From e435d97927d37fbea032b83e791dd77dcbd47307 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 8 Apr 2014 17:29:56 -0400 Subject: [PATCH] propellor spin --- Propellor/Property/OpenId.hs | 13 ++++++++++--- config-joey.hs | 16 ++++++++++++---- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 0f207a5..f744037 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -4,14 +4,21 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt -providerFor :: [UserName] -> Property -providerFor users = propertyList ("openid provider") $ +import Data.List + +providerFor :: [UserName] -> HostName -> Property +providerFor users hostname = propertyList ("openid provider") $ [ serviceRunning "apache2" `requires` Apt.installed ["apache2"] , Apt.installed ["simpleid"] `onChange` serviceRestarted "apache2" - , serviceRestarted "apache2" + , File.fileProperty ("simpleid host " ++ hostname) + (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where identfile u = File.hasPrivContent $ concat [ "/var/lib/simpleid/identities/", u, ".identity" ] + setbaseurl l + | "SIMPLEID_BASE_URL" `isInfixOf` l = + "define('SIMPLEID_BASE_URL', 'http://"++hostname++"/simpleid');" + | otherwise = l diff --git a/config-joey.hs b/config-joey.hs index c57dd5a..8445f7c 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -61,7 +61,7 @@ host _ = Nothing -- | This is where Docker containers are set up. A container -- can vary by hostname where it's used, or be the same everywhere. container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container) -container _parenthost name +container parenthost name -- Simple web server, publishing the outside host's /var/www | name == "webserver" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "amd64") @@ -70,6 +70,7 @@ container _parenthost name , Docker.inside $ props & serviceRunning "apache2" `requires` Apt.installed ["apache2"] + & Apt.unattendedUpgrades ] -- My own openid provider. Uses php, so containerized for security @@ -78,8 +79,9 @@ container _parenthost name (image $ System (Debian Stable) "amd64") [ Docker.publish "8081:80" , Docker.inside $ props - & Apt.stdSourcesList Stable `onChange` Apt.upgrade - & OpenId.providerFor ["joey", "liw"] + & Apt.stdSourcesList Stable + & Apt.unattendedUpgrades + & OpenId.providerFor ["joey", "liw"] parenthost ] -- armel builder has a companion container that run amd64 and @@ -89,6 +91,8 @@ container _parenthost name | name == "armel-git-annex-builder-companion" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "amd64") [ Docker.volume GitAnnexBuilder.homedir + , Docker.inside $ props + & Apt.unattendedUpgrades ] | name == "armel-git-annex-builder" = Just $ Docker.containerFrom (image $ System (Debian Unstable) "armel") @@ -96,13 +100,17 @@ container _parenthost name , Docker.volumes_from (name ++ "-companion") , Docker.inside $ props -- & GitAnnexBuilder.builder "armel" "15 * * * *" True + & Apt.unattendedUpgrades ] | "-git-annex-builder" `isSuffixOf` name = let arch = takeWhile (/= '-') name in Just $ Docker.containerFrom (image $ System (Debian Unstable) arch) - [ Docker.inside $ props & GitAnnexBuilder.builder arch "15 * * * *" True ] + [ Docker.inside $ props + & GitAnnexBuilder.builder arch "15 * * * *" True + & Apt.unattendedUpgrades + ] | otherwise = Nothing