propellor spin

Propellor/Property/SiteSpecific/JoeySites.hs

@@ -13,6 +13,7 @@ import qualified Propellor.Property.Service as Service
 import qualified Propellor.Property.User as User
 import qualified Propellor.Property.Obnam as Obnam
 import qualified Propellor.Property.Apache as Apache
+import Utility.SafeCommand
 
 oldUseNetShellBox :: Property
 oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
@@ -30,6 +31,21 @@ oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
 			] `describe` "olduse.net built"
 		]
 
+kgbServer :: Property
+kgbServer = withOS desc $ \o -> case o of
+	(Just (System (Debian Unstable) _)) ->
+		ensureProperty $ propertyList desc
+			[ Apt.serviceInstalledRunning "kgb-bot"
+			, File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+				`onChange` Service.restarted "kgb-bot"
+			, "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+				`describe` "kgb bot enabled"
+				`onChange` Service.running "kgb-bot"
+			]
+	_ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)"
+  where
+	desc = "kgb.kitenet.net setup"
+
 -- git.kitenet.net and git.joeyh.name
 gitServer :: [Host] -> Property
 gitServer hosts = propertyList "git.kitenet.net setup"
@@ -63,6 +79,69 @@ gitServer hosts = propertyList "git.kitenet.net setup"
   where
 	website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn)
 
+type AnnexUUID = String
+
+-- | A website, with files coming from a git-annex repository.
+annexWebSite :: Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git.RepoUrl)] -> Property
+annexWebSite origin hn uuid remotes = Git.cloned "joey" origin dir Nothing
+	`onChange` setup
+	`onChange` toProp (Apache.siteEnabled hn $ annexwebsiteconf hn)
+  where
+	dir = "/srv/web/" ++ hn
+	setup = userScriptProperty "joey" $
+		[ "cd " ++ shellEscape dir
+		, "git config annex.uuid " ++ shellEscape uuid
+		] ++ map addremote remotes ++
+		[ "git annex get"
+		]
+	addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url
+
+annexwebsiteconf :: HostName -> Apache.ConfigFile
+annexwebsiteconf hn = stanza 80 False ++ stanza 443 True
+  where
+  	stanza :: Int -> Bool -> Apache.ConfigFile
+	stanza port withssl = catMaybes
+		[ Just $ "<VirtualHost *:"++show port++">"
+		, Just $ "  ServerAdmin joey@kitenet.net"
+		, Just $ ""
+		, Just $ "  ServerName "++hn++":"++show port
+		, Just $ "  ServerAlias www."++hn
+		, Just $ ""
+		, ssl  $ "  SSLEngine on"
+		, ssl  $ "  SSLCertificateFile /etc/ssl/certs/web.pem"
+		, ssl  $ "  SSLCertificateKeyFile /etc/ssl/private/web.pem"
+		, ssl  $ "  SSLCertificateChainFile /etc/ssl/certs/startssl.pem"
+		, Just $ ""
+		, Just $ "  DocumentRoot /srv/web/"++hn
+		, Just $ "  <Directory /srv/web/"++hn++">"
+		, Just $ "    Options FollowSymLinks"
+		, Just $ "    AllowOverride None"
+		, Just $ "  </Directory>"
+		, Just $ "  <Directory /srv/web/"++hn++">"
+		, Just $ "    Options Indexes FollowSymLinks ExecCGI"
+		, Just $ "    AllowOverride None"
+		, Just $ "    Order allow,deny"
+		, Just $ "    allow from all"
+		, Just $ "  </Directory>"
+		, Just $ ""
+		, Just $ "  ErrorLog /var/log/apache2/error.log"
+		, Just $ "  LogLevel warn"
+		, Just $ "  CustomLog /var/log/apache2/access.log combined"
+		, Just $ "  ServerSignature On"
+		, Just $ "  "
+		, Just $ "  <Directory \"/usr/share/apache2/icons\">"
+		, Just $ "      Options Indexes MultiViews"
+		, Just $ "      AllowOverride None"
+		, Just $ "      Order allow,deny"
+		, Just $ "      Allow from all"
+		, Just $ "  </Directory>"
+		, Just $ "</VirtualHost>"
+		]
+	  where
+	  	ssl l
+			| withssl = Just l
+			| otherwise = Nothing
+
 gitapacheconf :: HostName -> Apache.ConfigFile
 gitapacheconf hn =
 	[ "<VirtualHost *:80>"
@@ -103,18 +182,3 @@ gitapacheconf hn =
 	, "  </Directory>"
 	, "</VirtualHost>"
 	]
-
-kgbServer :: Property
-kgbServer = withOS desc $ \o -> case o of
-	(Just (System (Debian Unstable) _)) ->
-		ensureProperty $ propertyList desc
-			[ Apt.serviceInstalledRunning "kgb-bot"
-			, File.hasPrivContent "/etc/kgb-bot/kgb.conf"
-				`onChange` Service.restarted "kgb-bot"
-			, "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
-				`describe` "kgb bot enabled"
-				`onChange` Service.running "kgb-bot"
-			]
-	_ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)"
-  where
-	desc = "kgb.kitenet.net setup"

config-joey.hs

@@ -74,14 +74,26 @@ hosts =
 		& Apt.serviceInstalledRunning "ntp"
 		& Dns.zones myDnsSecondary
 		& Apt.serviceInstalledRunning "apache2"
+		& File.ownerGroup "/srv" "joey" "joey"
 
 		& cname "git.kitenet.net"
 		& cname "git.joeyh.name"
 		& JoeySites.gitServer hosts
 	
 		& cname "downloads.kitenet.net"
+		& JoeySites.annexWebSite "/srv/git/download.git"
+			"downloads.kitenet.net"
+			"840760dc-08f0-11e2-8c61-576b7e66acfd"
+			[("turtle", "ssh://turtle.kitenet.net/~/lib/downloads/")]
 		& Apt.buildDep ["git-annex"] `period` Daily
-		-- downloads.kitenet.net setup (including ssh key to turtle)
+
+		& cname "tmp.kitenet.net"
+		& JoeySites.annexWebSite "/srv/git/joey/tmp.git"
+			"tmp.kitenet.net"
+			"274ce1ca-1226-11e2-bcbd-eb57078e31b1"
+			[]
+		
+		& Apt.installed ["ntop"]
 
 	-- I don't run this system, so only relevant property is its
 	-- public key.