summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
l---------config.hs2
-rw-r--r--debian/changelog13
-rw-r--r--doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo.mdwn101
-rw-r--r--doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_1_6e0f5ebebe81a632dccafb97cfe49e70._comment21
-rw-r--r--doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment13
-rw-r--r--doc/forum/Getting_Info_from_containers/comment_5_45f48be3688d2879098cc72be334cb8d._comment26
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent.mdwn33
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_1_0656133cfbc13b7369a74f351a9388c4._comment94
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment21
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_3_f9fb0a214ee8bc4fac11c3c16747cbe2._comment8
-rw-r--r--doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_4_b3880a95912d446befd537a74989cba4._comment87
-rw-r--r--doc/forum/Unprivileged_containers_break_propellor.mdwn53
-rw-r--r--doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_2_b83a1faeddc677a94add278dfc834d21._comment8
-rw-r--r--doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_3_00af4904cec24089b87c626769330bec._comment8
-rw-r--r--doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_4_279d93da4d178cadec5b30b0f48c7196._comment8
-rw-r--r--doc/forum/apt_releaseinfo/comment_3_14f13cddb537766dc2b8234c731e0834._comment8
-rw-r--r--doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed.mdwn14
-rw-r--r--doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed/comment_1_2ef9109c5cd7e8ca89f309c48320ac20._comment12
-rw-r--r--doc/forum/ipv6_support_for_P.Property.Firewall.mdwn1
-rw-r--r--doc/forum/ipv6_support_for_P.Property.Firewall/comment_1_d301cfd7a7cb0987a73b8d32df4dac97._comment8
-rw-r--r--doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn25
-rw-r--r--doc/forum/isCopyOf_does_not_work_on_nfs_filesystem/comment_1_b1ffea063d9928889df17d9a8f3e8a5d._comment22
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests.mdwn5
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests/comment_1_3ca5dcbf17213af7c30c59a4148c6375._comment11
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests/comment_2_b57bb2a74ce9028f08b3c9ce26a4864b._comment8
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests/comment_3_c0b2c7b72d4fe63cc2eb0ddcf5745fc9._comment10
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests/comment_4_5a2b2748c7e9eadc3c85ad6037ebc39a._comment8
-rw-r--r--doc/forum/running_commands_in_Libvirt_guests/comment_5_669f05bac2b09ddbf735f9afdaed4400._comment8
-rw-r--r--doc/news/version_5.6.0.mdwn22
-rw-r--r--doc/news/version_5.9.1.mdwn11
-rw-r--r--joeyconfig.hs3
-rw-r--r--privdata/relocate1
-rw-r--r--propellor.cabal2
-rw-r--r--src/Propellor/Property/Localdir.hs7
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs8
35 files changed, 656 insertions, 34 deletions
diff --git a/config.hs b/config.hs
index 97d90636..ec313725 120000
--- a/config.hs
+++ b/config.hs
@@ -1 +1 @@
-joeyconfig.hs \ No newline at end of file
+config-simple.hs \ No newline at end of file
diff --git a/debian/changelog b/debian/changelog
index 2c6f2a4f..3031d05a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,13 @@
-propellor (5.9.1) UNRELEASED; urgency=medium
+propellor (5.10.1) UNRELEASED; urgency=medium
+
+ * Localdir.hasOriginUrl: Depend on Git.installed.
+ * Localdir.hasOriginUrl: Type changed from UnixLike to DebianLike
+ because Git.installed is not implemented for other unixes.
+ (API change)
+
+ -- Joey Hess <id@joeyh.name> Thu, 08 Aug 2019 11:33:37 -0400
+
+propellor (5.9.1) unstable; urgency=medium
* Apt: Debian has changed the name of the suite for testing security updates
from testing to testing-security.
@@ -10,7 +19,7 @@ propellor (5.9.1) UNRELEASED; urgency=medium
* Systemd.machined: Fix a bug that caused the systemd-container package
to not be installed when used with Debian buster.
- -- Joey Hess <id@joeyh.name> Wed, 10 Jul 2019 22:02:35 -0400
+ -- Joey Hess <id@joeyh.name> Wed, 17 Jul 2019 15:59:29 -0400
propellor (5.9.0) unstable; urgency=medium
diff --git a/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo.mdwn b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo.mdwn
new file mode 100644
index 00000000..5f90612a
--- /dev/null
+++ b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo.mdwn
@@ -0,0 +1,101 @@
+Hello,
+
+I am working on making a property to setup a CMS, involving configuration with passwrod...
