move property to ssh module
This commit is contained in:
Joey Hess
parent
9ac4e94625
commit
8d1814a884
|
|
@ -13,10 +13,9 @@ import Propellor
|
|||
import qualified Propellor.Property.Chroot as Chroot
|
||||
import qualified Propellor.Property.Debootstrap as Debootstrap
|
||||
import qualified Propellor.Property.File as File
|
||||
import qualified Propellor.Property.Ssh as Ssh
|
||||
import Utility.FileMode
|
||||
|
||||
import Utility.PosixFiles
|
||||
|
||||
-- | Replaces whatever OS was installed before with a clean installation
|
||||
-- of the OS that the Host is configured to have.
|
||||
--
|
||||
|
|
@ -95,15 +94,10 @@ rootSshAuthorized :: Property
|
|||
rootSshAuthorized = check (doesDirectoryExist oldloc) $
|
||||
property (newloc ++ " copied from old OS") $ do
|
||||
ks <- liftIO $ lines <$> readFile oldloc
|
||||
ensureProperty $
|
||||
newloc `File.containsLines` ks
|
||||
`requires` File.dirExists (takeDirectory newloc)
|
||||
`onChange` File.mode newloc mode
|
||||
ensureProperties (map (Ssh.authorizedKey "root") ks)
|
||||
where
|
||||
newloc = "/root/.ssh/authorized_keys"
|
||||
oldloc = oldOsDir ++ newloc
|
||||
-- ssh requires the file mode be locked down
|
||||
mode = combineModes [ownerWriteMode, ownerReadMode]
|
||||
|
||||
-- Installs an appropriate kernel from the OS distribution.
|
||||
kernelInstalled :: Property
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ module Propellor.Property.Ssh (
|
|||
permitRootLogin,
|
||||
passwordAuthentication,
|
||||
hasAuthorizedKeys,
|
||||
authorizedKey,
|
||||
restarted,
|
||||
randomHostKeys,
|
||||
hostKeys,
|
||||
|
|
@ -155,6 +156,8 @@ knownHost hosts hn user = property desc $
|
|||
return FailedChange
|
||||
|
||||
-- | Makes a user have authorized_keys from the PrivData
|
||||
--
|
||||
-- This removes any other lines from the file.
|
||||
authorizedKeys :: UserName -> Context -> Property
|
||||
authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \get ->
|
||||
property (user ++ " has authorized_keys") $ get $ \v -> do
|
||||
|
|
@ -167,6 +170,16 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
|
|||
, File.ownerGroup (takeDirectory f) user user
|
||||
]
|
||||
|
||||
-- | Ensures that a user's authorized_keys contains a line.
|
||||
-- Any other lines in the file are preserved as-is.
|
||||
authorizedKey :: UserName -> String -> Property
|
||||
authorizedKey user l = property (user ++ " has autorized_keys line " ++ l) $ do
|
||||
f <- liftIO $ dotFile "authorized_keys" user
|
||||
ensureProperty $
|
||||
f `File.containsLine` l
|
||||
`requires` File.dirExists (takeDirectory f)
|
||||
`onChange` File.mode f (combineModes [ownerWriteMode, ownerReadMode])
|
||||
|
||||
-- | Makes the ssh server listen on a given port, in addition to any other
|
||||
-- ports it is configured to listen on.
|
||||
--
|
||||
|
|
|
|||
Loading…
Reference in New Issue