summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2016-02-07 22:01:17 -0400
committerJoey Hess2016-02-07 22:02:15 -0400
commit97fdc43f8a49c87c730471442cf2117bf0a75d64 (patch)
tree10c26e2878f9bfac97bbe3b2e67c7f0e0cd45f36
parentefbb3d0e126721e0f9487f194379806c37f1988e (diff)
property is revertable
-rw-r--r--config-joey.hs2
-rw-r--r--src/Propellor/Property/Apache.hs17
2 files changed, 11 insertions, 8 deletions
diff --git a/config-joey.hs b/config-joey.hs
index fc7bd681..5c3d376b 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -337,8 +337,6 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html"
(LetsEncrypt.AgreeTOS (Just "id@joeyh.name"))
& alias "letsencrypt.joeyh.name"
- -- to revert above, partially:
- -- ! Apache.virtualHost "letsencrypt.joeyh.name" (Port 443) "/var/www/html"
elephant :: Host
elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index d0bcadfa..dee7a5fc 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -156,16 +156,21 @@ virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $
--
-- > httpsVirtualHost "example.com" "/var/www"
-- > (LetsEncrypt.AgreeTOS (Just "me@my.domain"))
-httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo
+--
+-- Note that reverting this property does not remove the certificate from
+-- letsencrypt's cert store.
+httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> RevertableProperty NoInfo
httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos []
-- | Like `httpsVirtualHost` but with additional config lines added.
-httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo
-httpsVirtualHost' domain docroot letos addedcfg = setuphttp
- `requires` modEnabled "rewrite"
- `requires` modEnabled "ssl"
- `before` setuphttps
+httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> RevertableProperty NoInfo
+httpsVirtualHost' domain docroot letos addedcfg = setup <!> teardown
where
+ setup = setuphttp
+ `requires` modEnabled "rewrite"
+ `requires` modEnabled "ssl"
+ `before` setuphttps
+ teardown = siteDisabled domain
setuphttp = siteEnabled' domain $
-- The sslconffile is only created after letsencrypt gets
-- the cert. The "*" is needed to make apache not error