Commit Graph

276 Commits

Author SHA1 Message Date
Joey Hess da77276378 ssh user perm fixes
* Ssh.authorizedKey: Make the authorized_keys file and .ssh directory
  be owned by the user, not root.
* Ssh.knownHost: Make the .ssh directory be owned by the user, not root.
2015-02-12 12:35:15 -04:00
Joey Hess e32f157374 Fix Git.daemonRunning to restart inetd after enabling the git server. 2015-02-10 21:04:32 -04:00
Joey Hess 5781da55bc
propellor spin 2015-02-08 15:51:55 -04:00
Joey Hess 8edc7ed3ae
propellor spin 2015-02-01 17:34:04 -04:00
Joey Hess 04611cac47 changelog 2015-01-29 01:41:39 -04:00
Joey Hess 62c093de30 typo 2015-01-25 15:27:55 -04:00
Joey Hess 32ca4d3af2 prep release 2015-01-25 15:24:36 -04:00
Joey Hess 54d0d95961 update 2015-01-25 15:22:45 -04:00
Joey Hess 0ee04ecc43 GADT properties seem to work (untested)
* Property has been converted to a GADT, and will be Property NoInfo
  or Property HasInfo.
  This was done to make sure that ensureProperty is only used on
  properties that do not have Info.
  Transition guide:
  - Change all "Property" to "Property NoInfo" or "Property WithInfo"
    (The compiler can tell you if you got it wrong!)
  - To construct a RevertableProperty, it is useful to use the new
    (<!>) operator
  - Constructing a list of properties can be problimatic, since
    Property NoInto and Property WithInfo are different types and cannot
    appear in the same list. To deal with this, "props" has been added,
    and can built up a list of properties of different types,
    using the same (&) and (!) operators that are used to build
    up a host's properties.
2015-01-24 22:38:51 -04:00
Joey Hess 38eec6fc37 OS.preserveNetwork finally written 2015-01-23 01:30:50 -04:00
Joey Hess d156a1e9ba Added more network interface configuration properties. 2015-01-23 01:18:47 -04:00
Joey Hess fa66cb49d6 Added journald configuration properties. 2015-01-21 23:21:24 -04:00
Joey Hess 88082c7293 Added systemd configuration properties. 2015-01-21 22:49:03 -04:00
Joey Hess 04d4d0d6c4 Fix info propigation from fallback combinator's second Property. 2015-01-19 14:43:25 -04:00
Joey Hess 4da4c4a70f use git.joeyh.name in preference to git.kitenet.net 2015-01-19 14:29:09 -04:00
Joey Hess afee550e70 Property tree
Properties now form a tree, instead of the flat list used before.

This simplifies propigation of Info from the Properties used inside a
container to the outer host; the Property that docks the container on the
host can just have as child properties all the inner Properties, and their
Info can then be gathered recursively. (Although in practice it still needs
to be filtered, since not all Info should propigate out of a container.)

Note that there is no change to how Properties are actually satisfied.
Just because a Property lists some child properties, this does not mean
they always have their propertySatisfy actions run. It's still up to the
parent property to run those actions.

That's necessary so that a container's properties can be satisfied inside
it, not outside. It also allows property combinators to
add the combined Properties to their childProperties list, even if,
like onChange, they don't always run the child properties at all.

