diff --git a/privdata/privdata.gpg b/privdata/privdata.gpg deleted file mode 100644 index 7adbfa9..0000000 --- a/privdata/privdata.gpg +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN PGP MESSAGE----- -Version: GnuPG v1 - -hQIMA7ODiaEXBlRZAQ/+PM/KTUaI4xdM+eDaiund1opYfCFjcwPoXcvj56pahV4D -3P7EYYhd1tAYaj4dGiPPNCN6bp6Azajhggu2CEm0VBCGGKIxo5p20rlITwVCgVHa -Y9JRhh6A8t0e34fSOFFfaBBRDF377Y6sWuJ/deo3h/OhmJyOwSBVANwqBdQVOSza -LLnsZ2utkHgnXjS1hb54IglG0MAgU3ynYCDg6H+v1ZJ/qHH1hK5FINYVQ7cs60ZR -S1VdJObt11jHr72C2804bJpWWK0//cE3BV5wzugRopfBorhdoPlqaQ81aqD3TkYa -1nthyjA/E9TnU15M8WTkgfDRFYa/mcrvTLNd+MIRSV0wwIy0kBvRvQYBLV276Sdb -cr1nk91q2KwwnDoymlZyKN0v2Ax9lq16QKrW+hLHFlnOs7OjzUGNvaog/Q9P25Yu -Q+/WkP9ToN6UvkGFV10ItL8cttt9W8kFMFIzTXLX65f2s14+pKBX1M0xhDVhEEJp -BscOW/gIcOoINUBbQqTSMMjUV6bIxmyNXKw2kTwvtqtbd+fRN6kBMYVeJ6JQK2gx -ANXVd+Xs1r1dOGnQ469mUX1gkc4dByUa1eI8QQLoFPKpTkmpJngjzD7izhyW+v2m -GWPHHdS2F1xhzwLWxsh8fZ5NHkUTnIZqKfMacLWqKY7omUNNFPd9/W4c96M0D5bS -fgGcrlNnNQLNdCKysU9jdc4Y3bEVoGA9mSUhhzBpyC0XAo/7dm34rBlXWHl6v8jx -hr9vdV/g6QxCr8qjnndsTqCd2hwk/+1IXoKctzxWFYtv8fxv7UNDir9sCtovLamH -fyTU0AeA4ignXssxQH5PHbQCaUcVO12lp7RAR6vuvg== -=nkRo ------END PGP MESSAGE----- diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs index 7cf6c2b..471d619 100644 --- a/src/Propellor/Property/Apt.hs +++ b/src/Propellor/Property/Apt.hs @@ -29,6 +29,10 @@ backportSuite :: DebianSuite -> Maybe String backportSuite (Stable s) = Just (s ++ "-backports") backportSuite _ = Nothing +stableUpdatesSuite :: DebianSuite -> Maybe String +stableUpdatesSuite (Stable s) = Just (s ++ "-updates") +stableUpdatesSuite _ = Nothing + debLine :: String -> Url -> [Section] -> Line debLine suite mirror sections = unwords $ ["deb", mirror, suite] ++ sections @@ -74,9 +78,9 @@ securityUpdates suite -- Since the CDN is sometimes unreliable, also adds backup lines using -- kernel.org. stdSourcesList :: Property -stdSourcesList = withOS ("standard sources.list") $ \o -> +stdSourcesList = withOS ("standard sources.list") $ \o -> case o of - (Just (System (Debian suite) _)) -> + (Just (System (Debian suite) _)) -> ensureProperty $ stdSourcesListFor suite _ -> error "os is not declared to be Debian" @@ -135,7 +139,7 @@ installedBackport ps = trivial $ withOS desc $ \o -> case o of Nothing -> error "cannot install backports; os not declared" (Just (System (Debian suite) _)) -> case backportSuite suite of Nothing -> notsupported o - Just bs -> ensureProperty $ runApt $ + Just bs -> ensureProperty $ runApt $ ["install", "-t", bs, "-y"] ++ ps _ -> notsupported o where @@ -218,7 +222,7 @@ unattendedUpgrades = RevertableProperty enable disable v | enabled = "true" | otherwise = "false" - + configure = withOS "unattended upgrades configured" $ \o -> case o of -- the package defaults to only upgrading stable @@ -272,4 +276,4 @@ trustsKey k = RevertableProperty trust untrust -- space. cacheCleaned :: Property cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"] - `describe` "apt cache cleaned" + `describe` "apt cache cleaned" diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 2384a7d..c23f060 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -4,6 +4,11 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service +import Utility.FileMode + +import System.Posix.Files + +type HiddenServiceName = String isBridge :: Property isBridge = setup `requires` Apt.installed ["tor"] @@ -16,7 +21,7 @@ isBridge = setup `requires` Apt.installed ["tor"] , "Exitpolicy reject *:*" ] `onChange` restarted -hiddenServiceAvailable :: HostName -> Int -> Property +hiddenServiceAvailable :: HiddenServiceName -> Int -> Property hiddenServiceAvailable hn port = hiddenServiceHostName prop where prop = mainConfig `File.containsLines` @@ -31,7 +36,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop warningMessage $ unlines ["hidden service hostname:", h] return r -hiddenService :: HostName -> Int -> Property +hiddenService :: HiddenServiceName -> Int -> Property hiddenService hn port = mainConfig `File.containsLines` [ unlines ["HiddenServiceDir", varLib hn] , unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port] @@ -39,6 +44,28 @@ hiddenService hn port = mainConfig `File.containsLines` `describe` unlines ["hidden service available:", hn, show port] `onChange` restarted +hiddenServiceData :: HiddenServiceName -> Context -> Property +hiddenServiceData hn context = combineProperties desc + [ installonion "hostname" + , installonion "private_key" + ] + where + desc = unlines ["hidden service data available in", varLib hn] + installonion f = withPrivData (PrivFile $ varLib hn f) context $ \getcontent -> + property desc $ getcontent $ install $ varLib hn f + install f content = ifM (liftIO $ doesFileExist f) + ( noChange + , ensureProperties + [ property desc $ makeChange $ do + createDirectoryIfMissing True (takeDirectory f) + writeFileProtected f content + , File.mode (takeDirectory f) $ combineModes + [ownerReadMode, ownerWriteMode, ownerExecuteMode] + , File.ownerGroup (takeDirectory f) user user + , File.ownerGroup f user user + ] + ) + restarted :: Property restarted = Service.restarted "tor" @@ -50,3 +77,6 @@ varLib = "/var/lib/tor" varRun :: FilePath varRun = "/var/run/tor" + +user :: UserName +user = "debian-tor"