Merge branch 'joeyconfig'
This commit is contained in:
commit
c4f364b249
2
Makefile
2
Makefile
|
@ -11,7 +11,7 @@ build: dist/setup-config
|
||||||
|
|
||||||
deps:
|
deps:
|
||||||
@if [ $$(whoami) = root ]; then apt-get --no-upgrade --no-install-recommends -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev libghc-network-dev libghc-quickcheck2-dev libghc-mtl-dev libghc-monadcatchio-transformers-dev; fi || true
|
@if [ $$(whoami) = root ]; then apt-get --no-upgrade --no-install-recommends -y install gnupg ghc cabal-install libghc-missingh-dev libghc-ansi-terminal-dev libghc-ifelse-dev libghc-unix-compat-dev libghc-hslogger-dev libghc-network-dev libghc-quickcheck2-dev libghc-mtl-dev libghc-monadcatchio-transformers-dev; fi || true
|
||||||
@if [ $$(whoami) = root ]; then apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev || cabal update; cabal install async; fi || true
|
@if [ $$(whoami) = root ]; then apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev || (cabal update; cabal install async); fi || true
|
||||||
|
|
||||||
dist/setup-config: propellor.cabal
|
dist/setup-config: propellor.cabal
|
||||||
if [ "$(CABAL)" = ./Setup ]; then ghc --make Setup; fi
|
if [ "$(CABAL)" = ./Setup ]; then ghc --make Setup; fi
|
||||||
|
|
|
@ -59,7 +59,7 @@ addNamedConf conf d = d { _namedconf = new }
|
||||||
where
|
where
|
||||||
m = _namedconf d
|
m = _namedconf d
|
||||||
domain = confDomain conf
|
domain = confDomain conf
|
||||||
new = case (confType conf, confType <$> M.lookup domain m) of
|
new = case (confDnsServerType conf, confDnsServerType <$> M.lookup domain m) of
|
||||||
(Secondary, Just Master) -> m
|
(Secondary, Just Master) -> m
|
||||||
_ -> M.insert domain conf m
|
_ -> M.insert domain conf m
|
||||||
|
|
||||||
|
|
|
@ -10,6 +10,7 @@ import System.Log.Handler.Simple
|
||||||
import System.PosixCompat
|
import System.PosixCompat
|
||||||
import Control.Exception (bracket)
|
import Control.Exception (bracket)
|
||||||
import System.Posix.IO
|
import System.Posix.IO
|
||||||
|
import Data.Time.Clock.POSIX
|
||||||
|
|
||||||
import Propellor
|
import Propellor
|
||||||
import qualified Propellor.Property.Docker as Docker
|
import qualified Propellor.Property.Docker as Docker
|
||||||
|
@ -346,14 +347,37 @@ checkDebugMode = go =<< getEnv "PROPELLOR_DEBUG"
|
||||||
setLevel DEBUG . setHandlers [f]
|
setLevel DEBUG . setHandlers [f]
|
||||||
go _ = noop
|
go _ = noop
|
||||||
|
|
||||||
-- Parameters can be passed to both ssh and scp.
|
-- Parameters can be passed to both ssh and scp, to enable a ssh connection
|
||||||
|
-- caching socket.
