summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2018-10-13 17:36:57 -0400
committerJoey Hess2018-10-13 17:36:57 -0400
commitbb95543c021da2bb5d4e004ce0f7bbb82a7b880e (patch)
tree4d1fa99782fd4dc06f264524fe657ac3952f07d5
parent1ceaf23df6d9a0691beb9c38dfc20a8d7e09c567 (diff)
parent218e694bb004b7fe1e1557c3e19db2ce7ae99b6a (diff)
Merge branch 'joeyconfig'
-rw-r--r--debian/changelog1
-rw-r--r--joeyconfig.hs111
-rw-r--r--src/Propellor/Property/Borg.hs4
-rw-r--r--src/Propellor/Property/SiteSpecific/Branchable.hs41
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs60
5 files changed, 68 insertions, 149 deletions
diff --git a/debian/changelog b/debian/changelog
index 225b71b0..cc0e0a15 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,7 @@ propellor (5.5.0) UNRELEASED; urgency=medium
This fixes a potential ordering problem; the property used to append
the line to /etc/sudoers, but that would override more specific lines
in the include directory.
+ * Borg: Added UsesEnvVar.
-- Joey Hess <id@joeyh.name> Thu, 09 Aug 2018 10:54:41 -0400
diff --git a/joeyconfig.hs b/joeyconfig.hs
index 76646829..52aff91d 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -19,7 +19,6 @@ import qualified Propellor.Property.Hostname as Hostname
import qualified Propellor.Property.Fstab as Fstab
import qualified Propellor.Property.Tor as Tor
import qualified Propellor.Property.Dns as Dns
-import qualified Propellor.Property.OpenId as OpenId
import qualified Propellor.Property.Git as Git
import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Apache as Apache
@@ -52,7 +51,6 @@ hosts = -- (o) `
, baleen
, honeybee
, kite
- , elephant
, beaver
, mouse
, peregrine
@@ -207,7 +205,7 @@ honeybee = host "honeybee.kitenet.net" $ props
& Postfix.satellite
& check (not <$> inChroot) (setupRevertableProperty autobuilder)
- & check (not <$> inChroot) (setupRevertableProperty ancientautobuilder)
+ & check (not <$> inChroot) (undoRevertableProperty ancientautobuilder)
-- In case compiler needs more than available ram
& Apt.serviceInstalledRunning "swapspace"
where
@@ -250,13 +248,16 @@ kite = host "kite.kitenet.net" $ props
& Apt.serviceInstalledRunning "ntp"
& "/etc/timezone" `File.hasContent` ["US/Eastern"]
- & Borg.backup "/" (Borg.BorgRepo "joey@eubackup.kitenet.net:/home/joey/lib/backup/kite/kite.borg") Cron.Daily
+ & Borg.backup "/" (JoeySites.rsyncNetBorgRepo "kite.borg" []) Cron.Daily
[ "--exclude=/proc/*"
, "--exclude=/sys/*"
, "--exclude=/run/*"
+ , "--exclude=/mnt/*"
, "--exclude=/tmp/*"
, "--exclude=/var/tmp/*"
, "--exclude=/var/cache/*"
+ , "--exclude=/var/lib/swapspace/*"
+ , "--exclude=/var/lib/container/*"
, "--exclude=/home/joey/lib"
-- These directories are backed up and restored separately.