Testing: I tested that the exact same Info is calculated before and after
this change, for every Host in my config file.
2015-01-18 18:46:38 -04:00
Joey Hess c7609c824b Add descriptions of how to set missing fields to --list-fields output. (Minor API changes) 2015-01-15 20:15:01 -04:00
Joey Hess 35cd06e4e6 prep release 2015-01-15 14:03:36 -04:00
Joey Hess a8ed898d72 changelog 2015-01-08 22:52:48 -04:00
Joey Hess 16a5f561f5 Merge Utiity modules from git-annex.
Except for a few that are using the other exception handling library,
that propellor has not switched to yet.
2015-01-06 19:07:40 -04:00
Joey Hess 4c2c2785c8 SSHFP records are also generated for CNAMES of hosts. 2015-01-04 21:31:44 -04:00
Joey Hess 0794dfbd7c prep 2015-01-04 19:51:50 -04:00
Joey Hess 66e42a2a5b prep 2015-01-04 19:51:42 -04:00
Joey Hess 8e442f0656 DNS records for hosts with known ssh public keys now automatically include SSHFP records. 2015-01-04 19:24:18 -04:00
Joey Hess ef2f3d33de Fix bug that prevented deploying ssh host keys when the file for the key didn't already exist.
This is not a new bug.
2015-01-04 18:20:02 -04:00
Joey Hess e27df9de24 prep release 2015-01-04 17:17:52 -04:00
Joey Hess ab8ff9a00e randomHostKeys is removed from CloudAtCost.deCruft. 2015-01-04 17:15:59 -04:00
Joey Hess 0af7629c98
propellor spin 2015-01-04 16:54:43 -04:00
Joey Hess a2bb647827 Ssh.hostKey and Ssh.hostKeys no longer install public keys from the privdata.
Instead, the public keys of a host should be set using Ssh.pubKey.
2015-01-04 16:10:36 -04:00
Joey Hess 84685f24c9 Ssh.hostKeys now also installs any available SshEd25519 keys. 2015-01-04 15:59:54 -04:00
Joey Hess f1a1d0001a sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType parameter. 2015-01-04 15:57:27 -04:00
Joey Hess 52664e6220 sshPubKey is renamed to Ssh.pubKey 2015-01-04 15:36:53 -04:00
Joey Hess 01d8ab0cfd Fix build with process 1.2.1.0. 2015-01-04 13:08:19 -04:00
Joey Hess a1f61e09b8 stub signedPrimary 2015-01-03 19:10:28 -04:00
Joey Hess 7cbd367e1c Update intermediary propellor in --spin --via 2015-01-01 17:13:03 -04:00
Joey Hess d5cfadd899 Detect #774376 and refuse to use docker if the system is so broken that docker exec doesn't enter a chroot. 2015-01-01 15:41:31 -04:00
Joey Hess 0b4a95f6c2 --spin checks if the DNS matches any configured IP address property of the host, and if not, sshes to the host by IP address. 2015-01-01 13:28:17 -04:00
Joey Hess 81db68814c prep release 2014-12-21 21:41:26 -04:00
Joey Hess dc36a98fc1 Revert ensureProperty warning message, too many false positives in places where Info is correctly propigated. Better approach needed. 2014-12-21 21:33:03 -04:00
Joey Hess d194765e10
propellor spin 2014-12-21 21:14:11 -04:00
Joey Hess ddeee3ceb8 prep release 2014-12-17 16:30:54 -04:00
Joey Hess 71723ca09f support for crypted passwords in privdata
* Added CryptPassword to PrivDataField, for password hashes as produced
  by crypt(3).
* User.hasPassword and User.hasSomePassword will now use either
  a CryptPassword or a Password from privdata, depending on which is set.
2014-12-14 15:24:10 -04:00
Joey Hess b22201e36b Fix Apache.siteEnabled to update the config file and reload apache when configuration has changed. 2014-12-09 00:34:24 -04:00
Joey Hess 040a5fe3c7 prep release 2014-12-09 00:05:16 -04:00
Joey Hess 99bff87440 Include Propellor.Property.OS, which was accidentially left out of the cabal file in the last release. 2014-12-09 00:03:14 -04:00
Joey Hess 6b6d5a0881 changelog 2014-12-08 01:08:40 -04:00
Joey Hess 42a0c83248 Display a warning when ensureProperty is used on a property which has Info and is so prevented from propigating it.
Would much rather a type-based fixed, but this is all I have for now.
2014-12-07 17:09:55 -04:00
Joey Hess f9958e1611 prep release 2014-12-07 15:24:07 -04:00
Joey Hess 3b0b6f44dd improve 2014-12-07 15:20:50 -04:00
Joey Hess 089b7131a6 caution 2014-12-07 15:13:28 -04:00
Joey Hess 9ca332e481 Fixed privdata introspection for User.hasPassword and User.hasSomePassword
This is not a complete fix for the problem that Info doen't propigate
from the called property when code does something like:

	do
		hostname <- asks hostName
		ensureProperty $ foo hostname

Instead, I just eliminated the need to implement hasPassword that way,
by making the PrivData Info use a HostContext which automatically
gets the right hostname passed to it.

