From 93730d530a722e951e51c675c1aed9fdd3c75a87 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 16:40:09 -0400 Subject: [PATCH] propellor spin --- config-joey.hs | 16 ++++++++++------ src/Propellor/Property/SiteSpecific/JoeySites.hs | 13 +++++++++++-- 2 files changed, 21 insertions(+), 8 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index a2c2554..6b02ed4 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -90,6 +90,8 @@ hosts = -- (o) ` & Apt.unattendedUpgrades & Apt.installed ["systemd"] & Ssh.hostKeys (Context "kitenet.net") + -- Since ssh password authentication is allowed: + & Apt.serviceInstalledRunning "fail2ban" & Obnam.backup "/" "33 1 * * *" [ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam" , "--client-name=kitenet.net" @@ -107,9 +109,12 @@ hosts = -- (o) ` -- & alias "smtp.kitenet.net" -- not yet live! -- & alias "imap.kitenet.net" -- not yet live! - & Apt.installed ["git-annex", "myrepos"] - -- Since password authentication is allowed: - & Apt.serviceInstalledRunning "fail2ban" + & Apt.installed + ["git-annex", "myrepos" + , "build-essential", "make" + -- Some users have zsh as their login shell. + , "zsh" + ] , standardSystem "diatom.kitenet.net" Stable "amd64" [ "Important stuff that needs not too much memory or CPU." ] @@ -406,9 +411,8 @@ monsters = -- but do want to track their public keys etc. - mailman - /spamassassin - sqwebmail - - /courier - - /imap - - /pop + - /imap server + - /pop server - apache - some static websites - bitlbee diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 1b70807..5f647bf 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -511,7 +511,14 @@ kiteMailServer = propertyList "kitenet.net mail server" , "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine` "mail_location = maildir:~/Maildir" `onChange` Service.reloaded "dovecot" - `describe` "dovecot configured" + `describe` "dovecot mail.conf" + , "/etc/dovecot/conf.d/10-auth.conf" `File.containsLine` + "!include auth-passwdfile.conf.ex" + `onChange` Service.restarted "dovecot" + `describe` "dovecot auth.conf" + , File.hasPrivContent dovecotusers ctx + `onChange` (dovecotusers `File.mode` + combineModes [ownerReadMode, groupReadMode]) , Apt.installed ["mutt", "bsd-mailx", "alpine"] @@ -526,7 +533,8 @@ kiteMailServer = propertyList "kitenet.net mail server" , "chmod 600 $pass" , "exec alpine -passfile $pass \"$@\"" ] - `onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes)) + `onChange` (pinescript `File.mode` + combineModes (readModes ++ executeModes)) `describe` "pine wrapper script" , "/etc/pine.conf" `File.containsLines` [ "inbox-path={localhost/novalidate-cert}inbox" @@ -536,6 +544,7 @@ kiteMailServer = propertyList "kitenet.net mail server" where ctx = Context "kitenet.net" pinescript = "/usr/local/bin/pine" + dovecotusers = "/etc/dovecot/users" hasJoeyCAChain :: Property hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`