Merge branch 'joeyconfig'

Conflicts:
	privdata.joey/keyring.gpg
	privdata.joey/privdata.gpg
This commit is contained in:
Joey Hess 2014-11-15 13:46:53 -04:00
commit beb905be92
4 changed files with 19 additions and 13 deletions

View File

@ -10,7 +10,6 @@ import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Network as Network import qualified Propellor.Property.Network as Network
import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Service as Service
import qualified Propellor.Property.Ssh as Ssh import qualified Propellor.Property.Ssh as Ssh
import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.Sudo as Sudo import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.User as User import qualified Propellor.Property.User as User
@ -115,17 +114,15 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
& Ssh.passwordAuthentication True & Ssh.passwordAuthentication True
-- Since ssh password authentication is allowed: -- Since ssh password authentication is allowed:
& Apt.serviceInstalledRunning "fail2ban" & Apt.serviceInstalledRunning "fail2ban"
& Obnam.backup "/" "33 1 * * *" & Obnam.backupEncrypted "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam" [ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net" , "--client-name=kitenet.net"
, "--encrypt-with=98147487"
, "--exclude=/var/cache" , "--exclude=/var/cache"
, "--exclude=/var/tmp" , "--exclude=/var/tmp"
, "--exclude=/home/joey/lib" , "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/" , "--exclude=.*/tmp/"
, "--one-file-system" , "--one-file-system"
] Obnam.OnlyClient ] Obnam.OnlyClient "98147487"
`requires` Gpg.keyImported "98147487" "root"
`requires` Ssh.keyImported SshRsa "root" `requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net") (Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root" `requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"

View File

@ -3,7 +3,7 @@ module Propellor.PrivData.Paths where
import System.FilePath import System.FilePath
privDataDir :: FilePath privDataDir :: FilePath
privDataDir = "privdata" privDataDir = "privdata.joey"
privDataFile :: FilePath privDataFile :: FilePath
privDataFile = privDataDir </> "privdata.gpg" privDataFile = privDataDir </> "privdata.gpg"

View File

@ -3,6 +3,7 @@ module Propellor.Property.Obnam where
import Propellor import Propellor
import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.Gpg as Gpg
import Utility.SafeCommand import Utility.SafeCommand
import Data.List import Data.List
@ -31,15 +32,24 @@ data NumClients = OnlyClient | MultipleClients
-- --
-- > & Obnam.backup "/srv/git" "33 3 * * *" -- > & Obnam.backup "/srv/git" "33 3 * * *"
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam" -- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
-- > , "--encrypt-with=1B169BE1"
-- > ] Obnam.OnlyClient -- > ] Obnam.OnlyClient
-- > `requires` Gpg.keyImported "1B169BE1" "root"
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname) -- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
-- --
-- How awesome is that? -- How awesome is that?
backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
backup dir crontimes params numclients = backup' dir crontimes params numclients backup dir crontimes params numclients =
`requires` restored dir params backup' dir crontimes params numclients
`requires` restored dir params
-- | Like backup, but the specified gpg key id is used to encrypt
-- the repository.
--
-- The gpg secret key will be automatically imported
-- into root's keyring using Propellor.Property.Gpg.keyImported
backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
backupEncrypted dir crontimes params numclients keyid =
backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
`requires` Gpg.keyImported keyid "root"
-- | Does a backup, but does not automatically restore. -- | Does a backup, but does not automatically restore.
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property

View File

@ -142,12 +142,11 @@ obnamLowMem = combineProperties "obnam tuned for low memory use"
gitServer :: [Host] -> Property gitServer :: [Host] -> Property
gitServer hosts = propertyList "git.kitenet.net setup" gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.latestVersion [ Obnam.latestVersion
, Obnam.backup "/srv/git" "33 3 * * *" , Obnam.backupEncrypted "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
, "--encrypt-with=1B169BE1" , "--encrypt-with=1B169BE1"
, "--client-name=wren" -- historical , "--client-name=wren" -- historical
] Obnam.OnlyClient ] Obnam.OnlyClient "1B169BE1"
`requires` Gpg.keyImported "1B169BE1" "root"
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net") `requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net") `requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")