summaryrefslogtreecommitdiff
path: root/Propellor
diff options
context:
space:
mode:
authorJoey Hess2014-04-17 22:09:29 -0400
committerJoey Hess2014-04-17 22:09:29 -0400
commit0e0a70f794c8659a1687278a69f6ee87eebf4798 (patch)
treed662a5ec06479895171b77fd3fe76c2d96e8dbae /Propellor
parent0485387aa03f2e81c218fe689cb6a9a5a8fe14a4 (diff)
propellor spin
Diffstat (limited to 'Propellor')
-rw-r--r--Propellor/Property/Apt.hs37
-rw-r--r--Propellor/Property/Obnam.hs55
-rw-r--r--Propellor/Property/SiteSpecific/JoeySites.hs4
3 files changed, 88 insertions, 8 deletions
diff --git a/Propellor/Property/Apt.hs b/Propellor/Property/Apt.hs
index 3842cb02..fe9b8e26 100644
--- a/Propellor/Property/Apt.hs
+++ b/Propellor/Property/Apt.hs
@@ -17,6 +17,8 @@ sourcesList = "/etc/apt/sources.list"
type Url = String
type Section = String
+type SourcesGenerator = DebianSuite -> [Line]
+
showSuite :: DebianSuite -> String
showSuite Stable = "stable"
showSuite Testing = "testing"
@@ -39,7 +41,7 @@ srcLine l = case words l of
stdSections :: [Section]
stdSections = ["main", "contrib", "non-free"]
-binandsrc :: String -> DebianSuite -> [Line]
+binandsrc :: String -> SourcesGenerator
binandsrc url suite
| isStable suite = [l, srcLine l, bl, srcLine bl]
| otherwise = [l, srcLine l]
@@ -47,14 +49,14 @@ binandsrc url suite
l = debLine (showSuite suite) url stdSections
bl = debLine backportSuite url stdSections
-debCdn :: DebianSuite -> [Line]
+debCdn :: SourcesGenerator
debCdn = binandsrc "http://cdn.debian.net/debian"
-kernelOrg :: DebianSuite -> [Line]
+kernelOrg :: SourcesGenerator
kernelOrg = binandsrc "http://mirrors.kernel.org/debian"
-- | Only available for Stable and Testing
-securityUpdates :: DebianSuite -> [Line]
+securityUpdates :: SourcesGenerator
securityUpdates suite
| isStable suite || suite == Testing =
let l = "deb http://security.debian.org/ " ++ showSuite suite ++ "/updates " ++ unwords stdSections
@@ -67,9 +69,14 @@ securityUpdates suite
-- Since the CDN is sometimes unreliable, also adds backup lines using
-- kernel.org.
stdSourcesList :: DebianSuite -> Property
-stdSourcesList suite = setSourcesList
- (concatMap (\gen -> gen suite) [debCdn, kernelOrg, securityUpdates])
+stdSourcesList suite = stdSourcesList' suite []
+
+stdSourcesList' :: DebianSuite -> [SourcesGenerator] -> Property
+stdSourcesList' suite more = setSourcesList
+ (concatMap (\gen -> gen suite) generators)
`describe` ("standard sources.list for " ++ show suite)
+ where
+ generators = [debCdn, kernelOrg, securityUpdates] ++ more
setSourcesList :: [Line] -> Property
setSourcesList ls = sourcesList `File.hasContent` ls `onChange` update
@@ -208,3 +215,21 @@ reConfigure package vals = reconfigure `requires` setselections
-- package names.
serviceInstalledRunning :: Package -> Property
serviceInstalledRunning svc = Service.running svc `requires` installed [svc]
+
+data AptKey = AptKey
+ { keyname :: String
+ , pubkey :: String
+ }
+
+trustsKey :: AptKey -> RevertableProperty
+trustsKey k = RevertableProperty trust untrust
+ where
+ desc = "apt trusts key " ++ keyname k
+ f = "/etc/apt/trusted.gpg.d" </> keyname k ++ ".gpg"
+ untrust = File.notPresent f
+ trust = check (not <$> doesFileExist f) $ Property desc $ makeChange $ do
+ withHandle StdinHandle createProcessSuccess
+ (proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do
+ hPutStr h (pubkey k)
+ hClose h
+ nukeFile $ f ++ "~" -- gpg dropping
diff --git a/Propellor/Property/Obnam.hs b/Propellor/Property/Obnam.hs
index 00e0bbef..c21cd6f1 100644
--- a/Propellor/Property/Obnam.hs
+++ b/Propellor/Property/Obnam.hs
@@ -94,3 +94,58 @@ restored dir params = Property (dir ++ " restored by obnam") go
return MadeChange
, return FailedChange
)
+
+-- | apt sources.list lines for obnam.
