cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2014-07-18 16:40:09 -04:00
parent d5abbeb116
commit 93730d530a
Failed to extract signature
2 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
config-joey.hs
View File

@ -90,6 +90,8 @@ hosts = -- (o) `
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Apt.installed ["systemd"] & Apt.installed ["systemd"]
& Ssh.hostKeys (Context "kitenet.net") & Ssh.hostKeys (Context "kitenet.net")
-- Since ssh password authentication is allowed:
& Apt.serviceInstalledRunning "fail2ban"
& Obnam.backup "/" "33 1 * * *" & Obnam.backup "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam" [ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net" , "--client-name=kitenet.net"
@ -107,9 +109,12 @@ hosts = -- (o) `
-- & alias "smtp.kitenet.net" -- not yet live! -- & alias "smtp.kitenet.net" -- not yet live!
-- & alias "imap.kitenet.net" -- not yet live! -- & alias "imap.kitenet.net" -- not yet live!
& Apt.installed ["git-annex", "myrepos"] & Apt.installed
-- Since password authentication is allowed: ["git-annex", "myrepos"
& Apt.serviceInstalledRunning "fail2ban" , "build-essential", "make"
-- Some users have zsh as their login shell.
, "zsh"
]
, standardSystem "diatom.kitenet.net" Stable "amd64" , standardSystem "diatom.kitenet.net" Stable "amd64"
[ "Important stuff that needs not too much memory or CPU." ] [ "Important stuff that needs not too much memory or CPU." ]
@ -406,9 +411,8 @@ monsters = -- but do want to track their public keys etc.
- mailman - mailman
- /spamassassin - /spamassassin
- sqwebmail - sqwebmail
- /courier - /imap server
- /imap - /pop server
- /pop
- apache - apache
- some static websites - some static websites
- bitlbee - bitlbee

13
src/Propellor/Property/SiteSpecific/JoeySites.hs
View File

@ -511,7 +511,14 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine` , "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine`
"mail_location = maildir:~/Maildir" "mail_location = maildir:~/Maildir"
`onChange` Service.reloaded "dovecot" `onChange` Service.reloaded "dovecot"
`describe` "dovecot configured" `describe` "dovecot mail.conf"
, "/etc/dovecot/conf.d/10-auth.conf" `File.containsLine`
"!include auth-passwdfile.conf.ex"
`onChange` Service.restarted "dovecot"
`describe` "dovecot auth.conf"
, File.hasPrivContent dovecotusers ctx
`onChange` (dovecotusers `File.mode`
combineModes [ownerReadMode, groupReadMode])
, Apt.installed ["mutt", "bsd-mailx", "alpine"] , Apt.installed ["mutt", "bsd-mailx", "alpine"]
@ -526,7 +533,8 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "chmod 600 $pass" , "chmod 600 $pass"
, "exec alpine -passfile $pass \"$@\"" , "exec alpine -passfile $pass \"$@\""
] ]
`onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes)) `onChange` (pinescript `File.mode`
combineModes (readModes ++ executeModes))
`describe` "pine wrapper script" `describe` "pine wrapper script"
, "/etc/pine.conf" `File.containsLines` , "/etc/pine.conf" `File.containsLines`
[ "inbox-path={localhost/novalidate-cert}inbox" [ "inbox-path={localhost/novalidate-cert}inbox"
@ -536,6 +544,7 @@ kiteMailServer = propertyList "kitenet.net mail server"
where where
ctx = Context "kitenet.net" ctx = Context "kitenet.net"
pinescript = "/usr/local/bin/pine" pinescript = "/usr/local/bin/pine"
dovecotusers = "/etc/dovecot/users"
hasJoeyCAChain :: Property hasJoeyCAChain :: Property
hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed` hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`