All other uses of withPrivData don't have the problem. It's still possible
for the user to run into the problem if they write something like the
above, where foo is a property that uses privdata. However, all properties
that take a Context now also accept a HostContext, so it's at least less
likely the user needs to write that.
2014-12-07 15:03:06 -04:00
Joey Hess fcff7762e3 endAction can be used to register an action to run once propellor has successfully run on a host. 2014-12-06 06:34:32 -04:00
Joey Hess 527975dffe hasSomePassword and hasPassword now check to make sure shadow passwords are enabled. 2014-12-05 16:33:23 -04:00
Joey Hess bf9284d05c I have now successfully used propellor to convert a Fedora system into a bootable and fully working Debian system 2014-12-05 16:22:11 -04:00
Joey Hess 573b8b7df8 changelog 2014-12-04 17:40:26 -04:00
Joey Hess c9d09afafa
Run apt-cache policy with LANG=C. 2014-12-01 11:59:27 -04:00
Joey Hess e07dc9b1d3
propellor.debug can be set in the git config to enable more persistent debugging output. 2014-11-25 18:55:12 -04:00
Joey Hess 40374c10de
cron.runPropellor now runs propellor, rather than using its Makefile. This is more robust.
Particularly, the Makefile would try to build propellor if there were
updates, but if this build failed because a bad commit was pushed, it would
abort w/o pulling any new fixed commits.

Anyway, it's better to move away from using the makefile when possible as
it's just for bootstrapping, and also I would like to make "make" not
default to running propellor as that can be confusing behavior.

