summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2015-10-10 13:46:00 -0400
committerJoey Hess2015-10-10 13:46:00 -0400
commit1b2a63f7fda4411adc71da3f43b173ffe7e7eb10 (patch)
tree7ee1b0f6ae8e42869afbed34374c939c7a245c94
parentb3a5cb70dc04843a5b841f987bd60b8689edb58b (diff)
propellor spin
-rw-r--r--config-joey.hs62
-rw-r--r--src/Propellor/Property/Apache.hs30
-rw-r--r--src/Propellor/Property/OpenId.hs33
3 files changed, 60 insertions, 65 deletions
diff --git a/config-joey.hs b/config-joey.hs
index f1f87a27..6829faf5 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -17,7 +17,6 @@ import qualified Propellor.Property.Hostname as Hostname
import qualified Propellor.Property.Tor as Tor
import qualified Propellor.Property.Dns as Dns
import qualified Propellor.Property.OpenId as OpenId
-import qualified Propellor.Property.Docker as Docker
import qualified Propellor.Property.Git as Git
import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Apache as Apache
@@ -323,14 +322,10 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
& alias "ns3.kitenet.net"
& myDnsSecondary
- -- & Docker.configured
- -- & Docker.docked openidProvider
- -- `requires` Apt.serviceInstalledRunning "ntp"
- -- & Docker.docked jerryPlay
- -- & Docker.garbageCollected `period` (Weekly (Just 1))
-
& Systemd.nspawned oldusenetShellBox
- ! Systemd.nspawned ancientKitenet
+ & Systemd.nspawned ancientKitenet
+ & Systemd.nspawned openidProvider
+ `requires` Apt.serviceInstalledRunning "ntp"
& JoeySites.scrollBox
& alias "scroll.joeyh.name"
@@ -429,39 +424,32 @@ webserver = standardStableContainer "webserver"
-- My own openid provider. Uses php, so containerized for security
-- and administrative sanity.
-openidProvider :: Docker.Container
-openidProvider = standardStableDockerContainer "openid-provider"
- & alias "openid.kitenet.net"
- & Docker.publish "8081:80"
- & OpenId.providerFor [User "joey", User "liw"]
- "openid.kitenet.net:8081"
+openidProvider :: Systemd.Container
+openidProvider = standardStableContainer "openid-provider"
+ & alias hn
+ & OpenId.providerFor [User "joey", User "liw"] hn (Just (Port 8081))
+ where
+ hn = "openid.kitenet.net"
-- Exhibit: kite's 90's website on port 1994.
ancientKitenet :: Systemd.Container
ancientKitenet = standardStableContainer "ancient-kitenet"
- & alias "ancient.kitenet.net"
+ & alias hn
& Git.cloned (User "root") "git://kitenet-net.branchable.com/" "/var/www/html"
(Just "remotes/origin/old-kitenet.net")
& Apache.installed
- & Apache.virtualHost "ancient.kitenet.net" (Port 1994) "/var/www/html"
+ & Apache.listenPorts [p]
+ & Apache.virtualHost hn p "/var/www/html"
& Apache.siteDisabled "000-default"
- & "/etc/apache2/ports.conf" `File.hasContent` ["Listen 1994"]
- `onChange` Apache.reloaded
+ where
+ p = Port 1994
+ hn = "ancient.kitenet.net"
oldusenetShellBox :: Systemd.Container
oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
& alias "shell.olduse.net"
& JoeySites.oldUseNetShellBox
-jerryPlay :: Docker.Container
-jerryPlay = standardDockerContainer "jerryplay" Unstable "amd64"
- & alias "jerryplay.kitenet.net"
- & Docker.publish "2202:22"
- & Docker.publish "8001:80"
- & Apt.installed ["ssh"]
- & User.hasPassword (User "root")
- & Ssh.permitRootLogin (Ssh.RootLogin True)
-
kiteShellBox :: Systemd.Container
kiteShellBox = standardStableContainer "kiteshellbox"
& JoeySites.kiteShellBox
@@ -509,26 +497,6 @@ standardContainer name suite arch = Systemd.container name chroot
standardStableContainer :: Systemd.MachineName -> Systemd.Container
standardStableContainer name = standardContainer name (Stable "jessie") "amd64"
-standardStableDockerContainer :: Docker.ContainerName -> Docker.Container
-standardStableDockerContainer name = standardDockerContainer name (Stable "jessie") "amd64"
-
-standardDockerContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Docker.Container
-standardDockerContainer name suite arch = Docker.container name (dockerImage system)
- & os system
- & Apt.stdSourcesList `onChange` Apt.upgrade
- & Apt.unattendedUpgrades
- & Apt.cacheCleaned
- & Docker.tweaked
- where
- system = System (Debian suite) arch
-
--- Docker images I prefer to use.