|
||||||
|
--
|
||||||
|
-- If the socket already exists, check if its mtime is older than 10
|
||||||
|
-- minutes, and if so stop that ssh process, in order to not try to
|
||||||
|
-- use an old stale connection. (atime would be nicer, but there's
|
||||||
|
-- a good chance a laptop uses noatime)
|
||||||
sshCachingParams :: HostName -> IO [CommandParam]
|
sshCachingParams :: HostName -> IO [CommandParam]
|
||||||
sshCachingParams hn = do
|
sshCachingParams hn = do
|
||||||
home <- myHomeDir
|
home <- myHomeDir
|
||||||
let cachedir = home </> ".ssh" </> "propellor"
|
let cachedir = home </> ".ssh" </> "propellor"
|
||||||
createDirectoryIfMissing False cachedir
|
createDirectoryIfMissing False cachedir
|
||||||
let socketfile = cachedir </> hn ++ ".sock"
|
let socketfile = cachedir </> hn ++ ".sock"
|
||||||
return
|
let ps =
|
||||||
[ Param "-o", Param ("ControlPath=" ++ socketfile)
|
[ Param "-o", Param ("ControlPath=" ++ socketfile)
|
||||||
, Params "-o ControlMaster=auto -o ControlPersist=yes"
|
, Params "-o ControlMaster=auto -o ControlPersist=yes"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
maybe noop (expireold ps socketfile)
|
||||||
|
=<< catchMaybeIO (getFileStatus socketfile)
|
||||||
|
|
||||||
|
return ps
|
||||||
|
|
||||||
|
where
|
||||||
|
expireold ps f s = do
|
||||||
|
now <- truncate <$> getPOSIXTime :: IO Integer
|
||||||
|
if modificationTime s > fromIntegral now - tenminutes
|
||||||
|
then touchFile f
|
||||||
|
else do
|
||||||
|
void $ boolSystem "ssh" $
|
||||||
|
[ Params "-O stop" ] ++ ps ++
|
||||||
|
[ Param "localhost" ]
|
||||||
|
nukeFile f
|
||||||
|
tenminutes = 600
|
||||||
|
|
|
@ -40,6 +40,17 @@ import Data.List
|
||||||
-- that cannot be configured elsewhere. This often includes NS records,
|
-- that cannot be configured elsewhere. This often includes NS records,
|
||||||
-- TXT records and perhaps CNAMEs pointing at hosts that propellor does
|
-- TXT records and perhaps CNAMEs pointing at hosts that propellor does
|
||||||
-- not control.
|
-- not control.
|
||||||
|
--
|
||||||
|
-- The primary server is configured to only allow zone transfers to
|
||||||
|
-- secondary dns servers. These are determined in two ways:
|
||||||
|
--
|
||||||
|
-- 1. By looking at the properties of other hosts, to find hosts that
|
||||||
|
-- are configured as the secondary dns server.
|
||||||
|
--
|
||||||
|
-- 2. By looking for NS Records in the passed list of records.
|
||||||
|
--
|
||||||
|
-- In either case, the secondary dns server Host should have an ipv4 and/or
|
||||||
|
-- ipv6 property defined.
|
||||||
primary :: [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty
|
primary :: [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty
|
||||||
primary hosts domain soa rs = RevertableProperty setup cleanup
|
primary hosts domain soa rs = RevertableProperty setup cleanup
|
||||||
where
|
where
|
||||||
|
@ -52,22 +63,31 @@ primary hosts domain soa rs = RevertableProperty setup cleanup
|
||||||
`requires` namedConfWritten
|
`requires` namedConfWritten
|
||||||
`onChange` Service.reloaded "bind9"
|
`onChange` Service.reloaded "bind9"
|
||||||
|
|
||||||
(partialzone, warnings) = genZone hosts domain soa
|
(partialzone, zonewarnings) = genZone hosts domain soa
|
||||||
zone = partialzone { zHosts = zHosts partialzone ++ rs }
|
zone = partialzone { zHosts = zHosts partialzone ++ rs }
|
||||||
zonefile = "/etc/bind/propellor/db." ++ domain
|
zonefile = "/etc/bind/propellor/db." ++ domain
|
||||||
baseprop = Property ("dns primary for " ++ domain)
|
baseprop = Property ("dns primary for " ++ domain)
|
||||||
(makeChange $ writeZoneFile zone zonefile)
|
(makeChange $ writeZoneFile zone zonefile)
|
||||||
(addNamedConf conf)
|
(addNamedConf conf)
|
||||||
withwarnings p = adjustProperty p $ \satisfy -> do
