propellor spin
This commit is contained in:
parent
fa7656f743
commit
e8b0e7c6ca
|
@ -84,8 +84,9 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
|
||||||
& Ssh.randomHostKeys
|
& Ssh.randomHostKeys
|
||||||
& Apt.unattendedUpgrades
|
& Apt.unattendedUpgrades
|
||||||
& Network.ipv6to4
|
& Network.ipv6to4
|
||||||
& Tor.named "kite1" Tor.isRelay'
|
& Tor.isRelay
|
||||||
& Postfix.satellite
|
& Tor.named "kite1"
|
||||||
|
& Tor.bandwidthRate "128 kibibytes"
|
||||||
|
|
||||||
& Docker.configured
|
& Docker.configured
|
||||||
& Docker.garbageCollected `period` Daily
|
& Docker.garbageCollected `period` Daily
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
propellor (2.1.1) UNRELEASED; urgency=medium
|
propellor (2.2.0) UNRELEASED; urgency=medium
|
||||||
|
|
||||||
* When running shimmed (eg in a docker container),
|
* When running shimmed (eg in a docker container),
|
||||||
improve process name visible in ps.
|
improve process name visible in ps.
|
||||||
* Add shebang to cron.daily etc files.
|
* Add shebang to cron.daily etc files.
|
||||||
|
* Some changes to tor configuration, minor API change.
|
||||||
|
|
||||||
-- Joey Hess <id@joeyh.name> Mon, 16 Feb 2015 19:00:48 -0400
|
-- Joey Hess <id@joeyh.name> Mon, 16 Feb 2015 19:00:48 -0400
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Name: propellor
|
Name: propellor
|
||||||
Version: 2.1.0
|
Version: 2.2.0
|
||||||
Cabal-Version: >= 1.6
|
Cabal-Version: >= 1.6
|
||||||
License: BSD3
|
License: BSD3
|
||||||
Maintainer: Joey Hess <id@joeyh.name>
|
Maintainer: Joey Hess <id@joeyh.name>
|
||||||
|
|
|
@ -5,6 +5,7 @@ import qualified Propellor.Property.File as File
|
||||||
import qualified Propellor.Property.Apt as Apt
|
import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.Service as Service
|
import qualified Propellor.Property.Service as Service
|
||||||
import Utility.FileMode
|
import Utility.FileMode
|
||||||
|
import Utility.DataUnits
|
||||||
|
|
||||||
import System.Posix.Files
|
import System.Posix.Files
|
||||||
import Data.Char
|
import Data.Char
|
||||||
|
@ -17,60 +18,36 @@ type NodeName = String
|
||||||
--
|
--
|
||||||
-- Uses port 443
|
-- Uses port 443
|
||||||
isBridge :: Property NoInfo
|
isBridge :: Property NoInfo
|
||||||
isBridge = isBridge' []
|
isBridge = configured
|
||||||
|
[ ("BridgeRelay", "1")
|
||||||
isBridge' :: [String] -> Property NoInfo
|
, ("Exitpolicy", "reject *:*")
|
||||||
isBridge' extraconfig = server config
|
, ("ORPort", "443")
|
||||||
|
]
|
||||||
`describe` "tor bridge"
|
`describe` "tor bridge"
|
||||||
where
|
`requires` server
|
||||||
config =
|
|
||||||
[ "BridgeRelay 1"
|
|
||||||
, "Exitpolicy reject *:*"
|
|
||||||
, "ORPort 443"
|
|
||||||
] ++ extraconfig
|
|
||||||
|
|
||||||
-- | Sets up a tor relay.
|
-- | Sets up a tor relay.
|
||||||
--
|
--
|
||||||
-- Uses port 443
|
-- Uses port 443
|
||||||
isRelay :: Property NoInfo
|
isRelay :: Property NoInfo
|
||||||
isRelay = isRelay' []
|
isRelay = configured
|
||||||
|
[ ("BridgeRelay", "0")
|
||||||
isRelay' :: [String] -> Property NoInfo
|
, ("Exitpolicy", "reject *:*")
|
||||||
isRelay' extraconfig = server config
|
, ("ORPort", "443")
|
||||||
|
]
|
||||||
`describe` "tor relay"
|
`describe` "tor relay"
|
||||||
where
|
`requires` server
|
||||||
config =
|
|
||||||
[ "BridgeRelay 0"
|
|
||||||
, "Exitpolicy reject *:*"
|
|
||||||
, "ORPort 443"
|
|
||||||
] ++ extraconfig
|
|
||||||
|
|
||||||
-- | Converts a property like isBridge' or isRelay' to be a named
|
-- | Makes the tor node be named, with a known private key.
|
||||||
-- node, with a known private key.
|
|
||||||
--
|
--
|
||||||
-- This can be moved to a different IP without needing to wait to
|
-- This can be moved to a different IP without needing to wait to
|
||||||
-- accumulate trust.
|
-- accumulate trust.
|
||||||
--
|
named :: NodeName -> Property HasInfo
|
||||||
-- The base property can be used to start out and then upgraded to
|
named n = configured [("Nickname", n')]
|
||||||
-- a named property later.