, "--exclude=/srv/git"
@@ -266,7 +267,7 @@ kite = host "kite.kitenet.net" $ props
, Borg.KeepWeeks 4
, Borg.KeepMonths 6
]
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
`requires` Ssh.userKeys (User "root")
(Context "kite.kitenet.net")
[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
@@ -286,7 +287,7 @@ kite = host "kite.kitenet.net" $ props
& alias "git.joeyh.name"
& JoeySites.gitServer hosts
- & JoeySites.downloads hosts
+ & JoeySites.downloads
& JoeySites.gitAnnexDistributor
& JoeySites.tmp
@@ -302,6 +303,17 @@ kite = host "kite.kitenet.net" $ props
& alias "nntp.olduse.net"
& JoeySites.oldUseNetServer hosts
& Systemd.nspawned oldusenetShellBox
+
+ & alias "znc.kitenet.net"
+ & JoeySites.ircBouncer
+
+ & alias "kgb.kitenet.net"
+ & JoeySites.kgbServer
+
+ & Systemd.nspawned ancientKitenet
+
+ & alias "podcatcher.kitenet.net"
+ & JoeySites.podcatcher
& JoeySites.scrollBox
& alias "scroll.joeyh.name"
@@ -328,6 +340,7 @@ kite = host "kite.kitenet.net" $ props
, "domain kitenet.net"
, "search kitenet.net"
]
+
& alias "debug-me.joeyh.name"
& Apt.installed ["debug-me"]
& Systemd.enabled "debug-me"
@@ -336,65 +349,6 @@ kite = host "kite.kitenet.net" $ props
& Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html"
(LetsEncrypt.AgreeTOS (Just "id@joeyh.name"))
& alias "letsencrypt.joeyh.name"
- where
-
-elephant :: Host
-elephant = host "elephant.kitenet.net" $ props
- & standardSystem Unstable X86_64
- [ "Storage, big data, and backups, omnomnom!"
- , "(Encrypt all data stored here.)"
- ]
- & ipv4 "193.234.225.114"
- & Ssh.hostKeys hostContext
- [ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBANxXGWac0Yz58akI3UbLkphAa8VPDCGswTS0CT3D5xWyL9OeArISAi/OKRIvxA4c+9XnWtNXS7nYVFDJmzzg8v3ZMx543AxXK82kXCfvTOc/nAlVz9YKJAA+FmCloxpmOGrdiTx1k36FE+uQgorslGW/QTxnOcO03fDZej/ppJifAAAAFQCnenyJIw6iJB1+zuF/1TSLT8UAeQAAAIEA1WDrI8rKnxnh2rGaQ0nk+lOcVMLEr7AxParnZjgC4wt2mm/BmkF/feI1Fjft2z4D+V1W7MJHOqshliuproxhFUNGgX9fTbstFJf66p7h7OLAlwK8ZkpRk/uV3h5cIUPel6aCwjL5M2gN6/yq+gcCTXeHLq9OPyUTmlN77SBL71UAAACBAJJiCHWxPAGooe7Vv3W7EIBbsDyf7b2kDH3bsIlo+XFcKIN6jysBu4kn9utjFlrlPeHUDzGQHe+DmSqTUQQ0JPCRGcAcuJL8XUqhJi6A6ye51M9hVt51cJMXmERx9TjLOP/adkEuxpv3Fj20FxRUr1HOmvRvewSHrJ1GeA1bjbYL")
- , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrEQ7aNmRYyLKY7xHILQsyV/w0B3++D98vn5IvjHkDnitrUWjB+vPxlS7LYKLzN9Jx7Hb14R2lg7+wdgtFMxLZZukA8b0tqFpTdRFBvBYGh8IM8Id1iE/6io/NZl+hTQEDp0LJP+RljH1CLfz7J3qtc+v6NbfTP5cOgH104mWYoLWzJGaZ4p53jz6THRWnVXy5nPO3dSBr2f/SQgRuJQWHNIh0jicRGD8H2kzOQzilpo+Y46PWtkufl3Yu3UsP5UMAyLRIXwZ6nNRZqRiVWrX44hoNfDbooTdFobbHlqMl+y6291bOXaOA6PACk8B4IVcC89/gmc9Oe4EaDuszU5kD")
- , (SshEcdsa, "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAJkoPRhUGT8EId6m37uBdYEtq42VNwslKnc9mmO+89ody066q6seHKeFY6ImfwjcyIjM30RTzEwftuVNQnbEB0=")
- , (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB6VtXi0uygxZeCo26n6PuCTlSFCBcwRifv6N8HdWh2Z")
- ]
-
- & Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