+
+I have a first property installing the required packages with signature :
+
+ wp_pkgs :: Property Debian
+
+I have made a second property to store the password/priv data to the 'proper file' which has signature (the data is stored in the privData with context the hostname and field the 'DbId')
+
+ type DbId = String
+ wp_dbconf :: HostName -> DbId -> Property (Debian + HasInfo)
+
+
+I now want to combine those properties to make a single entry point using the following code :
+
+
+ wordpressSite :: HostName -> DbId -> Property (Debian + HasInfo)
+ wordpressSite hn id = desc ==> wp_conf hn id
+ where
+ desc :: String
+ desc = ("Installing and configuring WordPress to answer at name " ++ hn)
+
+ wp_conf :: HostName -> DbId -> Property (Debian + HasInfo)
+ wp_conf hn id =
+ wp_pkgs
+ `before` wp_dbconf hn id
+
+which gives me this error :
+
+ /src/Propellor/Property/SiteSpecific/IPANEMA.hs:221:7: error:
+ • Couldn't match type ‘'Propellor.Types.MetaTypes.Targeting
+ 'OSDebian’
+ with ‘'Propellor.Types.MetaTypes.WithInfo’
+ Expected type: Property (Debian + HasInfo)
+ Actual type: CombinedType
+ (Property Debian)
+ (Property
+ (Propellor.Types.MetaTypes.MetaTypes
+ '['Propellor.Types.MetaTypes.Targeting 'OSDebian,
+ 'Propellor.Types.MetaTypes.WithInfo]))
+ • In the expression: wp_pkgs `before` wp_dbconf hn id
+ In an equation for ‘wp_conf’:
+ wp_conf hn id = wp_pkgs `before` wp_dbconf hn id
+ In an equation for ‘wordpressSite’:
+ wordpressSite hn id
+ = desc ==> wp_conf hn id
+ where
+ desc :: String
+ desc
+ = ("Installing and configuring WordPress to answer at name " ++ hn)
+ wp_conf :: HostName -> DbId -> Property (Debian + HasInfo)
+ wp_conf hn id = wp_pkgs `before` wp_dbconf hn id
+ |
+ 221 | wp_pkgs
+ | ^^^^^^^...
+
+I understand that `before` is not happy having different types of Property on both sides.
+
+I then tried also using *props* (with or without embedding it within a *propertyList*). Here is the version with *propertyList*
+
+ wp_conf hn id =
+ propertyList "Setting up a wordpress site" $ props
+ & wp_pkgs
+ & wp_dbconf hn id
+
+Which also complains that I am trying to combine Debian with (Debian + HasInfo) (or at least that is how I understand the error message) :
+
+ src/Propellor/Property/SiteSpecific/IPANEMA.hs:221:52: error:
+ • Couldn't match type ‘'Propellor.Types.MetaTypes.Targeting
+ 'OSDebian’
+ with ‘'Propellor.Types.MetaTypes.WithInfo’
+ Expected type: Props
+ (Propellor.Types.MetaTypes.MetaTypes
+ '['Propellor.Types.MetaTypes.Targeting 'OSDebian,
+ 'Propellor.Types.MetaTypes.WithInfo])
+ Actual type: Props
+ (Propellor.Types.MetaTypes.MetaTypes
+ (Propellor.Types.MetaTypes.Combine
+ '['Propellor.Types.MetaTypes.Targeting 'OSDebian]
+ '['Propellor.Types.MetaTypes.Targeting 'OSDebian,
+ 'Propellor.Types.MetaTypes.WithInfo]))
+ • In the second argument of ‘($)’, namely
+ ‘props & wp_pkgs & wp_dbconf hn id’
+ In the expression:
+ propertyList "Setting up a wordpress site"
+ $ props & wp_pkgs & wp_dbconf hn id
+ In an equation for ‘wp_conf’:
+ wp_conf hn id
+ = propertyList "Setting up a wordpress site"
+ $ props & wp_pkgs & wp_dbconf hn id
+ |
+ 221 | propertyList "Setting up a wordpress site" $ props
+ | ^^^^^...
+
+
+I guess that is a regular pattern (mixing few properties with *HasInfo* with other that do not *HasInfo*) but all the code that I am looking at seems to work with *props* or some *before* or *require* combination.
+
+I don't understand what I am doing *wrong* here.
+
+
diff --git a/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_1_6e0f5ebebe81a632dccafb97cfe49e70._comment b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_1_6e0f5ebebe81a632dccafb97cfe49e70._comment
new file mode 100644
index 00000000..04eb0f2b
--- /dev/null
+++ b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_1_6e0f5ebebe81a632dccafb97cfe49e70._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2019-09-16T15:07:56Z"
+ content="""
+The problem is that you have "Debian + HasInfo" and the compiler expects
+"HasInfo + Debian". If you swap the order it will compile.
+
+Internally these types are represented as type-level lists, eg
+`[Debian, HasInfo]`. Unfortunately list items are ordered.
+What's needed is a type-level set. Using
+<http://hackage.haskell.org/package/type-level-sets>
+or something like it would avoid the problem, and is planned eventually.
+(But not yet, it [affects compile performance](https://github.com/dorchard/type-level-sets/issues/17)
+and [actually still depends on list ordering](https://github.com/dorchard/type-level-sets/issues/5).)
+
+In the meantime, there's a de-facto standard ordering of the items in a
+Property's metatypes list, and using some other ordering will result
+in this problem. If you let ghc infer the type of a property, the result
+will always use the standard ordering.
+"""]]
diff --git a/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment
new file mode 100644
index 00000000..ef6658a2
--- /dev/null
+++ b/doc/forum/Combining_properties_with_HasInfo_and_another_without_HasInfo/comment_2_152c6b9d0ac402c374d9cfaf9ef14904._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="serge1cohen"
+ avatar="http://cdn.libravatar.org/avatar/df873622c2eeb5b34222b7af0d47abd0"
+ subject="Works !"
+ date="2019-09-16T16:50:42Z"
+ content="""
+Hi again,
+
+I have just commuted all HasInfo and Debian (to have HasInfo first) and all works !
+Cool, thanks !
+
+Serge.
+"""]]
diff --git a/doc/forum/Getting_Info_from_containers/comment_5_45f48be3688d2879098cc72be334cb8d._comment b/doc/forum/Getting_Info_from_containers/comment_5_45f48be3688d2879098cc72be334cb8d._comment
new file mode 100644
index 00000000..f94daf58
--- /dev/null
+++ b/doc/forum/Getting_Info_from_containers/comment_5_45f48be3688d2879098cc72be334cb8d._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2019-07-21T15:18:51Z"
+ content="""
+This seems like a reasonable change to make, although I am not sure I
+understand how you'd practially use it.
+
+But as far as how to implement it, you merely need to make an IsInfo
+instance for Host (or for [Host]) and then each of the container properties
+can add the Host of their container to the Info.
+
+Hmm, actually, this info is already provided in another way.
+In Propellor.Types.Chroot there is a ChrootInfo that builds up a map from
+chroot location to Host, and that gets added to the Info of the host where the
+chroot is used.
+
+As well as being used for regular chroots, the systemd containers are based
+on a chroot and so also use and provide it. Docker does not currently use
+it though. It has a separate DockerInfo that also happens to include the
+Host corresponding to the docker container.
+
+Anyway, I guess I'm a little bit unclear on what your original problem was,
+it might help if you could restate it in more detail to see if this would
+really help with it.
+"""]]
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent.mdwn b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent.mdwn
new file mode 100644
index 00000000..25360b26
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent.mdwn
@@ -0,0 +1,33 @@
+The following seems to more or less work (at least the output from
+"iptables -L -v" looks plausible. But it's not persistent.
+It doesn't seem sensible to wait for propellor to run again to set up a firewall after reboot. Any ideas for how to make this persistent?
+
+[[!format haskell """
+module Propellor.Property.SiteSpecific.Tethera.Firewall (
+ ipFirewall,
+ ) where
+
+import Propellor.Base
+import Propellor.Property.Firewall
+
+ipFirewall :: [Port] -> [Port] -> Property DebianLike
+ipFirewall tcpPorts udpPorts = propertyList "IPTables based firewall" $ props
+ & installed
+ & rule INPUT Filter DROP (Ctstate [INVALID])
+ & rule INPUT Filter ACCEPT (InIFace "lo")
+ & rule OUTPUT Filter ACCEPT (OutIFace "lo")
+ & rule INPUT Filter ACCEPT (Ctstate [ESTABLISHED, RELATED])
+ & rule INPUT Filter ACCEPT (Proto ICMP)
+ & openPorts TCP tcpPorts
+ & openPorts UDP udpPorts
+ & rule OUTPUT Filter ACCEPT Everything
+ & rule INPUT Filter DROP Everything
+ & rule FORWARD Filter DROP Everything
+ where
+ openPorts proto lst = combineProperties "open TCP ports" $
+ toProps (map
+ (\p -> (rule INPUT Filter ACCEPT
+ ((Proto proto) :- (DPort p)) ))
+ lst)
+
+"""]]
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_1_0656133cfbc13b7369a74f351a9388c4._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_1_0656133cfbc13b7369a74f351a9388c4._comment
new file mode 100644
index 00000000..06939eec
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_1_0656133cfbc13b7369a74f351a9388c4._comment
@@ -0,0 +1,94 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="A first attempt"
+ date="2019-07-18T23:30:44Z"
+ content="""
+Here's what I came up with. I don't know if I'm missing some more obvious way. Thanks to Stefan Gronke on github for answering \"what's a simple way to make an iptables systemd service\"
+
+[[!format haskell \"\"\"
+module Propellor.Property.SiteSpecific.Tethera.Firewall (
+ iptablesRules
+ , iptablesUnits
+ , saved
+ ) where
+
+import Propellor.Base
+import Propellor.Property.Firewall
+-- import qualified Propellor.Property.Cmd as Cmd
+import qualified Propellor.Property.File as File
+
+iptablesRules :: [Port] -> [Port] -> Property DebianLike
+iptablesRules tcpPorts udpPorts = propertyList \"IPTables based firewall\" $ props
+ & installed
+ & rule INPUT Filter DROP (Ctstate [INVALID])
+ & rule INPUT Filter ACCEPT (InIFace \"lo\")
+ & rule OUTPUT Filter ACCEPT (OutIFace \"lo\")
+ & rule INPUT Filter ACCEPT (Ctstate [ESTABLISHED, RELATED])
+ & rule INPUT Filter ACCEPT (Proto ICMP)
+ & openPorts TCP tcpPorts
+ & openPorts UDP udpPorts
+ & rule OUTPUT Filter ACCEPT Everything
+ & rule INPUT Filter DROP Everything
+ & rule FORWARD Filter DROP Everything
+ where
+ openPorts proto lst = combineProperties \"open TCP ports\" $
+ toProps (map
+ (\p -> (rule INPUT Filter ACCEPT
+ ((Proto proto) :- (DPort p)) ))
+ lst)
+
+saved :: Property UnixLike
+saved = combineProperties \"iptables rules saved\" $ props
+ & cmdProperty \"iptables-save\" [\"-f\", rulesFile ]
+ `changesFile` rulesFile
+ `requires` File.dirExists rulesDir
+ & cmdProperty \"ip6tables-save\" [\"-f\", rules6File ]
+ `changesFile` rules6File
+ `requires` File.dirExists rulesDir
+ where
+ rulesDir = \"/etc/iptables\"
+ rulesFile = rulesDir ++ \"/iptables.rules\"
+ rules6File = rulesDir ++ \"/ip6tables.rules\"
+
+iptablesUnits :: Property UnixLike
+iptablesUnits = combineProperties \"systemd units for iptables\" $ props
+ & unitFile \"iptables\"
+ & unitFile \"ip6tables\"
+ where
+ unitDir = \"/etc/systemd/system\"
+ unitFile baseName = combineProperties (\"systemd units for \" ++ baseName) $ props
+ & File.hasContent (unitDir ++ \"/\"++baseName++\".service\")
+ [
+ \"[Unit]\"
+ , \"Description=Packet Filtering Framework\"
+ , \"DefaultDependencies=no\"
+ , \"After=systemd-sysctl.service\"
+ , \"Before=sysinit.target\"
+ , \"[Service]\"
+ , \"Type=oneshot\"
+ , \"ExecStart=/sbin/\"++baseName++\"-restore /etc/iptables/\"++baseName++\".rules\"
+ , \"ExecReload=/sbin/\"++baseName++\"-restore /etc/iptables/\"++baseName++\".rules\"
+ , \"ExecStop=/usr/local/bin/flush-\"++baseName++\".sh\"
+ , \"RemainAfterExit=yes\"
+ , \"[Install]\"
+ , \"WantedBy=multi-user.target\"
+ ]
+ & File.hasContent fipSh
+ [
+ \"#!/bin/sh\"
+ , \"iptables -F\"
+ , \"iptables -X\"
+ , \"iptables -t nat -F\"
+ , \"iptables -t nat -X\"
+ , \"iptables -t mangle -F\"
+ , \"iptables -t mangle -X\"
+ , \"iptables -P INPUT ACCEPT\"
+ , \"iptables -P FORWARD ACCEPT\"
+ , \"iptables -P OUTPUT ACCEPT\"
+ ]
+ & File.mode fipSh 0755
+ where
+ fipSh = \"/usr/local/bin/flush-\"++baseName++\".sh\"
+\"\"\"]]
+"""]]
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment
new file mode 100644
index 00000000..93944ebf
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_2_bd74fdd792309a70d7de5f5198cf1092._comment
@@ -0,0 +1,21 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2019-07-19T14:09:01Z"
+ content="""
+Funny, I never considered that the Firewall properties don't do anything
+persistent.
