propellor spin

This commit is contained in:
Joey Hess 2015-02-27 18:55:51 -04:00
parent fa7656f743
commit e8b0e7c6ca
Failed to extract signature
4 changed files with 64 additions and 54 deletions

View File

@ -84,8 +84,9 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Ssh.randomHostKeys & Ssh.randomHostKeys
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Network.ipv6to4 & Network.ipv6to4
& Tor.named "kite1" Tor.isRelay' & Tor.isRelay
& Postfix.satellite & Tor.named "kite1"
& Tor.bandwidthRate "128 kibibytes"
& Docker.configured & Docker.configured
& Docker.garbageCollected `period` Daily & Docker.garbageCollected `period` Daily

3
debian/changelog vendored
View File

@ -1,8 +1,9 @@
propellor (2.1.1) UNRELEASED; urgency=medium propellor (2.2.0) UNRELEASED; urgency=medium
* When running shimmed (eg in a docker container), * When running shimmed (eg in a docker container),
improve process name visible in ps. improve process name visible in ps.
* Add shebang to cron.daily etc files. * Add shebang to cron.daily etc files.
* Some changes to tor configuration, minor API change.
-- Joey Hess <id@joeyh.name> Mon, 16 Feb 2015 19:00:48 -0400 -- Joey Hess <id@joeyh.name> Mon, 16 Feb 2015 19:00:48 -0400

View File

@ -1,5 +1,5 @@
Name: propellor Name: propellor
Version: 2.1.0 Version: 2.2.0
Cabal-Version: >= 1.6 Cabal-Version: >= 1.6
License: BSD3 License: BSD3
Maintainer: Joey Hess <id@joeyh.name> Maintainer: Joey Hess <id@joeyh.name>

