summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2016-09-15 21:52:01 -0400
committerJoey Hess2016-09-15 21:52:01 -0400
commite11363625f29ab0f45a3db989f3245398c2a4182 (patch)
treeaf49bb2de6cf31c2f194fe621a52a19bf54bdb50
parentb81abff0d4cd9266115ded70129a2ac357b20cef (diff)
propellor spin
-rw-r--r--joeyconfig.hs15
-rw-r--r--src/Propellor/Property/Tor.hs2
2 files changed, 16 insertions, 1 deletions
diff --git a/joeyconfig.hs b/joeyconfig.hs
index bfdc2795..48b34392 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -457,12 +457,14 @@ pell = host "pell.branchable.com" $ props
& Apt.unattendedUpgrades
& Branchable.server hosts
+-- See https://joeyh.name/code/keysafe/servers/ for requirements.
keysafe :: Host
keysafe = host "keysafe.joeyh.name" $ props
& ipv4 "139.59.17.168"
& Hostname.sane
& osDebian (Stable "jessie") X86_64
& Apt.stdSourcesList `onChange` Apt.upgrade
+ & Apt.unattendedUpgrades
& DigitalOcean.distroKernel
-- This is a 500 mb VM, so need more ram to build propellor.
& Apt.serviceInstalledRunning "swapspace"
@@ -491,6 +493,19 @@ keysafe = host "keysafe.joeyh.name" $ props
& Tor.bandwidthRate (Tor.PerMonth "750 GB")
-- keysafe installed manually until package is available
+
+ & Obnam.backupEncrypted "/var/lib/keysafe" (Cron.Times "42 9 * * *")
+ [ "--repository=sftp://2318@usw-s002.rsync.net/~/keysafe.obnam"
+ , "--client-name=keysafe.joeyh.name"
+ , Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4]
+ ] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
+ `requires` rootsshkey
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+ where
+ rootsshkey = Ssh.userKeys (User "root")
+ (Context "keysafe.joeyh.name")
+ [ (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx8bK9ZbXVEgEvxQeXLjnr9cGa/QvoB459aglP529My root@keysafe")
+ ]
iabak :: Host
iabak = host "iabak.archiveteam.org" $ props
diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs
index 5b8a84ea..ea9f39ed 100644
--- a/src/Propellor/Property/Tor.hs
+++ b/src/Propellor/Property/Tor.hs
@@ -145,7 +145,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName $ hiddenService hn port
r <- satisfy
mh <- liftIO $ tryIO $ readFile (varLib </> hn </> "hostname")
case mh of
- Right h -> infoMessage $ unwords ["hidden service hostname:", h]
+ Right h -> infoMessage ["hidden service hostname:", h]
Left _e -> warningMessage "hidden service hostname not available yet"
return r