-dockerImage :: System -> Docker.Image
-dockerImage (System (Debian Unstable) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
-dockerImage (System (Debian Testing) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
-dockerImage (System (Debian (Stable _)) arch) = Docker.latestImage ("joeyh/debian-stable-" ++ arch)
-dockerImage _ = Docker.latestImage "debian-stable-official" -- does not currently exist!
-
myDnsSecondary :: Property HasInfo
myDnsSecondary = propertyList "dns secondary for all my domains" $ props
& Dns.secondary hosts "kitenet.net"
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index 49e3d525..b4bbdc32 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -5,7 +5,14 @@ import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service
-type ConfigFile = [String]
+installed :: Property NoInfo
+installed = Apt.installed ["apache2"]
+
+restarted :: Property NoInfo
+restarted = Service.restarted "apache2"
+
+reloaded :: Property NoInfo
+reloaded = Service.reloaded "apache2"
-- | A basic virtual host, publishing a directory, and logging to
-- the combined apache log file.
@@ -21,6 +28,8 @@ virtualHost hn (Port p) docroot = siteEnabled hn
, "</VirtualHost>"
]
+type ConfigFile = [String]
+
siteEnabled :: HostName -> ConfigFile -> RevertableProperty
siteEnabled hn cf = enable <!> disable
where
@@ -65,6 +74,16 @@ modEnabled modname = enable <!> disable
`onChange` reloaded
isenabled = boolSystem "a2query" [Param "-q", Param "-m", Param modname]
+-- | Make apache listen on the specified ports.
+--
+-- Note that ports are also specified inside a site's config file,
+-- so that also needs to be changed.
+listenPorts :: [Port] -> Property NoInfo
+listenPorts ps = "/etc/apache2/ports.conf" `File.hasContent` map portline ps
+ `onChange` restarted
+ where
+ portline (Port n) = "Listen " ++ show n
+
-- This is a list of config files because different versions of apache
-- use different filenames. Propellor simply writes them all.
siteCfg :: HostName -> [FilePath]
@@ -75,15 +94,6 @@ siteCfg hn =
, "/etc/apache2/sites-available/" ++ hn ++ ".conf"
]
-installed :: Property NoInfo
-installed = Apt.installed ["apache2"]
-
-restarted :: Property NoInfo
-restarted = Service.restarted "apache2"
-
-reloaded :: Property NoInfo
-reloaded = Service.reloaded "apache2"
-
-- | Configure apache to use SNI to differentiate between
-- https hosts.
--
diff --git a/src/Propellor/Property/OpenId.hs b/src/Propellor/Property/OpenId.hs
index 1f6f2559..6becee62 100644
--- a/src/Propellor/Property/OpenId.hs
+++ b/src/Propellor/Property/OpenId.hs
@@ -3,19 +3,29 @@ module Propellor.Property.OpenId where
import Propellor
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
-import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.Apache as Apache
import Data.List
-providerFor :: [User] -> String -> Property HasInfo
-providerFor users baseurl = propertyList desc $ map toProp
- [ Apt.serviceInstalledRunning "apache2"
- , Apt.installed ["simpleid"]
- `onChange` Service.restarted "apache2"
- , File.fileProperty (desc ++ " configured")
+-- | Openid provider, using the simpleid PHP CGI, with apache.
+--
+-- Runs on usual port by defualt. When a nonstandard port is specified,
+-- apache is limited to listening only on that port. Warning: Specifying
+-- a port won't compose well with other apache properties on the same
+-- host.
+providerFor :: [User] -> HostName -> Maybe Port -> Property HasInfo
+providerFor users hn mp = propertyList desc $ props
+ & Apt.serviceInstalledRunning "apache2"
+ & apacheconfigured
+ & Apt.installed ["simpleid"]
+ `onChange` Apache.restarted
+ & File.fileProperty (desc ++ " configured")
(map setbaseurl) "/etc/simpleid/config.inc"
- ] ++ map identfile users
+ & propertyList desc (map identfile users)
where
+ baseurl = hn ++ case mp of
+ Nothing -> ""
+ Just (Port p) -> show p
url = "http://"++baseurl++"/simpleid"
desc = "openid provider " ++ url
setbaseurl l
@@ -23,6 +33,13 @@ providerFor users baseurl = propertyList desc $ map toProp
"define('SIMPLEID_BASE_URL', '"++url++"');"
| otherwise = l
+ apacheconfigured = case mp of
+ Nothing -> toProp $
+ Apache.virtualHost hn (Port 80) "/var/www/html"
+ Just p -> propertyList desc $ props
+ & Apache.listenPorts [p]
+ & Apache.virtualHost hn p "/var/www/html"
+
-- the identities directory controls access, so open up
-- file mode
identfile (User u) = File.hasPrivContentExposed