View File

@ -5,6 +5,7 @@ import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Service as Service
import Utility.FileMode import Utility.FileMode
import Utility.DataUnits
import System.Posix.Files import System.Posix.Files
import Data.Char import Data.Char
@ -17,60 +18,36 @@ type NodeName = String
-- --
-- Uses port 443 -- Uses port 443
isBridge :: Property NoInfo isBridge :: Property NoInfo
isBridge = isBridge' [] isBridge = configured
[ ("BridgeRelay", "1")
isBridge' :: [String] -> Property NoInfo , ("Exitpolicy", "reject *:*")
isBridge' extraconfig = server config , ("ORPort", "443")
]
`describe` "tor bridge" `describe` "tor bridge"
where `requires` server
config =
[ "BridgeRelay 1"
, "Exitpolicy reject *:*"
, "ORPort 443"
] ++ extraconfig
-- | Sets up a tor relay. -- | Sets up a tor relay.
-- --
-- Uses port 443 -- Uses port 443
isRelay :: Property NoInfo isRelay :: Property NoInfo
isRelay = isRelay' [] isRelay = configured
[ ("BridgeRelay", "0")
isRelay' :: [String] -> Property NoInfo , ("Exitpolicy", "reject *:*")
isRelay' extraconfig = server config , ("ORPort", "443")
]
`describe` "tor relay" `describe` "tor relay"
where `requires` server
config =
[ "BridgeRelay 0"
, "Exitpolicy reject *:*"
, "ORPort 443"
] ++ extraconfig
-- | Converts a property like isBridge' or isRelay' to be a named -- | Makes the tor node be named, with a known private key.
-- node, with a known private key.
-- --
-- This can be moved to a different IP without needing to wait to -- This can be moved to a different IP without needing to wait to
-- accumulate trust. -- accumulate trust.
-- named :: NodeName -> Property HasInfo
-- The base property can be used to start out and then upgraded to named n = configured [("Nickname", n')]
-- a named property later. `describe` ("tor node named " ++ n')
named :: NodeName -> ([String] -> Property NoInfo) -> Property HasInfo
named n basep = p `describe` (getDesc p ++ " " ++ n)
where
p = basep ["Nickname " ++ saneNickname n]
`requires` torPrivKey (Context ("tor " ++ n)) `requires` torPrivKey (Context ("tor " ++ n))
-- | A tor server (bridge, relay, or exit)
-- Don't use if you just want to run tor for personal use.
server :: [String] -> Property NoInfo
server extraconfig = setup
`requires` Apt.installed ["tor", "ntp"]
`describe` "tor server"
where where
setup = mainConfig `File.hasContent` config n' = saneNickname n
`onChange` restarted
config =
[ "SocksPort 0"
] ++ extraconfig
torPrivKey :: Context -> Property HasInfo torPrivKey :: Context -> Property HasInfo
torPrivKey context = f `File.hasPrivContent` context torPrivKey context = f `File.hasPrivContent` context
@ -80,15 +57,47 @@ torPrivKey context = f `File.hasPrivContent` context
where where
f = "/var/lib/tor/keys/secret_id_key" f = "/var/lib/tor/keys/secret_id_key"
-- | A tor server (bridge, relay, or exit)
-- Don't use if you just want to run tor for personal use.
server :: Property NoInfo
server = configured [("SocksPort", "0")]
`requires` Apt.installed ["tor", "ntp"]
`describe` "tor server"
-- | Specifies configuration settings. Any lines in the config file
-- that set other values for the specified settings will be removed,
-- while other settings are left as-is. Tor is restarted when
-- configuration is changed.
configured :: [(String, String)] -> Property NoInfo
configured settings = File.fileProperty "tor configured" go mainConfig
`onChange` restarted
where
ks = map fst settings
go ls = map toconfig $
filter (\(k, _) -> k `notElem` ks) (map fromconfig ls)
++ settings
toconfig (k, v) = k ++ " " ++ v
fromconfig = separate (== ' ')
type BwLimit = String
-- | Limit incoming and outgoing traffic to the specified
-- amount, per second.
--
-- For example, "30 kibibytes" is the minimum limit for a useful relay.
bandwidthRate :: BwLimit -> Property NoInfo
bandwidthRate s = case readSize dataUnits s of
Just sz -> configured [("BandwidthRate", show sz ++ " bytes")]
Nothing -> property ("unable to parse " ++ s) noChange
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo
hiddenServiceAvailable hn port = hiddenServiceHostName prop hiddenServiceAvailable hn port = hiddenServiceHostName prop
where where
prop = mainConfig `File.containsLines` prop = configured
[ unwords ["HiddenServiceDir", varLib </> hn] [ ("HiddenServiceDir", varLib </> hn)
, unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port] , ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port])
] ]
`describe` "hidden service available" `describe` "hidden service available"
`onChange` Service.reloaded "tor"
hiddenServiceHostName p = adjustPropertySatisfy p $ \satisfy -> do hiddenServiceHostName p = adjustPropertySatisfy p $ \satisfy -> do
r <- satisfy r <- satisfy
h <- liftIO $ readFile (varLib </> hn </> "hostname") h <- liftIO $ readFile (varLib </> hn </> "hostname")
@ -96,12 +105,11 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
return r return r
hiddenService :: HiddenServiceName -> Int -> Property NoInfo hiddenService :: HiddenServiceName -> Int -> Property NoInfo
hiddenService hn port = mainConfig `File.containsLines` hiddenService hn port = configured
[ unwords ["HiddenServiceDir", varLib </> hn] [ ("HiddenServiceDir", varLib </> hn)
, unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port] , ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port])
] ]
`describe` unwords ["hidden service available:", hn, show port] `describe` unwords ["hidden service available:", hn, show port]
`onChange` restarted
hiddenServiceData :: IsContext c => HiddenServiceName -> c -> Property HasInfo hiddenServiceData :: IsContext c => HiddenServiceName -> c -> Property HasInfo
hiddenServiceData hn context = combineProperties desc hiddenServiceData hn context = combineProperties desc