Merge branch 'joeyconfig'
Conflicts: privdata/privdata.gpg
This commit is contained in:
Joey Hess
commit
eba2d3d2cd
|
|
@ -1,19 +0,0 @@
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
hQIMA7ODiaEXBlRZAQ/+PM/KTUaI4xdM+eDaiund1opYfCFjcwPoXcvj56pahV4D
|
|
||||||
3P7EYYhd1tAYaj4dGiPPNCN6bp6Azajhggu2CEm0VBCGGKIxo5p20rlITwVCgVHa
|
|
||||||
Y9JRhh6A8t0e34fSOFFfaBBRDF377Y6sWuJ/deo3h/OhmJyOwSBVANwqBdQVOSza
|
|
||||||
LLnsZ2utkHgnXjS1hb54IglG0MAgU3ynYCDg6H+v1ZJ/qHH1hK5FINYVQ7cs60ZR
|
|
||||||
S1VdJObt11jHr72C2804bJpWWK0//cE3BV5wzugRopfBorhdoPlqaQ81aqD3TkYa
|
|
||||||
1nthyjA/E9TnU15M8WTkgfDRFYa/mcrvTLNd+MIRSV0wwIy0kBvRvQYBLV276Sdb
|
|
||||||
cr1nk91q2KwwnDoymlZyKN0v2Ax9lq16QKrW+hLHFlnOs7OjzUGNvaog/Q9P25Yu
|
|
||||||
Q+/WkP9ToN6UvkGFV10ItL8cttt9W8kFMFIzTXLX65f2s14+pKBX1M0xhDVhEEJp
|
|
||||||
BscOW/gIcOoINUBbQqTSMMjUV6bIxmyNXKw2kTwvtqtbd+fRN6kBMYVeJ6JQK2gx
|
|
||||||
ANXVd+Xs1r1dOGnQ469mUX1gkc4dByUa1eI8QQLoFPKpTkmpJngjzD7izhyW+v2m
|
|
||||||
GWPHHdS2F1xhzwLWxsh8fZ5NHkUTnIZqKfMacLWqKY7omUNNFPd9/W4c96M0D5bS
|
|
||||||
fgGcrlNnNQLNdCKysU9jdc4Y3bEVoGA9mSUhhzBpyC0XAo/7dm34rBlXWHl6v8jx
|
|
||||||
hr9vdV/g6QxCr8qjnndsTqCd2hwk/+1IXoKctzxWFYtv8fxv7UNDir9sCtovLamH
|
|
||||||
fyTU0AeA4ignXssxQH5PHbQCaUcVO12lp7RAR6vuvg==
|
|
||||||
=nkRo
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
|
|
@ -29,6 +29,10 @@ backportSuite :: DebianSuite -> Maybe String
|
||||||
backportSuite (Stable s) = Just (s ++ "-backports")
|
backportSuite (Stable s) = Just (s ++ "-backports")
|
||||||
backportSuite _ = Nothing
|
backportSuite _ = Nothing
|
||||||
|
|
||||||
|
stableUpdatesSuite :: DebianSuite -> Maybe String
|
||||||
|
stableUpdatesSuite (Stable s) = Just (s ++ "-updates")
|
||||||
|
stableUpdatesSuite _ = Nothing
|
||||||
|
|
||||||
debLine :: String -> Url -> [Section] -> Line
|
debLine :: String -> Url -> [Section] -> Line
|
||||||
debLine suite mirror sections = unwords $
|
debLine suite mirror sections = unwords $
|
||||||
["deb", mirror, suite] ++ sections
|
["deb", mirror, suite] ++ sections
|
||||||
|
|
@ -74,9 +78,9 @@ securityUpdates suite
|
||||||
-- Since the CDN is sometimes unreliable, also adds backup lines using
|
-- Since the CDN is sometimes unreliable, also adds backup lines using
|
||||||
-- kernel.org.
|
-- kernel.org.
|
||||||
stdSourcesList :: Property
|
stdSourcesList :: Property
|
||||||
stdSourcesList = withOS ("standard sources.list") $ \o ->
|
stdSourcesList = withOS ("standard sources.list") $ \o ->
|
||||||
case o of
|
case o of
|
||||||
(Just (System (Debian suite) _)) ->
|
(Just (System (Debian suite) _)) ->
|
||||||
ensureProperty $ stdSourcesListFor suite
|
ensureProperty $ stdSourcesListFor suite
|
||||||
_ -> error "os is not declared to be Debian"
|
_ -> error "os is not declared to be Debian"
|
||||||
|
|
||||||
|
|
@ -135,7 +139,7 @@ installedBackport ps = trivial $ withOS desc $ \o -> case o of
|
||||||
Nothing -> error "cannot install backports; os not declared"
|
Nothing -> error "cannot install backports; os not declared"
|
||||||
(Just (System (Debian suite) _)) -> case backportSuite suite of
|
(Just (System (Debian suite) _)) -> case backportSuite suite of
|
||||||
Nothing -> notsupported o
|
Nothing -> notsupported o
|
||||||
Just bs -> ensureProperty $ runApt $
|
Just bs -> ensureProperty $ runApt $
|
||||||
["install", "-t", bs, "-y"] ++ ps
|
["install", "-t", bs, "-y"] ++ ps
|
||||||
_ -> notsupported o
|
_ -> notsupported o
|
||||||
where
|
where
|
||||||
|
|
@ -218,7 +222,7 @@ unattendedUpgrades = RevertableProperty enable disable
|
||||||
v
|
v
|
||||||
| enabled = "true"
|
| enabled = "true"
|
||||||
| otherwise = "false"
|
| otherwise = "false"
|
||||||
|
|
||||||
configure = withOS "unattended upgrades configured" $ \o ->
|
configure = withOS "unattended upgrades configured" $ \o ->
|
||||||
case o of
|
case o of
|
||||||
-- the package defaults to only upgrading stable
|
-- the package defaults to only upgrading stable
|
||||||
|
|
@ -272,4 +276,4 @@ trustsKey k = RevertableProperty trust untrust
|
||||||
-- space.
