summaryrefslogtreecommitdiff
path: root/Propellor.hs
diff options
context:
space:
mode:
authorJoey Hess2014-03-30 02:37:45 -0400
committerJoey Hess2014-03-30 02:37:45 -0400
commitc4afc9c90f9016b3ecfa96193c531c73ccbdeae4 (patch)
treea478d34bd26b9af628a139ea11ffb760976a4f60 /Propellor.hs
parent47a0785fbc45a60560fbe4d34582f5215485c00f (diff)
rename
Diffstat (limited to 'Propellor.hs')
-rw-r--r--Propellor.hs61
1 files changed, 61 insertions, 0 deletions
diff --git a/Propellor.hs b/Propellor.hs
new file mode 100644
index 00000000..1bc1373a
--- /dev/null
+++ b/Propellor.hs
@@ -0,0 +1,61 @@
+import Property
+import HostName
+import qualified Property.Apt as Apt
+import qualified Property.Ssh as Ssh
+import qualified Property.User as User
+import qualified Property.Hostname as Hostname
+import qualified Property.Reboot as Reboot
+import qualified Property.Tor as Tor
+import qualified Property.GitHome as GitHome
+
+main :: IO ()
+main = ensureProperties . getProperties =<< getHostName
+
+{- This is where the system's HostName, either as returned by uname
+ - or one specified on the command line, is converted into a list of
+ - Properties for that system. -}
+getProperties :: HostName -> [Property]
+getProperties hostname@"clam.kitenet.net" =
+ [ cleanCloudAtCost hostname
+ , standardSystem Apt.Unstable
+ -- This is not an important system so I don't want to need to
+ -- manually upgrade it.
+ , Apt.unattendedUpgrades True
+ -- Clam is a tor bridge.
+ , Tor.isBridge
+ -- Should come last as it reboots.
+ --, Apt.installed ["systemd-sysv"] `onChange` Reboot.now
+ ]
+-- add more hosts here...
+--getProperties "foo" =
+getProperties h = error $ "Unknown host: " ++ h ++ " (perhaps you should specify the real hostname on the command line?)"
+
+-- This is my standard system setup
+standardSystem :: Apt.Suite -> Property
+standardSystem suite = propertyList "standard system"
+ [ Apt.stdSourcesList suite `onChange` Apt.upgrade
+ , Apt.installed ["etckeeper"]
+ , Apt.installed ["ssh"]
+ , GitHome.installedFor "root"
+ -- Harden the system, but only once root's authorized_keys
+ -- is safely in place.
+ , check (Ssh.hasAuthorizedKeys "root") $
+ Ssh.passwordAuthentication False
+ , check (Ssh.hasAuthorizedKeys "root") $
+ User.lockedPassword "root"
+ , Apt.installed ["vim"]
+ , User.nonsystem "joey"
+ , Apt.installed ["sudo"]
+ -- nopasswd because no password is set up for joey.
+ , lineInFile "/etc/sudoers" "joey ALL=(ALL:ALL) NOPASSWD:ALL"
+ , GitHome.installedFor "joey"
+ ]
+
+-- Clean up a system as installed by cloudatcost.com
+cleanCloudAtCost :: HostName -> Property
+cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
+ [ User.nuked "user"
+ , Apt.removed ["exim4"] `onChange` Apt.autoRemove
+ , Hostname.set hostname
+ , Ssh.uniqueHostKeys
+ ]