summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-05-31 14:15:16 -0400
committerJoey Hess2014-05-31 14:15:16 -0400
commit5a895c21b5a2f43ab74b3514b3c75f1dba09dd97 (patch)
treee2abaeee5418a4af9097a40792de89ce28e16464
parent2d740c92c9c392d7799d51140bf8691588fd68df (diff)
propellor spin
-rw-r--r--config-joey.hs9
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs22
2 files changed, 28 insertions, 3 deletions
diff --git a/config-joey.hs b/config-joey.hs
index b14e06fd..f5d226bc 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -41,9 +41,7 @@ hosts = -- (o) `
& Apt.buildDep ["git-annex"] `period` Daily
& Docker.docked hosts "android-git-annex"
- -- Nothing super-important lives here.
- -- Any services I care about are containerized so they can easily
- -- be moved.
+ -- Nothing super-important lives here and mostly it's docker containers.
, standardSystem "clam.kitenet.net" Unstable "amd64"
& ipv4 "162.248.143.249"
& ipv6 "2002:5044:5531::1"
@@ -78,6 +76,11 @@ hosts = -- (o) `
& alias "znc.kitenet.net"
& JoeySites.ircBouncer
+ -- For https port 443, shellinabox with ssh login to
+ -- kitenet.net
+ & alias "shell.kitenet.net"
+ & JoeySites.kiteShellBox
+
-- Nothing is using http port 80 on clam, so listen on
-- that port for ssh, for traveling on bad networks that
-- block 22.
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 587e16af..51210819 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -317,3 +317,25 @@ ircBouncer = propertyList "IRC bouncer"
]
where
conf = "/home/znc/.znc/configs/znc.conf"
+
+kiteShellBox :: Property
+kiteShellBox = propertyList "kitenet.net shellinabox"
+ [ Apt.installed ["shellinabox"]
+
+ -- Install ssl cert, let shellinabox read it.
+ , File.dirExists certdir
+ , File.ownerGroup certdir "shellinabox" "shellinabox"
+ , File.mode certdir (combineModes [ownerWriteMode, ownerReadMode, ownerExecuteMode])
+ , File.hasPrivContentExposed (certdir </> "certificate.pem")
+
+ , File.hasContent "/etc/default/shellinabox"
+ [ "# Deployed by propellor"
+ , "SHELLINABOX_DAEMON_START=1"
+ , "SHELLINABOX_PORT=443"
+ , "SHELLINABOX_ARGS=\"--no-beep --service=/:SSH:kitenet.net --cert=" ++ certdir ++ "\""
+ ]
+ `onChange` Service.restarted "shellinabox"
+ , Service.running "shellinabox"
+ ]
+ where
+ certdir = "/etc/shellinabox/certs"