propellor spin
This commit is contained in:
Joey Hess
parent
d5abbeb116
commit
93730d530a
|
|
@ -90,6 +90,8 @@ hosts = -- (o) `
|
|||
& Apt.unattendedUpgrades
|
||||
& Apt.installed ["systemd"]
|
||||
& Ssh.hostKeys (Context "kitenet.net")
|
||||
-- Since ssh password authentication is allowed:
|
||||
& Apt.serviceInstalledRunning "fail2ban"
|
||||
& Obnam.backup "/" "33 1 * * *"
|
||||
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
||||
, "--client-name=kitenet.net"
|
||||
|
|
@ -107,9 +109,12 @@ hosts = -- (o) `
|
|||
-- & alias "smtp.kitenet.net" -- not yet live!
|
||||
-- & alias "imap.kitenet.net" -- not yet live!
|
||||
|
||||
& Apt.installed ["git-annex", "myrepos"]
|
||||
-- Since password authentication is allowed:
|
||||
& Apt.serviceInstalledRunning "fail2ban"
|
||||
& Apt.installed
|
||||
["git-annex", "myrepos"
|
||||
, "build-essential", "make"
|
||||
-- Some users have zsh as their login shell.
|
||||
, "zsh"
|
||||
]
|
||||
|
||||
, standardSystem "diatom.kitenet.net" Stable "amd64"
|
||||
[ "Important stuff that needs not too much memory or CPU." ]
|
||||
|
|
@ -406,9 +411,8 @@ monsters = -- but do want to track their public keys etc.
|
|||
- mailman
|
||||
- /spamassassin
|
||||
- sqwebmail
|
||||
- /courier
|
||||
- /imap
|
||||
- /pop
|
||||
- /imap server
|
||||
- /pop server
|
||||
- apache
|
||||
- some static websites
|
||||
- bitlbee
|
||||
|
|
|
|||
|
|
@ -511,7 +511,14 @@ kiteMailServer = propertyList "kitenet.net mail server"
|
|||
, "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine`
|
||||
"mail_location = maildir:~/Maildir"
|
||||
`onChange` Service.reloaded "dovecot"
|
||||
`describe` "dovecot configured"
|
||||
`describe` "dovecot mail.conf"
|
||||
, "/etc/dovecot/conf.d/10-auth.conf" `File.containsLine`
|
||||
"!include auth-passwdfile.conf.ex"
|
||||
`onChange` Service.restarted "dovecot"
|
||||
`describe` "dovecot auth.conf"
|
||||
, File.hasPrivContent dovecotusers ctx
|
||||
`onChange` (dovecotusers `File.mode`
|
||||
combineModes [ownerReadMode, groupReadMode])
|
||||
|
||||
, Apt.installed ["mutt", "bsd-mailx", "alpine"]
|
||||
|
||||
|
|
@ -526,7 +533,8 @@ kiteMailServer = propertyList "kitenet.net mail server"
|
|||
, "chmod 600 $pass"
|
||||
, "exec alpine -passfile $pass \"$@\""
|
||||
]
|
||||
`onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes))
|
||||
`onChange` (pinescript `File.mode`
|
||||
combineModes (readModes ++ executeModes))
|
||||
`describe` "pine wrapper script"
|
||||
, "/etc/pine.conf" `File.containsLines`
|
||||
[ "inbox-path={localhost/novalidate-cert}inbox"
|
||||
|
|
@ -536,6 +544,7 @@ kiteMailServer = propertyList "kitenet.net mail server"
|
|||
where
|
||||
ctx = Context "kitenet.net"
|
||||
pinescript = "/usr/local/bin/pine"
|
||||
dovecotusers = "/etc/dovecot/users"
|
||||
|
||||
hasJoeyCAChain :: Property
|
||||
hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`
|
||||
|
|
|
|||
Loading…
Reference in New Issue