reorg
This commit is contained in:
parent
70e1df98c5
commit
4c1c41d1a2
356
config-joey.hs
356
config-joey.hs
|
@ -35,209 +35,216 @@ main = defaultMain hosts -- / \___-=O`/|O`/__| (____.'
|
||||||
{- Propellor -- \ / | / ) _.-"-._
|
{- Propellor -- \ / | / ) _.-"-._
|
||||||
Deployed -} -- `/-==__ _/__|/__=-| ( \_
|
Deployed -} -- `/-==__ _/__|/__=-| ( \_
|
||||||
hosts :: [Host] -- * \ | | '--------'
|
hosts :: [Host] -- * \ | | '--------'
|
||||||
hosts = -- (o) `
|
hosts = -- (o) `
|
||||||
[ host "darkstar.kitenet.net"
|
[ darkstar
|
||||||
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
|
, clam
|
||||||
|
, orca
|
||||||
|
, kite
|
||||||
|
, diatom
|
||||||
|
, elephant
|
||||||
|
] ++ containers ++ monsters
|
||||||
|
|
||||||
& Apt.buildDep ["git-annex"] `period` Daily
|
darkstar :: Host
|
||||||
& Docker.configured
|
darkstar = host "darkstar.kitenet.net"
|
||||||
! Docker.docked hosts "android-git-annex"
|
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
|
||||||
|
|
||||||
, standardSystem "clam.kitenet.net" Unstable "amd64"
|
& Apt.buildDep ["git-annex"] `period` Daily
|
||||||
[ "Unreliable server. Anything here may be lost at any time!" ]
|
& Docker.configured
|
||||||
& ipv4 "162.248.9.29"
|
! Docker.docked hosts "android-git-annex"
|
||||||
|
|
||||||
& CloudAtCost.decruft
|
clam :: Host
|
||||||
& Apt.unattendedUpgrades
|
clam = standardSystem "clam.kitenet.net" Unstable "amd64"
|
||||||
& Network.ipv6to4
|
[ "Unreliable server. Anything here may be lost at any time!" ]
|
||||||
& Tor.isBridge
|
& ipv4 "162.248.9.29"
|
||||||
& Postfix.satellite
|
|
||||||
|
|
||||||
& Docker.configured
|
& CloudAtCost.decruft
|
||||||
& Docker.garbageCollected `period` Daily
|
& Apt.unattendedUpgrades
|
||||||
|
& Network.ipv6to4
|
||||||
|
& Tor.isBridge
|
||||||
|
& Postfix.satellite
|
||||||
|
|
||||||
-- ssh on some extra ports to deal with horrible networks
|
& Docker.configured
|
||||||
-- while travelling
|
& Docker.garbageCollected `period` Daily
|
||||||
& alias "travelling.kitenet.net"
|
|
||||||
& Ssh.listenPort 80
|
|
||||||
& Ssh.listenPort 443
|
|
||||||
|
|
||||||
-- Orca is the main git-annex build box.
|
-- ssh on some extra ports to deal with horrible networks
|
||||||
, standardSystem "orca.kitenet.net" Unstable "amd64"
|
-- while travelling
|
||||||
[ "Main git-annex build box." ]
|
& alias "travelling.kitenet.net"
|
||||||
& ipv4 "138.38.108.179"
|
& Ssh.listenPort 80
|
||||||
|
& Ssh.listenPort 443
|
||||||
|
|
||||||
& Apt.unattendedUpgrades
|
orca :: Host
|
||||||
& Postfix.satellite
|
orca = standardSystem "orca.kitenet.net" Unstable "amd64"
|
||||||
& Docker.configured
|
[ "Main git-annex build box." ]
|
||||||
& Docker.docked hosts "amd64-git-annex-builder"
|
& ipv4 "138.38.108.179"
|
||||||
& Docker.docked hosts "i386-git-annex-builder"
|
|
||||||
& Docker.docked hosts "android-git-annex-builder"
|
|
||||||
& Docker.docked hosts "armel-git-annex-builder-companion"
|
|
||||||
& Docker.docked hosts "armel-git-annex-builder"
|
|
||||||
& Docker.garbageCollected `period` Daily
|
|
||||||
& Apt.buildDep ["git-annex"] `period` Daily
|
|
||||||
|
|
||||||
-- This is not a complete description of kite, since it's a
|
& Apt.unattendedUpgrades
|
||||||
-- multiuser system with eg, user passwords that are not deployed
|
& Postfix.satellite
|
||||||
-- with propellor.