|
withwarnings p = adjustProperty p $ \satisfy -> do
|
||||||
mapM_ warningMessage warnings
|
mapM_ warningMessage $ zonewarnings ++ secondarywarnings
|
||||||
satisfy
|
satisfy
|
||||||
conf = NamedConf
|
conf = NamedConf
|
||||||
{ confDomain = domain
|
{ confDomain = domain
|
||||||
, confType = Master
|
, confDnsServerType = Master
|
||||||
, confFile = zonefile
|
, confFile = zonefile
|
||||||
, confMasters = []
|
, confMasters = []
|
||||||
|
, confAllowTransfer = nub $
|
||||||
|
concatMap (\h -> hostAddresses h hosts) $
|
||||||
|
secondaries ++ nssecondaries
|
||||||
, confLines = []
|
, confLines = []
|
||||||
}
|
}
|
||||||
|
secondaries = otherServers Secondary hosts domain
|
||||||
|
secondarywarnings = map (\h -> "No IP address defined for DNS seconary " ++ h) $
|
||||||
|
filter (\h -> null (hostAddresses h hosts)) secondaries
|
||||||
|
nssecondaries = mapMaybe (domainHostName <=< getNS) rootRecords
|
||||||
|
rootRecords = map snd $
|
||||||
|
filter (\(d, _r) -> d == RootDomain || d == AbsDomain domain) rs
|
||||||
needupdate = do
|
needupdate = do
|
||||||
v <- readZonePropellorFile zonefile
|
v <- readZonePropellorFile zonefile
|
||||||
return $ case v of
|
return $ case v of
|
||||||
|
@ -86,12 +106,7 @@ primary hosts domain soa rs = RevertableProperty setup cleanup
|
||||||
-- Note that if a host is declared to be a primary and a secondary dns
|
-- Note that if a host is declared to be a primary and a secondary dns
|
||||||
-- server for the same domain, the primary server config always wins.
|
-- server for the same domain, the primary server config always wins.
|
||||||
secondary :: [Host] -> Domain -> RevertableProperty
|
secondary :: [Host] -> Domain -> RevertableProperty
|
||||||
secondary hosts domain = secondaryFor masters hosts domain
|
secondary hosts domain = secondaryFor (otherServers Master hosts domain) hosts domain
|
||||||
where
|
|
||||||
masters = M.keys $ M.filter ismaster $ hostAttrMap hosts
|
|
||||||
ismaster attr = case M.lookup domain (_namedconf attr) of
|
|
||||||
Nothing -> False
|
|
||||||
Just conf -> confType conf == Master && confDomain conf == domain
|
|
||||||
|
|
||||||
-- | This variant is useful if the primary server does not have its DNS
|
-- | This variant is useful if the primary server does not have its DNS
|
||||||
-- configured via propellor.
|
-- configured via propellor.
|
||||||
|
@ -105,12 +120,22 @@ secondaryFor masters hosts domain = RevertableProperty setup cleanup
|
||||||
desc = "dns secondary for " ++ domain
|
desc = "dns secondary for " ++ domain
|
||||||
conf = NamedConf
|
conf = NamedConf
|
||||||
{ confDomain = domain
|
{ confDomain = domain
|
||||||
, confType = Secondary
|
, confDnsServerType = Secondary
|
||||||
, confFile = "db." ++ domain
|
, confFile = "db." ++ domain
|
||||||
, confMasters = concatMap (\m -> hostAddresses m hosts) masters
|
, confMasters = concatMap (\m -> hostAddresses m hosts) masters
|
||||||
, confLines = ["allow-transfer { }"]
|
, confAllowTransfer = []
|
||||||
|
, confLines = []
|
||||||
}
|
}
|
||||||
|
|
||||||
|
otherServers :: DnsServerType -> [Host] -> Domain -> [HostName]
|
||||||
|
otherServers wantedtype hosts domain =
|
||||||
|
M.keys $ M.filter wanted $ hostAttrMap hosts
|
||||||
|
where
|
||||||
|
wanted attr = case M.lookup domain (_namedconf attr) of
|
||||||
|
Nothing -> False
|
||||||
|
Just conf -> confDnsServerType conf == wantedtype
|
||||||
|
&& confDomain conf == domain
|
||||||
|
|
||||||
-- | Rewrites the whole named.conf.local file to serve the zones
|
-- | Rewrites the whole named.conf.local file to serve the zones
|
||||||
-- configured by `primary` and `secondary`, and ensures that bind9 is
|
-- configured by `primary` and `secondary`, and ensures that bind9 is
|
||||||
-- running.