- & Postfix.satellite
- & Apt.unattendedUpgrades
- & Systemd.installed
- & Systemd.persistentJournal
- & Ssh.userKeys (User "joey") hostContext
- [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4wJuQEGno+nJvtE75IKL6JQ08sJHZ9Bzs9Dvu0zuxSEZE30MWK98/twNwCH9PVf2N9m4apfN7f9GHgHTUongfo8xnLAk4PuBSTV74YgKyOCvNYqANuKKa+76PsS/vFf/or3ct++uTEWsRyYD29cQndufwKA4rthAqHG+fifbLDC53AjcldI0zI1RckpPzT+AMazlnSBFMlpKvGD2uzSXALVRXa3vSqWkWd0z7qmIkpmpq0AAgbDLwrGBcUGV/h0rOa2s8zSeirA0tLmHNROl4cZsX0T/6VBGfBRkrHSxL67xJziATw4WPq6spYlxg84pC/5qJVr9SC5HosppbDqgj joey@elephant")
- ]
- & Apt.serviceInstalledRunning "swapspace"
-
- & alias "eubackup.kitenet.net"
- & Apt.installed ["sshfs", "rsync", "borgbackup"]
- & JoeySites.githubBackup
- & JoeySites.rsyncNetBackup hosts
-
- & alias "podcatcher.kitenet.net"
- & JoeySites.podcatcher
-
- & alias "znc.kitenet.net"
- & JoeySites.ircBouncer
- & alias "kgb.kitenet.net"
- & JoeySites.kgbServer
-
- & alias "ns3.kitenet.net"
- & myDnsSecondary
-
- & Systemd.nspawned oldusenetShellBox
- & Systemd.nspawned ancientKitenet
- & Systemd.nspawned openidProvider
- `requires` Apt.serviceInstalledRunning "ntp"
-
- & JoeySites.scrollBox
- & alias "scroll.joeyh.name"
- & alias "eu.scroll.joeyh.name"
-
- -- For https port 443, shellinabox with ssh login to
- -- kitenet.net
- & alias "shell.kitenet.net"
- & Systemd.nspawned kiteShellBox
- -- Nothing is using http port 80, so listen on
- -- that port for ssh, for traveling on bad networks that
- -- block 22.
- & Ssh.listenPort (Port 80)
beaver :: Host
beaver = host "beaver.kitenet.net" $ props
@@ -403,8 +357,6 @@ beaver = host "beaver.kitenet.net" $ props
& Ssh.hostPubKey SshDsa "ssh-dss AAAAB3NzaC1kc3MAAACBAIrLX260fY0Jjj/p0syNhX8OyR8hcr6feDPGOj87bMad0k/w/taDSOzpXe0Wet7rvUTbxUjH+Q5wPd4R9zkaSDiR/tCb45OdG6JsaIkmqncwe8yrU+pqSRCxttwbcFe+UU+4AAcinjVedZjVRDj2rRaFPc9BXkPt7ffk8GwEJ31/AAAAFQCG/gOjObsr86vvldUZHCteaJttNQAAAIB5nomvcqOk/TD07DLaWKyG7gAcW5WnfY3WtnvLRAFk09aq1EuiJ6Yba99Zkb+bsxXv89FWjWDg/Z3Psa22JMyi0HEDVsOevy/1sEQ96AGH5ijLzFInfXAM7gaJKXASD7hPbVdjySbgRCdwu0dzmQWHtH+8i1CMVmA2/a5Y/wtlJAAAAIAUZj2US2D378jBwyX1Py7e4sJfea3WSGYZjn4DLlsLGsB88POuh32aOChd1yzF6r6C2sdoPBHQcWBgNGXcx4gF0B5UmyVHg3lIX2NVSG1ZmfuLNJs9iKNu4cHXUmqBbwFYQJBvB69EEtrOw4jSbiTKwHFmqdA/mw1VsMB+khUaVw=="
& Tor.installed
& Tor.hiddenServiceAvailable "ssh" (Port 22)
- & alias "usbackup.kitenet.net"
- & JoeySites.backupsBackedupFrom hosts "eubackup.kitenet.net" "/home/joey/lib/backup"
& Apt.serviceInstalledRunning "anacron"
& Cron.niceJob "system disk backed up" Cron.Weekly (User "root") "/"
"rsync -a -x / /home/joey/lib/backup/beaver.kitenet.net/"
@@ -512,16 +464,6 @@ keysafe = host "keysafe.joeyh.name" $ props
--------------------------- \____, o ,' ----------------------------
---------------------------- '--,___________,' -----------------------------
--- My own openid provider. Uses php, so containerized for security
--- and administrative sanity.
-openidProvider :: Systemd.Container
-openidProvider = Systemd.debContainer "openid-provider" $ props
- & standardContainer (Stable "stretch")
- & alias hn
- & OpenId.providerFor [User "joey", User "liw"] hn (Just (Port 8081))
- where
- hn = "openid.kitenet.net"
-
-- Exhibit: kite's 90's website on port 1994.
ancientKitenet :: Systemd.Container
ancientKitenet = Systemd.debContainer "ancient-kitenet" $ props
@@ -543,11 +485,6 @@ oldusenetShellBox = Systemd.debContainer "oldusenet-shellbox" $ props
& alias "shell.olduse.net"
& JoeySites.oldUseNetShellBox
-kiteShellBox :: Systemd.Container
-kiteShellBox = Systemd.debContainer "kiteshellbox" $ props
- & standardContainer (Stable "stretch")
- & JoeySites.kiteShellBox
-
type Motd = [String]
-- This is my standard system setup.
@@ -598,22 +535,22 @@ myDnsSecondary = propertyList "dns secondary for all my domains" $ props
branchableSecondary :: RevertableProperty (HasInfo + DebianLike) DebianLike
branchableSecondary = Dns.secondaryFor ["branchable.com"] hosts "branchable.com"
--- Currently using kite (ns4) as primary with secondaries
--- elephant (ns3) and gandi.
+-- Currently using kite (ns4) as primary with gandi as secondary
-- kite handles all mail.
myDnsPrimary :: Domain -> [(BindDomain, Record)] -> RevertableProperty (HasInfo + DebianLike) DebianLike
myDnsPrimary domain extras = Dns.signedPrimary (Weekly Nothing) hosts domain
(Dns.mkSOA "ns4.kitenet.net" 100) $
[ (RootDomain, NS $ AbsDomain "ns4.kitenet.net")
- , (RootDomain, NS $ AbsDomain "ns3.kitenet.net")
, (RootDomain, NS $ AbsDomain "ns6.gandi.net")
, (RootDomain, MX 0 $ AbsDomain "kitenet.net")
, (RootDomain, TXT "v=spf1 a a:kitenet.net ~all")
, JoeySites.domainKey
] ++ extras
-monsters :: [Host] -- Systems I don't manage with propellor,
-monsters = -- but do want to track their public keys etc.
+-- Systems I don't manage with propellor,
+-- but do want to track their public keys etc.
+monsters :: [Host]
+monsters =
[ host "usw-s002.rsync.net" $ props
& Ssh.hostPubKey SshEd25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7yTEBGfQYdwG/oeL+U9XPMIh/dW7XNs9T+M79YIOrd"
, host "github.com" $ props
diff --git a/src/Propellor/Property/Borg.hs b/src/Propellor/Property/Borg.hs
index dab07985..9d49fdf4 100644
--- a/src/Propellor/Property/Borg.hs
+++ b/src/Propellor/Property/Borg.hs
@@ -36,6 +36,9 @@ data BorgRepoOpt
-- | Use to specify a ssh private key to use when accessing a
-- BorgRepo.
= UseSshKey FilePath
+ -- | Use to specify an environment variable to set when running
+ -- borg on a BorgRepo.
