summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/SiteSpecific
diff options
context:
space:
mode:
authorJoey Hess2015-10-16 19:06:29 -0400
committerJoey Hess2015-10-16 19:06:29 -0400
commit91610aee8f34bb10959bdf6a6e5b16c895c7c1c2 (patch)
tree7e493e4b3044de2ce2f3ef2f96dcc5e27d11c19b /src/Propellor/Property/SiteSpecific
parent2d58a7e8ca2699442d8452c5d3bca8ce43d9e87a (diff)
improve ssh user key properties
* Ssh.keyImported is replaced with Ssh.userKeys. (API change) The new property only gets the private key from the privdata; the public key is provided as a parameter, and so is available as Info that other properties can use. * Ssh.keyImported' is renamed to Ssh.userKeyAt, and also changed to only import the private key from the privdata. (API change) * While Ssh.keyImported and Ssh.keyImported' avoided updating existing keys, the new Ssh.userKeys and Ssh.userKeyAt properties will always update out of date key files. * Ssh.pubKey renamed to Ssh.hostPubKey. (API change) This makes eg, setting up ssh for spin controllers work better.
Diffstat (limited to 'src/Propellor/Property/SiteSpecific')
-rw-r--r--src/Propellor/Property/SiteSpecific/Branchable.hs4
-rw-r--r--src/Propellor/Property/SiteSpecific/IABak.hs9
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs17
3 files changed, 24 insertions, 6 deletions
diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs
index c62c1335..66b7ed11 100644
--- a/src/Propellor/Property/SiteSpecific/Branchable.hs
+++ b/src/Propellor/Property/SiteSpecific/Branchable.hs
@@ -50,7 +50,9 @@ server hosts = propertyList "branchable server" $ props
, "lru-size = 128"
]
& Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
- & Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
+ & Ssh.userKeys (User "root") (Context "branchable.com")
+ [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2PqTSupwncqeffNwZQXacdEWp7L+TxllIxH7WjfRMb3U74mQxWI0lwqLVW6Fox430DvhSqF1y5rJBvTHh4i49Tc9lZ7mwAxA6jNOP6bmdfteaKKYmUw5qwtJW0vISBFu28qBO11Nq3uJ1D3Oj6N+b3mM/0D3Y3NoGgF8+2dLdi81u9+l6AQ5Jsnozi2Ni/Osx2oVGZa+IQDO6gX8VEP4OrcJFNJe8qdnvItcGwoivhjbIfzaqNNvswKgGzhYLOAS5KT8HsjvIpYHWkyQ5QUX7W/lqGSbjP+6B8C3tkvm8VLXbmaD+aSkyCaYbuoXC2BoJdS7Jh8phKMwPJmdYVepn")
+ ]
& Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
& Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
index 93cf0b71..fce5aefb 100644
--- a/src/Propellor/Property/SiteSpecific/IABak.hs
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -26,7 +26,7 @@ gitServer :: [Host] -> Property HasInfo
gitServer knownhosts = propertyList "iabak git server" $ props
& Git.cloned (User "root") repo "/usr/local/IA.BAK" (Just "server")
& Git.cloned (User "root") repo "/usr/local/IA.BAK/client" (Just "master")
- & Ssh.keyImported SshRsa (User "root") (Context "IA.bak.users.git")
+ & Ssh.userKeys (User "root") (Context "IA.bak.users.git") sshKeys
& Ssh.knownHost knownhosts "gitlab.com" (User "root")
& Git.cloned (User "root") userrepo "/usr/local/IA.BAK/pubkeys" (Just "master")
& Apt.serviceInstalledRunning "apache2"
@@ -45,7 +45,7 @@ gitServer knownhosts = propertyList "iabak git server" $ props
registrationServer :: [Host] -> Property HasInfo
registrationServer knownhosts = propertyList "iabak registration server" $ props
& User.accountFor (User "registrar")
- & Ssh.keyImported SshRsa (User "registrar") (Context "IA.bak.users.git")
+ & Ssh.userKeys (User "registrar") (Context "IA.bak.users.git") sshKeys
& Ssh.knownHost knownhosts "gitlab.com" (User "registrar")
& Git.cloned (User "registrar") repo "/home/registrar/IA.BAK" (Just "server")
& Git.cloned (User "registrar") userrepo "/home/registrar/users" (Just "master")
@@ -60,6 +60,11 @@ registrationServer knownhosts = propertyList "iabak registration server" $ props
