diff --git a/config-joey.hs b/config-joey.hs
index 6cd5c01..150c044 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -30,6 +30,7 @@ import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
import qualified Propellor.Property.HostingProvider.Linode as Linode
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
+import qualified Propellor.Property.SiteSpecific.IABak as IABak
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -307,6 +308,7 @@ iabak = host "iabak.archiveteam.org"
& ipv4 "124.6.40.227"
& Hostname.sane
& os (System (Debian Testing) "amd64")
+ & Cron.runPropellor (Cron.Times "30 * * * *")
& Apt.stdSourcesList `onChange` Apt.upgrade
& Apt.installed ["git"]
& Apt.installed ["etckeeper"]
@@ -320,60 +322,9 @@ iabak = host "iabak.archiveteam.org"
& Sudo.enabledFor "db48x"
& Ssh.authorizedKey "db48x" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAIAQDQ6urXcMDeyuFf4Ga7CuGezTShKnEMPHKJm7RQUtw3yXCPX5wnbvPS2+UFnHMzJvWOX5S5b/XpBpOusP0jLpxwOCEg4nA5b7uvWJ2VIChlMqopYMo+tDOYzK/Q74MZiNWi2hvf1tn3N9SnqOa7muBMKMENIX5KJdH8cJ/BaPqAP883gF8r2SwSZFvaB0xYCT/CIylC593n/+0+Lm07NUJIO8jil3n2SwXdVg6ib65FxZoO86M46wTghnB29GXqrzraOg+5DY1zzCWpIUtFwGr4DP0HqLVtmAkC7NI14l1M0oHE0UEbhoLx/a+mOIMD2DuzW3Rs3ZmHtGLj4PL/eBU8D33AqSeM0uR/0pEcoq6A3a8ixibj9MBYD2lMh+Doa2audxS1OLM//FeNccbm1zlvvde82PZtiO11P98uN+ja4A+CfgQU5s0z0wikc4gXNhWpgvz8DrOEJrjstwOoqkLg2PpIdHRw7dhpp3K1Pc+CGAptDwbKkxs4rzUgMbO9DKI7fPcXXgKHLLShMpmSA2vsQUMfuCp2cVrQJ+Vkbwo29N0Js5yU7L4NL4H854Nbk5uwWJCs/mjXtvTimN2va23HEecTpk44HDUjJ9NyevAfPcO9q1ZtgXFTQSMcdv1m10Fvmnaiy8biHnopL6MBo1VRITh5UFiJYfK4kpTTg2vSspii/FYkkYOAnnZtXZqMehP7OZjJ6HWJpsCVR2hxP3sKOoQu+kcADWa/4obdp+z7gY8iMMjd6kwuIWsNV8KsX+eVJ4UFpAi/L00ZjI2B9QLVCsOg6D1fT0698wEchwUROy5vZZJq0078BdAGnwC0WGLt+7OUgn3O2gUAkb9ffD0odbZSqq96NCelM6RaHA+AaIE4tjGL3lFkyOtb+IGPNACQ73/lmaRQd6Cgasq9cEo0g22Ew5NQi0CBuu1aLDk7ezu3SbU09eB9lcZ+8lFnl5K2eQFeVJStFJbJNfOvgKyOb7ePsrUFF5GJ2J/o1F60fRnG64HizZHxyFWkEOh+k3i8qO+whPa5MTQeYLYb6ysaTPrUwNRcSNNCcPEN8uYOh1dOFAtIYDcYA56BZ321yz0b5umj+pLsrFU+4wMjWxZi0inJzDS4dVegBVcRm0NP5u8VRosJQE9xdbt5K1I0khzhrEW1kowoTbhsZCaDHhL9LZo73Z1WIHvulvlF3RLZip5hhtQu3ZVkbdV5uts8AWaEWVnIu9z0GtQeeOuseZpT0u1/1xjVAOKIzuY3sB7FKOaipe8TDvmdiQf/ICySqqYaYhN6GOhiYccSleoX6yzhYuCvzTgAyWHIfW0t25ff1CM7Vn+Vo9cVplIer1pbwhZZy4QkROWTOE+3yuRlQ+o6op4hTGdAZhjKh9zkDW7rzqQECFrZrX/9mJhxYKjhpkk0X3dSipPt9SUHagc4igya+NgCygQkWBOQfr4uia0LcwDxy4Kchw7ZuypHuGVZkGhNHXS+9JdAHopnSqYwDMG/z1ys1vQihgER0b9g3TchvGF+nmHe2kbM1iuIYMNNlaZD1yGZ5qR7wr/8dw8r0NBEwzsUfak3BUPX7H6X0tGS96llwUxmvQD85WNNoef0uryuAtDEwWlfN1RmWysZDc57Rn4gZi0M5jXmQD23ZiYXYBcG849OeqNzlxONEFsForXO/29Ud4x/Hqa9tf+kJbqMRsaLFO+PXhHzgl6ZHLAljQDxrJ6keNnkqaYfqQ8wyRi1mKv4Ab57kde7mUsZhe7w93GaE9Lxfvu7d3pB+lXfI9NJCSITHreUP4JfmFW+p/eVg+r/1wbElNylGna4I4+qYObOUncGwFKYdFPdtU1XLDKXmywTEgbEh7iI9zX0xD3bPHQLMg+TTtXiU9dQm1x/0zRf9trwDsRDJCbG4/P4iQYkcVvYx2CCfi0JSHv8tWsLi3GJKJLXUxZyzfvY2lThPeYnnY/HFrPJCyJUN55QuRmfzbu8rHgWlcyOlVpKtz+7kn823kEQykiIYKIKrb0G6VBzuMtAk9XzJPv+Wu7suOGXHlVfCqPLk6RjHDm4kTYciW9VgxDts5Y+zwcAbrUeA4UuN/6KisWpivMrfDSIHUCeH/lHBtNkqKohdrUKJMEOx5X6r2dJbmoTFBDi5XtYu/5cBtiDMmupNB0S+pZ2JD5/RKtj6kgzTeE1q/OG4q/eq1O1rjf0vIS31luy27K/YHFIGE0D/CmuXE74Uyaxm27RnrKUxEBl84V70GaIF4F5On8pSThxxizigXTRTKiczc+A5Zi29mid+1EFeUAJOa/DuHJfpVNY4pYEmhPl/Bk66L8kzlbJz6Hg/LIiJIRcy3UKrbSxPFIDpXn33drBHgklMDlrIVDZDXF6cn0Ml71SabB4A3TM6TK+oWZoyvftPIhcWhVwAWQj7nFNAiMEl1z/29ovHrRooqQFozf7GDW8Mjiu7ChZP9zx2H8JB/AAEFuWMwGV4AHICYdS9lOl/v+cDhgsnXdeuKEuxHhYlRxuRxJk/f17Sm/5H85UIzlu85wi3q/DW2FTZnlw4iJLnL6FArUIMzuBOZyoEhh0SPR41Xc4kkucDhnENybTZSR/yDzb0P1B7qjZ4GqcSEFja/hm/LH1oKJzZg8MEqeUoKYCUdVv9ek4IUGUONtVs53V5SOwFWR/nVuDk2BENr7NadYYVtu6MjBwgjso7NuhoNxVwIEP3BW67OQ8bxfNBtJJQNJejAhgZiqJItI9ucAfjQ== db48x@anglachel"
& GitHome.installedFor "joey"
- & Git.cloned "root" repo "/usr/local/IA.BAK" (Just "server")
- & Git.cloned "root" repo "/usr/local/IA.BAK/client" (Just "master")
- & Git.cloned "www-data" repo "/usr/local/IA.BAK/pubkeys" (Just "pubkey")
- & Apt.serviceInstalledRunning "apache2"
- & cmdProperty "ln" ["-sf", "/usr/local/IA.BAK/pushme.cgi", "/usr/lib/cgi-bin/pushme.cgi"]
& Apt.installed ["sudo"]
- & File.containsLine "/etc/sudoers" "www-data ALL=NOPASSWD:/usr/local/IA.BAK/pushed.sh"
- & Cron.niceJob "shardstats" (Cron.Times "*/30 * * * *") "root" "/"
- "/usr/local/IA.BAK/shardstats-all"
- & Cron.runPropellor (Cron.Times "30 * * * *")
- & Apt.installed ["libapache2-mod-wsgi", "graphite-carbon", "graphite-web"]
- & File.hasContent "/etc/carbon/storage-schemas.conf"
- [ "[carbon]"
- , "pattern = ^carbon\\."
- , "retentions = 60:90d"
- , "[iabak]"
- , "pattern = ^iabak\\."