|
& Docker.configured
|
||||||
, standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
|
& Docker.docked hosts "amd64-git-annex-builder"
|
||||||
[ "Welcome to the new kitenet.net server!"
|
& Docker.docked hosts "i386-git-annex-builder"
|
||||||
, "This is still under construction and not yet live.."
|
& Docker.docked hosts "android-git-annex-builder"
|
||||||
|
& Docker.docked hosts "armel-git-annex-builder-companion"
|
||||||
|
& Docker.docked hosts "armel-git-annex-builder"
|
||||||
|
& Docker.garbageCollected `period` Daily
|
||||||
|
& Apt.buildDep ["git-annex"] `period` Daily
|
||||||
|
|
||||||
|
-- This is not a complete description of kite, since it's a
|
||||||
|
-- multiuser system with eg, user passwords that are not deployed
|
||||||
|
-- with propellor.
|
||||||
|
kite :: Host
|
||||||
|
kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
|
||||||
|
[ "Welcome to the new kitenet.net server!"
|
||||||
|
, "This is still under construction and not yet live.."
|
||||||
|
]
|
||||||
|
& ipv4 "66.228.36.95"
|
||||||
|
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
|
||||||
|
-- & alias "kitenet.net" -- not yet live!
|
||||||
|
|
||||||
|
& Apt.installed ["linux-image-amd64"]
|
||||||
|
& Linode.chainPVGrub 5
|
||||||
|
& Apt.unattendedUpgrades
|
||||||
|
& Apt.installed ["systemd"]
|
||||||
|
& Ssh.hostKeys (Context "kitenet.net")
|
||||||
|
-- Since ssh password authentication is allowed:
|
||||||
|
& Apt.serviceInstalledRunning "fail2ban"
|
||||||
|
& Obnam.backup "/" "33 1 * * *"
|
||||||
|
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
||||||
|
, "--client-name=kitenet.net"
|
||||||
|
, "--encrypt-with="
|
||||||
|
, "--exclude=/var/cache"
|
||||||
|
, "--exclude=/var/tmp"
|
||||||
|
, "--exclude=/home/joey/lib"
|
||||||
|
, "--exclude=.*/tmp/"
|
||||||
|
, "--one-file-system"
|
||||||
|
] Obnam.OnlyClient
|
||||||
|
`requires` Gpg.keyImported "98147487" "root"
|
||||||
|
`requires` Ssh.keyImported SshRsa "root"
|
||||||
|
(Context "kite.kitenet.net")
|
||||||
|
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
|
||||||
|
|
||||||
|
-- & alias "smtp.kitenet.net" -- not yet live!
|
||||||
|
-- & alias "imap.kitenet.net" -- not yet live!
|
||||||
|
-- & alias "mail.kitenet.net" -- not yet live!
|
||||||
|
& JoeySites.kiteMailServer
|
||||||
|
|
||||||
|
& JoeySites.legacyWebSites
|
||||||
|
|
||||||
|
& Apt.installed
|
||||||
|
["git-annex", "myrepos"
|
||||||
|
, "build-essential", "make"
|
||||||
|
-- Some users have zsh as their login shell.
|
||||||
|
, "zsh"
|
||||||
]
|
]
|
||||||
& ipv4 "66.228.36.95"
|
|
||||||
& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
|
|
||||||
-- & alias "kitenet.net" -- not yet live!
|
|
||||||
|
|
||||||
& Apt.installed ["linux-image-amd64"]
|
diatom :: Host
|
||||||
& Linode.chainPVGrub 5
|
diatom = standardSystem "diatom.kitenet.net" Stable "amd64"
|
||||||
& Apt.unattendedUpgrades
|
[ "Important stuff that needs not too much memory or CPU." ]
|
||||||
& Apt.installed ["systemd"]
|
& ipv4 "107.170.31.195"
|
||||||
& Ssh.hostKeys (Context "kitenet.net")
|
|
||||||
-- Since ssh password authentication is allowed:
|
|
||||||
& Apt.serviceInstalledRunning "fail2ban"
|
|
||||||
& Obnam.backup "/" "33 1 * * *"
|
|
||||||
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
|
||||||
, "--client-name=kitenet.net"
|
|
||||||
, "--encrypt-with="
|
|
||||||
, "--exclude=/var/cache"
|
|
||||||
, "--exclude=/var/tmp"
|
|
||||||
, "--exclude=/home/joey/lib"
|
|
||||||
, "--exclude=.*/tmp/"
|
|
||||||
, "--one-file-system"
|
|
||||||
] Obnam.OnlyClient
|
|
||||||
`requires` Gpg.keyImported "98147487" "root"
|
|
||||||
`requires` Ssh.keyImported SshRsa "root"
|
|
||||||
(Context "kite.kitenet.net")
|
|
||||||
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
|
|
||||||
|
|
||||||
-- & alias "smtp.kitenet.net" -- not yet live!
