summaryrefslogtreecommitdiff
path: root/config-joey.hs
diff options
context:
space:
mode:
authorJoey Hess2015-05-16 16:58:08 -0400
committerJoey Hess2015-05-16 16:58:08 -0400
commit6603c14bab7d533e9b345c673656654c0bd1f1c0 (patch)
tree6459f2356cb3e8f121bbf28b923f51191fb28920 /config-joey.hs
parentc23808e88459dd0174e3b8539ace5cd55d65ef2a (diff)
propellor spin
Diffstat (limited to 'config-joey.hs')
-rw-r--r--config-joey.hs21
1 files changed, 21 insertions, 0 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 8ea17af0..a0c04dd8 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -334,25 +334,46 @@ pell = host "pell.branchable.com"
& Apt.installed ["linux-image-amd64"]
& Linode.chainPVGrub 5
& Apt.unattendedUpgrades
+
& Apt.installed ["etckeeper", "ssh", "popularity-contest"]
& Apt.serviceInstalledRunning "apache2"
& Apt.serviceInstalledRunning "ntp"
+
& Apt.serviceInstalledRunning "openssh-server"
& Ssh.passwordAuthentication False
& Ssh.hostKeys (Context "branchable.com")
[ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
]
+
& Apt.installed ["procmail", "bsd-mailx"]
& "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
`onChange` Postfix.newaliases
& "/etc/mailname" `File.hasContent` ["branchable.com"]
& Postfix.installed
& Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
+
+ -- Obnam is run by a cron job in ikiwiki-hosting.
+ & "/etc/obnam.conf" `File.hasContent`
+ [ "[config]"
+ , "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
+ , "log = /var/log/obnam.log"
+ , "encrypt-with = " ++ obnamkey
+ , "log-level = info"
+ , "log-max = 1048576"
+ , "keep = 7d,5w,12m"
+ , "upload-queue-size = 128"
+ , "lru-size = 128"
+ ]
+ & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
+ & Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
+ & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ & Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& adminuser "joey"
& adminuser "liw"
where
+ obnamkey = "41E1A9B9"
adminuser u = propertyList ("admin user " ++ u) $ props
& User.accountFor (User u)
& User.hasSomePassword (User u)