cadey
/
propellor
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

propellor spin

This commit is contained in:
Joey Hess 2014-04-13 20:22:35 -04:00
parent 774f6600eb
commit fb1d65125b
Failed to extract signature
2 changed files with 68 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

149
Propellor/Property/SiteSpecific/JoeySites.hs
View File

@ -79,87 +79,8 @@ gitServer hosts = propertyList "git.kitenet.net setup"
, toProp $ Apache.modEnabled "cgi" , toProp $ Apache.modEnabled "cgi"
] ]
where where
website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn) website hn = toProp $ Apache.siteEnabled hn $ apachecfg hn True
[ " DocumentRoot /srv/web/git.kitenet.net/"
type AnnexUUID = String
-- | A website, with files coming from a git-annex repository.
annexWebSite :: [Host] -> Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git.RepoUrl)] -> Property
annexWebSite hosts origin hn uuid remotes = Git.cloned "joey" origin dir Nothing
`onChange` setup
`onChange` setupapache
`requires` File.hasPrivContent "/etc/ssl/certs/web.pem"
`requires` File.hasPrivContent "/etc/ssl/private/web.pem"
`requires` File.hasPrivContent "/etc/ssl/certs/startssl.pem"
`requires` toProp (Apache.modEnabled "ssl")
where
dir = "/srv/web/" ++ hn
setup = userScriptProperty "joey" setupscript
`requires` Ssh.keyImported SshRsa "joey"
`requires` Ssh.knownHost hosts "turtle.kitenet.net" "joey"
setupscript =
[ "cd " ++ shellEscape dir
, "git config annex.uuid " ++ shellEscape uuid
] ++ map addremote remotes ++
[ "git annex get"
]
addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url
setupapache = toProp (Apache.siteEnabled hn $ annexwebsiteconf hn)
annexwebsiteconf :: HostName -> Apache.ConfigFile
annexwebsiteconf hn = stanza 80 False ++ stanza 443 True
where
stanza :: Int -> Bool -> Apache.ConfigFile
stanza port withssl = catMaybes
[ Just $ "<VirtualHost *:"++show port++">"
, Just $ " ServerAdmin joey@kitenet.net"
, Just $ ""
, Just $ " ServerName "++hn++":"++show port
, Just $ " ServerAlias www."++hn
, Just $ ""
, ssl $ " SSLEngine on"
, ssl $ " SSLCertificateFile /etc/ssl/certs/web.pem"
, ssl $ " SSLCertificateKeyFile /etc/ssl/private/web.pem"
, ssl $ " SSLCertificateChainFile /etc/ssl/certs/startssl.pem"
, Just $ ""
, Just $ " DocumentRoot /srv/web/"++hn
, Just $ " <Directory /srv/web/"++hn++">"
, Just $ " Options FollowSymLinks"
, Just $ " AllowOverride None"
, Just $ " </Directory>"
, Just $ " <Directory /srv/web/"++hn++">"
, Just $ " Options Indexes FollowSymLinks ExecCGI"
, Just $ " AllowOverride None"
, Just $ " Order allow,deny"
, Just $ " allow from all"
, Just $ " </Directory>"
, Just $ ""
, Just $ " ErrorLog /var/log/apache2/error.log"
, Just $ " LogLevel warn"
, Just $ " CustomLog /var/log/apache2/access.log combined"
, Just $ " ServerSignature On"
, Just $ " "
, Just $ " <Directory \"/usr/share/apache2/icons\">"
, Just $ " Options Indexes MultiViews"
, Just $ " AllowOverride None"
, Just $ " Order allow,deny"
, Just $ " Allow from all"
, Just $ " </Directory>"
, Just $ "</VirtualHost>"
]
where
ssl l
| withssl = Just l
| otherwise = Nothing
gitapacheconf :: HostName -> Apache.ConfigFile
gitapacheconf hn =
[ "<VirtualHost *:80>"
, " ServerAdmin joey@kitenet.net"
, ""
, " ServerName " ++ hn ++ ":80"
, ""
, " DocumentRoot /srv/web/git.kitenet.net/"
, " <Directory /srv/web/git.kitenet.net/>" , " <Directory /srv/web/git.kitenet.net/>"
, " Options Indexes ExecCGI FollowSymlinks" , " Options Indexes ExecCGI FollowSymlinks"
, " AllowOverride None" , " AllowOverride None"
@ -172,16 +93,59 @@ gitapacheconf hn =
, " SetHandler cgi-script" , " SetHandler cgi-script"
, " Options ExecCGI" , " Options ExecCGI"
, " </Directory>" , " </Directory>"
]
type AnnexUUID = String
-- | A website, with files coming from a git-annex repository.
annexWebSite :: [Host] -> Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git.RepoUrl)] -> Property
annexWebSite hosts origin hn uuid remotes = Git.cloned "joey" origin dir Nothing
`onChange` setup
`onChange` setupapache
where
dir = "/srv/web/" ++ hn
setup = userScriptProperty "joey" setupscript
`requires` Ssh.keyImported SshRsa "joey"
`requires` Ssh.knownHost hosts "turtle.kitenet.net" "joey"
setupscript =
[ "cd " ++ shellEscape dir
, "git config annex.uuid " ++ shellEscape uuid
] ++ map addremote remotes ++
[ "git annex get"
]
addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url
setupapache = toProp $ Apache.siteEnabled hn $ apachecfg hn True $
[ " ServerAlias www."++hn
, "" , ""
, " DocumentRoot /srv/web/"++hn
, " <Directory /srv/web/"++hn++">"
, " Options FollowSymLinks"
, " AllowOverride None"
, " </Directory>"
, " <Directory /srv/web/"++hn++">"
, " Options Indexes FollowSymLinks ExecCGI"
, " AllowOverride None"
, " Order allow,deny"
, " allow from all"
, " </Directory>"
]
apachecfg :: HostName -> Bool -> Apache.ConfigFile -> Apache.ConfigFile
apachecfg hn withssl middle
| withssl = vhost False ++ vhost True
| otherwise = vhost False
where
vhost ssl =
[ "<VirtualHost *:"++show port++">"
, " ServerAdmin grue@joeyh.name"
, " ServerName "++hn++":"++show port
]
++ mainhttpscert ssl
++ middle ++
[ ""
, " ErrorLog /var/log/apache2/error.log" , " ErrorLog /var/log/apache2/error.log"
, " LogLevel warn" , " LogLevel warn"
, " CustomLog /var/log/apache2/access.log combined" , " CustomLog /var/log/apache2/access.log combined"
, ""
, " # Possible values include: debug, info, notice, warn, error, crit,"
, " # alert, emerg."
, " LogLevel warn"
, ""
, " CustomLog /var/log/apache2/access.log combined"
, " ServerSignature On" , " ServerSignature On"
, " " , " "
, " <Directory \"/usr/share/apache2/icons\">" , " <Directory \"/usr/share/apache2/icons\">"
@ -192,3 +156,14 @@ gitapacheconf hn =
, " </Directory>" , " </Directory>"
, "</VirtualHost>" , "</VirtualHost>"
] ]
where
port = if ssl then 443 else 80 :: Int
mainhttpscert :: Bool -> Apache.ConfigFile
mainhttpscert False = []
mainhttpscert True =
[ " SSLEngine on"
, " SSLCertificateFile /etc/ssl/certs/web.pem"
, " SSLCertificateKeyFile /etc/ssl/private/web.pem"
, " SSLCertificateChainFile /etc/ssl/certs/startssl.pem"
]