|
-- running.
|
||||||
|
@ -130,20 +155,26 @@ confStanza :: NamedConf -> [Line]
|
||||||
confStanza c =
|
confStanza c =
|
||||||
[ "// automatically generated by propellor"
|
[ "// automatically generated by propellor"
|
||||||
, "zone \"" ++ confDomain c ++ "\" {"
|
, "zone \"" ++ confDomain c ++ "\" {"
|
||||||
, cfgline "type" (if confType c == Master then "master" else "slave")
|
, cfgline "type" (if confDnsServerType c == Master then "master" else "slave")
|
||||||
, cfgline "file" ("\"" ++ confFile c ++ "\"")
|
, cfgline "file" ("\"" ++ confFile c ++ "\"")
|
||||||
] ++
|
] ++
|
||||||
(if null (confMasters c) then [] else mastersblock) ++
|
mastersblock ++
|
||||||
|
allowtransferblock ++
|
||||||
(map (\l -> "\t" ++ l ++ ";") (confLines c)) ++
|
(map (\l -> "\t" ++ l ++ ";") (confLines c)) ++
|
||||||
[ "};"
|
[ "};"
|
||||||
, ""
|
, ""
|
||||||
]
|
]
|
||||||
where
|
where
|
||||||
cfgline f v = "\t" ++ f ++ " " ++ v ++ ";"
|
cfgline f v = "\t" ++ f ++ " " ++ v ++ ";"
|
||||||
mastersblock =
|
ipblock name l =
|
||||||
[ "\tmasters {" ] ++
|
[ "\t" ++ name ++ " {" ] ++
|
||||||
(map (\ip -> "\t\t" ++ fromIPAddr ip ++ ";") (confMasters c)) ++
|
(map (\ip -> "\t\t" ++ fromIPAddr ip ++ ";") l) ++
|
||||||
[ "\t};" ]
|
[ "\t};" ]
|
||||||
|
mastersblock
|
||||||
|
| null (confMasters c) = []
|
||||||
|
| otherwise = ipblock "masters" (confMasters c)
|
||||||
|
-- an empty block prohibits any transfers
|
||||||
|
allowtransferblock = ipblock "allow-transfer" (confAllowTransfer c)
|
||||||
|
|
||||||
namedConfFile :: FilePath
|
namedConfFile :: FilePath
|
||||||
namedConfFile = "/etc/bind/named.conf.local"
|
namedConfFile = "/etc/bind/named.conf.local"
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
module Propellor.Types.Dns where
|
module Propellor.Types.Dns where
|
||||||
|
|
||||||
|
import Propellor.Types.OS (HostName)
|
||||||
|
|
||||||
import Data.Word
|
import Data.Word
|
||||||
|
|
||||||
type Domain = String
|
type Domain = String
|
||||||
|
@ -14,14 +16,15 @@ fromIPAddr (IPv6 addr) = addr
|
||||||
-- | Represents a bind 9 named.conf file.
|
-- | Represents a bind 9 named.conf file.
|
||||||
data NamedConf = NamedConf
|
data NamedConf = NamedConf
|
||||||
{ confDomain :: Domain
|
{ confDomain :: Domain
|
||||||
, confType :: Type
|
, confDnsServerType :: DnsServerType
|
||||||
, confFile :: FilePath
|
, confFile :: FilePath
|
||||||
, confMasters :: [IPAddr]
|
, confMasters :: [IPAddr]
|
||||||
|
, confAllowTransfer :: [IPAddr]
|
||||||
, confLines :: [String]
|
, confLines :: [String]
|
||||||
}
|
}
|
||||||
deriving (Show, Eq, Ord)
|
deriving (Show, Eq, Ord)
|
||||||
|
|
||||||
data Type = Master | Secondary
|
data DnsServerType = Master | Secondary
|
||||||
deriving (Show, Eq, Ord)
|
deriving (Show, Eq, Ord)
|
||||||
|
|
||||||
-- | Represents a bind 9 zone file.
|
-- | Represents a bind 9 zone file.