+ | UsesEnvVar (String, String)
repoLoc :: BorgRepo -> String
repoLoc (BorgRepo s) = s
@@ -53,6 +56,7 @@ runBorgEnv (BorgRepo _) = []
runBorgEnv (BorgRepoUsing os _) = map go os
where
go (UseSshKey k) = ("BORG_RSH", "ssh -i " ++ k)
+ go (UsesEnvVar (k, v)) = (k, v)
installed :: Property DebianLike
installed = withOS desc $ \w o -> case o of
diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs
index 3d23f7d9..3c4d44a1 100644
--- a/src/Propellor/Property/SiteSpecific/Branchable.hs
+++ b/src/Propellor/Property/SiteSpecific/Branchable.hs
@@ -6,10 +6,10 @@ import qualified Propellor.Property.File as File
import qualified Propellor.Property.User as User
import qualified Propellor.Property.Ssh as Ssh
import qualified Propellor.Property.Postfix as Postfix
-import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.Borg as Borg
import qualified Propellor.Property.Cron as Cron
+import Propellor.Property.SiteSpecific.JoeySites (rsyncNetBorgRepo)
server :: [Host] -> Property (HasInfo + DebianLike)
server hosts = propertyList "branchable server" $ props
@@ -39,35 +39,34 @@ server hosts = propertyList "branchable server" $ props
& Postfix.installed
& Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
- & Borg.backup "/" (Borg.BorgRepo "joey@eubackup.kitenet.net:/home/joey/lib/backup/branchable/pell.borg") Cron.Daily
+ -- backup everything except the contents of sites, which are
+ -- backed up by ikiwiki-hosting.
+ & Borg.backup "/" (rsyncNetBorgRepo "pell.borg" []) Cron.Daily
[ "--exclude=/proc/*"
- , "--exclude=/sys/*"
- , "--exclude=/run/*"
- , "--exclude=/tmp/*"
- , "--exclude=/var/tmp/*"
- , "--exclude=/var/backups/ikiwiki-hosting-web/*"
- , "--exclude=/var/cache/*"
- , "--exclude=/home/*/source/*"
- , "--exclude=/home/*/public_html/*"
- , "--exclude=/home/*/.git/*"
- ]
- [ Borg.KeepDays 7
- , Borg.KeepWeeks 5
- , Borg.KeepMonths 12
- , Borg.KeepYears 1
- ]
- -- gpg key that can be used to decrypt the borg backup key
- & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
+ , "--exclude=/sys/*"
+ , "--exclude=/run/*"
+ , "--exclude=/tmp/*"
+ , "--exclude=/var/tmp/*"
+ , "--exclude=/var/backups/ikiwiki-hosting-web/*"
+ , "--exclude=/var/cache/*"
+ , "--exclude=/home/*/source/*"
+ , "--exclude=/home/*/source.git/*"
+ , "--exclude=/home/*/public_html/*"
+ , "--exclude=/home/*/.git/*"
+ ]
+ [ Borg.KeepDays 7
+ , Borg.KeepWeeks 5
+ , Borg.KeepMonths 12
+ , Borg.KeepYears 1
+ ]
& Ssh.userKeys (User "root") (Context "branchable.com")
[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2PqTSupwncqeffNwZQXacdEWp7L+TxllIxH7WjfRMb3U74mQxWI0lwqLVW6Fox430DvhSqF1y5rJBvTHh4i49Tc9lZ7mwAxA6jNOP6bmdfteaKKYmUw5qwtJW0vISBFu28qBO11Nq3uJ1D3Oj6N+b3mM/0D3Y3NoGgF8+2dLdi81u9+l6AQ5Jsnozi2Ni/Osx2oVGZa+IQDO6gX8VEP4OrcJFNJe8qdnvItcGwoivhjbIfzaqNNvswKgGzhYLOAS5KT8HsjvIpYHWkyQ5QUX7W/lqGSbjP+6B8C3tkvm8VLXbmaD+aSkyCaYbuoXC2BoJdS7Jh8phKMwPJmdYVepn")
]
- & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
& Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& adminuser "joey"
& adminuser "liw"
where
- obnamkey = "41E1A9B9"
adminuser u = propertyList ("admin user " ++ u) $ props
