Merge branch 'joeyconfig'
This commit is contained in:
commit
59f94154b5
|
@ -13,7 +13,6 @@ import qualified Propellor.Property.Cron as Cron
|
||||||
import qualified Propellor.Property.Sudo as Sudo
|
import qualified Propellor.Property.Sudo as Sudo
|
||||||
import qualified Propellor.Property.User as User
|
import qualified Propellor.Property.User as User
|
||||||
import qualified Propellor.Property.Hostname as Hostname
|
import qualified Propellor.Property.Hostname as Hostname
|
||||||
--import qualified Propellor.Property.Reboot as Reboot
|
|
||||||
import qualified Propellor.Property.Tor as Tor
|
import qualified Propellor.Property.Tor as Tor
|
||||||
import qualified Propellor.Property.Dns as Dns
|
import qualified Propellor.Property.Dns as Dns
|
||||||
import qualified Propellor.Property.OpenId as OpenId
|
import qualified Propellor.Property.OpenId as OpenId
|
||||||
|
@ -21,7 +20,6 @@ import qualified Propellor.Property.Docker as Docker
|
||||||
import qualified Propellor.Property.Git as Git
|
import qualified Propellor.Property.Git as Git
|
||||||
import qualified Propellor.Property.Apache as Apache
|
import qualified Propellor.Property.Apache as Apache
|
||||||
import qualified Propellor.Property.Postfix as Postfix
|
import qualified Propellor.Property.Postfix as Postfix
|
||||||
import qualified Propellor.Property.Service as Service
|
|
||||||
import qualified Propellor.Property.Grub as Grub
|
import qualified Propellor.Property.Grub as Grub
|
||||||
import qualified Propellor.Property.Obnam as Obnam
|
import qualified Propellor.Property.Obnam as Obnam
|
||||||
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
|
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
|
||||||
|
@ -58,6 +56,12 @@ hosts = -- (o) `
|
||||||
& Docker.configured
|
& Docker.configured
|
||||||
& Docker.garbageCollected `period` Daily
|
& Docker.garbageCollected `period` Daily
|
||||||
|
|
||||||
|
-- ssh on some extra ports to deal with horrible networks
|
||||||
|
-- while travelling
|
||||||
|
& alias "travelling.kitenet.net"
|
||||||
|
& Ssh.listenPort 80
|
||||||
|
& Ssh.listenPort 443
|
||||||
|
|
||||||
-- Orca is the main git-annex build box.
|
-- Orca is the main git-annex build box.
|
||||||
, standardSystem "orca.kitenet.net" Unstable "amd64"
|
, standardSystem "orca.kitenet.net" Unstable "amd64"
|
||||||
[ "Main git-annex build box." ]
|
[ "Main git-annex build box." ]
|
||||||
|
@ -69,7 +73,6 @@ hosts = -- (o) `
|
||||||
& Docker.docked hosts "amd64-git-annex-builder"
|
& Docker.docked hosts "amd64-git-annex-builder"
|
||||||
& Docker.docked hosts "i386-git-annex-builder"
|
& Docker.docked hosts "i386-git-annex-builder"
|
||||||
& Docker.docked hosts "android-git-annex-builder"
|
& Docker.docked hosts "android-git-annex-builder"
|
||||||
-- not currently working
|
|
||||||
& Docker.docked hosts "armel-git-annex-builder-companion"
|
& Docker.docked hosts "armel-git-annex-builder-companion"
|
||||||
& Docker.docked hosts "armel-git-annex-builder"
|
& Docker.docked hosts "armel-git-annex-builder"
|
||||||
& Docker.garbageCollected `period` Daily
|
& Docker.garbageCollected `period` Daily
|
||||||
|
@ -161,6 +164,7 @@ hosts = -- (o) `
|
||||||
"26fd6e38-1226-11e2-a75f-ff007033bdba"
|
"26fd6e38-1226-11e2-a75f-ff007033bdba"
|
||||||
[]
|
[]
|
||||||
& JoeySites.twitRss
|
& JoeySites.twitRss
|
||||||
|
& JoeySites.pumpRss
|
||||||
|
|
||||||
& alias "nntp.olduse.net"
|
& alias "nntp.olduse.net"
|
||||||
& alias "resources.olduse.net"
|
& alias "resources.olduse.net"
|
||||||
|
@ -233,13 +237,7 @@ hosts = -- (o) `
|
||||||
-- Nothing is using http port 80, so listen on
|
-- Nothing is using http port 80, so listen on
|
||||||
-- that port for ssh, for traveling on bad networks that
|
-- that port for ssh, for traveling on bad networks that
|
||||||
-- block 22.