+--
+-- Only adds anything for Stable; use in order to get a newer version of
+-- obnam than is is Stable.
+aptSources :: Apt.SourcesGenerator
+aptSources Stable = ["deb http://code.liw.fi/debian wheezy main"]
+aptSources _ = []
+
+-- | Key used by the code.liw.fi repository.
+aptKey :: Apt.AptKey
+aptKey = Apt.AptKey "obnam" $ unlines
+ [ "-----BEGIN PGP PUBLIC KEY BLOCK-----"
+ , "Version: GnuPG v1.4.9 (GNU/Linux)"
+ , ""
+ , "mQGiBEfzuTgRBACcVNG/H6QJqLx5qiQs2zmPe6D6BWOWHfgNgG4IWzNstm21YDxb"
+ , "KqwFG0gxcnZJGHkXAhkSfqTokYd0lc5eBemcA1pkceNjzMEX8wwiZ810HzJD4eEH"
+ , "sjoWR8+qKrZeixzZqReAfqztcXoBGKQ0u1R1vpg1txUa75OM4BUqaUbsmwCgmS4x"
+ , "DjMxSaUSPuu6vQ7ZGZBXSP0D/RQw8DBHMfsv3DiaqFqk8tkuUkpMFPIekHidSHlO"
+ , "EACbncqbbyHksyCpFNVNcQIDHrOLjOZK9BAXkSd8I3ww7U+nLdDcCblrW8CZnJtm"
+ , "ZYrxfaXaHZ/It9/RCAsQ+c8xtmyUPjsf//4Vf8olxNQHzgBSe5/LJRi4Vd53he+K"
+ , "YP4LA/9IZbjvVmm8+8Y0pQrTHlI6nTImtzdBXHc4+T3lLBj9XODHLozC2kSBOQky"
+ , "q/EisTITHTXL8vYg4NsKm5RTbPAuBwdtxcny8CXfOqKtGOdrebmKotGllTozzdPv"
+ , "9p53cuce6oJ2oMUodc074JOGTWwDSgLiJX4nViGcU1wy/vtQnrQkY29kZS5saXcu"
+ , "ZmkgYXJjaGl2ZSBrZXkgPGxpd0BsaXcuZmk+iGAEExECACAFAkfzuTgCGwMGCwkI"
+ , "BwMCBBUCCAMEFgIDAQIeAQIXgAAKCRBG53tJR95LscKrAJ0ZtKqa2x6Kplwa2mzx"
+ , "ItImbIGMJACdETqofDYzUN91yLAFlOnxAyrE+UyIRgQQEQIABgUCSFd5GgAKCRAf"
+ , "u5W/LZrMjqr8AJ4xPVHpW8ZNlgMwDSVb075RnA2DiACgg2SR69jAHFQOWV6xfLRr"
+ , "vh0bLKGJAhwEEAEIAAYFAktEyIwACgkQ61zh116FEfm7Lg//Wiy3TjWAk8YHUddv"
+ , "zOioYzCxQ985GsVhJGAVPqSGOc9vfTWBJZ8J3l0NnYTRpEGucmbF9G+mAt9iGXu6"
+ , "7yZkxyFdvbo7EDsqMU1wLOM6PiU+Un63MKlbTNmFn7OKE8aXPRAFgcyUO/qjdqoD"
+ , "sa9FgU5Z0f60m9qah6BPXH6IzMLHYoiP7t8rCBIwLgyl3w2w+Fjt1DFpbW9Kb7jz"
+ , "i8jFvC8jPmxV8xh2OSgVZyNk4qg6hIV8GVQY7AJt8OurZSckgQd7ifHK9JTGohtF"
+ , "tXCiqeDEvnMF4A9HI/TcXJBzonZ8ds1JCq42nSSKmL+8TyjtUSD/xHygazuc0CK0"
+ , "hFnQWBub60IfyV6F0oTagJ8cmARv2sezHAeHDkzPHE8RdjgktazH1eJrA4LheEd6"
+ , "KeSnVtYWpw8dgMv5PleFyQiAj/t3C/N50fd15tUyfnH15G7nFjMQV2Yx35uwSxOj"
+ , "376OWnDN/YGTNk283XXULbyVJYR8Q2unso20XQ94yQ2A5EpHHPrHoLxrL/ydM08d"
