diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs index f7c432c..bd6e93f 100644 --- a/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/Propellor/Property/SiteSpecific/JoeySites.hs @@ -79,7 +79,21 @@ gitServer hosts = propertyList "git.kitenet.net setup" , toProp $ Apache.modEnabled "cgi" ] where - website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn) + website hn = toProp $ Apache.siteEnabled hn $ apachecfg hn True + [ " DocumentRoot /srv/web/git.kitenet.net/" + , " " + , " Options Indexes ExecCGI FollowSymlinks" + , " AllowOverride None" + , " AddHandler cgi-script .cgi" + , " DirectoryIndex index.cgi" + , " " + , "" + , " ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/" + , " " + , " SetHandler cgi-script" + , " Options ExecCGI" + , " " + ] type AnnexUUID = String @@ -88,10 +102,6 @@ annexWebSite :: [Host] -> Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git. annexWebSite hosts origin hn uuid remotes = Git.cloned "joey" origin dir Nothing `onChange` setup `onChange` setupapache - `requires` File.hasPrivContent "/etc/ssl/certs/web.pem" - `requires` File.hasPrivContent "/etc/ssl/private/web.pem" - `requires` File.hasPrivContent "/etc/ssl/certs/startssl.pem" - `requires` toProp (Apache.modEnabled "ssl") where dir = "/srv/web/" ++ hn setup = userScriptProperty "joey" setupscript @@ -104,91 +114,56 @@ annexWebSite hosts origin hn uuid remotes = Git.cloned "joey" origin dir Nothing [ "git annex get" ] addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url - setupapache = toProp (Apache.siteEnabled hn $ annexwebsiteconf hn) + setupapache = toProp $ Apache.siteEnabled hn $ apachecfg hn True $ + [ " ServerAlias www."++hn + , "" + , " DocumentRoot /srv/web/"++hn + , " " + , " Options FollowSymLinks" + , " AllowOverride None" + , " " + , " " + , " Options Indexes FollowSymLinks ExecCGI" + , " AllowOverride None" + , " Order allow,deny" + , " allow from all" + , " " + ] -annexwebsiteconf :: HostName -> Apache.ConfigFile -annexwebsiteconf hn = stanza 80 False ++ stanza 443 True +apachecfg :: HostName -> Bool -> Apache.ConfigFile -> Apache.ConfigFile +apachecfg hn withssl middle + | withssl = vhost False ++ vhost True + | otherwise = vhost False where - stanza :: Int -> Bool -> Apache.ConfigFile - stanza port withssl = catMaybes - [ Just $ "" - , Just $ " ServerAdmin joey@kitenet.net" - , Just $ "" - , Just $ " ServerName "++hn++":"++show port - , Just $ " ServerAlias www."++hn - , Just $ "" - , ssl $ " SSLEngine on" - , ssl $ " SSLCertificateFile /etc/ssl/certs/web.pem" - , ssl $ " SSLCertificateKeyFile /etc/ssl/private/web.pem" - , ssl $ " SSLCertificateChainFile /etc/ssl/certs/startssl.pem" - , Just $ "" - , Just $ " DocumentRoot /srv/web/"++hn - , Just $ " " - , Just $ " Options FollowSymLinks" - , Just $ " AllowOverride None" - , Just $ " " - , Just $ " " - , Just $ " Options Indexes FollowSymLinks ExecCGI" - , Just $ " AllowOverride None" - , Just $ " Order allow,deny" - , Just $ " allow from all" - , Just $ " " - , Just $ "" - , Just $ " ErrorLog /var/log/apache2/error.log" - , Just $ " LogLevel warn" - , Just $ " CustomLog /var/log/apache2/access.log combined" - , Just $ " ServerSignature On" - , Just $ " " - , Just $ " " - , Just $ " Options Indexes MultiViews" - , Just $ " AllowOverride None" - , Just $ " Order allow,deny" - , Just $ " Allow from all" - , Just $ " " - , Just $ "" + vhost ssl = + [ "" + , " ServerAdmin grue@joeyh.name" + , " ServerName "++hn++":"++show port + ] + ++ mainhttpscert ssl + ++ middle ++ + [ "" + , " ErrorLog /var/log/apache2/error.log" + , " LogLevel warn" + , " CustomLog /var/log/apache2/access.log combined" + , " ServerSignature On" + , " " + , " " + , " Options Indexes MultiViews" + , " AllowOverride None" + , " Order allow,deny" + , " Allow from all" + , " " + , "" ] where - ssl l - | withssl = Just l - | otherwise = Nothing + port = if ssl then 443 else 80 :: Int -gitapacheconf :: HostName -> Apache.ConfigFile -gitapacheconf hn = - [ "" - , " ServerAdmin joey@kitenet.net" - , "" - , " ServerName " ++ hn ++ ":80" - , "" - , " DocumentRoot /srv/web/git.kitenet.net/" - , " " - , " Options Indexes ExecCGI FollowSymlinks" - , " AllowOverride None" - , " AddHandler cgi-script .cgi" - , " DirectoryIndex index.cgi" - , " " - , "" - , " ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/" - , " " - , " SetHandler cgi-script" - , " Options ExecCGI" - , " " - , "" - , " ErrorLog /var/log/apache2/error.log" - , " LogLevel warn" - , " CustomLog /var/log/apache2/access.log combined" - , "" - , " # Possible values include: debug, info, notice, warn, error, crit," - , " # alert, emerg." - , " LogLevel warn" - , "" - , " CustomLog /var/log/apache2/access.log combined" - , " ServerSignature On" - , " " - , " " - , " Options Indexes MultiViews" - , " AllowOverride None" - , " Order allow,deny" - , " Allow from all" - , " " - , "" +mainhttpscert :: Bool -> Apache.ConfigFile +mainhttpscert False = [] +mainhttpscert True = + [ " SSLEngine on" + , " SSLCertificateFile /etc/ssl/certs/web.pem" + , " SSLCertificateKeyFile /etc/ssl/private/web.pem" + , " SSLCertificateChainFile /etc/ssl/certs/startssl.pem" ] diff --git a/config-joey.hs b/config-joey.hs index ca1c220..0809304 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -17,6 +17,7 @@ import qualified Propellor.Property.Dns as Dns import qualified Propellor.Property.OpenId as OpenId import qualified Propellor.Property.Docker as Docker import qualified Propellor.Property.Git as Git +import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.Service as Service import qualified Propellor.Property.SiteSpecific.GitHome as GitHome import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder @@ -74,7 +75,12 @@ hosts = & Apt.unattendedUpgrades & Apt.serviceInstalledRunning "ntp" & Dns.zones myDnsSecondary + & Apt.serviceInstalledRunning "apache2" + & File.hasPrivContent "/etc/ssl/certs/web.pem" + & File.hasPrivContent "/etc/ssl/private/web.pem" + & File.hasPrivContent "/etc/ssl/certs/startssl.pem" + & Apache.modEnabled "ssl" & File.ownerGroup "/srv/web" "joey" "joey" & cname "git.kitenet.net"