+
+I don't think we want to get propellor involved in booting the system,
+either..
+
+Using iptables-save seems to have a problem: If there are other iptables
+rules that were not set by this run of propellor, it will save those
+as well. So it could save rules that were set up by something else that was
+intended to be temporary, or perhaps rules that were set by a earlier
+propellor config and that then got deleted out of the propellor config.
+
+Another way to do it could be to have Firewall.rule add its configuration
+to Info and then Firewall.save could see the collected Info from all
+the rules and use it to generate the boot script itself.
+"""]]
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_3_f9fb0a214ee8bc4fac11c3c16747cbe2._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_3_f9fb0a214ee8bc4fac11c3c16747cbe2._comment
new file mode 100644
index 00000000..ad4bad4a
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_3_f9fb0a214ee8bc4fac11c3c16747cbe2._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="Firewall.flush needed?"
+ date="2019-08-03T15:38:21Z"
+ content="""
+A simple(-minded) solution to the problem with ip-tables-save is to provide a way to invoke \"iptables -F\". It seems like this is needed in general, just to have a known starting point. At least most examples of setting up a firewall with iptables start by flushing the existing rules.
+"""]]
diff --git a/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_4_b3880a95912d446befd537a74989cba4._comment b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_4_b3880a95912d446befd537a74989cba4._comment
new file mode 100644
index 00000000..511deffa
--- /dev/null
+++ b/doc/forum/How_to_make_P.Property.Firewall.rule_persistent/comment_4_b3880a95912d446befd537a74989cba4._comment
@@ -0,0 +1,87 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="giving up on Firewall persistence"
+ date="2019-08-11T11:29:07Z"
+ content="""
+I ran out of time/motivation to do this \"right\", so I just hardcoded all the things, and made a new module called IPTables
+
+[[!format haskell \"\"\"
+module Propellor.Property.SiteSpecific.Tethera.IPTables (
+ systemdUnits
+ , rules
+ ) where
+
+import Propellor.Base
+import qualified Propellor.Property.File as File
+
+
+systemdUnits :: Property UnixLike
+systemdUnits = combineProperties \"systemd units for iptables\" $ props
+ & unitFile \"iptables\"
+ & unitFile \"ip6tables\"
+ where
+ unitDir = \"/etc/systemd/system\"
+ unitFile baseName = combineProperties (\"systemd units for \" ++ baseName) $ props
+ & File.hasContent (unitDir ++ \"/\"++baseName++\".service\")
+ [
+ \"[Unit]\"
+ , \"Description=Packet Filtering Framework\"
+ , \"DefaultDependencies=no\"
+ , \"After=systemd-sysctl.service\"
+ , \"Before=sysinit.target\"
+ , \"[Service]\"
+ , \"Type=oneshot\"
+ , \"ExecStart=/sbin/\"++baseName++\"-restore -n /etc/iptables/\"++baseName++\".rules\"
+ , \"ExecReload=/sbin/\"++baseName++\"-restore -n /etc/iptables/\"++baseName++\".rules\"
+ , \"ExecStop=/usr/local/bin/flush-\"++baseName++\".sh\"
+ , \"RemainAfterExit=yes\"
+ , \"[Install]\"
+ , \"WantedBy=multi-user.target\"
+ ]
+ & File.hasContent fipSh
+ [
+ \"#!/bin/sh\"
+ , baseName ++ \" -F INPUT\"
+ , baseName ++ \" -F FORWARD\"
+ , baseName ++ \" -F OUTPUT\"
+ , baseName ++ \" -P INPUT ACCEPT\"
+ , baseName ++ \" -P FORWARD ACCEPT\"
+ , baseName ++ \" -P OUTPUT ACCEPT\"
+ ]
+ & File.mode fipSh 0o0755
+ where
+ fipSh = \"/usr/local/bin/flush-\"++baseName++\".sh\"
+
+
+-- this currently makes the possibly bad assumption that the same rule
+-- file will work for both v4 and v6
+rules :: Property UnixLike
+rules = combineProperties \"systemd units for iptables\" $ props
+ & ruleFile \"iptables\"
+ & ruleFile \"ip6tables\"
+ where
+ ruleDir = \"/etc/iptables\"
+ ruleFile baseName = combineProperties (baseName ++ \" rules\") $ props
+ & File.hasContent (ruleDir ++ \"/\"++baseName++\".rules\")
+
+ [ \"*filter\"
+ , \":INPUT ACCEPT [0:0]\"
+ , \":FORWARD ACCEPT [0:0]\"
+ , \":OUTPUT ACCEPT [0:0]\"
+ , \"-A INPUT -m conntrack --ctstate INVALID -j DROP\"
+ , \"-A INPUT -i lo -j ACCEPT\"
+ , \"-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT\"
+ , \"-A INPUT -p icmp -j ACCEPT\"
