summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2015-05-22 14:16:16 -0400
committerJoey Hess2015-05-22 14:16:16 -0400
commit53f2646c4520e5c788d4b60dae63049222737acc (patch)
tree39086348281d342fa87de9211950a94d34753894
parentda4636eb28e86d6909e2160c2ba7a00dcafc7ca9 (diff)
parente661aad6c493e31b6bd8109ca3d5c90bec28626a (diff)
Merge branch 'joeyconfig'
Conflicts: privdata.joey/privdata.gpg
-rw-r--r--config-joey.hs40
-rw-r--r--propellor.cabal2
-rw-r--r--src/Propellor/Property/Docker.hs29
-rw-r--r--src/Propellor/Property/HostingProvider/DigitalOcean.hs4
-rw-r--r--src/Propellor/Property/HostingProvider/Linode.hs2
-rw-r--r--src/Propellor/Property/SiteSpecific/Branchable.hs66
-rw-r--r--src/Propellor/Property/SiteSpecific/IABak.hs15
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs2
8 files changed, 130 insertions, 30 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 895c6573..2a173776 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -31,6 +31,7 @@ import qualified Propellor.Property.HostingProvider.Linode as Linode
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
import qualified Propellor.Property.SiteSpecific.IABak as IABak
+import qualified Propellor.Property.SiteSpecific.Branchable as Branchable
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -47,6 +48,7 @@ hosts = -- (o) `
, kite
, elephant
, beaver
+ , pell
, iabak
] ++ monsters
@@ -311,6 +313,30 @@ beaver = host "beaver.kitenet.net"
& Cron.niceJob "system disk backed up" Cron.Weekly (User "root") "/"
"rsync -a -x / /home/joey/lib/backup/beaver.kitenet.net/"
+-- Branchable is not completely deployed with propellor yet.
+pell :: Host
+pell = host "pell.branchable.com"
+ & ipv4 "66.228.46.55"
+ & ipv6 "2600:3c03::f03c:91ff:fedf:c0e5"
+
+ -- All the websites I host at branchable that don't use
+ -- branchable.com dns.
+ & alias "olduse.net"
+ & alias "www.olduse.net"
+ & alias "www.kitenet.net"
+ & alias "joeyh.name"
+ & alias "campaign.joeyh.name"
+ & alias "ikiwiki.info"
+ & alias "git.ikiwiki.info"
+ & alias "l10n.ikiwiki.info"
+ & alias "dist-bugs.kitenet.net"
+ & alias "family.kitenet.net"
+
+ & Apt.installed ["linux-image-amd64"]
+ & Linode.chainPVGrub 5
+ & Apt.unattendedUpgrades
+ & Branchable.server hosts
+
iabak :: Host
iabak = host "iabak.archiveteam.org"
& ipv4 "124.6.40.227"
@@ -338,6 +364,7 @@ iabak = host "iabak.archiveteam.org"
& IABak.gitServer monsters
& IABak.registrationServer monsters
& IABak.graphiteServer
+ & IABak.publicFace
where
admins = map User ["joey", "db48x"]
@@ -491,19 +518,6 @@ monsters = -- but do want to track their public keys etc.
& ipv6 "2001:4978:f:2d9::2"
, host "mouse.kitenet.net"
& ipv6 "2001:4830:1600:492::2"
- , host "branchable.com"
- & ipv4 "66.228.46.55"
- & ipv6 "2600:3c03::f03c:91ff:fedf:c0e5"
- & alias "olduse.net"
- & alias "www.olduse.net"
- & alias "www.kitenet.net"
- & alias "joeyh.name"
- & alias "campaign.joeyh.name"
- & alias "ikiwiki.info"
- & alias "git.ikiwiki.info"
- & alias "l10n.ikiwiki.info"
- & alias "dist-bugs.kitenet.net"
- & alias "family.kitenet.net"
, host "animx"
& ipv4 "76.7.162.101"
& ipv4 "76.7.162.186"
diff --git a/propellor.cabal b/propellor.cabal
index c84dccda..16dffe31 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -110,6 +110,8 @@ Library
Propellor.Property.SiteSpecific.GitHome
Propellor.Property.SiteSpecific.JoeySites
Propellor.Property.SiteSpecific.GitAnnexBuilder
+ Propellor.Property.SiteSpecific.Branchable
+ Propellor.Property.SiteSpecific.IABak
Propellor.PropAccum
Propellor.CmdLine
Propellor.Info
diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs
index 745b5622..fdc312ce 100644
--- a/src/Propellor/Property/Docker.hs
+++ b/src/Propellor/Property/Docker.hs
@@ -1,4 +1,4 @@
-{-# LANGUAGE FlexibleContexts #-}
+{-# LANGUAGE FlexibleContexts, TypeSynonymInstances, FlexibleInstances #-}
-- | Docker support for propellor
--
@@ -18,7 +18,8 @@ module Propellor.Property.Docker (
tweaked,
Image,
ContainerName,
- Container(..),
+ Container,
+ HasImage(..),
-- * Container configuration
dns,
hostname,
@@ -79,10 +80,16 @@ configured = prop `requires` installed
type ContainerName = String
-- | A docker container.
