summaryrefslogtreecommitdiff
path: root/src/Propellor
diff options
context:
space:
mode:
authorJoey Hess2014-11-15 13:42:04 -0400
committerJoey Hess2014-11-15 13:42:04 -0400
commitd65337d3e722582874d8ced4e3be5fc3d2778e70 (patch)
tree1dd79e06d68b936b3a8513cd5e83e8f5e295c497 /src/Propellor
parentd14fd55641f508aaff536fca98d263774721c3dd (diff)
add Obnam backupEncrypted
This after I typoed an obnam setup and accidentially had a repo that was backing up non-encrypted.
Diffstat (limited to 'src/Propellor')
-rw-r--r--src/Propellor/Property/Obnam.hs18
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs5
2 files changed, 16 insertions, 7 deletions
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index 1e7c2c25..e18ca3f9 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -3,6 +3,7 @@ module Propellor.Property.Obnam where
import Propellor
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.Gpg as Gpg
import Utility.SafeCommand
import Data.List
@@ -31,15 +32,24 @@ data NumClients = OnlyClient | MultipleClients
--
-- > & Obnam.backup "/srv/git" "33 3 * * *"
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
--- > , "--encrypt-with=1B169BE1"
-- > ] Obnam.OnlyClient
--- > `requires` Gpg.keyImported "1B169BE1" "root"
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
--
-- How awesome is that?
backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
-backup dir crontimes params numclients = backup' dir crontimes params numclients
- `requires` restored dir params
+backup dir crontimes params numclients =
+ backup' dir crontimes params numclients
+ `requires` restored dir params
+
+-- | Like backup, but the specified gpg key id is used to encrypt
+-- the repository.
+--
+-- The gpg secret key will be automatically imported
+-- into root's keyring using Propellor.Property.Gpg.keyImported
+backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
+backupEncrypted dir crontimes params numclients keyid =
+ backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
+ `requires` Gpg.keyImported keyid "root"
-- | Does a backup, but does not automatically restore.
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index bd9e01e2..7b8216fb 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -142,12 +142,11 @@ obnamLowMem = combineProperties "obnam tuned for low memory use"
gitServer :: [Host] -> Property
gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.latestVersion
- , Obnam.backup "/srv/git" "33 3 * * *"
+ , Obnam.backupEncrypted "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
, "--encrypt-with=1B169BE1"
, "--client-name=wren" -- historical
- ] Obnam.OnlyClient
- `requires` Gpg.keyImported "1B169BE1" "root"
+ ] Obnam.OnlyClient "1B169BE1"
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")