+ , \"-6 -A INPUT -p ipv6-icmp -j ACCEPT\"
+ , \"-6 -A INPUT -m state --state NEW -m udp -p udp -s fe80::/10 --dport 546 -j ACCEPT\"
+ , \"-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT\"
+ , \"-A INPUT -j DROP\"
+ , \"-A FORWARD -j DROP\"
+ , \"-A OUTPUT -o lo -j ACCEPT\"
+ , \"-A OUTPUT -j ACCEPT\"
+ , \"COMMIT\"
+ ]
+ `requires` File.dirExists ruleDir
+\"\"\"]]
+"""]]
diff --git a/doc/forum/Unprivileged_containers_break_propellor.mdwn b/doc/forum/Unprivileged_containers_break_propellor.mdwn
new file mode 100644
index 00000000..0cb02c9b
--- /dev/null
+++ b/doc/forum/Unprivileged_containers_break_propellor.mdwn
@@ -0,0 +1,53 @@
+When trying to set up an unprivileged nspawn container, e.g., like shown below, propellor breaks, as it bind-mounts the `/usr/local/propellor` directory from the host, which leads to broken UIDs when seen from inside the container. I'm assuming `propellChroot` in `src/Propellor/Property/Chroot.hs` is the code that's responsible. Unfortunately, I'm not very firm in Haskell, so I'm not sure I can solve this in reasonable time, but I'll give it a shot.
+
+
+Example config:
+
+```
+rec0 :: Systemd.Container
+rec0 = Systemd.debContainer "rec0" $ props
+ & Systemd.containerCfg "--network-veth"
+ & Systemd.containerCfg "-U"
+ & osDebian (Stable "buster") X86_64
+ & Apt.stdSourcesList
+ & Apt.installed ["pdns-recursor"] `requires` Systemd.running Systemd.networkd
+```
+
+This is the relevant output from a spin that includes the above container definition:
+
+```
+rec0 has container configuration --network-veth ... ok
+rec0 has container configuration -U ... ok
+rec0 has Operating System (Debian Linux (Stable "buster")) X86_64 ... ok
+rec0 standard sources.list ... ok
+Failed to connect to bus: Operation not permitted
+rec0 apt removed cron ifupdown rsyslog iptables isc-dhcp-client ... ok
+rec0 apt installed pdns-recursor ... failed
+propy nspawned rec0 ... failed
+propy overall ... failed
+```
+
+I figured out the (likely) cause like this:
+
+```
+$ findmnt /var/lib/container/rec0/usr/local/propellor
+TARGET SOURCE FSTYPE OPTIONS
+/var/lib/container/rec0/usr/local/propellor /dev/mapper/sys-root[/usr/local/propellor] ext4 rw,relatime,errors=remount-ro
+$ ls -l /var/lib/container/rec0/usr/local/propellor/dist/build/propellor-config/
+total 12272
+drwxr-xr-x 2 vu-rec0-0 vg-rec0-0 4096 Sep 24 01:19 autogen
+-rwxr-xr-x 1 root root 6279024 Sep 24 03:16 propellor-config
+-rwxr-xr-x 1 root root 6279024 Sep 24 03:16 propellor-config.built
+drwxr-xr-x 2 vu-rec0-0 vg-rec0-0 4096 Sep 24 03:16 propellor-config-tmp
+```
+
+I have `libnss-mymachines` setup, so the high UID/GID allocated by systemd show up with symbolic names. From inside the container, the root-owned files will show up as `nobody`:
+
+```
+# ls -l /usr/local/propellor/dist/build/propellor-config/
+total 12272
+drwxr-xr-x 2 root root 4096 Sep 24 01:19 autogen
+-rwxr-xr-x 1 nobody nogroup 6279024 Sep 24 03:16 propellor-config
+drwxr-xr-x 2 root root 4096 Sep 24 03:16 propellor-config-tmp
+-rwxr-xr-x 1 nobody nogroup 6279024 Sep 24 03:16 propellor-config.built
+```
diff --git a/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_2_b83a1faeddc677a94add278dfc834d21._comment b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_2_b83a1faeddc677a94add278dfc834d21._comment
new file mode 100644
index 00000000..8a636e35
--- /dev/null
+++ b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_2_b83a1faeddc677a94add278dfc834d21._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 2"
+ date="2019-07-23T10:22:19Z"
+ content="""
+Seems the `gw` parameter is unused? What was that for?
+"""]]
diff --git a/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_3_00af4904cec24089b87c626769330bec._comment b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_3_00af4904cec24089b87c626769330bec._comment
new file mode 100644
index 00000000..8e2e7025
--- /dev/null
+++ b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_3_00af4904cec24089b87c626769330bec._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="unused parameter gw"
+ date="2019-08-03T15:48:10Z"
+ content="""
+For specifying an optional gateway. I never got that far in implimenting it.