-data Container = Container
- { containerImage :: Image
- , containerHost :: Host
- }
+data Container = Container Image Host
+
+class HasImage a where
+ getImageName :: a -> Image
+
+instance HasImage Image where
+ getImageName = id
+
+instance HasImage Container where
+ getImageName (Container i _) = i
instance PropAccum Container where
(Container i h) & p = Container i (h & p)
@@ -142,19 +149,21 @@ docked ctr@(Container _ h) =
]
-- | Build the image from a directory containing a Dockerfile.
-imageBuilt :: FilePath -> Image -> Property NoInfo
-imageBuilt directory image = describe built msg
+imageBuilt :: HasImage c => FilePath -> c -> Property NoInfo
+imageBuilt directory ctr = describe built msg
where
msg = "docker image " ++ image ++ " built from " ++ directory
built = Cmd.cmdProperty' dockercmd ["build", "--tag", image, "./"] workDir
workDir p = p { cwd = Just directory }
+ image = getImageName ctr
-- | Pull the image from the standard Docker Hub registry.
-imagePulled :: Image -> Property NoInfo
-imagePulled image = describe pulled msg
+imagePulled :: HasImage c => c -> Property NoInfo
+imagePulled ctr = describe pulled msg
where
msg = "docker image " ++ image ++ " pulled"
pulled = Cmd.cmdProperty dockercmd ["pull", image]
+ image = getImageName ctr
propigateContainerInfo :: (IsProp (Property i)) => Container -> Property i -> Property HasInfo
propigateContainerInfo ctr@(Container _ h) p = propigateContainer ctr p'
diff --git a/src/Propellor/Property/HostingProvider/DigitalOcean.hs b/src/Propellor/Property/HostingProvider/DigitalOcean.hs
index be62ccdc..a5de9818 100644
--- a/src/Propellor/Property/HostingProvider/DigitalOcean.hs
+++ b/src/Propellor/Property/HostingProvider/DigitalOcean.hs
@@ -9,7 +9,7 @@ import qualified Propellor.Property.Reboot as Reboot
import Data.List
--- Digital Ocean does not provide any way to boot
+-- | Digital Ocean does not provide any way to boot
-- the kernel provided by the distribution, except using kexec.
-- Without this, some old, and perhaps insecure kernel will be used.
--
@@ -40,7 +40,7 @@ runningInstalledKernel = do
findVersion kernelver <$>
readProcess "file" ("-L" : kernelimages)
--- File output looks something like this, we want to unambiguously
+-- | File output looks something like this, we want to unambiguously
-- match the running kernel version:
-- Linux kernel x86 boot executable bzImage, version 3.16-3-amd64 (debian-kernel@lists.debian.org) #1 SMP Debian 3.1, RO-rootFS, swap_dev 0x2, Normal VGA
findVersion :: String -> String -> Bool
diff --git a/src/Propellor/Property/HostingProvider/Linode.hs b/src/Propellor/Property/HostingProvider/Linode.hs
index 4dd66129..40be4c2e 100644
--- a/src/Propellor/Property/HostingProvider/Linode.hs
+++ b/src/Propellor/Property/HostingProvider/Linode.hs
@@ -6,7 +6,7 @@ import qualified Propellor.Property.File as File
import Utility.FileMode
-- | Linode's pv-grub-x86_64 does not currently support booting recent
--- Debian kernels compressed with xz. This sets up pv-grub chaing to enable
+-- Debian kernels compressed with xz. This sets up pv-grub chaining to enable
-- it.