|
||||||
|
@ -66,6 +69,10 @@ getCNAME :: Record -> Maybe BindDomain
|
||||||
getCNAME (CNAME d) = Just d
|
getCNAME (CNAME d) = Just d
|
||||||
getCNAME _ = Nothing
|
getCNAME _ = Nothing
|
||||||
|
|
||||||
|
getNS :: Record -> Maybe BindDomain
|
||||||
|
getNS (NS d) = Just d
|
||||||
|
getNS _ = Nothing
|
||||||
|
|
||||||
-- | Bind serial numbers are unsigned, 32 bit integers.
|
-- | Bind serial numbers are unsigned, 32 bit integers.
|
||||||
type SerialNumber = Word32
|
type SerialNumber = Word32
|
||||||
|
|
||||||
|
@ -78,3 +85,8 @@ type SerialNumber = Word32
|
||||||
-- to add nameservers, MX's, etc to a domain.
|
-- to add nameservers, MX's, etc to a domain.
|
||||||
data BindDomain = RelDomain Domain | AbsDomain Domain | RootDomain
|
data BindDomain = RelDomain Domain | AbsDomain Domain | RootDomain
|
||||||
deriving (Read, Show, Eq, Ord)
|
deriving (Read, Show, Eq, Ord)
|
||||||
|
|
||||||
|
domainHostName :: BindDomain -> Maybe HostName
|
||||||
|
domainHostName (RelDomain d) = Just d
|
||||||
|
domainHostName (AbsDomain d) = Just d
|
||||||
|
domainHostName RootDomain = Nothing
|
||||||
|
|
|
@ -112,6 +112,7 @@ hosts = -- (o) `
|
||||||
& Apache.modEnabled "ssl"
|
& Apache.modEnabled "ssl"
|
||||||
& Apache.multiSSL
|
& Apache.multiSSL
|
||||||
& File.ownerGroup "/srv/web" "joey" "joey"
|
& File.ownerGroup "/srv/web" "joey" "joey"
|
||||||
|
& Apt.installed ["analog"]
|
||||||
|
|
||||||
& alias "git.kitenet.net"
|
& alias "git.kitenet.net"
|
||||||
& alias "git.joeyh.name"
|
& alias "git.joeyh.name"
|
||||||
|
@ -146,6 +147,8 @@ hosts = -- (o) `
|
||||||
& alias "ns3.branchable.com"
|
& alias "ns3.branchable.com"
|
||||||
& branchableSecondary
|
& branchableSecondary
|
||||||
|
|
||||||
|
& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
|
||||||
|
|
||||||
|
|
||||||
--' __|II| ,.
|
--' __|II| ,.
|
||||||
---- __|II|II|__ ( \_,/\
|
---- __|II|II|__ ( \_,/\
|
||||||
|
@ -297,6 +300,8 @@ monsters = -- but do want to track their public keys etc.
|
||||||
& sshPubKey "ssh-dss AAAAB3NzaC1kc3MAAAEBAI6ZsoW8a+Zl6NqUf9a4xXSMcV1akJHDEKKBzlI2YZo9gb9YoCf5p9oby8THUSgfh4kse7LJeY7Nb64NR6Y/X7I2/QzbE1HGGl5mMwB6LeUcJ74T3TQAlNEZkGt/MOIVLolJHk049hC09zLpkUDtX8K0t1yaCirC9SxDGLTCLEhvU9+vVdVrdQlKZ9wpLUNbdAzvbra+O/IVvExxDZ9WCHrnfNA8ddVZIGEWMqsoNgiuCxiXpi8qL+noghsSQNFTXwo7W2Vp9zj1JkCt3GtSz5IzEpARQaXEAWNEM0n1nJ686YUOhou64iRM8bPC1lp3QXvvZNgj3m+QHhIempx+de