propellor spin
This commit is contained in:
parent
8f813dc875
commit
a407af3f03
|
@ -174,8 +174,9 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
|
||||||
& JoeySites.kiteMailServer
|
& JoeySites.kiteMailServer
|
||||||
|
|
||||||
& JoeySites.kitenetHttps
|
& JoeySites.kitenetHttps
|
||||||
& Apache.multiSSL
|
|
||||||
& JoeySites.legacyWebSites
|
& JoeySites.legacyWebSites
|
||||||
|
& File.ownerGroup "/srv/web" "joey" "joey"
|
||||||
|
& Apt.installed ["analog"]
|
||||||
|
|
||||||
& alias "git.kitenet.net"
|
& alias "git.kitenet.net"
|
||||||
& alias "git.joeyh.name"
|
& alias "git.joeyh.name"
|
||||||
|
@ -214,6 +215,8 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
|
||||||
& Docker.configured
|
& Docker.configured
|
||||||
& Docker.garbageCollected `period` Daily
|
& Docker.garbageCollected `period` Daily
|
||||||
! Docker.docked oldusenetShellBox
|
! Docker.docked oldusenetShellBox
|
||||||
|
|
||||||
|
& JoeySites.oldUseNetServer hosts
|
||||||
|
|
||||||
diatom :: Host
|
diatom :: Host
|
||||||
diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
|
diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
|
||||||
|
@ -224,21 +227,21 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
|
||||||
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
|
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
|
||||||
]
|
]
|
||||||
|
|
||||||
& DigitalOcean.distroKernel
|
-- & DigitalOcean.distroKernel
|
||||||
& Apt.unattendedUpgrades
|
-- & Apt.unattendedUpgrades
|
||||||
& Apt.serviceInstalledRunning "ntp"
|
-- & Apt.serviceInstalledRunning "ntp"
|
||||||
& Postfix.satellite
|
-- & Postfix.satellite
|
||||||
|
|
||||||
-- Diatom has 500 mb of memory, so tune for that.
|
-- Diatom has 500 mb of memory, so tune for that.
|
||||||
& JoeySites.obnamLowMem
|
-- & JoeySites.obnamLowMem
|
||||||
-- & Apt.serviceInstalledRunning "swapspace"
|
-- & Apt.serviceInstalledRunning "swapspace"
|
||||||
& Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
|
-- & Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
|
||||||
|
|
||||||
& Apt.serviceInstalledRunning "apache2"
|
& Apt.serviceInstalledRunning "apache2"
|
||||||
& JoeySites.kitenetHttps
|
-- & JoeySites.kitenetHttps
|
||||||
& Apache.multiSSL
|
-- & Apache.multiSSL
|
||||||
& File.ownerGroup "/srv/web" "joey" "joey"
|
-- & File.ownerGroup "/srv/web" "joey" "joey"
|
||||||
& Apt.installed ["analog"]
|
-- & Apt.installed ["analog"]
|
||||||
|
|
||||||
-- & alias "git.kitenet.net"
|
-- & alias "git.kitenet.net"
|
||||||
-- & alias "git.joeyh.name"
|
-- & alias "git.joeyh.name"
|
||||||
|
|
|
@ -70,13 +70,17 @@ reloaded = Service.reloaded "apache2"
|
||||||
|
|
||||||
-- | Configure apache to use SNI to differentiate between
|
-- | Configure apache to use SNI to differentiate between
|
||||||
-- https hosts.
|
-- https hosts.
|
||||||
|
--
|
||||||
|
-- This was off by default in apache 2.2.22. Newver versions enable
|
||||||
|
-- it by default. This property uses the filename used by the old version.
|
||||||
multiSSL :: Property NoInfo
|
multiSSL :: Property NoInfo
|
||||||
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
|
multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $
|
||||||
[ "NameVirtualHost *:443"
|
"/etc/apache2/conf.d/ssl" `File.hasContent`
|
||||||
, "SSLStrictSNIVHostCheck off"
|
[ "NameVirtualHost *:443"
|
||||||
]
|
, "SSLStrictSNIVHostCheck off"
|
||||||
`describe` "apache SNI enabled"
|
]
|
||||||
`onChange` reloaded
|
`describe` "apache SNI enabled"
|
||||||
|
`onChange` reloaded
|
||||||
|
|
||||||
-- | Config file fragment that can be inserted into a <Directory>
|
-- | Config file fragment that can be inserted into a <Directory>
|
||||||
-- stanza to allow global read access to the directory.
|
-- stanza to allow global read access to the directory.
|
||||||
|
|
Loading…
Reference in New Issue