|
-- block 22.
|
||||||
& "/etc/ssh/sshd_config" `File.containsLine` "Port 80"
|
& Ssh.listenPort 80
|
||||||
`onChange` Service.restarted "ssh"
|
|
||||||
|
|
||||||
-- temp
|
|
||||||
! Docker.docked hosts "amd64-git-annex-builder"
|
|
||||||
! Docker.docked hosts "i386-git-annex-builder"
|
|
||||||
! Docker.docked hosts "android-git-annex-builder"
|
|
||||||
|
|
||||||
|
|
||||||
--' __|II| ,.
|
--' __|II| ,.
|
||||||
|
@ -289,8 +287,6 @@ hosts = -- (o) `
|
||||||
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
|
||||||
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
|
||||||
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
|
||||||
|
|
||||||
-- temp for an acquantance
|
|
||||||
] ++ monsters
|
] ++ monsters
|
||||||
|
|
||||||
type Motd = [String]
|
type Motd = [String]
|
||||||
|
|
|
@ -312,6 +312,11 @@ twitRss = combineProperties "twitter rss"
|
||||||
feed url desc = Cron.job desc crontime "joey" dir $
|
feed url desc = Cron.job desc crontime "joey" dir $
|
||||||
"./twitRss " ++ shellEscape url ++ " > " ++ shellEscape ("../" ++ desc ++ ".rss")
|
"./twitRss " ++ shellEscape url ++ " > " ++ shellEscape ("../" ++ desc ++ ".rss")
|
||||||
|
|
||||||
|
-- Work around for expired ssl cert.
|
||||||
|
pumpRss :: Property
|
||||||
|
pumpRss = Cron.job "pump rss" "15 * * * *" "joey" "/srv/web/tmp.kitenet.net/"
|
||||||
|
"wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom --no-check-certificate 2>/dev/null"
|
||||||
|
|
||||||
ircBouncer :: Property
|
ircBouncer :: Property
|
||||||
ircBouncer = propertyList "IRC bouncer"
|
ircBouncer = propertyList "IRC bouncer"
|
||||||
[ Apt.installed ["znc"]
|
[ Apt.installed ["znc"]
|
||||||
|
|
|
@ -9,7 +9,8 @@ module Propellor.Property.Ssh (
|
||||||
hostKey,
|
hostKey,
|
||||||
keyImported,
|
keyImported,
|
||||||
knownHost,
|
knownHost,
|
||||||
authorizedKeys
|
authorizedKeys,
|
||||||
|
listenPort
|
||||||
) where
|
) where
|
||||||
|
|
||||||
import Propellor
|
import Propellor
|
||||||
|
@ -164,3 +165,18 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
|
||||||
[ File.ownerGroup f user user
|
[ File.ownerGroup f user user
|
||||||
, File.ownerGroup (takeDirectory f) user user
|
, File.ownerGroup (takeDirectory f) user user
|
||||||
]
|
]
|
||||||
|
|
||||||
|
-- | Makes the ssh server listen on a given port, in addition to any other
|
||||||
|
-- ports it is configured to listen on.
|
||||||
|
--
|
||||||
|
-- Revert to prevent it listening on a particular port.
|
||||||
|
listenPort :: Int -> RevertableProperty
|
||||||
|
listenPort port = RevertableProperty enable disable
|
||||||
|
where
|
||||||
|
portline = "Port " ++ show port
|
||||||
|
enable = sshdConfig `File.containsLine` portline
|
||||||
|
`describe` ("ssh listening on " ++ portline)
|
||||||
|
`onChange` restartSshd
|
||||||
|
disable = sshdConfig `File.lacksLine` portline
|
||||||
|
`describe` ("ssh not listening on " ++ portline)
|
||||||
|
`onChange` restartSshd
|
||||||
|
|
Loading…
Reference in New Issue