propellor spin

2015-02-10 21:55:39 -04:00 · 2015-02-10 21:55:39 -04:00 · a407af3f03
parent 8f813dc875
commit a407af3f03
2 changed files with 24 additions and 17 deletions
--- a/config-joey.hs
+++ b/config-joey.hs
@ -174,8 +174,9 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
 	& JoeySites.kiteMailServer
 	
 	& JoeySites.kitenetHttps
-	& Apache.multiSSL
 	& JoeySites.legacyWebSites
+	& File.ownerGroup "/srv/web" "joey" "joey"
+	& Apt.installed ["analog"]
 	
 	& alias "git.kitenet.net"
 	& alias "git.joeyh.name"
@ -214,6 +215,8 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
 	& Docker.configured
 	& Docker.garbageCollected `period` Daily
 	! Docker.docked oldusenetShellBox
+	
+	& JoeySites.oldUseNetServer hosts

 diatom :: Host
 diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
@ -224,21 +227,21 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
 		, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
 		]

-	& DigitalOcean.distroKernel
-	& Apt.unattendedUpgrades
-	& Apt.serviceInstalledRunning "ntp"
-	& Postfix.satellite
+	-- & DigitalOcean.distroKernel
+	-- & Apt.unattendedUpgrades
+	-- & Apt.serviceInstalledRunning "ntp"
+	-- & Postfix.satellite

 	-- Diatom has 500 mb of memory, so tune for that.
-	& JoeySites.obnamLowMem
+	-- & JoeySites.obnamLowMem
 	-- & Apt.serviceInstalledRunning "swapspace"
-	& Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
+	-- & Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
 	
 	& Apt.serviceInstalledRunning "apache2"
-	& JoeySites.kitenetHttps
-	& Apache.multiSSL
-	& File.ownerGroup "/srv/web" "joey" "joey"
-	& Apt.installed ["analog"]
+	-- & JoeySites.kitenetHttps
+	-- & Apache.multiSSL
+	-- & File.ownerGroup "/srv/web" "joey" "joey"
+	-- & Apt.installed ["analog"]

 	-- & alias "git.kitenet.net"
 	-- & alias "git.joeyh.name"
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@ -70,13 +70,17 @@ reloaded = Service.reloaded "apache2"

 -- | Configure apache to use SNI to differentiate between
 -- https hosts.
+--
+-- This was off by default in apache 2.2.22. Newver versions enable
+-- it by default. This property uses the filename used by the old version.
 multiSSL :: Property NoInfo
-multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
-	[ "NameVirtualHost *:443"
-	, "SSLStrictSNIVHostCheck off"
-	]
-	`describe` "apache SNI enabled"
-	`onChange` reloaded
+multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $
+	"/etc/apache2/conf.d/ssl" `File.hasContent`
+		[ "NameVirtualHost *:443"
+		, "SSLStrictSNIVHostCheck off"
+		]
+		`describe` "apache SNI enabled"
+		`onChange` reloaded

 -- | Config file fragment that can be inserted into a <Directory>
 -- stanza to allow global read access to the directory.