summaryrefslogtreecommitdiff
path: root/Propellor.hs
diff options
context:
space:
mode:
authorJoey Hess2014-03-30 20:18:45 -0400
committerJoey Hess2014-03-30 20:18:45 -0400
commit614d49789566cdf119997bf12c0d7494e386d4dd (patch)
tree8a3d11703c38832edcf834a52f353a09e46616b8 /Propellor.hs
parent385a1de0ce80427e3d7d87c291758bf20f03fcf2 (diff)
propellor spin
Diffstat (limited to 'Propellor.hs')
-rw-r--r--Propellor.hs8
1 files changed, 3 insertions, 5 deletions
diff --git a/Propellor.hs b/Propellor.hs
index 71f552d6..2b7f978e 100644
--- a/Propellor.hs
+++ b/Propellor.hs
@@ -19,8 +19,6 @@ getProperties :: HostName -> [Property]
getProperties hostname@"clam.kitenet.net" =
[ cleanCloudAtCost hostname
, standardSystem Apt.Unstable
- , User.hasPassword "root"
- , User.hasPassword "joey"
-- Clam is a tor bridge.
, Tor.isBridge
, Apt.installed ["docker.io"]
@@ -44,19 +42,19 @@ standardSystem suite = propertyList "standard system"
, Apt.installed ["etckeeper"]
, Apt.installed ["ssh"]
, GitHome.installedFor "root"
+ , User.hasSomePassword "root"
-- Harden the system, but only once root's authorized_keys
-- is safely in place.
, check (Ssh.hasAuthorizedKeys "root") $
Ssh.passwordAuthentication False
- , check (Ssh.hasAuthorizedKeys "root") $
- User.lockedPassword "root"
- , Apt.installed ["vim"]
, User.sshAccountFor "joey"
, Apt.installed ["sudo"]
-- nopasswd because no password is set up for joey.
, "sudoer joey" ==>
"/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
+ , User.hasSomePassword "joey"
, GitHome.installedFor "joey"
+ , Apt.installed ["vim", "screen"]
-- I use postfix, or no MTA.
, Apt.removed ["exim4"] `onChange` Apt.autoRemove
]