path: root/src/Propellor/Property
diff options
authorJoey Hess2015-04-11 10:13:36 -0400
committerJoey Hess2015-04-11 10:13:36 -0400
commit9377e9ce7b10c9e68a192419e7b41e7dde40b045 (patch)
tree62fdf9397ac3f4829157b5788f671da8ea9023ad /src/Propellor/Property
parent85649a81bd1b08cd1390221ff0f7990165dbd27a (diff)
parentaa278d34a03ee77b0d78cd784ef7d1aaa00921f3 (diff)
Merge branch 'joeyconfig'
Conflicts: privdata.joey/privdata.gpg
Diffstat (limited to 'src/Propellor/Property')
3 files changed, 69 insertions, 2 deletions
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
new file mode 100644
index 00000000..35e6c2b7
--- /dev/null
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -0,0 +1,67 @@
+module Propellor.Property.SiteSpecific.IABak where
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.Git as Git
+import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Apache as Apache
+gitServer :: Property HasInfo
+gitServer = propertyList "iabak git server" $ props
+ & Git.cloned "root" repo "/usr/local/IA.BAK" (Just "server")
+ & Git.cloned "root" repo "/usr/local/IA.BAK/client" (Just "master")
+ & Git.cloned "www-data" repo "/usr/local/IA.BAK/pubkeys" (Just "pubkey")
+ & Apt.serviceInstalledRunning "apache2"
+ & cmdProperty "ln" ["-sf", "/usr/local/IA.BAK/pushme.cgi", "/usr/lib/cgi-bin/pushme.cgi"]
+ & File.containsLine "/etc/sudoers" "www-data ALL=NOPASSWD:/usr/local/IA.BAK/"
+ & Cron.niceJob "shardstats" (Cron.Times "*/30 * * * *") "root" "/"
+ "/usr/local/IA.BAK/shardstats-all"
+ where
+ repo = ""
+graphiteServer :: Property HasInfo
+graphiteServer = propertyList "iabak graphite server" $ props
+ & Apt.serviceInstalledRunning "apache2"
+ & Apt.installed ["libapache2-mod-wsgi", "graphite-carbon", "graphite-web"]
+ & File.hasContent "/etc/carbon/storage-schemas.conf"
+ [ "[carbon]"
+ , "pattern = ^carbon\\."
+ , "retentions = 60:90d"
+ , "[iabak]"
+ , "pattern = ^iabak\\."
+ , "retentions = 10m:30d,1h:1y,3h,10y"
+ , "[default_1min_for_1day]"
+ , "pattern = .*"
+ , "retentions = 60s:1d"
+ ]
+ & graphiteCSRF
+ & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb"
+ & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey", "--email=joey@localhost"] `flagFile` "/etc/flagFiles/graphite-user-joey"
+ `flagFile` "/etc/graphite-superuser-joey"
+ & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x", "--email=db48x@localhost"] `flagFile` "/etc/flagFiles/graphite-user-db48x"
+ `flagFile` "/etc/graphite-superuser-db48x"
+ -- TODO: deal with passwords somehow
+ & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite"
+ & "/etc/apache2/ports.conf" `File.containsLine` "Listen 8080"
+ `onChange` Apache.restarted
+ & Apache.siteEnabled "iabak-graphite-web"
+ [ "<VirtualHost *:8080>"
+ , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite"
+ , " WSGIProcessGroup _graphite"
+ , " WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}"
+ , " WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi"
+ , " Alias /content/ /usr/share/graphite-web/static/"
+ , " <Location \"/content/\">"
+ , " SetHandler None"
+ , " </Location>"
+ , " ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log"
+ , " LogLevel warn"
+ , " CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined"
+ , "</VirtualHost>"
+ ]
+ where
+ graphiteCSRF = withPrivData (Password "csrf-token") (Context "") $
+ \gettoken -> property "graphite-web CSRF token" $
+ gettoken $ \token -> ensureProperty $ File.containsLine
+ "/etc/graphite/" ("SECRET_KEY = '"++ token ++"'")
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 235a3a75..1a3099f4 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -460,7 +460,7 @@ githubMirrors =
, ("etckeeper", plzuseurl "")
- plzuseurl u = "please submit changes to " ++ u ++ " instead of using github pull requests"
+ plzuseurl u = "Please submit changes to " ++ u ++ " instead of using github pull requests, which are not part of my workflow. -- A robot acting on behalf of Joey Hess"
rsyncNetBackup :: [Host] -> Property NoInfo
rsyncNetBackup hosts = Cron.niceJob " copied in daily" (Cron.Times "30 5 * * *")
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 320136ee..1fbf92ec 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -242,7 +242,7 @@ authorizedKey user l = property desc $ do
, File.ownerGroup (takeDirectory f) user user
- desc = user ++ " has autorized_keys line " ++ l
+ desc = user ++ " has autorized_keys"
-- | Makes the ssh server listen on a given port, in addition to any other
-- ports it is configured to listen on.