+ , "nvKstLZIZtal1seiMkymtlSiGz25A5oqsclwS6VZCKdWA8HO/wlElOMcaHyl6Y1y"
+ , "gYP7y9O5yFYKFOrCH0nFjJbwmkRiBLsxuuWsYgJigVGq/atSrtawkHdshpCw0HCY"
+ , "N/RFcWkJ864BdsO0C0sDzueNkQO5Ag0ER/O5RBAIAJiwPH9tyJTgXcC2Y4XWboOq"
+ , "rx5CkOnr5b45oS9cK2eIJ8TKxE3XgKLxUr3mIH0QR2kZgDOwNl0WY+7/CXjn+Spn"
+ , "BokPg54rafEUePodGpGdUXdgrHhAMHYjh8fXFJ1SlQcg46/zc1wDI7jBCkGrK3V8"
+ , "5cXDqwTFTN5LcjoSRWeM4Voa6pEfDdL3rMlnOw9R9gDHRBBb6CDSjWXqM86pR889"
+ , "5QrR0SDwiJNrMoyxSjMXFKGBQAsYHJ82myZrlbuZbroZjVp5Uh7eB1ZiPljNVtcr"
+ , "sksACIWBCo1rvLzrPXsLYOeV3cDDtYAkSwGfuzC1Etbe+qgfIroFTOqdefMw4s8A"
+ , "AwUH/0KLXm4MS54QQspg3evu4Q4U/E8Hem5/FqB0GhBCitQ4rUsucKyY8/ItpUn5"
+ , "ismLE60bQqka+Mzd/Zw18TCTzImv0ozAaZ2sNtBado7f6jcC8EDfY5zzK1ukcsAr"
+ , "Qc5hdLHYuTQW5KpA6fKaW969OUzIwPbdVaCOLOBpxKC6N6iBspQYd6uiQtLw6EUO"
+ , "50oQqUiJABf0eOocvdw5e2KQQpuC3205+VMYtyl4w3pdJihK8NK0AikGXzDVsbQt"
+ , "l8kmB5ZrN4WIKhMke1FxbqQC5Q3XATvYRzpzzisZb/HYGNti8W6du5EUwJ0D2NRh"
+ , "cu+twocOzW0VKfmrDApfifJ9OsSISQQYEQIACQUCR/O5RAIbDAAKCRBG53tJR95L"
+ , "seQOAJ95KUyzjRjdYgZkDC69Mgu25L86UACdGduINUaRly43ag4kwUXxpqswBBM="
+ , "=i2c3"
+ , "-----END PGP PUBLIC KEY BLOCK-----"
+ ]
diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs
index dd24bb6c..7aaedaf5 100644
--- a/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -51,13 +51,13 @@ kgbServer = withOS desc $ \o -> case o of
gitServer :: [Host] -> Property
gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.backup "/srv/git" "33 3 * * *"
- [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
+ [ "--repository=sftp://joey@turtle.kitenet.net/~/lib/backup/git.kitenet.net.obnam"
, "--encrypt-with=1B169BE1"
, "--client-name=wren"
] Obnam.OnlyClient
`requires` Gpg.keyImported "1B169BE1" "root"
`requires` Ssh.keyImported SshRsa "root"
- `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
+ `requires` Ssh.knownHost hosts "turtle.kitenet.net" "root"
`requires` Ssh.authorizedKeys "family"
`requires` User.accountFor "family"
, Apt.installed ["git", "rsync", "kgb-client-git", "gitweb"]