+"""]]
diff --git a/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_4_279d93da4d178cadec5b30b0f48c7196._comment b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_4_279d93da4d178cadec5b30b0f48c7196._comment
new file mode 100644
index 00000000..2ce5be48
--- /dev/null
+++ b/doc/forum/WIP_adding_dhcp_records_to_libvirt/comment_4_279d93da4d178cadec5b30b0f48c7196._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 4"
+ date="2019-08-18T16:13:30Z"
+ content="""
+Okay. Your approach in the code you posted seems good on a quick look over.
+"""]]
diff --git a/doc/forum/apt_releaseinfo/comment_3_14f13cddb537766dc2b8234c731e0834._comment b/doc/forum/apt_releaseinfo/comment_3_14f13cddb537766dc2b8234c731e0834._comment
new file mode 100644
index 00000000..495651f3
--- /dev/null
+++ b/doc/forum/apt_releaseinfo/comment_3_14f13cddb537766dc2b8234c731e0834._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 3"
+ date="2019-07-17T15:47:26Z"
+ content="""
+I think so, but presumably they are being often misused.
+"""]]
diff --git a/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed.mdwn b/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed.mdwn
new file mode 100644
index 00000000..2422d17b
--- /dev/null
+++ b/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed.mdwn
@@ -0,0 +1,14 @@
+Hello,
+
+I am creating virtual machines and set the url of propellor with
+
+ & PropellorRepo.hasOriginUrl "https://salsa.debian.org/picca/propellor.git"
+
+I give the old name since I use the 5.6.0 version available in Debian stable.
+
+It systematically fail each time I provision the machine.
+I discovered that it failed due to a missing git.
+
+so it seems to me that this property should install git before running :)
+
+cheers
diff --git a/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed/comment_1_2ef9109c5cd7e8ca89f309c48320ac20._comment b/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed/comment_1_2ef9109c5cd7e8ca89f309c48320ac20._comment
new file mode 100644
index 00000000..b11da49f
--- /dev/null
+++ b/doc/forum/hasOriginUrl_does_not_work_if_git_was_not_installed/comment_1_2ef9109c5cd7e8ca89f309c48320ac20._comment
@@ -0,0 +1,12 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2019-08-08T15:28:13Z"
+ content="""
+I've made the property require Git.installed.
+
+I guess this was not noticed because either I was using some other property
+that also installed git, or I only tried it outside a virtual machine, and
+so propellor had installed git as part of its process of bootstrapping a
+host.
+"""]]
diff --git a/doc/forum/ipv6_support_for_P.Property.Firewall.mdwn b/doc/forum/ipv6_support_for_P.Property.Firewall.mdwn
new file mode 100644
index 00000000..4648e3d4
--- /dev/null
+++ b/doc/forum/ipv6_support_for_P.Property.Firewall.mdwn
@@ -0,0 +1 @@
+would it make sense for Firewall.rule to call ip6tables as well as iptables? Or is a lower level interface with e.g. rule6 invoking ip6tables. To be honest I haven't tested ip6tables on machines without ipv6 support, so I don't know how gracefully it fails.
diff --git a/doc/forum/ipv6_support_for_P.Property.Firewall/comment_1_d301cfd7a7cb0987a73b8d32df4dac97._comment b/doc/forum/ipv6_support_for_P.Property.Firewall/comment_1_d301cfd7a7cb0987a73b8d32df4dac97._comment
new file mode 100644
index 00000000..3a35317d
--- /dev/null
+++ b/doc/forum/ipv6_support_for_P.Property.Firewall/comment_1_d301cfd7a7cb0987a73b8d32df4dac97._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="probably low level is needed"
+ date="2019-07-19T12:38:30Z"
+ content="""
+A tiny amount of investigation reveals that there are protocols that make sense only for one of ip{6,}tables, e.g. icmpv6. So probably ip6tables needs to be invoked separately.
+"""]]
diff --git a/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn
new file mode 100644
index 00000000..dff1fdc4
--- /dev/null
+++ b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem.mdwn
@@ -0,0 +1,25 @@
+Hello, I try to copy a vm image to a directory like this
+
+ & "/nfs/share-temp/panbox-rel.img" `File.isCopyOf` panboxName
+
+
+but when I run this, I get this error message
+
+ sixs3.exp.synchrotron-soleil.fr /root/vm/panbox-rel.img owner picca:grp-instrumentation ... done
+ cp: failed to preserve ownership for '/nfs/share-temp/panbox-rel.img.propellor-new~': Operation not permitted
+ ** error: cp failed
+ ** warning: Cannot continue!
+ CallStack (from HasCallStack):
+ error, called at src/Propellor/Message.hs:143:9 in propellor-5.6.0-GGUJL7KihFnDmzjFSP3dov:Propellor.Message
+ sixs3.exp.synchrotron-soleil.fr /nfs/share-temp/panbox-rel.img is copy of /root/vm/panbox-rel.img ... failed
+
+I understand thaht it is not possible to use cp --preserve... on the nfs system.
+
+So is seems that Propellor miss a copyFile whcih is usable also on nfs system :).
+what is the best way to solve this problem.
+
+I can copy the file without the preserve flag.
+
+Cheers
+
+Fred
diff --git a/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem/comment_1_b1ffea063d9928889df17d9a8f3e8a5d._comment b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem/comment_1_b1ffea063d9928889df17d9a8f3e8a5d._comment
new file mode 100644
index 00000000..935b23b9
--- /dev/null
+++ b/doc/forum/isCopyOf_does_not_work_on_nfs_filesystem/comment_1_b1ffea063d9928889df17d9a8f3e8a5d._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2019-10-01T14:06:35Z"
+ content="""
+Your NFS server must have root squash enabled then. So any propellor
+properties that try to set the owner will fail (File.ownerGroup).
