summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-04-13 12:21:43 -0400
committerJoey Hess2014-04-13 12:21:43 -0400
commit479045277b29919797cee341b11d30bbd15ab3d7 (patch)
tree58ac2c40774a2340903d612236721eaade3089e2
parentebfba3828cadb0c53712410e0935dba4a58c1f6b (diff)
propellor spin
-rw-r--r--Propellor/Property/File.hs5
-rw-r--r--Propellor/Property/OpenId.hs13
-rw-r--r--config-joey.hs20
3 files changed, 23 insertions, 15 deletions
diff --git a/Propellor/Property/File.hs b/Propellor/Property/File.hs
index d8caf366..bd33c9b8 100644
--- a/Propellor/Property/File.hs
+++ b/Propellor/Property/File.hs
@@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent ->
where
desc = "privcontent " ++ f
+-- | Leaves the file world-readable.
+hasPrivContentExposed :: FilePath -> Property
+hasPrivContentExposed f = hasPrivContent f `onChange`
+ mode f (combineModes (ownerWriteMode:readModes))
+
-- | Ensures that a line is present in a file, adding it to the end if not.
containsLine :: FilePath -> Line -> Property
f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f
diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs
index b896180f..d06bf88f 100644
--- a/Propellor/Property/OpenId.hs
+++ b/Propellor/Property/OpenId.hs
@@ -4,7 +4,6 @@ import Propellor
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service
-import Utility.FileMode
import Data.List
import System.Posix.Files
@@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $
"define('SIMPLEID_BASE_URL', '"++url++"');"
| otherwise = l
- identfile u = combineProperties desc
- [ File.hasPrivContent f
- -- the identitites directory controls access, so open up
- -- file mode
- , File.mode f (combineModes (ownerWriteMode:readModes))
- ]
- where
- f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
+ -- the identitites directory controls access, so open up
+ -- file mode
+ identfile u = File.hasPrivContentExposed $
+ concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
diff --git a/config-joey.hs b/config-joey.hs
index 7537b10a..2245f8dd 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -85,18 +85,15 @@ hosts =
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family"
`requires` User.accountFor "family"
- & Apt.installed ["git", "git-annex", "rsync", "kgb-client"]
+ & Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"]
& Git.daemonRunning "/srv/git"
-- ssh keys for branchable and github repo hooks
-- TODO: upgrade to newer git-annex-shell for notification
-- gitweb
& cname "kgb.kitenet.net"
- & Apt.serviceInstalledRunning "kgb-bot"
- & File.hasPrivContent "/etc/kgb-bot/kgb.conf"
- & File.hasPrivContent "/etc/kgb-bot/kgb-client.conf"
- & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
- `onChange` Service.running "kgb-bot"
+ & Docker.docked hosts "kgb-server"
+ & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
& cname "downloads.kitenet.net"
& Apt.buildDep ["git-annex"] `period` Daily
@@ -127,7 +124,18 @@ hosts =
& Docker.publish "8081:80"
& OpenId.providerFor ["joey", "liw"]
"openid.kitenet.net:8081"
+
+ -- The kgb irc bot, in a container for security and because I need
+ -- features not in the stable version.
+ , standardContainer "kgb-server" Unstable "amd64"
+ & Docker.publish "9999:9999"
+ & Apt.serviceInstalledRunning "kgb-bot"
+ & File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+ & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+ `describe` "kgb bot enabled"
+ `onChange` Service.running "kgb-bot"
+ -- Exhibit: kite's 90's website.
, standardContainer "ancient-kitenet" Stable "amd64"
& Docker.publish "1994:80"
& Apt.serviceInstalledRunning "apache2"