reorganize Port type for systemd can use it
This commit is contained in:
Joey Hess
parent
a50edc3d9f
commit
85c3d11088
|
|
@ -409,7 +409,7 @@ iabak = host "iabak.archiveteam.org"
|
||||||
-- Simple web server, publishing the outside host's /var/www
|
-- Simple web server, publishing the outside host's /var/www
|
||||||
webserver :: Systemd.Container
|
webserver :: Systemd.Container
|
||||||
webserver = standardStableContainer "webserver"
|
webserver = standardStableContainer "webserver"
|
||||||
& Systemd.publish 80
|
& Systemd.publish (Port 80)
|
||||||
& Systemd.bind "/var/www"
|
& Systemd.bind "/var/www"
|
||||||
& Apt.serviceInstalledRunning "apache2"
|
& Apt.serviceInstalledRunning "apache2"
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -18,6 +18,9 @@ propellor (2.5.0) UNRELEASED; urgency=medium
|
||||||
* Added publish and publish' properties for systemd-spawn containers.
|
* Added publish and publish' properties for systemd-spawn containers.
|
||||||
(Needs systemd version 220.)
|
(Needs systemd version 220.)
|
||||||
* Added bind and bindRo properties for systemd-spawn containers.
|
* Added bind and bindRo properties for systemd-spawn containers.
|
||||||
|
* Firewall: Port was changed to a newtype, and the Port and PortRange
|
||||||
|
constructors of Rules were changed to DPort and DportRange, respectively.
|
||||||
|
(API change)
|
||||||
|
|
||||||
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
|
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ module Propellor.Property.Firewall (
|
||||||
Target(..),
|
Target(..),
|
||||||
Proto(..),
|
Proto(..),
|
||||||
Rules(..),
|
Rules(..),
|
||||||
Port,
|
|
||||||
ConnectionState(..)
|
ConnectionState(..)
|
||||||
) where
|
) where
|
||||||
|
|
||||||
|
|
@ -45,8 +44,8 @@ toIpTable r = map Param $
|
||||||
toIpTableArg :: Rules -> [String]
|
toIpTableArg :: Rules -> [String]
|
||||||
toIpTableArg Everything = []
|
toIpTableArg Everything = []
|
||||||
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
|
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
|
||||||
toIpTableArg (Port port) = ["--dport", show port]
|
toIpTableArg (DPort port) = ["--dport", show port]
|
||||||
toIpTableArg (PortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
|
toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
|
||||||
toIpTableArg (IFace iface) = ["-i", iface]
|
toIpTableArg (IFace iface) = ["-i", iface]
|
||||||
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)]
|
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)]
|
||||||
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
|
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
|
||||||
|
|
@ -55,33 +54,31 @@ data Rule = Rule
|
||||||
{ ruleChain :: Chain
|
{ ruleChain :: Chain
|
||||||
, ruleTarget :: Target
|
, ruleTarget :: Target
|
||||||
, ruleRules :: Rules
|
, ruleRules :: Rules
|
||||||
} deriving (Eq, Show, Read)
|
} deriving (Eq, Show)
|
||||||
|
|
||||||
data Chain = INPUT | OUTPUT | FORWARD
|
data Chain = INPUT | OUTPUT | FORWARD
|
||||||
deriving (Eq,Show,Read)
|
deriving (Eq, Show)
|
||||||
|
|
||||||
data Target = ACCEPT | REJECT | DROP | LOG
|
data Target = ACCEPT | REJECT | DROP | LOG
|
||||||
deriving (Eq,Show,Read)
|
deriving (Eq, Show)
|
||||||
|
|
||||||
data Proto = TCP | UDP | ICMP
|
data Proto = TCP | UDP | ICMP
|
||||||
deriving (Eq,Show,Read)
|
deriving (Eq, Show)
|
||||||
|
|
||||||
type Port = Int
|
|
||||||
|
|
||||||
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
|
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
|
||||||
deriving (Eq,Show,Read)
|
deriving (Eq, Show)
|
||||||
|
|
||||||
data Rules
|
data Rules
|
||||||
= Everything
|
= Everything
|
||||||
| Proto Proto