|
& DigitalOcean.distroKernel
|
||||||
-- & alias "imap.kitenet.net" -- not yet live!
|
& Ssh.hostKeys (Context "diatom.kitenet.net")
|
||||||
-- & alias "mail.kitenet.net" -- not yet live!
|
& Apt.unattendedUpgrades
|
||||||
& JoeySites.kiteMailServer
|
& Apt.serviceInstalledRunning "ntp"
|
||||||
|
& Postfix.satellite
|
||||||
|
|
||||||
& JoeySites.legacyWebSites
|
-- Diatom has 500 mb of memory, so tune for that.
|
||||||
|
& JoeySites.obnamLowMem
|
||||||
|
& Apt.serviceInstalledRunning "swapspace"
|
||||||
|
|
||||||
& Apt.installed
|
& Apt.serviceInstalledRunning "apache2"
|
||||||
["git-annex", "myrepos"
|
& JoeySites.kitenetHttps
|
||||||
, "build-essential", "make"
|
& Apache.multiSSL
|
||||||
-- Some users have zsh as their login shell.
|
& File.ownerGroup "/srv/web" "joey" "joey"
|
||||||
, "zsh"
|
& Apt.installed ["analog"]
|
||||||
]
|
|
||||||
|
|
||||||
, standardSystem "diatom.kitenet.net" Stable "amd64"
|
& alias "git.kitenet.net"
|
||||||
[ "Important stuff that needs not too much memory or CPU." ]
|
& alias "git.joeyh.name"
|
||||||
& ipv4 "107.170.31.195"
|
& JoeySites.gitServer hosts
|
||||||
|
|
||||||
& DigitalOcean.distroKernel
|
|
||||||
& Ssh.hostKeys (Context "diatom.kitenet.net")
|
|
||||||
& Apt.unattendedUpgrades
|
|
||||||
& Apt.serviceInstalledRunning "ntp"
|
|
||||||
& Postfix.satellite
|
|
||||||
|
|
||||||
-- Diatom has 500 mb of memory, so tune for that.
|
|
||||||
& JoeySites.obnamLowMem
|
|
||||||
& Apt.serviceInstalledRunning "swapspace"
|
|
||||||
|
|
||||||
& Apt.serviceInstalledRunning "apache2"
|
|
||||||
& JoeySites.kitenetHttps
|
|
||||||
& Apache.multiSSL
|
|
||||||
& File.ownerGroup "/srv/web" "joey" "joey"
|
|
||||||
& Apt.installed ["analog"]
|
|
||||||
|
|
||||||
& alias "git.kitenet.net"
|
|
||||||
& alias "git.joeyh.name"
|
|
||||||
& JoeySites.gitServer hosts
|
|
||||||
|
|
||||||
& alias "downloads.kitenet.net"
|
|
||||||
& JoeySites.annexWebSite "/srv/git/downloads.git"
|
|
||||||
"downloads.kitenet.net"
|
|
||||||
"840760dc-08f0-11e2-8c61-576b7e66acfd"
|
|
||||||
[("usbackup", "ssh://usbackup.kitenet.net/~/lib/downloads/")]
|
|
||||||
`requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net")
|
|
||||||
`requires` Ssh.knownHost hosts "usbackup.kitenet.net" "joey"
|
|
||||||
& JoeySites.gitAnnexDistributor
|
|
||||||
|
|
||||||
|
& alias "downloads.kitenet.net"
|
||||||
|
& JoeySites.annexWebSite "/srv/git/downloads.git"
|
||||||
|
"downloads.kitenet.net"
|
||||||
|
"840760dc-08f0-11e2-8c61-576b7e66acfd"
|
||||||
|
[("usbackup", "ssh://usbackup.kitenet.net/~/lib/downloads/")]
|
||||||
|
`requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net")
|
||||||
|
`requires` Ssh.knownHost hosts "usbackup.kitenet.net" "joey"
|
||||||
|
& JoeySites.gitAnnexDistributor
|
||||||
& alias "tmp.kitenet.net"
|
& alias "tmp.kitenet.net"
|
||||||
& JoeySites.annexWebSite "/srv/git/joey/tmp.git"
|
& JoeySites.annexWebSite "/srv/git/joey/tmp.git"
|
||||||
"tmp.kitenet.net"
|
"tmp.kitenet.net"
|
||||||
"26fd6e38-1226-11e2-a75f-ff007033bdba"
|
"26fd6e38-1226-11e2-a75f-ff007033bdba"
|
||||||
[]
|
[]
|
||||||
& JoeySites.twitRss
|
& JoeySites.twitRss
|
||||||
& JoeySites.pumpRss
