cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2015-01-04 13:42:01 -04:00
parent 3d21a2df54
commit bf34d6f423
2 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/Propellor/Property/Dns.hs
View File

@ -56,15 +56,15 @@ import Data.List
primary :: [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty primary :: [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty
primary hosts domain soa rs = RevertableProperty setup cleanup primary hosts domain soa rs = RevertableProperty setup cleanup
where where
setup = setupPrimary zonefile hosts domain soa rs setup = setupPrimary zonefile id hosts domain soa rs
`onChange` Service.reloaded "bind9" `onChange` Service.reloaded "bind9"
cleanup = cleanupPrimary zonefile domain cleanup = cleanupPrimary zonefile domain
`onChange` Service.reloaded "bind9" `onChange` Service.reloaded "bind9"
zonefile = "/etc/bind/propellor/db." ++ domain zonefile = "/etc/bind/propellor/db." ++ domain
setupPrimary :: FilePath -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> Property setupPrimary :: FilePath -> (FilePath -> FilePath) -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> Property
setupPrimary zonefile hosts domain soa rs = setupPrimary zonefile mknamedconffile hosts domain soa rs =
withwarnings (check needupdate baseprop) withwarnings (check needupdate baseprop)
`requires` servingZones `requires` servingZones
where where
@ -79,7 +79,7 @@ setupPrimary zonefile hosts domain soa rs =
conf = NamedConf conf = NamedConf
{ confDomain = domain { confDomain = domain
, confDnsServerType = Master , confDnsServerType = Master
, confFile = zonefile , confFile = mknamedconffile zonefile
, confMasters = [] , confMasters = []
, confAllowTransfer = nub $ , confAllowTransfer = nub $
concatMap (\h -> hostAddresses h hosts) $ concatMap (\h -> hostAddresses h hosts) $
@ -132,7 +132,7 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup
where where
-- TODO enable dnssec options. -- TODO enable dnssec options.
-- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; -- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
setup = setupPrimary zonefile hosts domain soa rs' setup = setupPrimary zonefile signedZoneFile hosts domain soa rs'
`onChange` toProp (zoneSigned domain zonefile) `onChange` toProp (zoneSigned domain zonefile)
`onChange` Service.reloaded "bind9" `onChange` Service.reloaded "bind9"

9
src/Propellor/Property/DnsSec.hs
View File

@ -44,19 +44,18 @@ zoneSigned domain zonefile = RevertableProperty setup cleanup
`requires` toProp (keysInstalled domain) `requires` toProp (keysInstalled domain)
cleanup = combineProperties ("removed signed zone for " ++ domain) cleanup = combineProperties ("removed signed zone for " ++ domain)
[ File.notPresent signedzonefile [ File.notPresent (signedZoneFile zonefile)
, File.notPresent dssetfile , File.notPresent dssetfile
, toProp (revert (keysInstalled domain)) , toProp (revert (keysInstalled domain))
] ]
signedzonefile = dir </> domain ++ ".signed"
dssetfile = dir </> "-" ++ domain ++ "." dssetfile = dir </> "-" ++ domain ++ "."
dir = takeDirectory zonefile dir = takeDirectory zonefile
-- Need to update the signed zone file if the zone file or -- Need to update the signed zone file if the zone file or
-- any of the keys have a newer timestamp. -- any of the keys have a newer timestamp.
needupdate = do needupdate = do
v <- catchMaybeIO $ getModificationTime signedzonefile v <- catchMaybeIO $ getModificationTime (signedZoneFile zonefile)
case v of case v of
Nothing -> return True Nothing -> return True
Just t1 -> anyM (newerthan t1) $ Just t1 -> anyM (newerthan t1) $
@ -110,3 +109,7 @@ isPublic k = k `elem` [PubZSK, PubKSK]
isZoneSigningKey :: DnsSecKey -> Bool isZoneSigningKey :: DnsSecKey -> Bool
isZoneSigningKey k = k `elem` [PubZSK, PrivZSK] isZoneSigningKey k = k `elem` [PubZSK, PrivZSK]
-- | dnssec-signzone makes a .signed file
signedZoneFile :: FilePath -> FilePath
signedZoneFile zonefile = zonefile ++ ".signed"