|
| Proto Proto
|
||||||
-- ^There is actually some order dependency between proto and port so this should be a specific
|
-- ^There is actually some order dependency between proto and port so this should be a specific
|
||||||
-- data type with proto + ports
|
-- data type with proto + ports
|
||||||
| Port Port
|
| DPort Port
|
||||||
| PortRange (Port,Port)
|
| DPortRange (Port,Port)
|
||||||
| IFace Network.Interface
|
| IFace Network.Interface
|
||||||
| Ctstate [ ConnectionState ]
|
| Ctstate [ ConnectionState ]
|
||||||
| Rules :- Rules -- ^Combine two rules
|
| Rules :- Rules -- ^Combine two rules
|
||||||
deriving (Eq,Show,Read)
|
deriving (Eq, Show)
|
||||||
|
|
||||||
infixl 0 :-
|
infixl 0 :-
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,3 @@
|
||||||
{-# LANGUAGE TypeSynonymInstances #-}
|
|
||||||
|
|
||||||
module Propellor.Property.Systemd (
|
module Propellor.Property.Systemd (
|
||||||
-- * Services
|
-- * Services
|
||||||
module Propellor.Property.Systemd.Core,
|
module Propellor.Property.Systemd.Core,
|
||||||
|
|
@ -24,11 +22,11 @@ module Propellor.Property.Systemd (
|
||||||
-- * Container configuration
|
-- * Container configuration
|
||||||
containerCfg,
|
containerCfg,
|
||||||
resolvConfed,
|
resolvConfed,
|
||||||
Publishable(..),
|
|
||||||
privateNetwork,
|
privateNetwork,
|
||||||
ForwardedPort(..),
|
ForwardedPort(..),
|
||||||
Proto(..),
|
Proto(..),
|
||||||
PortSpec(..),
|
PortSpec(..),
|
||||||
|
Publishable,
|
||||||
publish,
|
publish,
|
||||||
bind,
|
bind,
|
||||||
bindRo,
|
bindRo,
|
||||||
|
|
@ -39,7 +37,6 @@ import Propellor.Types.Chroot
|
||||||
import qualified Propellor.Property.Chroot as Chroot
|
import qualified Propellor.Property.Chroot as Chroot
|
||||||
import qualified Propellor.Property.Apt as Apt
|
import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.File as File
|
import qualified Propellor.Property.File as File
|
||||||
import Propellor.Property.Firewall (Port)
|
|
||||||
import Propellor.Property.Systemd.Core
|
import Propellor.Property.Systemd.Core
|
||||||
import Utility.FileMode
|
import Utility.FileMode
|
||||||
|
|
||||||
|
|
@ -297,7 +294,7 @@ class Publishable a where
|
||||||
toPublish :: a -> String
|
toPublish :: a -> String
|
||||||
|
|
||||||
instance Publishable Port where
|
instance Publishable Port where
|
||||||
toPublish p = show p
|
toPublish (Port n) = show n
|
||||||
|
|
||||||
data ForwardedPort = ForwardedPort
|
data ForwardedPort = ForwardedPort
|
||||||
{ hostPort :: Port
|
{ hostPort :: Port
|
||||||
|
|
@ -305,7 +302,7 @@ data ForwardedPort = ForwardedPort
|
||||||
}
|
}
|
||||||
|
|
||||||
instance Publishable ForwardedPort where
|
instance Publishable ForwardedPort where
|
||||||
toPublish fp = show (hostPort fp) ++ ":" ++ show (containerPort fp)
|
toPublish fp = toPublish (hostPort fp) ++ ":" ++ toPublish (containerPort fp)
|
||||||
|
|
||||||
data Proto = TCP | UDP
|
data Proto = TCP | UDP
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -10,6 +10,7 @@ module Propellor.Types.OS (
|
||||||
User(..),
|
User(..),
|
||||||
Group(..),
|
Group(..),
|
||||||
userGroup,
|
userGroup,
|
||||||
|
Port(..),
|
||||||
) where
|
) where
|
||||||
|
|
||||||
import Network.BSD (HostName)
|
import Network.BSD (HostName)
|
||||||
|
|
@ -42,3 +43,6 @@ newtype Group = Group String
|
||||||
-- | Makes a Group with the same name as the User.
|
-- | Makes a Group with the same name as the User.
|
||||||
userGroup :: User -> Group
|
userGroup :: User -> Group
|
||||||
userGroup (User u) = Group u
|
userGroup (User u) = Group u
|
||||||
|
|
||||||
|
newtype Port = Port Int
|
||||||
|
deriving (Eq, Show)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue