summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-08-22 13:01:54 -0400
committerJoey Hess2014-08-22 13:01:54 -0400
commit59f94154b5c3dba9e045cd246429443372582ea5 (patch)
treec64139194c285204fb6e439013ebb2e8118eae80
parent1c6245cef81570e561dca4f5320950cff213ed3c (diff)
parent3cb9a60f89a21d4d0a423db60d9c32eca2ef38bb (diff)
Merge branch 'joeyconfig'
-rw-r--r--config-joey.hs20
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs5
-rw-r--r--src/Propellor/Property/Ssh.hs18
3 files changed, 30 insertions, 13 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 57a431ca..44f66819 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -13,7 +13,6 @@ import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.User as User
import qualified Propellor.Property.Hostname as Hostname
---import qualified Propellor.Property.Reboot as Reboot
import qualified Propellor.Property.Tor as Tor
import qualified Propellor.Property.Dns as Dns
import qualified Propellor.Property.OpenId as OpenId
@@ -21,7 +20,6 @@ import qualified Propellor.Property.Docker as Docker
import qualified Propellor.Property.Git as Git
import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Postfix as Postfix
-import qualified Propellor.Property.Service as Service
import qualified Propellor.Property.Grub as Grub
import qualified Propellor.Property.Obnam as Obnam
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
@@ -57,6 +55,12 @@ hosts = -- (o) `
& Docker.configured
& Docker.garbageCollected `period` Daily
+
+ -- ssh on some extra ports to deal with horrible networks
+ -- while travelling
+ & alias "travelling.kitenet.net"
+ & Ssh.listenPort 80
+ & Ssh.listenPort 443
-- Orca is the main git-annex build box.
, standardSystem "orca.kitenet.net" Unstable "amd64"
@@ -69,7 +73,6 @@ hosts = -- (o) `
& Docker.docked hosts "amd64-git-annex-builder"
& Docker.docked hosts "i386-git-annex-builder"
& Docker.docked hosts "android-git-annex-builder"
- -- not currently working
& Docker.docked hosts "armel-git-annex-builder-companion"
& Docker.docked hosts "armel-git-annex-builder"
& Docker.garbageCollected `period` Daily
@@ -161,6 +164,7 @@ hosts = -- (o) `
"26fd6e38-1226-11e2-a75f-ff007033bdba"
[]
& JoeySites.twitRss
+ & JoeySites.pumpRss
& alias "nntp.olduse.net"
& alias "resources.olduse.net"
@@ -233,13 +237,7 @@ hosts = -- (o) `
-- Nothing is using http port 80, so listen on
-- that port for ssh, for traveling on bad networks that
-- block 22.
- & "/etc/ssh/sshd_config" `File.containsLine` "Port 80"
- `onChange` Service.restarted "ssh"
-
- -- temp
- ! Docker.docked hosts "amd64-git-annex-builder"
- ! Docker.docked hosts "i386-git-annex-builder"
- ! Docker.docked hosts "android-git-annex-builder"
+ & Ssh.listenPort 80
--' __|II| ,.
@@ -289,8 +287,6 @@ hosts = -- (o) `
, let gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
in GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
& Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
-
- -- temp for an acquantance
] ++ monsters
type Motd = [String]
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index fa8773de..6fe10c02 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -312,6 +312,11 @@ twitRss = combineProperties "twitter rss"
feed url desc = Cron.job desc crontime "joey" dir $
"./twitRss " ++ shellEscape url ++ " > " ++ shellEscape ("../" ++ desc ++ ".rss")
+-- Work around for expired ssl cert.
+pumpRss :: Property
+pumpRss = Cron.job "pump rss" "15 * * * *" "joey" "/srv/web/tmp.kitenet.net/"
+ "wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom --no-check-certificate 2>/dev/null"
+
ircBouncer :: Property
ircBouncer = propertyList "IRC bouncer"
[ Apt.installed ["znc"]
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 5a260476..41b93089 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -9,7 +9,8 @@ module Propellor.Property.Ssh (
hostKey,
keyImported,
knownHost,
- authorizedKeys
+ authorizedKeys,
+ listenPort
) where
import Propellor
@@ -164,3 +165,18 @@ authorizedKeys user context = withPrivData (SshAuthorizedKeys user) context $ \g
[ File.ownerGroup f user user
, File.ownerGroup (takeDirectory f) user user
]
+
+-- | Makes the ssh server listen on a given port, in addition to any other
+-- ports it is configured to listen on.
+--
+-- Revert to prevent it listening on a particular port.
+listenPort :: Int -> RevertableProperty
+listenPort port = RevertableProperty enable disable
+ where
+ portline = "Port " ++ show port
+ enable = sshdConfig `File.containsLine` portline
+ `describe` ("ssh listening on " ++ portline)
+ `onChange` restartSshd
+ disable = sshdConfig `File.lacksLine` portline
+ `describe` ("ssh not listening on " ++ portline)
+ `onChange` restartSshd