|
& JoeySites.pumpRss
|
||||||
|
|
||||||
& alias "nntp.olduse.net"
|
& alias "nntp.olduse.net"
|
||||||
& alias "resources.olduse.net"
|
& alias "resources.olduse.net"
|
||||||
& JoeySites.oldUseNetServer hosts
|
& JoeySites.oldUseNetServer hosts
|
||||||
|
|
||||||
& alias "ns2.kitenet.net"
|
& alias "ns2.kitenet.net"
|
||||||
& myDnsPrimary "kitenet.net" []
|
& myDnsPrimary "kitenet.net" []
|
||||||
& myDnsPrimary "joeyh.name" []
|
& myDnsPrimary "joeyh.name" []
|
||||||
& myDnsPrimary "ikiwiki.info" []
|
& myDnsPrimary "ikiwiki.info" []
|
||||||
& myDnsPrimary "olduse.net"
|
& myDnsPrimary "olduse.net"
|
||||||
[ (RelDomain "article",
|
[ (RelDomain "article",
|
||||||
CNAME $ AbsDomain "virgil.koldfront.dk") ]
|
CNAME $ AbsDomain "virgil.koldfront.dk") ]
|
||||||
|
|
||||||
& alias "ns3.branchable.com"
|
& alias "ns3.branchable.com"
|
||||||
& branchableSecondary
|
& branchableSecondary
|
||||||
|
|
||||||
& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
|
& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
|
||||||
|
|
||||||
, let ctx = Context "elephant.kitenet.net"
|
|
||||||
in standardSystem "elephant.kitenet.net" Unstable "amd64"
|
|
||||||
[ "Storage, big data, and backups, omnomnom!"
|
|
||||||
, "(Encrypt all data stored here.)"
|
|
||||||
]
|
|
||||||
& ipv4 "193.234.225.114"
|
|
||||||
|
|
||||||
|
elephant :: Host
|
||||||
|
elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
|
||||||
|
[ "Storage, big data, and backups, omnomnom!"
|
||||||
|
, "(Encrypt all data stored here.)"
|
||||||
|
]
|
||||||
|
& ipv4 "193.234.225.114"
|
||||||
& Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
|
& Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
|
||||||
& Postfix.satellite
|
& Postfix.satellite
|
||||||
& Apt.unattendedUpgrades
|
& Apt.unattendedUpgrades
|
||||||
& Ssh.hostKeys ctx
|
& Ssh.hostKeys ctx
|
||||||
& sshPubKey "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0="
|
& sshPubKey "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0="
|
||||||
& Ssh.keyImported SshRsa "joey" ctx
|
& Ssh.keyImported SshRsa "joey" ctx
|
||||||
& Apt.serviceInstalledRunning "swapspace"
|
& Apt.serviceInstalledRunning "swapspace"
|
||||||
|
|
||||||
& alias "eubackup.kitenet.net"
|
& alias "eubackup.kitenet.net"
|
||||||
& Apt.installed ["obnam", "sshfs", "rsync"]
|
& Apt.installed ["obnam", "sshfs", "rsync"]
|
||||||
& JoeySites.obnamRepos ["wren", "pell", "kite"]
|
& JoeySites.obnamRepos ["wren", "pell", "kite"]
|
||||||
& JoeySites.githubBackup
|
& JoeySites.githubBackup
|
||||||
& JoeySites.rsyncNetBackup hosts
|
& JoeySites.rsyncNetBackup hosts
|
||||||
& JoeySites.backupsBackedupTo hosts "usbackup.kitenet.net" "lib/backup/eubackup"
|
& JoeySites.backupsBackedupTo hosts "usbackup.kitenet.net" "lib/backup/eubackup"
|
||||||
|
|
||||||
& alias "podcatcher.kitenet.net"
|
& alias "podcatcher.kitenet.net"
|
||||||
& JoeySites.podcatcher
|
& JoeySites.podcatcher
|
||||||
|
|
||||||
& alias "znc.kitenet.net"
|
|
||||||
& JoeySites.ircBouncer
|
|
||||||
|
|
||||||
|
& alias "znc.kitenet.net"
|
||||||
|
& JoeySites.ircBouncer
|
||||||
-- I'd rather this were on diatom, but it needs unstable.
