cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2014-04-10 00:10:08 -04:00
parent cf73387300
commit 627e92f9c9
Failed to extract signature
1 changed files with 39 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
config-joey.hs
View File

@ -11,7 +11,7 @@ import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.Sudo as Sudo import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.User as User import qualified Propellor.Property.User as User
import qualified Propellor.Property.Hostname as Hostname import qualified Propellor.Property.Hostname as Hostname
--import qualified Propellor.Property.Reboot as Reboot import qualified Propellor.Property.Reboot as Reboot
import qualified Propellor.Property.Tor as Tor import qualified Propellor.Property.Tor as Tor
import qualified Propellor.Property.OpenId as OpenId import qualified Propellor.Property.OpenId as OpenId
import qualified Propellor.Property.Docker as Docker import qualified Propellor.Property.Docker as Docker
@ -30,8 +30,9 @@ main = defaultMain [host, Docker.containerProperties container]
-- Edit this to configure propellor! -- Edit this to configure propellor!
host :: HostName -> Maybe [Property] host :: HostName -> Maybe [Property]
-- Clam is a tor bridge, and an olduse.net shellbox and other fun stuff. -- Clam is a tor bridge, and an olduse.net shellbox and other fun stuff.
host hostname@"clam.kitenet.net" = standardSystem Unstable $ props host hostname@"clam.kitenet.net" = Just $ withSystemd $ props
& cleanCloudAtCost hostname & cleanCloudAtCost hostname
& standardSystem Unstable
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Network.ipv6to4 & Network.ipv6to4
& Apt.installed ["git-annex", "mtr"] & Apt.installed ["git-annex", "mtr"]
@ -42,7 +43,8 @@ host hostname@"clam.kitenet.net" = standardSystem Unstable $ props
& Docker.configured & Docker.configured
& Docker.garbageCollected `period` Daily & Docker.garbageCollected `period` Daily
-- Orca is the main git-annex build box. -- Orca is the main git-annex build box.
host hostname@"orca.kitenet.net" = standardSystem Unstable $ props host hostname@"orca.kitenet.net" = Just $ props -- no systemd due to #726375
& standardSystem Unstable
& Hostname.set hostname & Hostname.set hostname
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Docker.configured & Docker.configured
@ -52,6 +54,16 @@ host hostname@"orca.kitenet.net" = standardSystem Unstable $ props
! Docker.docked container hostname "armel-git-annex-builder-companion" ! Docker.docked container hostname "armel-git-annex-builder-companion"
! Docker.docked container hostname "armel-git-annex-builder" ! Docker.docked container hostname "armel-git-annex-builder"
& Docker.garbageCollected `period` Daily & Docker.garbageCollected `period` Daily
-- Diatom is my downloads and git repos server, and secondary dns server.
host hostname@"diatom.kitenet.net" = Just $ withSystemd $ props
& standardSystem Stable
& Hostname.set hostname
& Apt.unattendedUpgrades
& Apt.serviceInstalledRunning "apache2"
& Apt.serviceInstalledRunning "bind9"
& Apt.serviceInstalledRunning "ntp"
& Apt.installed ["git", "git-annex"]
& Apt.buildDep ["git-annex"] `period` Daily
-- My laptop -- My laptop
host _hostname@"darkstar.kitenet.net" = Just $ props host _hostname@"darkstar.kitenet.net" = Just $ props
& Docker.configured & Docker.configured
@ -119,32 +131,30 @@ image (System (Debian Stable) arch) = "joeyh/debian-stable-" ++ arch
image _ = "debian-stable-official" -- does not currently exist! image _ = "debian-stable-official" -- does not currently exist!
-- This is my standard system setup -- This is my standard system setup
standardSystem :: DebianSuite -> [Property] -> Maybe [Property] standardSystem :: DebianSuite -> Property
standardSystem suite customprops = Just $ standardSystem suite = propertyList "standard system" $ props
standardprops : customprops ++ endprops & Apt.stdSourcesList suite `onChange` Apt.upgrade
where & Apt.installed ["etckeeper"]
standardprops = propertyList "standard system" $ props & Apt.installed ["ssh"]
& Apt.stdSourcesList suite `onChange` Apt.upgrade & GitHome.installedFor "root"
& Apt.installed ["etckeeper"] & User.hasSomePassword "root"
& Apt.installed ["ssh"] -- Harden the system, but only once root's authorized_keys
& GitHome.installedFor "root" -- is safely in place.
& User.hasSomePassword "root" & check (Ssh.hasAuthorizedKeys "root")
-- Harden the system, but only once root's authorized_keys (Ssh.passwordAuthentication False)
-- is safely in place. & User.accountFor "joey"
& check (Ssh.hasAuthorizedKeys "root") & User.hasSomePassword "joey"
(Ssh.passwordAuthentication False) & Sudo.enabledFor "joey"
& User.accountFor "joey" & GitHome.installedFor "joey"
& User.hasSomePassword "joey" & Apt.installed ["vim", "screen", "less"]
& Sudo.enabledFor "joey" & Cron.runPropellor "30 * * * *"
& GitHome.installedFor "joey" -- I use postfix, or no MTA.
& Apt.installed ["vim", "screen", "less"] & Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"]
& Cron.runPropellor "30 * * * *" `onChange` Apt.autoRemove
-- I use postfix, or no MTA.
& Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"] withSystemd :: [Property] -> [Property]
`onChange` Apt.autoRemove withSystemd props = props ++
-- May reboot, so comes last [Apt.installed ["systemd-sysv"] `onChange` Reboot.now]
-- Currently not enable due to #726375
endprops = [] -- [Apt.installed ["systemd-sysv"] `onChange` Reboot.now]
-- This is my standard container setup, featuring automatic upgrades. -- This is my standard container setup, featuring automatic upgrades.
standardContainer :: DebianSuite -> Architecture -> [Docker.Containerized Property] -> Docker.Container standardContainer :: DebianSuite -> Architecture -> [Docker.Containerized Property] -> Docker.Container