summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJoey Hess2015-09-30 11:24:54 -0400
committerJoey Hess2015-09-30 11:24:54 -0400
commit8ad02d4ab3597264612a9ea0da9ba69c5af832b8 (patch)
tree3d21bb1420bfaea3ff7eb32068d15df716fc9436 /src
parentfd9e7d443e6ac96f163781a27674c27b43ee101f (diff)
parentf492bd21f74d70a1586749905a6c49d159f470bb (diff)
Merge branch 'joeyconfig'
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Aiccu.hs2
-rw-r--r--src/Propellor/Property/DebianMirror.hs2
-rw-r--r--src/Propellor/Property/Firewall.hs8
-rw-r--r--src/Propellor/Property/Kerberos.hs94
-rw-r--r--src/Propellor/Property/LightDM.hs2
-rw-r--r--src/Propellor/Property/Logcheck.hs3
-rw-r--r--src/Propellor/Property/Nginx.hs2
-rw-r--r--src/Propellor/Property/Prosody.hs2
-rw-r--r--src/Propellor/Property/SiteSpecific/IABak.hs4
-rw-r--r--src/Propellor/Property/Unbound.hs12
10 files changed, 126 insertions, 5 deletions
diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index c49805b0..a1b24472 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -1,3 +1,5 @@
+-- | Maintainer: Jelmer Vernooij <jelmer@samba.org>
+
module Propellor.Property.Aiccu (
installed,
restarted,
diff --git a/src/Propellor/Property/DebianMirror.hs b/src/Propellor/Property/DebianMirror.hs
index cd98b6ff..2e696b50 100644
--- a/src/Propellor/Property/DebianMirror.hs
+++ b/src/Propellor/Property/DebianMirror.hs
@@ -1,3 +1,5 @@
+-- | Maintainer: Félix Sipma <felix.sipma@no-log.org>
+
module Propellor.Property.DebianMirror
( DebianPriority(..)
, showPriority
diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs
index 6c95a022..a685a46f 100644
--- a/src/Propellor/Property/Firewall.hs
+++ b/src/Propellor/Property/Firewall.hs
@@ -1,7 +1,7 @@
--- |Properties for configuring firewall (iptables) rules
---
--- Copyright 2014 Arnaud Bailly <arnaud.oqube@gmail.com>
--- License: BSD-2-Clause
+-- | Maintainer: Arnaud Bailly <arnaud.oqube@gmail.com>
+--
+-- Properties for configuring firewall (iptables) rules
+
module Propellor.Property.Firewall (
rule,
installed,
diff --git a/src/Propellor/Property/Kerberos.hs b/src/Propellor/Property/Kerberos.hs
new file mode 100644
index 00000000..5d07f4dc
--- /dev/null
+++ b/src/Propellor/Property/Kerberos.hs
@@ -0,0 +1,94 @@
+-- | Maintainer: Jelmer Vernooij <jelmer@samba.org>
+
+module Propellor.Property.Kerberos where
+
+import Utility.Process
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import Propellor.Property.User
+
+type Realm = String
+type Principal = String
+type Kvno = Integer
+
+-- Standard paths in MIT Kerberos
+
+defaultKeyTab :: FilePath
+defaultKeyTab = "/etc/krb5.keytab"
+
+kadmAclPath :: FilePath
+kadmAclPath = "/etc/krb5kdc/kadm5.acl"
+
+kpropdAclPath :: FilePath
+kpropdAclPath = "/etc/krb5kdc/kpropd.acl"
+
+kdcConfPath :: FilePath
+kdcConfPath = "/etc/krb5kdc/kdc.conf"
+
+keyTabPath :: Maybe FilePath -> FilePath
+keyTabPath = maybe defaultKeyTab id
+
+-- | Create a principal from a primary, instance and realm
+principal :: String -> Maybe String -> Maybe Realm -> Principal
+principal p i r = p ++ maybe "" ("/"++) i ++ maybe "" ("@" ++) r
+
+installed :: Property NoInfo
+installed = Apt.installed ["krb5-user"]
+
+kdcInstalled :: Property NoInfo
+kdcInstalled = Apt.serviceInstalledRunning "krb5-kdc"
+
+adminServerInstalled :: Property NoInfo
+adminServerInstalled = Apt.serviceInstalledRunning "krb5-admin-server"
+
+kpropServerInstalled :: Property HasInfo
+kpropServerInstalled = propertyList "kprop server installed" $ props
+ & kdcInstalled
+ & Apt.installed ["openbsd-inetd"]
+ & "/etc/inetd.conf" `File.containsLines`
+ [ "krb5_prop\tstream\ttcp\tnowait\troot\t/usr/sbin/kpropd kpropd"
+ , "krb5_prop\tstream\ttcp6\tnowait\troot\t/usr/sbin/kpropd kpropd"
+ ]
+
+kpropAcls :: [String] -> Property NoInfo
+kpropAcls ps = kpropdAclPath `File.hasContent` ps `describe` "kprop server ACLs"
+