|
`describe` ("tor node named " ++ n')
|
||||||
named :: NodeName -> ([String] -> Property NoInfo) -> Property HasInfo
|
|
||||||
named n basep = p `describe` (getDesc p ++ " " ++ n)
|
|
||||||
where
|
|
||||||
p = basep ["Nickname " ++ saneNickname n]
|
|
||||||
`requires` torPrivKey (Context ("tor " ++ n))
|
`requires` torPrivKey (Context ("tor " ++ n))
|
||||||
|
|
||||||
-- | A tor server (bridge, relay, or exit)
|
|
||||||
-- Don't use if you just want to run tor for personal use.
|
|
||||||
server :: [String] -> Property NoInfo
|
|
||||||
server extraconfig = setup
|
|
||||||
`requires` Apt.installed ["tor", "ntp"]
|
|
||||||
`describe` "tor server"
|
|
||||||
where
|
where
|
||||||
setup = mainConfig `File.hasContent` config
|
n' = saneNickname n
|
||||||
`onChange` restarted
|
|
||||||
config =
|
|
||||||
[ "SocksPort 0"
|
|
||||||
] ++ extraconfig
|
|
||||||
|
|
||||||
torPrivKey :: Context -> Property HasInfo
|
torPrivKey :: Context -> Property HasInfo
|
||||||
torPrivKey context = f `File.hasPrivContent` context
|
torPrivKey context = f `File.hasPrivContent` context
|
||||||
|
@ -80,15 +57,47 @@ torPrivKey context = f `File.hasPrivContent` context
|
||||||
where
|
where
|
||||||
f = "/var/lib/tor/keys/secret_id_key"
|
f = "/var/lib/tor/keys/secret_id_key"
|
||||||
|
|
||||||
|
-- | A tor server (bridge, relay, or exit)
|
||||||
|
-- Don't use if you just want to run tor for personal use.
|
||||||
|
server :: Property NoInfo
|
||||||
|
server = configured [("SocksPort", "0")]
|
||||||
|
`requires` Apt.installed ["tor", "ntp"]
|
||||||
|
`describe` "tor server"
|
||||||
|
|
||||||
|
-- | Specifies configuration settings. Any lines in the config file
|
||||||
|
-- that set other values for the specified settings will be removed,
|
||||||
|
-- while other settings are left as-is. Tor is restarted when
|
||||||
|
-- configuration is changed.
|
||||||
|
configured :: [(String, String)] -> Property NoInfo
|
||||||
|
configured settings = File.fileProperty "tor configured" go mainConfig
|
||||||
|
`onChange` restarted
|
||||||
|
where
|
||||||
|
ks = map fst settings
|
||||||
|
go ls = map toconfig $
|
||||||
|
filter (\(k, _) -> k `notElem` ks) (map fromconfig ls)
|
||||||
|
++ settings
|
||||||
|
toconfig (k, v) = k ++ " " ++ v
|
||||||
|
fromconfig = separate (== ' ')
|
||||||
|
|
||||||
|
type BwLimit = String
|
||||||
|
|
||||||
|
-- | Limit incoming and outgoing traffic to the specified
|
||||||
|
-- amount, per second.
|
||||||
|
--
|
||||||
|
-- For example, "30 kibibytes" is the minimum limit for a useful relay.
|
||||||
|
bandwidthRate :: BwLimit -> Property NoInfo
|
||||||
|
bandwidthRate s = case readSize dataUnits s of
|
||||||
|
Just sz -> configured [("BandwidthRate", show sz ++ " bytes")]
|
||||||
|
Nothing -> property ("unable to parse " ++ s) noChange
|
||||||
|
|
||||||
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo
|
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo
|
||||||
hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
||||||
where
|
where
|
||||||
prop = mainConfig `File.containsLines`
|
prop = configured
|
||||||
[ unwords ["HiddenServiceDir", varLib </> hn]
|
[ ("HiddenServiceDir", varLib </> hn)
|
||||||
, unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
|
, ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port])
|
||||||
]
|
]
|
||||||
`describe` "hidden service available"
|
`describe` "hidden service available"
|
||||||
`onChange` Service.reloaded "tor"
|
|
||||||
hiddenServiceHostName p = adjustPropertySatisfy p $ \satisfy -> do
|
hiddenServiceHostName p = adjustPropertySatisfy p $ \satisfy -> do
|
||||||
r <- satisfy
|
r <- satisfy
|
||||||
h <- liftIO $ readFile (varLib </> hn </> "hostname")
|
h <- liftIO $ readFile (varLib </> hn </> "hostname")
|
||||||
|
@ -96,12 +105,11 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
||||||
return r
|
return r
|
||||||
|
|
||||||
hiddenService :: HiddenServiceName -> Int -> Property NoInfo
|
hiddenService :: HiddenServiceName -> Int -> Property NoInfo
|
||||||
hiddenService hn port = mainConfig `File.containsLines`
|
hiddenService hn port = configured
|
||||||
[ unwords ["HiddenServiceDir", varLib </> hn]
|
[ ("HiddenServiceDir", varLib </> hn)
|
||||||
, unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
|
, ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port])
|
||||||
]
|
]
|
||||||
`describe` unwords ["hidden service available:", hn, show port]
|
`describe` unwords ["hidden service available:", hn, show port]
|
||||||
`onChange` restarted
|
|
||||||
|
|
||||||
hiddenServiceData :: IsContext c => HiddenServiceName -> c -> Property HasInfo
|
hiddenServiceData :: IsContext c => HiddenServiceName -> c -> Property HasInfo
|
||||||
hiddenServiceData hn context = combineProperties desc
|
hiddenServiceData hn context = combineProperties desc
|
||||||
|
|
Loading…
Reference in New Issue