diff --git a/config-joey.hs b/config-joey.hs index ff06333..83eb543 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -409,7 +409,7 @@ iabak = host "iabak.archiveteam.org" -- Simple web server, publishing the outside host's /var/www webserver :: Systemd.Container webserver = standardStableContainer "webserver" - & Systemd.publish 80 + & Systemd.publish (Port 80) & Systemd.bind "/var/www" & Apt.serviceInstalledRunning "apache2" diff --git a/debian/changelog b/debian/changelog index a4c40ea..599143d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -18,6 +18,9 @@ propellor (2.5.0) UNRELEASED; urgency=medium * Added publish and publish' properties for systemd-spawn containers. (Needs systemd version 220.) * Added bind and bindRo properties for systemd-spawn containers. + * Firewall: Port was changed to a newtype, and the Port and PortRange + constructors of Rules were changed to DPort and DportRange, respectively. + (API change) -- Joey Hess Thu, 07 May 2015 12:08:34 -0400 diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index ab57b12..d643b18 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -9,7 +9,6 @@ module Propellor.Property.Firewall ( Target(..), Proto(..), Rules(..), - Port, ConnectionState(..) ) where @@ -45,8 +44,8 @@ toIpTable r = map Param $ toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] toIpTableArg (Proto proto) = ["-p", map toLower $ show proto] -toIpTableArg (Port port) = ["--dport", show port] -toIpTableArg (PortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] +toIpTableArg (DPort port) = ["--dport", show port] +toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t] toIpTableArg (IFace iface) = ["-i", iface] toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)] toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r' @@ -55,33 +54,31 @@ data Rule = Rule { ruleChain :: Chain , ruleTarget :: Target , ruleRules :: Rules - } deriving (Eq, Show, Read) + } deriving (Eq, Show) data Chain = INPUT | OUTPUT | FORWARD - deriving (Eq,Show,Read) + deriving (Eq, Show) data Target = ACCEPT | REJECT | DROP | LOG - deriving (Eq,Show,Read) + deriving (Eq, Show) data Proto = TCP | UDP | ICMP - deriving (Eq,Show,Read) - -type Port = Int + deriving (Eq, Show) data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID - deriving (Eq,Show,Read) + deriving (Eq, Show) data Rules = Everything | Proto Proto -- ^There is actually some order dependency between proto and port so this should be a specific -- data type with proto + ports - | Port Port - | PortRange (Port,Port) + | DPort Port + | DPortRange (Port,Port) | IFace Network.Interface | Ctstate [ ConnectionState ] | Rules :- Rules -- ^Combine two rules - deriving (Eq,Show,Read) + deriving (Eq, Show) infixl 0 :- diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs index 34e51ba..9e5ca43 100644 --- a/src/Propellor/Property/Systemd.hs +++ b/src/Propellor/Property/Systemd.hs @@ -1,5 +1,3 @@ -{-# LANGUAGE TypeSynonymInstances #-} - module Propellor.Property.Systemd ( -- * Services module Propellor.Property.Systemd.Core, @@ -24,11 +22,11 @@ module Propellor.Property.Systemd ( -- * Container configuration containerCfg, resolvConfed, - Publishable(..), privateNetwork, ForwardedPort(..), Proto(..), PortSpec(..), + Publishable, publish, bind, bindRo, @@ -39,7 +37,6 @@ import Propellor.Types.Chroot import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.File as File -import Propellor.Property.Firewall (Port) import Propellor.Property.Systemd.Core import Utility.FileMode @@ -297,7 +294,7 @@ class Publishable a where toPublish :: a -> String instance Publishable Port where - toPublish p = show p + toPublish (Port n) = show n data ForwardedPort = ForwardedPort { hostPort :: Port @@ -305,7 +302,7 @@ data ForwardedPort = ForwardedPort } instance Publishable ForwardedPort where - toPublish fp = show (hostPort fp) ++ ":" ++ show (containerPort fp) + toPublish fp = toPublish (hostPort fp) ++ ":" ++ toPublish (containerPort fp) data Proto = TCP | UDP diff --git a/src/Propellor/Types/OS.hs b/src/Propellor/Types/OS.hs index 58bd809..c46d9a2 100644 --- a/src/Propellor/Types/OS.hs +++ b/src/Propellor/Types/OS.hs @@ -10,6 +10,7 @@ module Propellor.Types.OS ( User(..), Group(..), userGroup, + Port(..), ) where import Network.BSD (HostName) @@ -42,3 +43,6 @@ newtype Group = Group String -- | Makes a Group with the same name as the User. userGroup :: User -> Group userGroup (User u) = Group u + +newtype Port = Port Int + deriving (Eq, Show)