& User.accountFor (User u)
& User.hasSomePassword (User u)
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 4b3b06ad..6a9d9942 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -152,9 +152,8 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
(User "root")
(Context "olduse.net")
(SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0F6L76SChMCIGmeyGhlFMUTgZ3BoTbATiOSs0A7KXQoI1LTE5ZtDzzUkrQRJVpJ640pfMR7cQZyBm8tv+kYIPp0238GrX43c1vgm0L78agDnBU7r2iNMyWIwhssK8O3ZAhp8Q4KCz1r8hP2nIiD0y1D1VWW8h4KWOS7I1XCEAjOTvFvEjTh6a9MyHrcIkv7teUUzTBRjNrsyijCFRk1+pEET54RueoOmEjQcWd/sK1tYRiMZjegRLBOus2wUWsUOvznJ2iniLONUTGAWRnEV+O7hLN6CD44osJ+wkZk8bPAumTS0zcSLckX1jpdHJicmAyeniWSd4FCqm1YE6/xDD")
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
- borgrepo = Borg.BorgRepoUsing [Borg.UseSshKey keyfile]
- "joey@eubackup.kitenet.net:/home/joey/lib/backup/olduse.net/olduse.net.borg"
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+ borgrepo = rsyncNetBorgRepo "olduse.net.borg" [Borg.UseSshKey keyfile]
keyfile = "/root/.ssh/olduse.net.key"
oldUseNetShellBox :: Property DebianLike
@@ -179,22 +178,16 @@ oldUseNetInstalled pkg = check (not <$> Apt.isInstalled pkg) $
`assume` MadeChange
`describe` "olduse.net built"
-kgbServer :: Property (HasInfo + Debian)
+kgbServer :: Property (HasInfo + DebianLike)
kgbServer = propertyList desc $ props
- & installed
+ & Apt.serviceInstalledRunning "kgb-bot"
+ & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+ `describe` "kgb bot enabled"
+ `onChange` Service.running "kgb-bot"
& File.hasPrivContent "/etc/kgb-bot/kgb.conf" anyContext
`onChange` Service.restarted "kgb-bot"
where
desc = "kgb.kitenet.net setup"
- installed :: Property Debian
- installed = withOS desc $ \w o -> case o of
- (Just (System (Debian _ Unstable) _)) ->
- ensureProperty w $ propertyList desc $ props
- & Apt.serviceInstalledRunning "kgb-bot"
- & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
- `describe` "kgb bot enabled"
- `onChange` Service.running "kgb-bot"
- _ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)"
-- git.kitenet.net and git.joeyh.name
gitServer :: [Host] -> Property (HasInfo + DebianLike)
@@ -207,7 +200,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
(User "root")
(Context "git.kitenet.net")
(SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLwUUkpkI9c2Wcnv/E4v9bJ7WcpiNkToltXfzRDd1F31AYrucfSMgzu3rtDpEL+wSnQLua/taJkWUWT/pyXOAh+90K6O/YeBZmY5CK01rYDz3kSTAtwHkMqednsRjdQS6NNJsuWc1reO8a4pKtsToJ3G9VAKufCkt2b8Nhqz0yLvLYwwU/mdI8DmfX6IgXhdy9njVEG/jsQnLFXY6QEfwKbIPs9O6qo4iFJg3defXX+zVMLsh3NE1P2i2VxMjxJEQdPdy9Z1sVpkiQM+mgJuylQQ5flPK8sxhO9r4uoK/JROkjPJNYoJMlsN+QlK04ABb7JV2JwhAL/Y8ypjQ13JdT")
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& Ssh.authorizedKeys (User "family") (Context "git.kitenet.net")
& User.accountFor (User "family")
& Apt.installed ["git", "rsync", "cgit"]
@@ -238,8 +231,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
& Apache.modEnabled "cgi"
where
sshkey = "/root/.ssh/git.kitenet.net.key"
- borgrepo = Borg.BorgRepoUsing [Borg.UseSshKey sshkey]
- "joey@eubackup.kitenet.net:/home/joey/lib/backup/git.kitenet.net/git.kitenet.net.borg"
