Merge branch 'joeyconfig'
Conflicts: privdata.joey/keyring.gpg privdata.joey/privdata.gpg
This commit is contained in:
commit
beb905be92
|
@ -10,7 +10,6 @@ import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.Network as Network
|
import qualified Propellor.Property.Network as Network
|
||||||
import qualified Propellor.Property.Service as Service
|
import qualified Propellor.Property.Service as Service
|
||||||
import qualified Propellor.Property.Ssh as Ssh
|
import qualified Propellor.Property.Ssh as Ssh
|
||||||
import qualified Propellor.Property.Gpg as Gpg
|
|
||||||
import qualified Propellor.Property.Cron as Cron
|
import qualified Propellor.Property.Cron as Cron
|
||||||
import qualified Propellor.Property.Sudo as Sudo
|
import qualified Propellor.Property.Sudo as Sudo
|
||||||
import qualified Propellor.Property.User as User
|
import qualified Propellor.Property.User as User
|
||||||
|
@ -115,17 +114,15 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
|
||||||
& Ssh.passwordAuthentication True
|
& Ssh.passwordAuthentication True
|
||||||
-- Since ssh password authentication is allowed:
|
-- Since ssh password authentication is allowed:
|
||||||
& Apt.serviceInstalledRunning "fail2ban"
|
& Apt.serviceInstalledRunning "fail2ban"
|
||||||
& Obnam.backup "/" "33 1 * * *"
|
& Obnam.backupEncrypted "/" "33 1 * * *"
|
||||||
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
|
||||||
, "--client-name=kitenet.net"
|
, "--client-name=kitenet.net"
|
||||||
, "--encrypt-with=98147487"
|
|
||||||
, "--exclude=/var/cache"
|
, "--exclude=/var/cache"
|
||||||
, "--exclude=/var/tmp"
|
, "--exclude=/var/tmp"
|
||||||
, "--exclude=/home/joey/lib"
|
, "--exclude=/home/joey/lib"
|
||||||
, "--exclude=.*/tmp/"
|
, "--exclude=.*/tmp/"
|
||||||
, "--one-file-system"
|
, "--one-file-system"
|
||||||
] Obnam.OnlyClient
|
] Obnam.OnlyClient "98147487"
|
||||||
`requires` Gpg.keyImported "98147487" "root"
|
|
||||||
`requires` Ssh.keyImported SshRsa "root"
|
`requires` Ssh.keyImported SshRsa "root"
|
||||||
(Context "kite.kitenet.net")
|
(Context "kite.kitenet.net")
|
||||||
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
|
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
|
||||||
|
|
|
@ -3,7 +3,7 @@ module Propellor.PrivData.Paths where
|
||||||
import System.FilePath
|
import System.FilePath
|
||||||
|
|
||||||
privDataDir :: FilePath
|
privDataDir :: FilePath
|
||||||
privDataDir = "privdata"
|
privDataDir = "privdata.joey"
|
||||||
|
|
||||||
privDataFile :: FilePath
|
privDataFile :: FilePath
|
||||||
privDataFile = privDataDir </> "privdata.gpg"
|
privDataFile = privDataDir </> "privdata.gpg"
|
||||||
|
|
|
@ -3,6 +3,7 @@ module Propellor.Property.Obnam where
|
||||||
import Propellor
|
import Propellor
|
||||||
import qualified Propellor.Property.Apt as Apt
|
import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.Cron as Cron
|
import qualified Propellor.Property.Cron as Cron
|
||||||
|
import qualified Propellor.Property.Gpg as Gpg
|
||||||
import Utility.SafeCommand
|
import Utility.SafeCommand
|
||||||
|
|
||||||
import Data.List
|
import Data.List
|
||||||
|
@ -31,16 +32,25 @@ data NumClients = OnlyClient | MultipleClients
|
||||||
--
|
--
|
||||||
-- > & Obnam.backup "/srv/git" "33 3 * * *"
|
-- > & Obnam.backup "/srv/git" "33 3 * * *"
|
||||||
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
|
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
|
||||||
-- > , "--encrypt-with=1B169BE1"
|
|
||||||
-- > ] Obnam.OnlyClient
|
-- > ] Obnam.OnlyClient
|
||||||
-- > `requires` Gpg.keyImported "1B169BE1" "root"
|
|
||||||
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
|
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
|
||||||
--
|
--
|
||||||
-- How awesome is that?
|
-- How awesome is that?
|
||||||
backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
|
backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
|
||||||
backup dir crontimes params numclients = backup' dir crontimes params numclients
|
backup dir crontimes params numclients =
|
||||||
|
backup' dir crontimes params numclients
|
||||||
`requires` restored dir params
|
`requires` restored dir params
|
||||||
|
|
||||||
|
-- | Like backup, but the specified gpg key id is used to encrypt
|
||||||
|
-- the repository.
|
||||||
|
--
|
||||||
|
-- The gpg secret key will be automatically imported
|
||||||
|
-- into root's keyring using Propellor.Property.Gpg.keyImported
|
||||||
|
backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
|
||||||
|
backupEncrypted dir crontimes params numclients keyid =
|
||||||
|
backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
|
||||||
|
`requires` Gpg.keyImported keyid "root"
|
||||||
|
|
||||||
-- | Does a backup, but does not automatically restore.
|
-- | Does a backup, but does not automatically restore.
|
||||||
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
|
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
|
||||||
backup' dir crontimes params numclients = cronjob `describe` desc
|
backup' dir crontimes params numclients = cronjob `describe` desc
|
||||||
|
|
|
@ -142,12 +142,11 @@ obnamLowMem = combineProperties "obnam tuned for low memory use"
|
||||||
gitServer :: [Host] -> Property
|
gitServer :: [Host] -> Property
|
||||||
gitServer hosts = propertyList "git.kitenet.net setup"
|
gitServer hosts = propertyList "git.kitenet.net setup"
|
||||||
[ Obnam.latestVersion
|
[ Obnam.latestVersion
|
||||||
, Obnam.backup "/srv/git" "33 3 * * *"
|
, Obnam.backupEncrypted "/srv/git" "33 3 * * *"
|
||||||
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
|
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
|
||||||
, "--encrypt-with=1B169BE1"
|
, "--encrypt-with=1B169BE1"
|
||||||
, "--client-name=wren" -- historical
|
, "--client-name=wren" -- historical
|
||||||
] Obnam.OnlyClient
|
] Obnam.OnlyClient "1B169BE1"
|
||||||
`requires` Gpg.keyImported "1B169BE1" "root"
|
|
||||||
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
|
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
|
||||||
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
|
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
|
||||||
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
|
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
|
||||||
|
|
Loading…
Reference in New Issue