8AAAAVAKB5vUDaZOg14gRn7Bp81ja/ik+RAAABACPH/bPbW912x1NxNiikzGR6clLh+bLpIp8Qie3J7DwOr8oC1QOKjNDK+UgQ7mDQEgr4nGjNKSvpDi4c1QCw4sbLqQgx1y2VhT0SmUPHf5NQFldRQyR/jcevSSwOBxszz3aq9AwHiv9OWaO3XY18suXPouiuPTpIcZwc2BLDNHFnDURQeGEtmgqj6gZLIkTY0iw7q9Tj5FOyl4AkvEJC5B4CSzaWgey93Wqn1Imt7KI8+H9lApMKziVL1q+K7xAuNkGmx5YOSNlE6rKAPtsIPHZGxR7dch0GURv2jhh0NQYvBRn3ukCjuIO5gx56HLgilq59/o50zZ4NcT7iASF76TcAAAEAC6YxX7rrs8pp13W4YGiJHwFvIO1yXLGOdqu66JM0plO4J1ItV1AQcazOXLiliny3p2/W+wXZZKd5HIRt52YafCA8YNyMk/sF7JcTR4d4z9CfKaAxh0UpzKiAk+0j/Wu3iPoTOsyt7N0j1+dIyrFodY2sKKuBMT4TQ0yqQpbC+IDQv2i1IlZAPneYGfd5MIGygs2QMfaMQ1jWAKJvEO0vstZ7GB6nDAcg4in3ZiBHtomx3PL5w+zg48S4Ed69BiFXLZ1f6MnjpUOP75pD4MP6toS0rgK9b93xCrEQLgm4oD/7TCHHBo2xR7wwcsN2OddtwWsEM2QgOkt/jdCAoVCqwQ=="
|
& sshPubKey "ssh-dss AAAAB3NzaC1kc3MAAAEBAI6ZsoW8a+Zl6NqUf9a4xXSMcV1akJHDEKKBzlI2YZo9gb9YoCf5p9oby8THUSgfh4kse7LJeY7Nb64NR6Y/X7I2/QzbE1HGGl5mMwB6LeUcJ74T3TQAlNEZkGt/MOIVLolJHk049hC09zLpkUDtX8K0t1yaCirC9SxDGLTCLEhvU9+vVdVrdQlKZ9wpLUNbdAzvbra+O/IVvExxDZ9WCHrnfNA8ddVZIGEWMqsoNgiuCxiXpi8qL+noghsSQNFTXwo7W2Vp9zj1JkCt3GtSz5IzEpARQaXEAWNEM0n1nJ686YUOhou64iRM8bPC1lp3QXvvZNgj3m+QHhIempx+de8AAAAVAKB5vUDaZOg14gRn7Bp81ja/ik+RAAABACPH/bPbW912x1NxNiikzGR6clLh+bLpIp8Qie3J7DwOr8oC1QOKjNDK+UgQ7mDQEgr4nGjNKSvpDi4c1QCw4sbLqQgx1y2VhT0SmUPHf5NQFldRQyR/jcevSSwOBxszz3aq9AwHiv9OWaO3XY18suXPouiuPTpIcZwc2BLDNHFnDURQeGEtmgqj6gZLIkTY0iw7q9Tj5FOyl4AkvEJC5B4CSzaWgey93Wqn1Imt7KI8+H9lApMKziVL1q+K7xAuNkGmx5YOSNlE6rKAPtsIPHZGxR7dch0GURv2jhh0NQYvBRn3ukCjuIO5gx56HLgilq59/o50zZ4NcT7iASF76TcAAAEAC6YxX7rrs8pp13W4YGiJHwFvIO1yXLGOdqu66JM0plO4J1ItV1AQcazOXLiliny3p2/W+wXZZKd5HIRt52YafCA8YNyMk/sF7JcTR4d4z9CfKaAxh0UpzKiAk+0j/Wu3iPoTOsyt7N0j1+dIyrFodY2sKKuBMT4TQ0yqQpbC+IDQv2i1IlZAPneYGfd5MIGygs2QMfaMQ1jWAKJvEO0vstZ7GB6nDAcg4in3ZiBHtomx3PL5w+zg48S4Ed69BiFXLZ1f6MnjpUOP75pD4MP6toS0rgK9b93xCrEQLgm4oD/7TCHHBo2xR7wwcsN2OddtwWsEM2QgOkt/jdCAoVCqwQ=="
|
||||||
, host "github.com"
|
, host "github.com"
|
||||||
& sshPubKey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
|
& sshPubKey "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
|
||||||
|
, host "ns6.gandi.net"
|
||||||
|
& ipv4 "217.70.177.40"
|
||||||
, host "turtle.kitenet.net"
|
, host "turtle.kitenet.net"
|
||||||
& ipv4 "67.223.19.96"
|
& ipv4 "67.223.19.96"
|
||||||
& ipv6 "2001:4978:f:2d9::2"
|
& ipv6 "2001:4978:f:2d9::2"
|
||||||
|
@ -337,4 +342,7 @@ monsters = -- but do want to track their public keys etc.