(I can't change that yet; needed for upgrades. Should be fine to change
after several more releases, or maybe a year..)
2014-11-25 11:33:45 -04:00
Joey Hess 9d975e9ee4 add --merge 2014-11-23 18:48:52 -04:00
Joey Hess baba668033 hasSomePassword and hasPassword now default to using the name of the host as the Context for the password. To specify a different context, use hasSomePassword' and hasPassword' (API change) 2014-11-23 16:40:21 -04:00
Joey Hess 0ea0f7f4de --spin can be passed multiple hosts, and it will provision each host in turn.
Note that if it fails to spin a host, it will stop. I think this is better
than continuing to the next, because there might be a reason to spin hosts
in some specific order (ie, update dns first and then use it).
2014-11-23 15:17:57 -04:00
Joey Hess dea5c2068e changelog 2014-11-23 14:39:19 -04:00
Joey Hess e8a07b1840 changelog 2014-11-23 14:38:31 -04:00
Joey Hess 9a8fcf80bb Hostname parameters not containing dots are looked up in the DNS to find the full hostname. 2014-11-22 19:58:35 -04:00
Joey Hess d413818647 clarify 2014-11-22 16:26:03 -04:00
Joey Hess fd3335e40e --via implemented 2014-11-22 12:57:07 -04:00
Joey Hess 57ec60d6f3 mdwn man page and more complete docs 2014-11-22 12:13:38 -04:00
Joey Hess f62d2fb183 propellor --spin can now deploy propellor to hosts that do not have git, ghc, or apt-get. This is accomplished by uploading a fairly portable precompiled tarball of propellor. 2014-11-22 00:22:19 -04:00
Joey Hess 1b56e73c07 copyright update 2014-11-21 22:27:13 -04:00
Joey Hess b4e1bb84d5 hmm 2014-11-21 21:10:01 -04:00
Joey Hess a0c7cddd1d maintainer 2014-11-21 21:08:30 -04:00
Joey Hess 886bd3715b prep release 2014-11-21 20:58:09 -04:00
Joey Hess 1af298dc10 trim 2014-11-21 01:14:19 -04:00
Joey Hess f9cc7c149e incomplete systemd container support 2014-11-20 17:18:26 -04:00
Joey Hess 2293b46bf7 fix chroot info propigation 2014-11-20 16:04:48 -04:00
Joey Hess d49d251897 separate docker container type
Docker containers are now a separate data type, cannot be included in the
main host list, and are instead passed to Docker.docked. (API change)
2014-11-19 23:11:34 -04:00
Joey Hess 41b10a956a correct version 2014-11-19 21:25:55 -04:00
Joey Hess 4a9bbd1391 Added support for using debootstrap from propellor.
Most of the hard part was making it be able to install debootstrap from
source, for use on non-debian-derived systems.
2014-11-19 19:30:56 -04:00
Joey Hess 5c34a575c8 flag API changes 2014-11-19 02:02:29 -04:00
Joey Hess dd635e9fcd update 2014-11-19 01:59:09 -04:00
Joey Hess 409e20a69e big 1.0 2014-11-19 01:41:50 -04:00
Joey Hess c3962dcf7d
propellor spin 2014-11-19 01:04:11 -04:00
Joey Hess e273946c22 reword 2014-11-18 21:20:56 -04:00
Joey Hess 74e067fa76
propellor spin 2014-11-18 17:26:02 -04:00
Joey Hess a0ea904ecb changelog for last commit's changes 2014-11-18 14:01:13 -04:00
Joey Hess 40f6d06f1a Run remote propellor --spin with a controlling terminal.
Avoids need for hack to make ansi colors work, but also things like apt-get
and wget process bars will be displayed.
2014-11-18 01:01:50 -04:00
Joey Hess 82d50a5796 Avoid outputting color setting sequences when not run on a terminal.
Currently TERM is checked for every message. Could be memoized, but it
would add complexity, and typical propellor output is not going to be more
than a few hundred messages, and likely this will be swamped by the actual
work.
2014-11-18 00:19:11 -04:00
Joey Hess 46cd2ad0e0 DigitalOcean.distroKernel property now reboots into the distribution kernel when necessary.
It might be better to do this check on boot to limit the time running the
DO kernel (which is not well security supported), but that has the
possibility of entering a bad reboot loop. Limiting this check to when
propellor runs avoids that, while still fixing the problem pretty fast.
2014-11-17 16:42:15 -04:00
Joey Hess 8d91b5de6b Convert GpgKeyId to newtype 2014-11-15 17:02:30 -04:00
Joey Hess 7902f705b0 update email 2014-11-15 15:03:54 -04:00
Joey Hess be27ae1503 changelog 2014-11-11 13:00:33 -04:00
Joey Hess 929d26d556 changelog 2014-11-10 16:22:44 -04:00
Joey Hess 9608a390d2 Added prosody module, contributed by Félix Sipma. 2014-11-10 11:15:41 -04:00
Joey Hess f3a31c9192 prep release 2014-11-08 15:57:46 -04:00
Joey Hess 1187cd4901 Orphaned the Debian package, as I am retiring from Debian. 2014-11-08 15:57:33 -04:00
Joey Hess 9755b761bb Docker: Stop using docker.io; that was a compat symlink in the Debian package which has been removed in docker.io 1.3.1~dfsg1-2. 2014-11-08 15:55:58 -04:00
Joey Hess ef9abb9b67 Apache: Fix daemon reload when enabling a new module or site. 2014-10-31 17:47:52 -04:00
Joey Hess ca06c64bae changelog 2014-10-31 10:21:27 -04:00
Joey Hess 01509b040e changelog 2014-10-30 16:36:37 -04:00
Joey Hess bbf258a075 update home page 2014-10-24 10:01:55 -04:00