cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2015-02-10 20:29:04 -04:00
parent 78eac62659
commit d08c98d8b3
Failed to extract signature
3 changed files with 28 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
config-joey.hs
View File

@ -236,12 +236,7 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
& alias "git.joeyh.name"
& JoeySites.gitServer hosts
& JoeySites.annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
[("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")]
`requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "joey"
& JoeySites.downloads hosts
& JoeySites.gitAnnexDistributor
& JoeySites.annexWebSite "/srv/git/joey/tmp.git"

15
src/Propellor/Property/SiteSpecific/JoeySites.hs
View File

@ -68,9 +68,11 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
oldUseNetBackup = Obnam.backup datadir (Cron.Times "33 4 * * *")
[ "--repository=sftp://2318@usw-s002.rsync.net/~/olduse.net"
, "--client-name=spool"
, "--ssh-key=" ++ keyfile
] Obnam.OnlyClient
`requires` Ssh.keyImported SshRsa "root" (Context "olduse.net")
`requires` Ssh.keyImported' (Just keyfile) SshRsa "root" (Context "olduse.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
keyfile = "/root/.ssh/olduse.net.key"
oldUseNetShellBox :: Property HasInfo
oldUseNetShellBox = propertyList "olduse.net shellbox" $ props
@ -140,9 +142,10 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
& Obnam.latestVersion
& Obnam.backupEncrypted "/srv/git" (Cron.Times "33 3 * * *")
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
, "--ssh-key=" ++ sshkey
, "--client-name=wren" -- historical
] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.keyImported' (Just sshkey) SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")
`requires` User.accountFor "family"
@ -166,6 +169,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
& website "git.joeyh.name"
& Apache.modEnabled "cgi"
where
sshkey = "/root/.ssh/git.kitenet.net.key"
website hn = apacheSite hn True
[ " DocumentRoot /srv/web/git.kitenet.net/"
, " <Directory /srv/web/git.kitenet.net/>"
@ -266,6 +270,13 @@ mainhttpscert True =
, " SSLCertificateKeyFile /etc/ssl/private/web.pem"
, " SSLCertificateChainFile /etc/ssl/certs/startssl.pem"
]
downloads :: [Host] -> Property HasInfo
downloads hosts = annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
[("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")]
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "joey"
gitAnnexDistributor :: Property HasInfo
gitAnnexDistributor = combineProperties "git-annex distributor, including rsync server and signer" $ props

18
src/Propellor/Property/Ssh.hs
View File

@ -12,6 +12,7 @@ module Propellor.Property.Ssh (
pubKey,
getPubKey,
keyImported,
keyImported',
knownHost,
authorizedKeys,
listenPort
@ -147,8 +148,15 @@ getPubKey = asks (_sshPubKey . hostInfo)
-- | Sets up a user with a ssh private key and public key pair from the
-- PrivData.
--
-- If the user already has a private/public key, it is left unchanged.
keyImported :: IsContext c => SshKeyType -> UserName -> c -> Property HasInfo
keyImported keytype user context = combineProperties desc
keyImported = keyImported' Nothing
-- | A file can be speficied to write the key to somewhere other than
-- usual. Allows a user to have multiple keys for different roles.
keyImported' :: IsContext c => Maybe FilePath -> SshKeyType -> UserName -> c -> Property HasInfo
keyImported' dest keytype user context = combineProperties desc
[ installkey (SshPubKey keytype user) (install writeFile ".pub")
, installkey (SshPrivKey keytype user) (install writeFileProtected "")
]
@ -168,9 +176,11 @@ keyImported keytype user context = combineProperties desc
, File.ownerGroup (takeDirectory f) user user
]
)
keyfile ext = do
home <- homeDirectory <$> getUserEntryForName user
return $ home </> ".ssh" </> "id_" ++ fromKeyType keytype ++ ext
keyfile ext = case dest of
Nothing -> do
home <- homeDirectory <$> getUserEntryForName user
return $ home </> ".ssh" </> "id_" ++ fromKeyType keytype ++ ext
Just f -> return $ f ++ ext
fromKeyType :: SshKeyType -> String
fromKeyType SshRsa = "rsa"