reorganize Port type for systemd can use it
This commit is contained in:
Joey Hess
parent
a50edc3d9f
commit
85c3d11088
|
|
@ -409,7 +409,7 @@ iabak = host "iabak.archiveteam.org"
|
|||
-- Simple web server, publishing the outside host's /var/www
|
||||
webserver :: Systemd.Container
|
||||
webserver = standardStableContainer "webserver"
|
||||
& Systemd.publish 80
|
||||
& Systemd.publish (Port 80)
|
||||
& Systemd.bind "/var/www"
|
||||
& Apt.serviceInstalledRunning "apache2"
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ propellor (2.5.0) UNRELEASED; urgency=medium
|
|||
* Added publish and publish' properties for systemd-spawn containers.
|
||||
(Needs systemd version 220.)
|
||||
* Added bind and bindRo properties for systemd-spawn containers.
|
||||
* Firewall: Port was changed to a newtype, and the Port and PortRange
|
||||
constructors of Rules were changed to DPort and DportRange, respectively.
|
||||
(API change)
|
||||
|
||||
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ module Propellor.Property.Firewall (
|
|||
Target(..),
|
||||
Proto(..),
|
||||
Rules(..),
|
||||
Port,
|
||||
ConnectionState(..)
|
||||
) where
|
||||
|
||||
|
|
@ -45,8 +44,8 @@ toIpTable r = map Param $
|
|||
toIpTableArg :: Rules -> [String]
|
||||
toIpTableArg Everything = []
|
||||
toIpTableArg (Proto proto) = ["-p", map toLower $ show proto]
|
||||
toIpTableArg (Port port) = ["--dport", show port]
|
||||
toIpTableArg (PortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
|
||||
toIpTableArg (DPort port) = ["--dport", show port]
|
||||
toIpTableArg (DPortRange (f,t)) = ["--dport", show f ++ ":" ++ show t]
|
||||
toIpTableArg (IFace iface) = ["-i", iface]
|
||||
toIpTableArg (Ctstate states) = ["-m", "conntrack","--ctstate", concat $ intersperse "," (map show states)]
|
||||
toIpTableArg (r :- r') = toIpTableArg r <> toIpTableArg r'
|
||||
|
|
@ -55,33 +54,31 @@ data Rule = Rule
|
|||
{ ruleChain :: Chain
|
||||
, ruleTarget :: Target
|
||||
, ruleRules :: Rules
|
||||
} deriving (Eq, Show, Read)
|
||||
} deriving (Eq, Show)
|
||||
|
||||
data Chain = INPUT | OUTPUT | FORWARD
|
||||
deriving (Eq,Show,Read)
|
||||
deriving (Eq, Show)
|
||||
|
||||
data Target = ACCEPT | REJECT | DROP | LOG
|
||||
deriving (Eq,Show,Read)
|
||||
deriving (Eq, Show)
|
||||
|
||||
data Proto = TCP | UDP | ICMP
|
||||
deriving (Eq,Show,Read)
|
||||
|
||||
type Port = Int
|
||||
deriving (Eq, Show)
|
||||
|
||||
data ConnectionState = ESTABLISHED | RELATED | NEW | INVALID
|
||||
deriving (Eq,Show,Read)
|
||||
deriving (Eq, Show)
|
||||
|
||||
data Rules
|
||||
= Everything
|
||||
| Proto Proto
|
||||
-- ^There is actually some order dependency between proto and port so this should be a specific
|
||||
-- data type with proto + ports
|
||||
| Port Port
|
||||
| PortRange (Port,Port)
|
||||
| DPort Port
|
||||
| DPortRange (Port,Port)
|
||||
| IFace Network.Interface
|
||||
| Ctstate [ ConnectionState ]
|
||||
| Rules :- Rules -- ^Combine two rules
|
||||
deriving (Eq,Show,Read)
|
||||
deriving (Eq, Show)
|
||||
|
||||
infixl 0 :-
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,3 @@
|
|||
{-# LANGUAGE TypeSynonymInstances #-}
|
||||
|
||||
module Propellor.Property.Systemd (
|
||||
-- * Services
|
||||
module Propellor.Property.Systemd.Core,
|
||||
|
|
@ -24,11 +22,11 @@ module Propellor.Property.Systemd (
|
|||
-- * Container configuration
|
||||
containerCfg,
|
||||
resolvConfed,
|
||||
Publishable(..),
|
||||
privateNetwork,
|
||||
ForwardedPort(..),
|
||||
Proto(..),
|
||||
PortSpec(..),
|
||||
Publishable,
|
||||
publish,
|
||||
bind,
|
||||
bindRo,
|
||||
|
|
@ -39,7 +37,6 @@ import Propellor.Types.Chroot
|
|||
import qualified Propellor.Property.Chroot as Chroot
|
||||
import qualified Propellor.Property.Apt as Apt
|
||||
import qualified Propellor.Property.File as File
|
||||
import Propellor.Property.Firewall (Port)
|
||||
import Propellor.Property.Systemd.Core
|
||||
import Utility.FileMode
|
||||
|
||||
|
|
@ -297,7 +294,7 @@ class Publishable a where
|
|||
toPublish :: a -> String
|
||||
|
||||
instance Publishable Port where
|
||||
toPublish p = show p
|
||||
toPublish (Port n) = show n
|
||||
|
||||
data ForwardedPort = ForwardedPort
|
||||
{ hostPort :: Port
|
||||
|
|
@ -305,7 +302,7 @@ data ForwardedPort = ForwardedPort
|
|||
}
|
||||
|
||||
instance Publishable ForwardedPort where
|
||||
toPublish fp = show (hostPort fp) ++ ":" ++ show (containerPort fp)
|
||||
toPublish fp = toPublish (hostPort fp) ++ ":" ++ toPublish (containerPort fp)
|
||||
|
||||
data Proto = TCP | UDP
|
||||
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ module Propellor.Types.OS (
|
|||
User(..),
|
||||
Group(..),
|
||||
userGroup,
|
||||
Port(..),
|
||||
) where
|
||||
|
||||
import Network.BSD (HostName)
|
||||
|
|
@ -42,3 +43,6 @@ newtype Group = Group String
|
|||
-- | Makes a Group with the same name as the User.
|
||||
userGroup :: User -> Group
|
||||
userGroup (User u) = Group u
|
||||
|
||||
newtype Port = Port Int
|
||||
deriving (Eq, Show)
|
||||
|
|
|
|||
Loading…
Reference in New Issue