summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2016-02-07 16:54:17 -0400
committerJoey Hess2016-02-07 16:54:17 -0400
commitc90282fc7bb77bcba19cdd4adfe96af3fb1162f8 (patch)
tree9cc724e0a972430c7e5cd4e62c1d12acb23bc9fb /src
parentb845b1c5efc1362dc78baf87747ba8b90fcd97dd (diff)
propellor spin
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Apache.hs35
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs24
2 files changed, 38 insertions, 21 deletions
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index 709c1753..5b8128a4 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -15,7 +15,9 @@ restarted = Service.restarted "apache2"
reloaded :: Property NoInfo
reloaded = Service.reloaded "apache2"
-type ConfigFile = [String]
+type ConfigLine = String
+
+type ConfigFile = [ConfigLine]
siteEnabled :: Domain -> ConfigFile -> RevertableProperty NoInfo
siteEnabled domain cf = siteEnabled' domain cf <!> siteDisabled domain
@@ -101,7 +103,7 @@ multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $
--
-- Works with multiple versions of apache that have different ways to do
-- it.
-allowAll :: String
+allowAll :: ConfigLine
allowAll = unlines
[ "<IfVersion < 2.4>"
, "Order allow,deny"
@@ -112,12 +114,27 @@ allowAll = unlines
, "</IfVersion>"
]
+-- | Config file fragment that can be inserted into a <VirtualHost>
+-- stanza to allow apache to display directory index icons.
+iconDir :: ConfigLine
+iconDir = unlines
+ [ "<Directory \"/usr/share/apache2/icons\">"
+ , "Options Indexes MultiViews"
+ , "AllowOverride None"
+ , allowAll
+ , " </Directory>"
+ ]
+
type WebRoot = FilePath
-- | A basic virtual host, publishing a directory, and logging to
-- the combined apache log file. Not https capable.
virtualHost :: Domain -> Port -> WebRoot -> RevertableProperty NoInfo
-virtualHost domain (Port p) docroot = siteEnabled domain
+virtualHost domain (Port p) docroot = virtualHost' domain (Port p) docroot []
+
+-- | Like `virtualHost` but with additional config lines added.
+virtualHost' :: Domain -> Port -> WebRoot -> [ConfigLine] -> RevertableProperty NoInfo
+virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $
[ "<VirtualHost *:"++show p++">"
, "ServerName "++domain++":"++show p
, "DocumentRoot " ++ docroot
@@ -125,7 +142,9 @@ virtualHost domain (Port p) docroot = siteEnabled domain
, "LogLevel warn"
, "CustomLog /var/log/apache2/access.log combined"
, "ServerSignature On"
- , "</VirtualHost>"
+ ]
+ ++ addedcfg ++
+ [ "</VirtualHost>"
]
-- | A virtual host using https, with the certificate obtained
@@ -138,7 +157,11 @@ virtualHost domain (Port p) docroot = siteEnabled domain
-- > httpsVirtualHost "example.com" "/var/www"
-- > (LetsEncrypt.AgreeTos (Just "me@my.domain"))
httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo
-httpsVirtualHost domain docroot letos = setup
+httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos []
+
+-- | Like `httpsVirtualHost` but with additional config lines added.
+httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo
+httpsVirtualHost' domain docroot letos addedcfg = setup
`requires` modEnabled "rewrite"
`requires` modEnabled "ssl"
`before` LetsEncrypt.letsEncrypt letos domain docroot certinstaller
@@ -176,6 +199,6 @@ httpsVirtualHost domain docroot letos = setup
, "LogLevel warn"
, "CustomLog /var/log/apache2/access.log combined"
, "ServerSignature On"
- ] ++ ls ++
+ ] ++ ls ++ addedcfg ++
[ "</VirtualHost>"
]
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 03f2efcb..0bb98489 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -18,6 +18,7 @@ import qualified Propellor.Property.Apache as Apache
import qualified Propellor.Property.Postfix as Postfix
import qualified Propellor.Property.Systemd as Systemd
import qualified Propellor.Property.Fail2Ban as Fail2Ban
+import qualified Propellor.Property.LetsEncrypt as LetsEncrypt
import Utility.FileMode
import Data.List
@@ -290,24 +291,21 @@ annexWebSite origin hn uuid remotes = propertyList (hn ++" website using git-ann
, "git update-server-info"
]
addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url
- setupapache = apacheSite hn True
+ setupapache = Apache.httpsVirtualHost' hn dir letos
[ " ServerAlias www."++hn
- , ""
- , " DocumentRoot /srv/web/"++hn
- , " <Directory /srv/web/"++hn++">"
- , " Options FollowSymLinks"
- , " AllowOverride None"
- , Apache.allowAll
- , " </Directory>"
- , " <Directory /srv/web/"++hn++">"
+ , Apache.iconDir
+ , " <Directory "++dir++">"
, " Options Indexes FollowSymLinks ExecCGI"
, " AllowOverride None"
, " AddHandler cgi-script .cgi"
, " DirectoryIndex index.html index.cgi"
- , Apache.allowAll
+ , Apache.allowAll
, " </Directory>"
]
+letos :: LetsEncrypt.AgreeTOS
+letos = LetsEncrypt.AgreeTOS (Just "id@joeyh.name")
+
apacheSite :: HostName -> Bool -> Apache.ConfigFile -> RevertableProperty NoInfo
apacheSite hn withssl middle = Apache.siteEnabled hn $ apachecfg hn withssl middle
@@ -329,11 +327,7 @@ apachecfg hn withssl middle
, " CustomLog /var/log/apache2/access.log combined"
, " ServerSignature On"
, " "
- , " <Directory \"/usr/share/apache2/icons\">"
- , " Options Indexes MultiViews"
- , " AllowOverride None"
- , Apache.allowAll
- , " </Directory>"
+ , Apache.iconDir
, "</VirtualHost>"
]
where