cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

refactor

This commit is contained in:
Joey Hess 2015-05-18 00:20:05 -04:00
parent 00fe51b166
commit 4f925f982a
3 changed files with 70 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
config-joey.hs
View File

@ -31,6 +31,7 @@ import qualified Propellor.Property.HostingProvider.Linode as Linode
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
import qualified Propellor.Property.SiteSpecific.IABak as IABak import qualified Propellor.Property.SiteSpecific.IABak as IABak
import qualified Propellor.Property.SiteSpecific.Branchable as Branchable
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@ -334,60 +335,7 @@ pell = host "pell.branchable.com"
& Apt.installed ["linux-image-amd64"] & Apt.installed ["linux-image-amd64"]
& Linode.chainPVGrub 5 & Linode.chainPVGrub 5
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Branchable.server hosts
& "/etc/timezone" `File.hasContent` ["Etc/UTC"]
& "/etc/locale.gen" `File.containsLines`
[ "en_GB.UTF-8 UTF-8"
, "en_US.UTF-8 UTF-8"
, "fi_FI.UTF-8 UTF-8"
]
`onChange` cmdProperty "locale-gen" []
& Apt.installed ["etckeeper", "ssh", "popularity-contest"]
& Apt.serviceInstalledRunning "apache2"
& Apt.serviceInstalledRunning "ntp"
& Apt.serviceInstalledRunning "openssh-server"
& Ssh.passwordAuthentication False
& Ssh.hostKeys (Context "branchable.com")
[ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
]
& Apt.installed ["procmail", "bsd-mailx"]
& "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
`onChange` Postfix.newaliases
& "/etc/mailname" `File.hasContent` ["branchable.com"]
& Postfix.installed
& Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
-- Obnam is run by a cron job in ikiwiki-hosting.
& "/etc/obnam.conf" `File.hasContent`
[ "[config]"
, "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
, "log = /var/log/obnam.log"
, "encrypt-with = " ++ obnamkey
, "log-level = info"
, "log-max = 1048576"
, "keep = 7d,5w,12m"
, "upload-queue-size = 128"
, "lru-size = 128"
]
& Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
& Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
& Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
& Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& adminuser "joey"
& adminuser "liw"
where
obnamkey = "41E1A9B9"
adminuser u = propertyList ("admin user " ++ u) $ props
& User.accountFor (User u)
& User.hasSomePassword (User u)
& Sudo.enabledFor (User u)
& User.hasGroup (User u) (Group "adm")
& User.hasGroup (User u) (Group "systemd-journal")
iabak :: Host iabak :: Host
iabak = host "iabak.archiveteam.org" iabak = host "iabak.archiveteam.org"

2
propellor.cabal
View File

@ -110,6 +110,8 @@ Library
Propellor.Property.SiteSpecific.GitHome Propellor.Property.SiteSpecific.GitHome
Propellor.Property.SiteSpecific.JoeySites Propellor.Property.SiteSpecific.JoeySites
Propellor.Property.SiteSpecific.GitAnnexBuilder Propellor.Property.SiteSpecific.GitAnnexBuilder
Propellor.Property.SiteSpecific.Branchable
Propellor.Property.SiteSpecific.IABak
Propellor.PropAccum Propellor.PropAccum
Propellor.CmdLine Propellor.CmdLine
Propellor.Info Propellor.Info

66
src/Propellor/Property/SiteSpecific/Branchable.hs Normal file
View File

@ -0,0 +1,66 @@
module Propellor.Property.SiteSpecific.Branchable where
import Propellor
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File
import qualified Propellor.Property.User as User
import qualified Propellor.Property.Ssh as Ssh
import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Sudo as Sudo
server :: [Host] -> Property HasInfo
server hosts = propertyList "branchable server" $ props
& "/etc/timezone" `File.hasContent` ["Etc/UTC"]
& "/etc/locale.gen" `File.containsLines`
[ "en_GB.UTF-8 UTF-8"
, "en_US.UTF-8 UTF-8"
, "fi_FI.UTF-8 UTF-8"
]
`onChange` cmdProperty "locale-gen" []
& Apt.installed ["etckeeper", "ssh", "popularity-contest"]
& Apt.serviceInstalledRunning "apache2"
& Apt.serviceInstalledRunning "ntp"
& Apt.serviceInstalledRunning "openssh-server"
& Ssh.passwordAuthentication False
& Ssh.hostKeys (Context "branchable.com")
[ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
]
& Apt.installed ["procmail", "bsd-mailx"]
& "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
`onChange` Postfix.newaliases
& "/etc/mailname" `File.hasContent` ["branchable.com"]
& Postfix.installed
& Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
-- Obnam is run by a cron job in ikiwiki-hosting.
& "/etc/obnam.conf" `File.hasContent`
[ "[config]"
, "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
, "log = /var/log/obnam.log"
, "encrypt-with = " ++ obnamkey
, "log-level = info"
, "log-max = 1048576"
, "keep = 7d,5w,12m"
, "upload-queue-size = 128"
, "lru-size = 128"
]
& Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
& Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
& Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
& Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& adminuser "joey"
& adminuser "liw"
where
obnamkey = "41E1A9B9"
adminuser u = propertyList ("admin user " ++ u) $ props
& User.accountFor (User u)
& User.hasSomePassword (User u)
& Sudo.enabledFor (User u)
& User.hasGroup (User u) (Group "adm")
& User.hasGroup (User u) (Group "systemd-journal")