cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

improve

This commit is contained in:
Joey Hess 2014-04-03 11:59:25 -04:00
parent fdb48b1dd1
commit d4b89d7c53
1 changed files with 29 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
config.hs
View File

@ -31,14 +31,13 @@ main = defaultMain [host, Docker.containerProperties container]
-- --
-- Edit this to configure propellor! -- Edit this to configure propellor!
host :: HostName -> Maybe [Property] host :: HostName -> Maybe [Property]
host hostname@"clam.kitenet.net" = Just $ props host hostname@"clam.kitenet.net" = standardSystem Unstable $ props
-- Clam is a tor bridge, and an olduse.net shellbox and other
-- fun stuff.
& cleanCloudAtCost hostname & cleanCloudAtCost hostname
& standardSystem Unstable
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Network.ipv6to4 & Network.ipv6to4
& Apt.installed ["git-annex", "mtr"] & Apt.installed ["git-annex", "mtr"]
-- Clam is a tor bridge, and an olduse.net shellbox and other
-- fun stuff.
& Tor.isBridge & Tor.isBridge
& JoeySites.oldUseNetshellBox & JoeySites.oldUseNetshellBox
& Docker.configured & Docker.configured
@ -46,11 +45,9 @@ host hostname@"clam.kitenet.net" = Just $ props
! Docker.docked container hostname "webserver" ! Docker.docked container hostname "webserver"
! Docker.docked container hostname "amd64-git-annex-builder" ! Docker.docked container hostname "amd64-git-annex-builder"
& Docker.garbageCollected & Docker.garbageCollected
-- Should come last as it reboots. host hostname@"orca.kitenet.net" = standardSystem Unstable $ props
& Apt.installed ["systemd-sysv"] `onChange` Reboot.now -- Orca is the main git-annex build box.
host hostname@"orca.kitenet.net" = Just $ props
& Hostname.set hostname & Hostname.set hostname
& standardSystem Unstable
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Docker.configured & Docker.configured
& Apt.buildDep ["git-annex"] & Apt.buildDep ["git-annex"]
@ -89,26 +86,30 @@ image (System (Debian Unstable) "i386") = "joeyh/debian-unstable-i386"
image _ = "debian" image _ = "debian"
-- This is my standard system setup -- This is my standard system setup
standardSystem :: DebianSuite -> Property standardSystem :: DebianSuite -> [Property] -> Maybe [Property]
standardSystem suite = propertyList "standard system" standardSystem suite customprops = Just $
[ Apt.stdSourcesList suite `onChange` Apt.upgrade standardprops : customprops ++ [endprops]
, Apt.installed ["etckeeper"] where
, Apt.installed ["ssh"] standardprops = propertyList "standard system" $ props
, GitHome.installedFor "root" & Apt.stdSourcesList suite `onChange` Apt.upgrade
, User.hasSomePassword "root" & Apt.installed ["etckeeper"]
-- Harden the system, but only once root's authorized_keys & Apt.installed ["ssh"]
-- is safely in place. & GitHome.installedFor "root"
, check (Ssh.hasAuthorizedKeys "root") $ & User.hasSomePassword "root"
Ssh.passwordAuthentication False -- Harden the system, but only once root's authorized_keys
, User.accountFor "joey" -- is safely in place.
, User.hasSomePassword "joey" & check (Ssh.hasAuthorizedKeys "root")
, Sudo.enabledFor "joey" (Ssh.passwordAuthentication False)
, GitHome.installedFor "joey" & User.accountFor "joey"
, Apt.installed ["vim", "screen", "less"] & User.hasSomePassword "joey"
, Cron.runPropellor "30 * * * *" & Sudo.enabledFor "joey"
-- I use postfix, or no MTA. & GitHome.installedFor "joey"
, Apt.removed ["exim4"] `onChange` Apt.autoRemove & Apt.installed ["vim", "screen", "less"]
] & Cron.runPropellor "30 * * * *"
-- I use postfix, or no MTA.
& Apt.removed ["exim4"] `onChange` Apt.autoRemove
-- May reboot, so comes last.
endprops = Apt.installed ["systemd-sysv"] `onChange` Reboot.now
-- Clean up a system as installed by cloudatcost.com -- Clean up a system as installed by cloudatcost.com
cleanCloudAtCost :: HostName -> Property cleanCloudAtCost :: HostName -> Property