+
+It's entirely reasonable for properties to need to set the owner of a file.
+Many properties make files owned by a specific user and having them
+squashed to "nobody" would break their purpose.
+
+There's only one property in propellor that currently uses File.isCopyOf,
+and that property is in fact installing a user's configuration file, which
+needs to be owned by that user. So changing that property's behavior is
+out.
+
+So your options are, disable the NFS root squash, or avoid using propellor
+properties that set file ownership. If you wanted to make a variant of
+isCopyOf that didn't preserve permissions, we could perhaps look at adding
+that to propellor.
+"""]]
diff --git a/doc/forum/running_commands_in_Libvirt_guests.mdwn b/doc/forum/running_commands_in_Libvirt_guests.mdwn
new file mode 100644
index 00000000..b952ac0c
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests.mdwn
@@ -0,0 +1,5 @@
+I need to run some random binaries in the guest I created with Libvirt.defined as part of the configuration.
+
+I can define Cmd.property in the host definition, but what happens for the initial image creation?
+
+Is there some idiom for this I am missing?
diff --git a/doc/forum/running_commands_in_Libvirt_guests/comment_1_3ca5dcbf17213af7c30c59a4148c6375._comment b/doc/forum/running_commands_in_Libvirt_guests/comment_1_3ca5dcbf17213af7c30c59a4148c6375._comment
new file mode 100644
index 00000000..8d6780be
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests/comment_1_3ca5dcbf17213af7c30c59a4148c6375._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="Not a problem after all?"
+ date="2019-08-18T14:04:06Z"
+ content="""
+It seems like the two things I was worried about are working fine, namely
+
+- running dconf update
+- running Grub.configured. I thought the latter was a problem but I just needed to make sure it came after Grub.installed.
+"""]]
diff --git a/doc/forum/running_commands_in_Libvirt_guests/comment_2_b57bb2a74ce9028f08b3c9ce26a4864b._comment b/doc/forum/running_commands_in_Libvirt_guests/comment_2_b57bb2a74ce9028f08b3c9ce26a4864b._comment
new file mode 100644
index 00000000..e0cda846
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests/comment_2_b57bb2a74ce9028f08b3c9ce26a4864b._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="&quot;works&quot; might be overstating it for Grub.configured"
+ date="2019-08-18T14:32:13Z"
+ content="""
+What actually happens is the first run it fails, and leaves the chroot lying around. The second run it succeeds, but this seems pretty fragile? Also it ends up allocating too much free space in the disk image, but that's not the end of the world.
+"""]]
diff --git a/doc/forum/running_commands_in_Libvirt_guests/comment_3_c0b2c7b72d4fe63cc2eb0ddcf5745fc9._comment b/doc/forum/running_commands_in_Libvirt_guests/comment_3_c0b2c7b72d4fe63cc2eb0ddcf5745fc9._comment
new file mode 100644
index 00000000..89679fdd
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests/comment_3_c0b2c7b72d4fe63cc2eb0ddcf5745fc9._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 3"
+ date="2019-08-18T15:25:10Z"
+ content="""
+Unfortunately, there isn't enough information in your report for me to be able to think about what's going on.
+
+Perhaps you could look inside Libvirt.hs and try to determine why it is failing the first time but then succeeding.
+"""]]
diff --git a/doc/forum/running_commands_in_Libvirt_guests/comment_4_5a2b2748c7e9eadc3c85ad6037ebc39a._comment b/doc/forum/running_commands_in_Libvirt_guests/comment_4_5a2b2748c7e9eadc3c85ad6037ebc39a._comment
new file mode 100644
index 00000000..67c11f0a
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests/comment_4_5a2b2748c7e9eadc3c85ad6037ebc39a._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="david"
+ avatar="http://cdn.libravatar.org/avatar/22c2d800db6a7699139df604a67cb221"
+ subject="grub failure"
+ date="2019-08-19T02:16:24Z"
+ content="""
+I narrowed it down to the call to Grub.mkConfig, which basically calls \"update-grub\". If I just copy the ConfFile.containsShellSetting from Grub.configured, then things work fine, presumably because of some later call to update-grub (when the image is finalized?). I'm just guessing, but maybe something later sets up /boot so that update-grub can succeed. I noticed the the call to mkConfig in Grub.installed is guarded against being in a contained, so maybe Grub.configured needs something similar.
+"""]]
diff --git a/doc/forum/running_commands_in_Libvirt_guests/comment_5_669f05bac2b09ddbf735f9afdaed4400._comment b/doc/forum/running_commands_in_Libvirt_guests/comment_5_669f05bac2b09ddbf735f9afdaed4400._comment
new file mode 100644
index 00000000..fe6e7f15
--- /dev/null
+++ b/doc/forum/running_commands_in_Libvirt_guests/comment_5_669f05bac2b09ddbf735f9afdaed4400._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="spwhitton"
+ avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
+ subject="comment 5"
+ date="2019-08-20T13:37:47Z"
+ content="""
+Perhaps inChroot should just be moved into mkConfig.
+"""]]
diff --git a/doc/news/version_5.6.0.mdwn b/doc/news/version_5.6.0.mdwn
deleted file mode 100644
index e3ecf2a4..00000000
--- a/doc/news/version_5.6.0.mdwn
+++ /dev/null
@@ -1,22 +0,0 @@
-propellor 5.6.0 released with [[!toggle text="these changes"]]
-[[!toggleable text="""
- * withOS had a type level bug that allowed ensureProperty to be used inside
- it with a Property that does not match the type of the withOS itself.
