summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2015-06-01 16:05:31 -0400
committerJoey Hess2015-06-01 16:05:31 -0400
commita50edc3d9f1fc630ba5f72aba6cfec9aca71c204 (patch)
tree9d8e958c2e78c08d71afa99b5b9e081a9451b803
parenta7045f737efe76c7346a1ac34f10d0d8d311ff89 (diff)
better types for systemd port publishing
-rw-r--r--config-joey.hs4
-rw-r--r--debian/changelog5
-rw-r--r--src/Propellor/Property/Systemd.hs59
3 files changed, 39 insertions, 29 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 56f1eb93..ff06333d 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -104,8 +104,8 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Docker.garbageCollected `period` Daily
! Docker.docked webserver'
& File.dirExists "/var/www/html"
- & File.notPresent "/var/www/html/index.html"
- & "/var/www/index.html" `File.hasContent` ["hello, world"]
+ & File.notPresent "/var/www/index.html"
+ & "/var/www/html/index.html" `File.hasContent` ["hello, world"]
& alias "helloworld.kitenet.net"
& Docker.docked oldusenetShellBox
diff --git a/debian/changelog b/debian/changelog
index 9b75e118..a4c40ea5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,15 +8,16 @@ propellor (2.5.0) UNRELEASED; urgency=medium
* createProcess from Propellor.Property.Cmd, so they are available
for use in constricting your own Properties when using propellor
as a library.
- * Improve enter-machine scripts for nspawn containers to unset most
+ * Improve enter-machine scripts for systemd-nspawn containers to unset most
environment variables.
* Fix Postfix.satellite bug; the default relayhost was set to the
domain, not to smtp.domain as documented.
* Mount /proc inside a chroot before provisioning it, to work around #787227
* --spin now works when given a short hostname that only resolves to an
ipv6 address.
- * Added publish property for systemd-spawn containers.
+ * Added publish and publish' properties for systemd-spawn containers.
(Needs systemd version 220.)
+ * Added bind and bindRo properties for systemd-spawn containers.
-- Joey Hess <id@joeyh.name> Thu, 07 May 2015 12:08:34 -0400
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 973314ac..34e51ba9 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -1,3 +1,5 @@
+{-# LANGUAGE TypeSynonymInstances #-}
+
module Propellor.Property.Systemd (
-- * Services
module Propellor.Property.Systemd.Core,
@@ -22,9 +24,12 @@ module Propellor.Property.Systemd (
-- * Container configuration
containerCfg,
resolvConfed,
- publish,
+ Publishable(..),
+ privateNetwork,
+ ForwardedPort(..),
Proto(..),
- publish',
+ PortSpec(..),
+ publish,
bind,
bindRo,
) where
@@ -288,32 +293,36 @@ resolvConfed = containerCfg "bind=/etc/resolv.conf"
privateNetwork :: RevertableProperty
privateNetwork = containerCfg "private-network"
--- | Publish a container's (tcp) port to same port on the host.
---
--- This automatically enables privateNetwork, so all non-published ports
--- will not be accessible outside the container.
---
--- Note that this feature was first added in systemd version 220.
-publish :: Port -> RevertableProperty
-publish p = publish' TCP p p
- `requires` privateNetwork
+class Publishable a where
+ toPublish :: a -> String
+
+instance Publishable Port where
+ toPublish p = show p
+
+data ForwardedPort = ForwardedPort
+ { hostPort :: Port
+ , containerPort :: Port
+ }
+
+instance Publishable ForwardedPort where
+ toPublish fp = show (hostPort fp) ++ ":" ++ show (containerPort fp)
data Proto = TCP | UDP
-publish'
- :: Proto
- -> Port -- ^ Host port
- -> Port -- ^ Container port
- -> RevertableProperty
-publish' proto hostport containerport = containerCfg $ "--port=" ++
- intercalate ":"
- [ sproto proto
- , show hostport
- , show containerport
- ]
- where
- sproto TCP = "tcp"
- sproto UDP = "udp"
+data PortSpec = PortSpec Proto ForwardedPort
+
+instance Publishable PortSpec where
+ toPublish (PortSpec TCP fp) = "tcp:" ++ toPublish fp
+ toPublish (PortSpec UDP fp) = "udp:" ++ toPublish fp
+
+-- | Publish a port from the container on the host.
+--
+-- Note that this will only work if the container's network is set up
+-- by other properties.
+--
+-- This feature was first added in systemd version 220.
+publish :: Publishable p => p -> RevertableProperty
+publish p = containerCfg $ "--port=" ++ toPublish p
-- | Bind mount a file or directory from the host into the container.
--