|
-- I'd rather this were on diatom, but it needs unstable.
|
||||||
& alias "kgb.kitenet.net"
|
& alias "kgb.kitenet.net"
|
||||||
& JoeySites.kgbServer
|
& JoeySites.kgbServer
|
||||||
|
|
||||||
& alias "mumble.kitenet.net"
|
& alias "mumble.kitenet.net"
|
||||||
& JoeySites.mumbleServer hosts
|
& JoeySites.mumbleServer hosts
|
||||||
|
|
||||||
& alias "ns3.kitenet.net"
|
& alias "ns3.kitenet.net"
|
||||||
& myDnsSecondary
|
& myDnsSecondary
|
||||||
|
|
||||||
& Docker.configured
|
|
||||||
|
|
||||||
|
& Docker.configured
|
||||||
& Docker.docked hosts "oldusenet-shellbox"
|
& Docker.docked hosts "oldusenet-shellbox"
|
||||||
& Docker.docked hosts "openid-provider"
|
& Docker.docked hosts "openid-provider"
|
||||||
`requires` Apt.serviceInstalledRunning "ntp"
|
`requires` Apt.serviceInstalledRunning "ntp"
|
||||||
& Docker.docked hosts "ancient-kitenet"
|
& Docker.docked hosts "ancient-kitenet"
|
||||||
|
|
||||||
& Docker.garbageCollected `period` (Weekly (Just 1))
|
& Docker.garbageCollected `period` (Weekly (Just 1))
|
||||||
|
|
||||||
-- For https port 443, shellinabox with ssh login to
|
-- For https port 443, shellinabox with ssh login to
|
||||||
-- kitenet.net
|
-- kitenet.net
|
||||||
& alias "shell.kitenet.net"
|
& alias "shell.kitenet.net"
|
||||||
& JoeySites.kiteShellBox
|
& JoeySites.kiteShellBox
|
||||||
-- Nothing is using http port 80, so listen on
|
-- Nothing is using http port 80, so listen on
|
||||||
-- that port for ssh, for traveling on bad networks that
|
-- that port for ssh, for traveling on bad networks that
|
||||||
-- block 22.
|
-- block 22.
|
||||||
& Ssh.listenPort 80
|
& Ssh.listenPort 80
|
||||||
|
where
|
||||||
|
ctx = Context "elephant.kitenet.net"
|
||||||
|
|
||||||
|
|
||||||
--' __|II| ,.
|
--' __|II| ,.
|
||||||
|
@ -247,9 +254,10 @@ hosts = -- (o) `
|
||||||
----------------------- : / -----------------------
|
----------------------- : / -----------------------
|
||||||
------------------------ \____, o ,' ------------------------
|
------------------------ \____, o ,' ------------------------
|
||||||
------------------------- '--,___________,' -------------------------
|
------------------------- '--,___________,' -------------------------
|
||||||
|
containers :: [Host]
|
||||||
|
containers =
|
||||||
-- Simple web server, publishing the outside host's /var/www
|
-- Simple web server, publishing the outside host's /var/www
|
||||||
, standardContainer "webserver" Stable "amd64"
|
[ standardContainer "webserver" Stable "amd64"
|
||||||
& Docker.publish "8080:80"
|
& Docker.publish "8080:80"
|
||||||
& Docker.volume "/var/www:/var/www"
|
& Docker.volume "/var/www:/var/www"
|
||||||
& Apt.serviceInstalledRunning "apache2"
|
& Apt.serviceInstalledRunning "apache2"
|
||||||
|
@ -287,7 +295,7 @@ hosts = -- (o) `
|
||||||
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
||||||
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
||||||
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
||||||
] ++ monsters
|
]
|
||||||
|
|
||||||
type Motd = [String]
|
type Motd = [String]
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue