From 479045277b29919797cee341b11d30bbd15ab3d7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 12:21:43 -0400 Subject: propellor spin --- Propellor/Property/File.hs | 5 +++++ Propellor/Property/OpenId.hs | 13 ++++--------- config-joey.hs | 20 ++++++++++++++------ 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/Propellor/Property/File.hs b/Propellor/Property/File.hs index d8caf366..bd33c9b8 100644 --- a/Propellor/Property/File.hs +++ b/Propellor/Property/File.hs @@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent -> where desc = "privcontent " ++ f +-- | Leaves the file world-readable. +hasPrivContentExposed :: FilePath -> Property +hasPrivContentExposed f = hasPrivContent f `onChange` + mode f (combineModes (ownerWriteMode:readModes)) + -- | Ensures that a line is present in a file, adding it to the end if not. containsLine :: FilePath -> Line -> Property f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index b896180f..d06bf88f 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -4,7 +4,6 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service -import Utility.FileMode import Data.List import System.Posix.Files @@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $ "define('SIMPLEID_BASE_URL', '"++url++"');" | otherwise = l - identfile u = combineProperties desc - [ File.hasPrivContent f - -- the identitites directory controls access, so open up - -- file mode - , File.mode f (combineModes (ownerWriteMode:readModes)) - ] - where - f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ] + -- the identitites directory controls access, so open up + -- file mode + identfile u = File.hasPrivContentExposed $ + concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ] diff --git a/config-joey.hs b/config-joey.hs index 7537b10a..2245f8dd 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -85,18 +85,15 @@ hosts = `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.authorizedKeys "family" `requires` User.accountFor "family" - & Apt.installed ["git", "git-annex", "rsync", "kgb-client"] + & Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"] & Git.daemonRunning "/srv/git" -- ssh keys for branchable and github repo hooks -- TODO: upgrade to newer git-annex-shell for notification -- gitweb & cname "kgb.kitenet.net" - & Apt.serviceInstalledRunning "kgb-bot" - & File.hasPrivContent "/etc/kgb-bot/kgb.conf" - & File.hasPrivContent "/etc/kgb-bot/kgb-client.conf" - & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" - `onChange` Service.running "kgb-bot" + & Docker.docked hosts "kgb-server" + & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf" & cname "downloads.kitenet.net" & Apt.buildDep ["git-annex"] `period` Daily @@ -127,7 +124,18 @@ hosts = & Docker.publish "8081:80" & OpenId.providerFor ["joey", "liw"] "openid.kitenet.net:8081" + + -- The kgb irc bot, in a container for security and because I need + -- features not in the stable version. + , standardContainer "kgb-server" Unstable "amd64" + & Docker.publish "9999:9999" + & Apt.serviceInstalledRunning "kgb-bot" + & File.hasPrivContent "/etc/kgb-bot/kgb.conf" + & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" + `describe` "kgb bot enabled" + `onChange` Service.running "kgb-bot" + -- Exhibit: kite's 90's website. , standardContainer "ancient-kitenet" Stable "amd64" & Docker.publish "1994:80" & Apt.serviceInstalledRunning "apache2" -- cgit v1.2.3