- (API change)
- The fix may cause some of your valid uses of withOS to no longer type
- check; the best way to work around that is to use pickOS to pick between
- several properties that are further specialized using withOS.
- For an example of how to do that, see the source code to
- Propellor.Property.Borg.installed
- * Propellor.Property.Cron.runPropellor is a Property DebianLike; it was
- incorrectly a Property UnixLike before and that wrong type was hidden by
- the withOS bug.
- * Some openbsd portability fixes. Thanks, rsiddharth.
- * Added Libvirt module. Thanks, Sean Whitton.
- * When bootstrapping on Debian, libghc-stm-dev may not be available,
- as it's become part of ghc, so check before trying to install it.
- * Fix build with ghc 8.6.3.
- * Avoid exposing the constructor of OuterMetaTypesWitness, to avoid
- the kind of mistake that led to the withOS bug.
- * Merged Utility changes from git-annex.
- * Fix --spin crash when ~/.ssh/ directory did not already exist."""]] \ No newline at end of file
diff --git a/doc/news/version_5.9.1.mdwn b/doc/news/version_5.9.1.mdwn
new file mode 100644
index 00000000..dd7bcd5e
--- /dev/null
+++ b/doc/news/version_5.9.1.mdwn
@@ -0,0 +1,11 @@
+propellor 5.9.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Apt: Debian has changed the name of the suite for testing security updates
+ from testing to testing-security.
+ * Apt: Also the suite for stable releases from bullseye on will be
+ suffixed with "-security".
+ * Apt.update: Pass --allow-releaseinfo-change when updating Unstable
+ or Testing, so that code name changes that happen in those suites
+ during a stable release don't prevent updating the rolling suites.
+ * Systemd.machined: Fix a bug that caused the systemd-container package
+ to not be installed when used with Debian buster."""]] \ No newline at end of file
diff --git a/joeyconfig.hs b/joeyconfig.hs
index fb9ee4b2..51eef24c 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -33,6 +33,7 @@ import qualified Propellor.Property.Journald as Journald
import qualified Propellor.Property.Fail2Ban as Fail2Ban
import qualified Propellor.Property.LightDM as LightDM
import qualified Propellor.Property.Laptop as Laptop
+import qualified Propellor.Property.LightDM as LightDM
import qualified Propellor.Property.HostingProvider.Linode as Linode
import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
@@ -186,7 +187,7 @@ honeybee = host "honeybee.kitenet.net" $ props
)
& JoeySites.cubieTruckOneWire
& Systemd.persistentJournal
- & Apt.installed ["firmware-atheros"]
+ & Apt.installed ["firmware-misc-nonfree"] -- wifi
& Apt.serviceInstalledRunning "ntp" -- no hardware clock
& bootstrappedFrom GitRepoOutsideChroot
& Ssh.hostKeys hostContext
diff --git a/privdata/relocate b/privdata/relocate
deleted file mode 100644
index 271692d8..00000000
--- a/privdata/relocate
+++ /dev/null
@@ -1 +0,0 @@
-.joeyconfig
diff --git a/propellor.cabal b/propellor.cabal
index 8cde285e..17b9510b 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -1,5 +1,5 @@
Name: propellor
-Version: 5.9.0
+Version: 5.9.1
Cabal-Version: 1.20
License: BSD2
Maintainer: Joey Hess <id@joeyh.name>
diff --git a/src/Propellor/Property/Localdir.hs b/src/Propellor/Property/Localdir.hs
index 2323f569..69d9af74 100644
--- a/src/Propellor/Property/Localdir.hs
+++ b/src/Propellor/Property/Localdir.hs
@@ -9,6 +9,7 @@ import Propellor.Git.Config
import Propellor.Types.Info
import Propellor.Types.Container
import Propellor.Property.Mount (partialBindMountsOf, umountLazy)
+import qualified Propellor.Property.Git as Git
-- | Sets the url to use as the origin of propellor's git repository.
--
@@ -19,8 +20,10 @@ import Propellor.Property.Mount (partialBindMountsOf, umountLazy)
-- When hosts are being updated without using -- --spin, eg when using
-- the `Propellor.Property.Cron.runPropellor` cron job, this property can
-- be set to redirect them to a new git repository url.
-hasOriginUrl :: String -> Property (HasInfo + UnixLike)
-hasOriginUrl u = setInfoProperty p (toInfo (InfoVal (OriginUrl u)))
+hasOriginUrl :: String -> Property (HasInfo + DebianLike)
+hasOriginUrl u =
+ setInfoProperty p (toInfo (InfoVal (OriginUrl u)))
+ `requires` Git.installed
where
p :: Property UnixLike
p = property ("propellor repo url " ++ u) $ do
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 493a0ce5..83a7ac8d 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -1040,11 +1040,11 @@ house user hosts ctx sshkey = propertyList "home automation" $ props
createSymbolicLink d "/var/www/html"
)
-homerouterWifiInterfaceOld :: String
-homerouterWifiInterfaceOld = "wlx7cdd90400448"
-
homerouterWifiInterface :: String
-homerouterWifiInterface = "wlx7cdd90753b9f"
+homerouterWifiInterface = "wlx9cefd5fcd6f3"
+
+homerouterWifiInterfaceOld :: String
+homerouterWifiInterfaceOld = "wlx7cdd90753b9f"
-- My home router, running hostapd and dnsmasq,
-- with eth0 connected to a satellite modem, and a fallback ppp connection.