctx & Ssh.hostKeys ctx
& sshPubKey "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0=" & sshPubKey "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0="
& Ssh.keyImported SshRsa "joey" ctx & Ssh.keyImported SshRsa "joey" ctx
& Apt.serviceInstalledRunning "swapspace" & Apt.serviceInstalledRunning "swapspace"
& alias "eubackup.kitenet.net" & alias "eubackup.kitenet.net"
& Apt.installed ["obnam", "sshfs", "rsync"] & Apt.installed ["obnam", "sshfs", "rsync"]
& JoeySites.obnamRepos ["wren", "pell", "kite"] & JoeySites.obnamRepos ["wren", "pell", "kite"]
& JoeySites.githubBackup & JoeySites.githubBackup
& JoeySites.rsyncNetBackup hosts & JoeySites.rsyncNetBackup hosts
& JoeySites.backupsBackedupTo hosts "usbackup.kitenet.net" "lib/backup/eubackup" & JoeySites.backupsBackedupTo hosts "usbackup.kitenet.net" "lib/backup/eubackup"
& alias "podcatcher.kitenet.net" & alias "podcatcher.kitenet.net"
& JoeySites.podcatcher & JoeySites.podcatcher
& alias "znc.kitenet.net"
& JoeySites.ircBouncer
& alias "znc.kitenet.net"
& JoeySites.ircBouncer
-- I'd rather this were on diatom, but it needs unstable. -- I'd rather this were on diatom, but it needs unstable.
& alias "kgb.kitenet.net" & alias "kgb.kitenet.net"
& JoeySites.kgbServer & JoeySites.kgbServer
& alias "mumble.kitenet.net" & alias "mumble.kitenet.net"
& JoeySites.mumbleServer hosts & JoeySites.mumbleServer hosts
& alias "ns3.kitenet.net" & alias "ns3.kitenet.net"
& myDnsSecondary & myDnsSecondary
& Docker.configured
& Docker.configured
& Docker.docked hosts "oldusenet-shellbox" & Docker.docked hosts "oldusenet-shellbox"
& Docker.docked hosts "openid-provider" & Docker.docked hosts "openid-provider"
`requires` Apt.serviceInstalledRunning "ntp" `requires` Apt.serviceInstalledRunning "ntp"
& Docker.docked hosts "ancient-kitenet" & Docker.docked hosts "ancient-kitenet"
& Docker.garbageCollected `period` (Weekly (Just 1)) & Docker.garbageCollected `period` (Weekly (Just 1))
-- For https port 443, shellinabox with ssh login to -- For https port 443, shellinabox with ssh login to
-- kitenet.net -- kitenet.net
& alias "shell.kitenet.net" & alias "shell.kitenet.net"
& JoeySites.kiteShellBox & JoeySites.kiteShellBox
-- Nothing is using http port 80, so listen on -- Nothing is using http port 80, so listen on
-- that port for ssh, for traveling on bad networks that -- that port for ssh, for traveling on bad networks that
-- block 22. -- block 22.
& Ssh.listenPort 80 & Ssh.listenPort 80
where
ctx = Context "elephant.kitenet.net"
--' __|II| ,. --' __|II| ,.
@ -247,9 +254,10 @@ hosts = -- (o) `
----------------------- : / ----------------------- ----------------------- : / -----------------------
------------------------ \____, o ,' ------------------------ ------------------------ \____, o ,' ------------------------
------------------------- '--,___________,' ------------------------- ------------------------- '--,___________,' -------------------------
containers :: [Host]
containers =
-- Simple web server, publishing the outside host's /var/www -- Simple web server, publishing the outside host's /var/www
, standardContainer "webserver" Stable "amd64" [ standardContainer "webserver" Stable "amd64"
& Docker.publish "8080:80" & Docker.publish "8080:80"
& Docker.volume "/var/www:/var/www" & Docker.volume "/var/www:/var/www"
& Apt.serviceInstalledRunning "apache2" & Apt.serviceInstalledRunning "apache2"
@ -287,7 +295,7 @@ hosts = -- (o) `
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex" , let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir) & Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
] ++ monsters ]
type Motd = [String] type Motd = [String]