where
link = "/usr/lib/cgi-bin/register.cgi"
+sshKeys :: [(SshKeyType, Ssh.PubKeyText)]
+sshKeys =
+ [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCoiE+CPiIQyfWnl/E9iKG3eo4QzlH30vi7xAgKolGaTu6qKy4XPtl+8MNm2Dqn9QEYRVyyOT/XH0yP5dRc6uyReT8dBy03MmLkVbj8Q+nKCz5YOMTxrY3sX6RRXU1zVGjeVd0DtC+rKRT7reoCxef42LAJTm8nCyZu/enAuso5qHqBbqulFz2YXEKfU1SEEXLawtvgGck1KmCyg+pqazeI1eHWXrojQf5isTBKfPQLWVppBkWAf5cA4wP5U1vN9dVirIdw66ds1M8vnGlkTBjxP/HLGBWGYhZHE7QXjXRsk2RIXlHN9q6GdNu8+F3HXS22mst47E4UAeRoiXSMMtF5")
+ ]
+
graphiteServer :: Property HasInfo
graphiteServer = propertyList "iabak graphite server" $ props
& Apt.serviceInstalledRunning "apache2"
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 3f3205e6..e8d8aef3 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -137,7 +137,10 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
, "--client-name=spool"
, "--ssh-key=" ++ keyfile
] Obnam.OnlyClient
- `requires` Ssh.keyImported' (Just keyfile) SshRsa (User "root") (Context "olduse.net")
+ `requires` Ssh.userKeyAt (Just keyfile)
+ (User "root")
+ (Context "olduse.net")
+ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0F6L76SChMCIGmeyGhlFMUTgZ3BoTbATiOSs0A7KXQoI1LTE5ZtDzzUkrQRJVpJ640pfMR7cQZyBm8tv+kYIPp0238GrX43c1vgm0L78agDnBU7r2iNMyWIwhssK8O3ZAhp8Q4KCz1r8hP2nIiD0y1D1VWW8h4KWOS7I1XCEAjOTvFvEjTh6a9MyHrcIkv7teUUzTBRjNrsyijCFRk1+pEET54RueoOmEjQcWd/sK1tYRiMZjegRLBOus2wUWsUOvznJ2iniLONUTGAWRnEV+O7hLN6CD44osJ+wkZk8bPAumTS0zcSLckX1jpdHJicmAyeniWSd4FCqm1YE6/xDD")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
keyfile = "/root/.ssh/olduse.net.key"
@@ -183,13 +186,18 @@ mumbleServer hosts = combineProperties hn $ props
& Apt.serviceInstalledRunning "mumble-server"
& Obnam.backup "/var/lib/mumble-server" (Cron.Times "55 5 * * *")
[ "--repository=sftp://2318@usw-s002.rsync.net/~/" ++ hn ++ ".obnam"
+ , "--ssh-key=" ++ sshkey
, "--client-name=mumble"
] Obnam.OnlyClient
- `requires` Ssh.keyImported SshRsa (User "root") (Context hn)
+ `requires` Ssh.userKeyAt (Just sshkey)
+ (User "root")
+ (Context hn)
+ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSXXSM3mM8SNu+qel9R/LkDIkjpV3bfpUtRtYv2PTNqicHP+DdoThrr0ColFCtLH+k2vQJvR2n8uMzHn53Dq2IO3TtD27+7rJSsJwAZ8oftNzuTir8IjAwX5g6JYJs+L0Ny4RB0ausd+An0k/CPMRl79zKxpZd2MBMDNXt8hyqu0vS0v1ohq5VBEVhBBvRvmNQvWOCj7PdrKQXpUBHruZOeVVEdUUXZkVc1H0t7LVfJnE+nGKyWbw2jM+7r3Rn5Semc4R1DxsfaF8lKkZyE88/5uZQ/ddomv8ptz6YZ5b+Bg6wfooWPC3RWAALjxnHaC2yN1VONAvHmT0uNn1o6v0b")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& trivial (cmdProperty "chown" ["-R", "mumble-server:mumble-server", "/var/lib/mumble-server"])
where
hn = "mumble.debian.net"
+ sshkey = "/root/.ssh/mumble.debian.net.key"
-- git.kitenet.net and git.joeyh.name
gitServer :: [Host] -> Property HasInfo
@@ -199,7 +207,10 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
, "--ssh-key=" ++ sshkey
, "--client-name=wren" -- historical
] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
- `requires` Ssh.keyImported' (Just sshkey) SshRsa (User "root") (Context "git.kitenet.net")
+ `requires` Ssh.userKeyAt (Just sshkey)
+ (User "root")
+ (Context "git.kitenet.net")
+ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0F6L76SChMCIGmeyGhlFMUTgZ3BoTbATiOSs0A7KXQoI1LTE5ZtDzzUkrQRJVpJ640pfMR7cQZyBm8tv+kYIPp0238GrX43c1vgm0L78agDnBU7r2iNMyWIwhssK8O3ZAhp8Q4KCz1r8hP2nIiD0y1D1VWW8h4KWOS7I1XCEAjOTvFvEjTh6a9MyHrcIkv7teUUzTBRjNrsyijCFRk1+pEET54RueoOmEjQcWd/sK1tYRiMZjegRLBOus2wUWsUOvznJ2iniLONUTGAWRnEV+O7hLN6CD44osJ+wkZk8bPAumTS0zcSLckX1jpdHJicmAyeniWSd4FCqm1YE6/xDD")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
`requires` Ssh.authorizedKeys (User "family") (Context "git.kitenet.net")
`requires` User.accountFor (User "family")