diff --git a/config-joey.hs b/config-joey.hs index b14e06f..f5d226b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -41,9 +41,7 @@ hosts = -- (o) ` & Apt.buildDep ["git-annex"] `period` Daily & Docker.docked hosts "android-git-annex" - -- Nothing super-important lives here. - -- Any services I care about are containerized so they can easily - -- be moved. + -- Nothing super-important lives here and mostly it's docker containers. , standardSystem "clam.kitenet.net" Unstable "amd64" & ipv4 "162.248.143.249" & ipv6 "2002:5044:5531::1" @@ -78,6 +76,11 @@ hosts = -- (o) ` & alias "znc.kitenet.net" & JoeySites.ircBouncer + -- For https port 443, shellinabox with ssh login to + -- kitenet.net + & alias "shell.kitenet.net" + & JoeySites.kiteShellBox + -- Nothing is using http port 80 on clam, so listen on -- that port for ssh, for traveling on bad networks that -- block 22. diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 587e16a..5121081 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -317,3 +317,25 @@ ircBouncer = propertyList "IRC bouncer" ] where conf = "/home/znc/.znc/configs/znc.conf" + +kiteShellBox :: Property +kiteShellBox = propertyList "kitenet.net shellinabox" + [ Apt.installed ["shellinabox"] + + -- Install ssl cert, let shellinabox read it. + , File.dirExists certdir + , File.ownerGroup certdir "shellinabox" "shellinabox" + , File.mode certdir (combineModes [ownerWriteMode, ownerReadMode, ownerExecuteMode]) + , File.hasPrivContentExposed (certdir "certificate.pem") + + , File.hasContent "/etc/default/shellinabox" + [ "# Deployed by propellor" + , "SHELLINABOX_DAEMON_START=1" + , "SHELLINABOX_PORT=443" + , "SHELLINABOX_ARGS=\"--no-beep --service=/:SSH:kitenet.net --cert=" ++ certdir ++ "\"" + ] + `onChange` Service.restarted "shellinabox" + , Service.running "shellinabox" + ] + where + certdir = "/etc/shellinabox/certs"