|
||||||
& alias "l10n.ikiwiki.info"
|
& alias "l10n.ikiwiki.info"
|
||||||
& alias "dist-bugs.kitenet.net"
|
& alias "dist-bugs.kitenet.net"
|
||||||
& alias "family.kitenet.net"
|
& alias "family.kitenet.net"
|
||||||
|
, host "animx"
|
||||||
|
& ipv4 "76.7.162.101"
|
||||||
|
& ipv4 "76.7.162.186"
|
||||||
]
|
]
|
||||||
|
|
|
@ -1,8 +1,13 @@
|
||||||
propellor (0.5.1) UNRELEASED; urgency=medium
|
propellor (0.5.1) unstable; urgency=medium
|
||||||
|
|
||||||
|
* Primary DNS servers now have allow-transfer automatically populated
|
||||||
|
with the IP addresses of secondary dns servers. So, it's important
|
||||||
|
that all secondary DNS servers have an ipv4 (and/or ipv6) property
|
||||||
|
configured.
|
||||||
|
* Deal with old ssh connection caching sockets.
|
||||||
* Add missing build deps and deps. Closes: #745459
|
* Add missing build deps and deps. Closes: #745459
|
||||||
|
|
||||||
-- Joey Hess <joeyh@debian.org> Tue, 22 Apr 2014 19:07:59 -0400
|
-- Joey Hess <joeyh@debian.org> Thu, 24 Apr 2014 18:09:58 -0400
|
||||||
|
|
||||||
propellor (0.5.0) unstable; urgency=medium
|
propellor (0.5.0) unstable; urgency=medium
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Name: propellor
|
Name: propellor
|
||||||
Version: 0.5.0
|
Version: 0.5.1
|
||||||
Cabal-Version: >= 1.6
|
Cabal-Version: >= 1.6
|
||||||
License: GPL
|
License: GPL
|
||||||
Maintainer: Joey Hess <joey@kitenet.net>
|
Maintainer: Joey Hess <joey@kitenet.net>
|
||||||
|
@ -35,7 +35,7 @@ Description:
|
||||||
|
|
||||||
Executable propellor
|
Executable propellor
|
||||||
Main-Is: propellor.hs
|
Main-Is: propellor.hs
|
||||||
GHC-Options: -Wall
|
GHC-Options: -Wall -threaded
|
||||||
Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5,
|
Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5,
|
||||||
IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal,
|
IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal,
|
||||||
containers, network, async, time, QuickCheck, mtl,
|
containers, network, async, time, QuickCheck, mtl,
|
||||||
|
|
|
@ -74,7 +74,7 @@ wrapper args propellordir propellorbin = do
|
||||||
void $ boolSystem "git" [Param "remote", Param "add", Param "upstream", Param srcrepo]
|
void $ boolSystem "git" [Param "remote", Param "add", Param "upstream", Param srcrepo]
|
||||||
-- Connect synthetic git repo with upstream history so
|
-- Connect synthetic git repo with upstream history so
|
||||||
-- merging with upstream will work going forward.
|
-- merging with upstream will work going forward.
|
||||||
-- Note -s outs is used to avoid getting any divergent
|
-- Note -s ours is used to avoid getting any divergent
|
||||||
-- changes from upstream.
|
-- changes from upstream.
|
||||||
when fromsrcdir $ do
|
when fromsrcdir $ do
|
||||||
void $ boolSystem "git" [Param "fetch", Param "upstream"]
|
void $ boolSystem "git" [Param "fetch", Param "upstream"]
|
||||||
|
|
Loading…
Reference in New Issue