From 3822c9a2d764a2ea451d4dce8862eef7dc697c12 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 21 Aug 2014 14:04:26 -0400 Subject: [PATCH 1/3] propellor spin --- config-joey.hs | 11 +++++++---- src/Propellor/Property/Ssh.hs | 18 +++++++++++++++++- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index 57a431c..486863e 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -13,7 +13,6 @@ import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.Sudo as Sudo import qualified Propellor.Property.User as User import qualified Propellor.Property.Hostname as Hostname ---import qualified Propellor.Property.Reboot as Reboot import qualified Propellor.Property.Tor as Tor import qualified Propellor.Property.Dns as Dns import qualified Propellor.Property.OpenId as OpenId @@ -21,7 +20,6 @@ import qualified Propellor.Property.Docker as Docker import qualified Propellor.Property.Git as Git import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.Postfix as Postfix -import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Grub as Grub import qualified Propellor.Property.Obnam as Obnam import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean @@ -57,6 +55,12 @@ hosts = -- (o) ` & Docker.configured & Docker.garbageCollected `period` Daily + + -- ssh on some extra ports to deal with horrible networks + -- while travelling + & alias "travelling.kitenet.net" + & Ssh.listenPort 80 + & Ssh.listenPort 443 -- Orca is the main git-annex build box. , standardSystem "orca.kitenet.net" Unstable "amd64" @@ -233,8 +237,7 @@ hosts = -- (o) ` -- Nothing is using http port 80, so listen on -- that port for ssh, for traveling on bad networks that -- block 22. - & "/etc/ssh/sshd_config" `File.containsLine` "Port 80" - `onChange` Service.restarted "ssh" + & Ssh.listenPort 80 -- temp ! Docker.docked hosts "amd64-git-annex-builder" diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 5a26047..41b9308 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -9,7 +9,8 @@ module Propellor.Property.Ssh ( hostKey, keyImported, knownHost, - authorizedKeys + authorizedKeys, + listenPort ) where import Propellor @@ -164,3 +165,18 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g [ File.ownerGroup f user user , File.ownerGroup (takeDirectory f) user user ] + +-- | Makes the ssh server listen on a given port, in addition to any other +-- ports it is configured to listen on. +-- +-- Revert to prevent it listening on a particular port. +listenPort :: Int -> RevertableProperty +listenPort port = RevertableProperty enable disable + where + portline = "Port " ++ show port + enable = sshdConfig `File.containsLine` portline + `describe` ("ssh listening on " ++ portline) + `onChange` restartSshd + disable = sshdConfig `File.lacksLine` portline + `describe` ("ssh not listening on " ++ portline) + `onChange` restartSshd From 0929cad0926d171c9d0f2579a05d295611a1e085 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 21 Aug 2014 14:12:23 -0400 Subject: [PATCH 2/3] comments --- config-joey.hs | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index 486863e..29efbf9 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -73,7 +73,6 @@ hosts = -- (o) ` & Docker.docked hosts "amd64-git-annex-builder" & Docker.docked hosts "i386-git-annex-builder" & Docker.docked hosts "android-git-annex-builder" - -- not currently working & Docker.docked hosts "armel-git-annex-builder-companion" & Docker.docked hosts "armel-git-annex-builder" & Docker.garbageCollected `period` Daily @@ -238,11 +237,6 @@ hosts = -- (o) ` -- that port for ssh, for traveling on bad networks that -- block 22. & Ssh.listenPort 80 - - -- temp - ! Docker.docked hosts "amd64-git-annex-builder" - ! Docker.docked hosts "i386-git-annex-builder" - ! Docker.docked hosts "android-git-annex-builder" --' __|II| ,. @@ -292,8 +286,6 @@ hosts = -- (o) ` , let gitannexdir = GitAnnexBuilder.homedir "git-annex" in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir & Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir) - - -- temp for an acquantance ] ++ monsters type Motd = [String] From 3cb9a60f89a21d4d0a423db60d9c32eca2ef38bb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 21 Aug 2014 15:52:49 -0400 Subject: [PATCH 3/3] propellor spin --- config-joey.hs | 1 + src/Propellor/Property/SiteSpecific/JoeySites.hs | 5 +++++ 2 files changed, 6 insertions(+) diff --git a/config-joey.hs b/config-joey.hs index 29efbf9..44f6681 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -164,6 +164,7 @@ hosts = -- (o) ` "26fd6e38-1226-11e2-a75f-ff007033bdba" [] & JoeySites.twitRss + & JoeySites.pumpRss & alias "nntp.olduse.net" & alias "resources.olduse.net" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index fa8773d..6fe10c0 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -312,6 +312,11 @@ twitRss = combineProperties "twitter rss" feed url desc = Cron.job desc crontime "joey" dir $ "./twitRss " ++ shellEscape url ++ " > " ++ shellEscape ("../" ++ desc ++ ".rss") +-- Work around for expired ssl cert. +pumpRss :: Property +pumpRss = Cron.job "pump rss" "15 * * * *" "joey" "/srv/web/tmp.kitenet.net/" + "wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom --no-check-certificate 2>/dev/null" + ircBouncer :: Property ircBouncer = propertyList "IRC bouncer" [ Apt.installed ["znc"]