6
config-joey.hs
View File

@ -17,6 +17,7 @@ import qualified Propellor.Property.Dns as Dns
import qualified Propellor.Property.OpenId as OpenId import qualified Propellor.Property.OpenId as OpenId
import qualified Propellor.Property.Docker as Docker import qualified Propellor.Property.Docker as Docker
import qualified Propellor.Property.Git as Git import qualified Propellor.Property.Git as Git
import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Service as Service
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
@ -74,7 +75,12 @@ hosts =
& Apt.unattendedUpgrades & Apt.unattendedUpgrades
& Apt.serviceInstalledRunning "ntp" & Apt.serviceInstalledRunning "ntp"
& Dns.zones myDnsSecondary & Dns.zones myDnsSecondary
& Apt.serviceInstalledRunning "apache2" & Apt.serviceInstalledRunning "apache2"
& File.hasPrivContent "/etc/ssl/certs/web.pem"
& File.hasPrivContent "/etc/ssl/private/web.pem"
& File.hasPrivContent "/etc/ssl/certs/startssl.pem"
& Apache.modEnabled "ssl"
& File.ownerGroup "/srv/web" "joey" "joey" & File.ownerGroup "/srv/web" "joey" "joey"
& cname "git.kitenet.net" & cname "git.kitenet.net"