summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2015-07-20 12:06:36 -0400
committerJoey Hess2015-07-20 12:06:36 -0400
commit55c6b1cc306f38e22a4524903d7609d1309c3871 (patch)
treedc99bf7b2f59294fdd63b44dd6c6ae8a2eda0162 /src
parent5df1c9dc5aad8a1389ccf02c8a0b7cd1f8d165c0 (diff)
parent8d971b83ba11fc0eb521d9d15e4a2ae281bc2ef5 (diff)
Merge branch 'joeyconfig'
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs2
-rw-r--r--src/Propellor/Property/Ssh.hs40
-rw-r--r--src/Propellor/Property/Systemd.hs3
3 files changed, 33 insertions, 12 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index e876f0da..4039ad0d 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -387,7 +387,7 @@ twitRss = combineProperties "twitter rss" $ props
-- Work around for expired ssl cert.
pumpRss :: Property NoInfo
pumpRss = Cron.job "pump rss" (Cron.Times "15 * * * *") (User "joey") "/srv/web/tmp.kitenet.net/"
- "wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom.new --no-check-certificate 2>/dev/null; sed 's/ & / /g' pump.atom.new > pump.atom"
+ "wget https://rss.io.jpope.org/feed/joeyh@identi.ca.atom -O pump.atom.new --no-check-certificate 2>/dev/null; sed 's/ & / /g' pump.atom.new > pump.atom"
ircBouncer :: Property HasInfo
ircBouncer = propertyList "IRC bouncer" $ props
diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs
index 785f2787..fca7d037 100644
--- a/src/Propellor/Property/Ssh.hs
+++ b/src/Propellor/Property/Ssh.hs
@@ -1,7 +1,10 @@
module Propellor.Property.Ssh (
PubKeyText,
sshdConfig,
+ ConfigKeyword,
+ setSshdConfigBool,
setSshdConfig,
+ RootLogin(..),
permitRootLogin,
passwordAuthentication,
noPasswords,
@@ -28,6 +31,7 @@ import Utility.FileMode
import System.PosixCompat
import qualified Data.Map as M
+import Data.List
type PubKeyText = String
@@ -38,21 +42,37 @@ sshBool False = "no"
sshdConfig :: FilePath
sshdConfig = "/etc/ssh/sshd_config"
-setSshdConfig :: String -> Bool -> Property NoInfo
-setSshdConfig setting allowed = combineProperties "sshd config"
- [ sshdConfig `File.lacksLine` (sshline $ not allowed)
- , sshdConfig `File.containsLine` (sshline allowed)
- ]
+type ConfigKeyword = String
+
+setSshdConfigBool :: ConfigKeyword -> Bool -> Property NoInfo
+setSshdConfigBool setting allowed = setSshdConfig setting (sshBool allowed)
+
+setSshdConfig :: ConfigKeyword -> String -> Property NoInfo
+setSshdConfig setting val = File.fileProperty desc f sshdConfig
`onChange` restarted
- `describe` unwords [ "ssh config:", setting, sshBool allowed ]
where
- sshline v = setting ++ " " ++ sshBool v
+ desc = unwords [ "ssh config:", setting, val ]
+ cfgline = setting ++ " " ++ val
+ wantedline s
+ | s == cfgline = True
+ | (setting ++ " ") `isPrefixOf` s = False
+ | otherwise = True
+ f ls
+ | cfgline `elem` ls = filter wantedline ls
+ | otherwise = filter wantedline ls ++ [cfgline]
+
+data RootLogin
+ = RootLogin Bool -- ^ allow or prevent root login
+ | WithoutPassword -- ^ disable password authentication for root, while allowing other authentication methods
+ | ForcedCommandsOnly -- ^ allow root login with public-key authentication, but only if a forced command has been specified for the public key
-permitRootLogin :: Bool -> Property NoInfo
-permitRootLogin = setSshdConfig "PermitRootLogin"
+permitRootLogin :: RootLogin -> Property NoInfo
+permitRootLogin (RootLogin b) = setSshdConfigBool "PermitRootLogin" b
+permitRootLogin WithoutPassword = setSshdConfig "PermitRootLogin" "without-password"
+permitRootLogin ForcedCommandsOnly = setSshdConfig "PermitRootLogin" "forced-commands-only"
passwordAuthentication :: Bool -> Property NoInfo
-passwordAuthentication = setSshdConfig "PasswordAuthentication"
+passwordAuthentication = setSshdConfigBool "PasswordAuthentication"
-- | Configure ssh to not allow password logins.
--
diff --git a/src/Propellor/Property/Systemd.hs b/src/Propellor/Property/Systemd.hs
index 718ceca6..5c8a35e3 100644
--- a/src/Propellor/Property/Systemd.hs
+++ b/src/Propellor/Property/Systemd.hs
@@ -134,7 +134,8 @@ type Option = String
-- Does not ensure that the relevant daemon notices the change immediately.
--
-- This assumes that there is only one [Header] per file, which is
--- currently the case. And it assumes the file already exists with
+-- currently the case for files like journald.conf and system.conf.
+-- And it assumes the file already exists with
-- the right [Header], so new lines can just be appended to the end.
configured :: FilePath -> Option -> String -> Property NoInfo
configured cfgfile option value = combineProperties desc