+ borgrepo = rsyncNetBorgRepo "git.kitenet.net.borg" [Borg.UseSshKey sshkey]
website hn = Apache.httpsVirtualHost' hn "/srv/web/git.kitenet.net/" letos
[ Apache.iconDir
, " <Directory /srv/web/git.kitenet.net/>"
@@ -341,12 +333,11 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync
& File.dirExists d
& File.ownerGroup d (User "joey") (Group "joey")
-downloads :: [Host] -> Property (HasInfo + DebianLike)
-downloads hosts = annexWebSite "/srv/git/downloads.git"
+downloads :: Property (HasInfo + DebianLike)
+downloads = annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
- [("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")]
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "joey")
+ []
tmp :: Property (HasInfo + DebianLike)
tmp = propertyList "tmp.joeyh.name" $ props
@@ -377,18 +368,6 @@ ircBouncer = propertyList "IRC bouncer" $ props
where
conf = "/home/znc/.znc/configs/znc.conf"
-kiteShellBox :: Property DebianLike
-kiteShellBox = propertyList "kitenet.net shellinabox" $ props
- & Apt.installed ["openssl", "shellinabox", "openssh-client"]
- & File.hasContent "/etc/default/shellinabox"
- [ "# Deployed by propellor"
- , "SHELLINABOX_DAEMON_START=1"
- , "SHELLINABOX_PORT=443"
- , "SHELLINABOX_ARGS=\"--no-beep --service=/:SSH:kitenet.net\""
- ]
- `onChange` Service.restarted "shellinabox"
- & Service.running "shellinabox"
-
githubBackup :: Property (HasInfo + DebianLike)
githubBackup = propertyList "github-backup box" $ props
& Apt.installed ["github-backup", "moreutils"]
@@ -415,14 +394,6 @@ rsyncNetBackup hosts = Cron.niceJob "rsync.net copied in daily" (Cron.Times "30
(User "joey") "/home/joey/lib/backup" "mkdir -p rsync.net && rsync --delete -az 2318@usw-s002.rsync.net: rsync.net"
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "joey")
-backupsBackedupFrom :: [Host] -> HostName -> FilePath -> Property DebianLike
-backupsBackedupFrom hosts srchost destdir = Cron.niceJob desc
- (Cron.Times "@reboot") (User "joey") "/" cmd
- `requires` Ssh.knownHost hosts srchost (User "joey")
- where
- desc = "backups copied from " ++ srchost ++ " on boot"
- cmd = "sleep 30m && rsync -az --bwlimit=300K --partial --delete " ++ srchost ++ ":lib/backup/ " ++ destdir </> srchost
-
podcatcher :: Property DebianLike
podcatcher = Cron.niceJob "podcatcher run hourly" (Cron.Times "55 * * * *")
(User "joey") "/home/joey/lib/sound/podcasts"
@@ -1085,6 +1056,7 @@ homeRouter = propertyList "home router" $ props
, "no-hosts"
, "address=/honeybee.kitenet.net/10.1.1.1"
, "address=/house.kitenet.net/10.1.1.1"
+ , "dhcp-host=0c:98:38:80:6a:f9,10.1.1.134,android-kodama
]
`onChange` Service.restarted "dnsmasq"
& ipmasq homerouterWifiInterface
@@ -1317,3 +1289,9 @@ autoMountDrive label (USBHubPort port) malias = propertyList desc $ props
[ "stop " ++ mountpoint
, "start " ++ mountpoint
]
+
+rsyncNetBorgRepo :: String -> [Borg.BorgRepoOpt] -> Borg.BorgRepo
+rsyncNetBorgRepo d os = Borg.BorgRepoUsing os' ("2318@usw-s002.rsync.net:" ++ d)
+ where
+ -- rsync.net has a newer borg here
+ os' = Borg.UsesEnvVar ("BORG_REMOTE_PATH", "borg1") : os