chainPVGrub :: Grub.TimeoutSecs -> Property NoInfo
chainPVGrub = Grub.chainPVGrub "hd0" "xen/xvda"
diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs
new file mode 100644
index 00000000..f5950e52
--- /dev/null
+++ b/src/Propellor/Property/SiteSpecific/Branchable.hs
@@ -0,0 +1,66 @@
+module Propellor.Property.SiteSpecific.Branchable where
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Postfix as Postfix
+import qualified Propellor.Property.Gpg as Gpg
+import qualified Propellor.Property.Sudo as Sudo
+
+server :: [Host] -> Property HasInfo
+server hosts = propertyList "branchable server" $ props
+ & "/etc/timezone" `File.hasContent` ["Etc/UTC"]
+ & "/etc/locale.gen" `File.containsLines`
+ [ "en_GB.UTF-8 UTF-8"
+ , "en_US.UTF-8 UTF-8"
+ , "fi_FI.UTF-8 UTF-8"
+ ]
+ `onChange` cmdProperty "locale-gen" []
+
+ & Apt.installed ["etckeeper", "ssh", "popularity-contest"]
+ & Apt.serviceInstalledRunning "apache2"
+ & Apt.serviceInstalledRunning "ntp"
+
+ & Apt.serviceInstalledRunning "openssh-server"
+ & Ssh.passwordAuthentication False
+ & Ssh.hostKeys (Context "branchable.com")
+ [ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
+ , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
+ ]
+
+ & Apt.installed ["procmail", "bsd-mailx"]
+ & "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
+ `onChange` Postfix.newaliases
+ & "/etc/mailname" `File.hasContent` ["branchable.com"]
+ & Postfix.installed
+ & Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
+
+ -- Obnam is run by a cron job in ikiwiki-hosting.
+ & "/etc/obnam.conf" `File.hasContent`
+ [ "[config]"
+ , "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
+ , "log = /var/log/obnam.log"
+ , "encrypt-with = " ++ obnamkey
+ , "log-level = info"
+ , "log-max = 1048576"
+ , "keep = 7d,5w,12m"
+ , "upload-queue-size = 128"
+ , "lru-size = 128"
+ ]
+ & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
+ & Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
+ & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ & Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+
+ & adminuser "joey"
+ & adminuser "liw"
+ where
+ obnamkey = "41E1A9B9"
+ adminuser u = propertyList ("admin user " ++ u) $ props
+ & User.accountFor (User u)
+ & User.hasSomePassword (User u)
+ & Sudo.enabledFor (User u)
+ & User.hasGroup (User u) (Group "adm")
+ & User.hasGroup (User u) (Group "systemd-journal")
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
index 650014f4..fe2de7c8 100644
--- a/src/Propellor/Property/SiteSpecific/IABak.hs
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -15,6 +15,13 @@ repo = "https://github.com/ArchiveTeam/IA.BAK/"
userrepo :: String
userrepo = "git@gitlab.com:archiveteam/IA.bak.users.git"
+publicFace :: Property HasInfo
+publicFace = propertyList "iabak public face" $ props
+ & Git.cloned (User "root") repo "/usr/local/IA.BAK" (Just "server")
+ & Apt.serviceInstalledRunning "apache2"
+ & Cron.niceJob "graph-gen" (Cron.Times "*/10 * * * *") (User "root") "/"
+ "/usr/local/IA.BAK/web/graph-gen.sh"
+
gitServer :: [Host] -> Property HasInfo
gitServer knownhosts = propertyList "iabak git server" $ props
& Git.cloned (User "root") repo "/usr/local/IA.BAK" (Just "server")
@@ -56,12 +63,14 @@ graphiteServer = propertyList "iabak graphite server" $ props
[ "[carbon]"
, "pattern = ^carbon\\."
, "retentions = 60:90d"
- , "[iabak]"
+ , "[iabak-connections]"
+ , "pattern = ^iabak\\.shardstats\\.connections"
+ , "retentions = 1h:1y,3h:10y"
+ , "[iabak-default]"
, "pattern = ^iabak\\."
- , "retentions = 10m:30d,1h:1y,3h,10y"
+ , "retentions = 10m:30d,1h:1y,3h:10y"
, "[default_1min_for_1day]"
, "pattern = .*"
- , "retentions = 60s:1d"
]
& graphiteCSRF
& cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb"
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 12629e2c..36808919 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -470,7 +470,7 @@ backupsBackedupFrom hosts srchost destdir = Cron.niceJob desc
`requires` Ssh.knownHost hosts srchost (User "joey")
where
desc = "backups copied from " ++ srchost ++ " on boot"
- cmd = "rsync -az --bwlimit=300K --partial --delete " ++ srchost ++ ":lib/backup/ " ++ destdir </> srchost
+ cmd = "sleep 30m && rsync -az --bwlimit=300K --partial --delete " ++ srchost ++ ":lib/backup/ " ++ destdir </> srchost
obnamRepos :: [String] -> Property NoInfo
obnamRepos rs = propertyList ("obnam repos for " ++ unwords rs)