cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2015-02-10 21:55:39 -04:00
parent 8f813dc875
commit a407af3f03
Failed to extract signature
2 changed files with 24 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
config-joey.hs
View File

@ -174,8 +174,9 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& JoeySites.kiteMailServer & JoeySites.kiteMailServer
& JoeySites.kitenetHttps & JoeySites.kitenetHttps
& Apache.multiSSL
& JoeySites.legacyWebSites & JoeySites.legacyWebSites
& File.ownerGroup "/srv/web" "joey" "joey"
& Apt.installed ["analog"]
& alias "git.kitenet.net" & alias "git.kitenet.net"
& alias "git.joeyh.name" & alias "git.joeyh.name"
@ -214,6 +215,8 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& Docker.configured & Docker.configured
& Docker.garbageCollected `period` Daily & Docker.garbageCollected `period` Daily
! Docker.docked oldusenetShellBox ! Docker.docked oldusenetShellBox
& JoeySites.oldUseNetServer hosts
diatom :: Host diatom :: Host
diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64" diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
@ -224,21 +227,21 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=") , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
] ]
& DigitalOcean.distroKernel -- & DigitalOcean.distroKernel
& Apt.unattendedUpgrades -- & Apt.unattendedUpgrades
& Apt.serviceInstalledRunning "ntp" -- & Apt.serviceInstalledRunning "ntp"
& Postfix.satellite -- & Postfix.satellite
-- Diatom has 500 mb of memory, so tune for that. -- Diatom has 500 mb of memory, so tune for that.
& JoeySites.obnamLowMem -- & JoeySites.obnamLowMem
-- & Apt.serviceInstalledRunning "swapspace" -- & Apt.serviceInstalledRunning "swapspace"
& Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log" -- & Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
& Apt.serviceInstalledRunning "apache2" & Apt.serviceInstalledRunning "apache2"
& JoeySites.kitenetHttps -- & JoeySites.kitenetHttps
& Apache.multiSSL -- & Apache.multiSSL
& File.ownerGroup "/srv/web" "joey" "joey" -- & File.ownerGroup "/srv/web" "joey" "joey"
& Apt.installed ["analog"] -- & Apt.installed ["analog"]
-- & alias "git.kitenet.net" -- & alias "git.kitenet.net"
-- & alias "git.joeyh.name" -- & alias "git.joeyh.name"

16
src/Propellor/Property/Apache.hs
View File

@ -70,13 +70,17 @@ reloaded = Service.reloaded "apache2"
-- | Configure apache to use SNI to differentiate between -- | Configure apache to use SNI to differentiate between
-- https hosts. -- https hosts.
--
-- This was off by default in apache 2.2.22. Newver versions enable
-- it by default. This property uses the filename used by the old version.
multiSSL :: Property NoInfo multiSSL :: Property NoInfo
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent` multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $
[ "NameVirtualHost *:443" "/etc/apache2/conf.d/ssl" `File.hasContent`
, "SSLStrictSNIVHostCheck off" [ "NameVirtualHost *:443"
] , "SSLStrictSNIVHostCheck off"
`describe` "apache SNI enabled" ]
`onChange` reloaded `describe` "apache SNI enabled"
`onChange` reloaded
-- | Config file fragment that can be inserted into a <Directory> -- | Config file fragment that can be inserted into a <Directory>
-- stanza to allow global read access to the directory. -- stanza to allow global read access to the directory.