- , "retentions = 10m:30d,1h:1y,3h,10y"
- , "[default_1min_for_1day]"
- , "pattern = .*"
- , "retentions = 60s:1d"
- ]
- & graphiteCSRF
- & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb"
- & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey"] `flagFile` "/etc/flagFiles/graphite-user-joey"
- & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x"] `flagFile` "/etc/flagFiles/graphite-user-db48x"
- -- TODO: deal with passwords somehow
- & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite"
- & File.hasContent "/etc/apache2/iabak-graphite-web.conf"
- [ ""
- , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite"
- , " WSGIProcessGroup _graphite"
- , " WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}"
- , " WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi"
- , " Alias /content/ /usr/share/graphite-web/static/"
- , " "
- , " SetHandler None"
- , " "
- , " ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log"
- , " LogLevel warn"
- , " CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined"
- , ""
- ]
- & cmdProperty "ln" ["-sf", "/etc/apache2/sites-available/iabak-graphite-web.conf",
- "/etc/apache2/sites-enabled/iabak-graphite-web.conf"]
- & Apt.installed ["netcat"]
- & Apt.installed ["tmux"]
- & Apt.installed ["emacs-nox"]
- where
- repo = "https://github.com/ArchiveTeam/IA.BAK/"
- graphiteCSRF = withPrivData (Password "csrf-token") (Context "iabak.archiveteam.org") $
- \gettoken -> property "graphite-web CSRF token" $
- gettoken $ \token -> ensureProperty $ File.containsLine
- "/etc/graphite/local_settings.py" ("SECRET_KEY = '"++ token ++"'")
+ & IABak.gitServer
+ & IABak.graphiteServer
--' __|II| ,.
---- __|II|II|__ ( \_,/\
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
new file mode 100644
index 0000000..ed394a8
--- /dev/null
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -0,0 +1,67 @@
+module Propellor.Property.SiteSpecific.IABak where
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.Git as Git
+import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.File as File
+
+gitServer :: Property HasInfo
+gitServer = propertyList "iabak git server" $ props
+ & Git.cloned "root" repo "/usr/local/IA.BAK" (Just "server")
+ & Git.cloned "root" repo "/usr/local/IA.BAK/client" (Just "master")
+ & Git.cloned "www-data" repo "/usr/local/IA.BAK/pubkeys" (Just "pubkey")
+ & Apt.serviceInstalledRunning "apache2"
+ & cmdProperty "ln" ["-sf", "/usr/local/IA.BAK/pushme.cgi", "/usr/lib/cgi-bin/pushme.cgi"]
+ & File.containsLine "/etc/sudoers" "www-data ALL=NOPASSWD:/usr/local/IA.BAK/pushed.sh"
+ & Cron.niceJob "shardstats" (Cron.Times "*/30 * * * *") "root" "/"
+ "/usr/local/IA.BAK/shardstats-all"
+ where
+ repo = "https://github.com/ArchiveTeam/IA.BAK/"
+
+graphiteServer :: Property HasInfo
+graphiteServer = propertyList "iabak graphite server" $ props
+ & Apt.serviceInstalledRunning "apache2"
+ & Apt.installed ["libapache2-mod-wsgi", "graphite-carbon", "graphite-web"]
+ & File.hasContent "/etc/carbon/storage-schemas.conf"
+ [ "[carbon]"
+ , "pattern = ^carbon\\."
+ , "retentions = 60:90d"
+ , "[iabak]"
+ , "pattern = ^iabak\\."
+ , "retentions = 10m:30d,1h:1y,3h,10y"
+ , "[default_1min_for_1day]"
+ , "pattern = .*"
+ , "retentions = 60s:1d"
+ ]
+ & graphiteCSRF
+ & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb"
+ & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey"] `flagFile` "/etc/flagFiles/graphite-user-joey"
+ & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x"] `flagFile` "/etc/flagFiles/graphite-user-db48x"
+ -- TODO: deal with passwords somehow
+ & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite"
+ & File.hasContent "/etc/apache2/iabak-graphite-web.conf"
+ [ ""
+ , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite"
+ , " WSGIProcessGroup _graphite"
+ , " WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}"
+ , " WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi"
+ , " Alias /content/ /usr/share/graphite-web/static/"
+ , " "
+ , " SetHandler None"
+ , " "
+ , " ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log"
+ , " LogLevel warn"
+ , " CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined"
+ , ""
+ ]
+ & cmdProperty "ln" ["-sf", "/etc/apache2/sites-available/iabak-graphite-web.conf",
+ "/etc/apache2/sites-enabled/iabak-graphite-web.conf"]
+ & Apt.installed ["netcat"]
+ & Apt.installed ["tmux"]
+ & Apt.installed ["emacs-nox"]
+ where
+ graphiteCSRF = withPrivData (Password "csrf-token") (Context "iabak.archiveteam.org") $
+ \gettoken -> property "graphite-web CSRF token" $
+ gettoken $ \token -> ensureProperty $ File.containsLine
+ "/etc/graphite/local_settings.py" ("SECRET_KEY = '"++ token ++"'")