+k5srvutil :: (Maybe FilePath) -> [String] -> IO String
+k5srvutil kt cmd = readProcess "k5srvutil" (maybe [] (\x -> ["-f", x]) kt ++ cmd)
+
+-- Keytab management
+keytabEntries :: Maybe FilePath -> IO [(Kvno, Principal)]
+keytabEntries p = do
+ c <- k5srvutil p ["list"]
+ return $ map parseLine (drop 3 $ lines c)
+ where
+ parseLine l = (Prelude.read x, y) where (x, y) = splitAt 5 l
+
+checkKeyTabEntry' :: Maybe FilePath -> (Kvno, Principal) -> IO Bool
+checkKeyTabEntry' path entry = do
+ entries <- keytabEntries path
+ return $ entry `elem` entries
+
+checkKeyTabEntry :: Maybe FilePath -> Principal -> IO Bool
+checkKeyTabEntry path princ = do
+ entries <- keytabEntries path
+ return $ princ `elem` (map snd entries)
+
+-- k5login files
+k5loginPath :: User -> IO FilePath
+k5loginPath user = do
+ h <- homedir user
+ return $ h </> ".k5login"
+
+k5login :: User -> [Principal] -> Property NoInfo
+k5login user@(User u) ps = property (u ++ " has k5login") $ do
+ f <- liftIO $ k5loginPath user
+ liftIO $ do
+ createDirectoryIfMissing True (takeDirectory f)
+ writeFile f (unlines ps)
+ ensureProperties
+ [ File.ownerGroup f user (userGroup user)
+ , File.ownerGroup (takeDirectory f) user (userGroup user)
+ ]
diff --git a/src/Propellor/Property/LightDM.hs b/src/Propellor/Property/LightDM.hs
index b779ba4d..b010eb2f 100644
--- a/src/Propellor/Property/LightDM.hs
+++ b/src/Propellor/Property/LightDM.hs
@@ -1,5 +1,7 @@
{-# LANGUAGE FlexibleInstances #-}
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
module Propellor.Property.LightDM where
import Propellor
diff --git a/src/Propellor/Property/Logcheck.hs b/src/Propellor/Property/Logcheck.hs
index 83045dcc..26f4e3a4 100644
--- a/src/Propellor/Property/Logcheck.hs
+++ b/src/Propellor/Property/Logcheck.hs
@@ -1,5 +1,8 @@
+-- | Maintainer: Jelmer Vernooij <jelmer@jelmer.uk>
+
module Propellor.Property.Logcheck (
ReportLevel (Workstation, Server, Paranoid),
+ Service,
defaultPrefix,
ignoreFilePath,
ignoreLines,
diff --git a/src/Propellor/Property/Nginx.hs b/src/Propellor/Property/Nginx.hs
index 02ca202f..d69e6c73 100644
--- a/src/Propellor/Property/Nginx.hs
+++ b/src/Propellor/Property/Nginx.hs
@@ -1,3 +1,5 @@
+-- | Maintainer: Félix Sipma <gueux@gueux.org>
+
module Propellor.Property.Nginx where
import Propellor
diff --git a/src/Propellor/Property/Prosody.hs b/src/Propellor/Property/Prosody.hs
index 31b6a624..1129e28d 100644
--- a/src/Propellor/Property/Prosody.hs
+++ b/src/Propellor/Property/Prosody.hs
@@ -1,3 +1,5 @@
+-- | Maintainer: Félix Sipma <felix.sipma@no-log.org>
+
module Propellor.Property.Prosody where
import Propellor
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
index 68313f20..eaef2817 100644
--- a/src/Propellor/Property/SiteSpecific/IABak.hs
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -37,6 +37,10 @@ gitServer knownhosts = propertyList "iabak git server" $ props
& Cron.niceJob "shardmaint" Cron.Daily (User "root") "/"
"/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint"
& Apt.installed ["git-annex"]
+ & Apt.installed ["libmail-sendmail-perl"]
+ & Cron.niceJob "expireemailer" Cron.Daily (User "root")
+ "/usr/local/IA.BAK"
+ "./expireemailer"
registrationServer :: [Host] -> Property HasInfo
registrationServer knownhosts = propertyList "iabak registration server" $ props
diff --git a/src/Propellor/Property/Unbound.hs b/src/Propellor/Property/Unbound.hs
index e44953f6..c3afeb84 100644
--- a/src/Propellor/Property/Unbound.hs
+++ b/src/Propellor/Property/Unbound.hs
@@ -1,9 +1,19 @@
--- | Properties for the Unbound caching DNS server
+-- | Maintainer: Félix Sipma <felix.sipma@no-log.org>
+--
+-- Properties for the Unbound caching DNS server
module Propellor.Property.Unbound
( installed
, restarted
, reloaded
+ , UnboundSection
+ , UnboundZone
+ , UnboundHost
+ , UnboundSetting
+ , UnboundValue
+ , UnboundKey
+ , ConfSection
+ , ZoneType
, cachingDnsServer
) where