|
-- space.
|
||||||
cacheCleaned :: Property
|
cacheCleaned :: Property
|
||||||
cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
|
cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
|
||||||
`describe` "apt cache cleaned"
|
`describe` "apt cache cleaned"
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,11 @@ import Propellor
|
||||||
import qualified Propellor.Property.File as File
|
import qualified Propellor.Property.File as File
|
||||||
import qualified Propellor.Property.Apt as Apt
|
import qualified Propellor.Property.Apt as Apt
|
||||||
import qualified Propellor.Property.Service as Service
|
import qualified Propellor.Property.Service as Service
|
||||||
|
import Utility.FileMode
|
||||||
|
|
||||||
|
import System.Posix.Files
|
||||||
|
|
||||||
|
type HiddenServiceName = String
|
||||||
|
|
||||||
isBridge :: Property
|
isBridge :: Property
|
||||||
isBridge = setup `requires` Apt.installed ["tor"]
|
isBridge = setup `requires` Apt.installed ["tor"]
|
||||||
|
|
@ -16,7 +21,7 @@ isBridge = setup `requires` Apt.installed ["tor"]
|
||||||
, "Exitpolicy reject *:*"
|
, "Exitpolicy reject *:*"
|
||||||
] `onChange` restarted
|
] `onChange` restarted
|
||||||
|
|
||||||
hiddenServiceAvailable :: HostName -> Int -> Property
|
hiddenServiceAvailable :: HiddenServiceName -> Int -> Property
|
||||||
hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
||||||
where
|
where
|
||||||
prop = mainConfig `File.containsLines`
|
prop = mainConfig `File.containsLines`
|
||||||
|
|
@ -31,7 +36,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
|
||||||
warningMessage $ unlines ["hidden service hostname:", h]
|
warningMessage $ unlines ["hidden service hostname:", h]
|
||||||
return r
|
return r
|
||||||
|
|
||||||
hiddenService :: HostName -> Int -> Property
|
hiddenService :: HiddenServiceName -> Int -> Property
|
||||||
hiddenService hn port = mainConfig `File.containsLines`
|
hiddenService hn port = mainConfig `File.containsLines`
|
||||||
[ unlines ["HiddenServiceDir", varLib </> hn]
|
[ unlines ["HiddenServiceDir", varLib </> hn]
|
||||||
, unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
|
, unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
|
||||||
|
|
@ -39,6 +44,28 @@ hiddenService hn port = mainConfig `File.containsLines`
|
||||||
`describe` unlines ["hidden service available:", hn, show port]
|
`describe` unlines ["hidden service available:", hn, show port]
|
||||||
`onChange` restarted
|
`onChange` restarted
|
||||||
|
|
||||||
|
hiddenServiceData :: HiddenServiceName -> Context -> Property
|
||||||
|
hiddenServiceData hn context = combineProperties desc
|
||||||
|
[ installonion "hostname"
|
||||||
|
, installonion "private_key"
|
||||||
|
]
|
||||||
|
where
|
||||||
|
desc = unlines ["hidden service data available in", varLib </> hn]
|
||||||
|
installonion f = withPrivData (PrivFile $ varLib </> hn </> f) context $ \getcontent ->
|
||||||
|
property desc $ getcontent $ install $ varLib </> hn </> f
|
||||||
|
install f content = ifM (liftIO $ doesFileExist f)
|
||||||
|
( noChange
|
||||||
|
, ensureProperties
|
||||||
|
[ property desc $ makeChange $ do
|
||||||
|
createDirectoryIfMissing True (takeDirectory f)
|
||||||
|
writeFileProtected f content
|
||||||
|
, File.mode (takeDirectory f) $ combineModes
|
||||||
|
[ownerReadMode, ownerWriteMode, ownerExecuteMode]
|
||||||
|
, File.ownerGroup (takeDirectory f) user user
|
||||||
|
, File.ownerGroup f user user
|
||||||
|
]
|
||||||
|
)
|
||||||
|
|
||||||
restarted :: Property
|
restarted :: Property
|
||||||
restarted = Service.restarted "tor"
|
restarted = Service.restarted "tor"
|
||||||
|
|
||||||
|
|
@ -50,3 +77,6 @@ varLib = "/var/lib/tor"
|
||||||
|
|
||||||
varRun :: FilePath
|
varRun :: FilePath
|
||||||
varRun = "/var/run/tor"
|
varRun = "/var/run/tor"
|
||||||
|
|
||||||
|
user :: UserName
|
||||||
|
user = "debian-tor"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue