summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2014-07-18 16:40:09 -0400
committerJoey Hess2014-07-18 16:40:09 -0400
commit93730d530a722e951e51c675c1aed9fdd3c75a87 (patch)
tree789cfbad3dcf7ea5d726c136dfdd4e5d28e0159b
parentd5abbeb116a749c77d9d594097bd83c027374384 (diff)
propellor spin
-rw-r--r--config-joey.hs16
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs13
2 files changed, 21 insertions, 8 deletions
diff --git a/config-joey.hs b/config-joey.hs
index a2c2554e..6b02ed49 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -90,6 +90,8 @@ hosts = -- (o) `
& Apt.unattendedUpgrades
& Apt.installed ["systemd"]
& Ssh.hostKeys (Context "kitenet.net")
+ -- Since ssh password authentication is allowed:
+ & Apt.serviceInstalledRunning "fail2ban"
& Obnam.backup "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net"
@@ -107,9 +109,12 @@ hosts = -- (o) `
-- & alias "smtp.kitenet.net" -- not yet live!
-- & alias "imap.kitenet.net" -- not yet live!
- & Apt.installed ["git-annex", "myrepos"]
- -- Since password authentication is allowed:
- & Apt.serviceInstalledRunning "fail2ban"
+ & Apt.installed
+ ["git-annex", "myrepos"
+ , "build-essential", "make"
+ -- Some users have zsh as their login shell.
+ , "zsh"
+ ]
, standardSystem "diatom.kitenet.net" Stable "amd64"
[ "Important stuff that needs not too much memory or CPU." ]
@@ -406,9 +411,8 @@ monsters = -- but do want to track their public keys etc.
- mailman
- /spamassassin
- sqwebmail
- - /courier
- - /imap
- - /pop
+ - /imap server
+ - /pop server
- apache
- some static websites
- bitlbee
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 1b70807a..5f647bf2 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -511,7 +511,14 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine`
"mail_location = maildir:~/Maildir"
`onChange` Service.reloaded "dovecot"
- `describe` "dovecot configured"
+ `describe` "dovecot mail.conf"
+ , "/etc/dovecot/conf.d/10-auth.conf" `File.containsLine`
+ "!include auth-passwdfile.conf.ex"
+ `onChange` Service.restarted "dovecot"
+ `describe` "dovecot auth.conf"
+ , File.hasPrivContent dovecotusers ctx
+ `onChange` (dovecotusers `File.mode`
+ combineModes [ownerReadMode, groupReadMode])
, Apt.installed ["mutt", "bsd-mailx", "alpine"]
@@ -526,7 +533,8 @@ kiteMailServer = propertyList "kitenet.net mail server"
, "chmod 600 $pass"
, "exec alpine -passfile $pass \"$@\""
]
- `onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes))
+ `onChange` (pinescript `File.mode`
+ combineModes (readModes ++ executeModes))
`describe` "pine wrapper script"
, "/etc/pine.conf" `File.containsLines`
[ "inbox-path={localhost/novalidate-cert}inbox"
@@ -536,6 +544,7 @@ kiteMailServer = propertyList "kitenet.net mail server"
where
ctx = Context "kitenet.net"
pinescript = "/usr/local/bin/pine"
+ dovecotusers = "/etc/dovecot/users"
hasJoeyCAChain :: Property
hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed`