summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--privdata/privdata.gpg19
-rw-r--r--src/Propellor/Property/Apt.hs14
-rw-r--r--src/Propellor/Property/Tor.hs34
3 files changed, 41 insertions, 26 deletions
diff --git a/privdata/privdata.gpg b/privdata/privdata.gpg
deleted file mode 100644
index 7adbfa93..00000000
--- a/privdata/privdata.gpg
+++ /dev/null
@@ -1,19 +0,0 @@
------BEGIN PGP MESSAGE-----
-Version: GnuPG v1
-
-hQIMA7ODiaEXBlRZAQ/+PM/KTUaI4xdM+eDaiund1opYfCFjcwPoXcvj56pahV4D
-3P7EYYhd1tAYaj4dGiPPNCN6bp6Azajhggu2CEm0VBCGGKIxo5p20rlITwVCgVHa
-Y9JRhh6A8t0e34fSOFFfaBBRDF377Y6sWuJ/deo3h/OhmJyOwSBVANwqBdQVOSza
-LLnsZ2utkHgnXjS1hb54IglG0MAgU3ynYCDg6H+v1ZJ/qHH1hK5FINYVQ7cs60ZR
-S1VdJObt11jHr72C2804bJpWWK0//cE3BV5wzugRopfBorhdoPlqaQ81aqD3TkYa
-1nthyjA/E9TnU15M8WTkgfDRFYa/mcrvTLNd+MIRSV0wwIy0kBvRvQYBLV276Sdb
-cr1nk91q2KwwnDoymlZyKN0v2Ax9lq16QKrW+hLHFlnOs7OjzUGNvaog/Q9P25Yu
-Q+/WkP9ToN6UvkGFV10ItL8cttt9W8kFMFIzTXLX65f2s14+pKBX1M0xhDVhEEJp
-BscOW/gIcOoINUBbQqTSMMjUV6bIxmyNXKw2kTwvtqtbd+fRN6kBMYVeJ6JQK2gx
-ANXVd+Xs1r1dOGnQ469mUX1gkc4dByUa1eI8QQLoFPKpTkmpJngjzD7izhyW+v2m
-GWPHHdS2F1xhzwLWxsh8fZ5NHkUTnIZqKfMacLWqKY7omUNNFPd9/W4c96M0D5bS
-fgGcrlNnNQLNdCKysU9jdc4Y3bEVoGA9mSUhhzBpyC0XAo/7dm34rBlXWHl6v8jx
-hr9vdV/g6QxCr8qjnndsTqCd2hwk/+1IXoKctzxWFYtv8fxv7UNDir9sCtovLamH
-fyTU0AeA4ignXssxQH5PHbQCaUcVO12lp7RAR6vuvg==
-=nkRo
------END PGP MESSAGE-----
diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs
index 7cf6c2b0..471d6195 100644
--- a/src/Propellor/Property/Apt.hs
+++ b/src/Propellor/Property/Apt.hs
@@ -29,6 +29,10 @@ backportSuite :: DebianSuite -> Maybe String
backportSuite (Stable s) = Just (s ++ "-backports")
backportSuite _ = Nothing
+stableUpdatesSuite :: DebianSuite -> Maybe String
+stableUpdatesSuite (Stable s) = Just (s ++ "-updates")
+stableUpdatesSuite _ = Nothing
+
debLine :: String -> Url -> [Section] -> Line
debLine suite mirror sections = unwords $
["deb", mirror, suite] ++ sections
@@ -74,9 +78,9 @@ securityUpdates suite
-- Since the CDN is sometimes unreliable, also adds backup lines using
-- kernel.org.
stdSourcesList :: Property
-stdSourcesList = withOS ("standard sources.list") $ \o ->
+stdSourcesList = withOS ("standard sources.list") $ \o ->
case o of
- (Just (System (Debian suite) _)) ->
+ (Just (System (Debian suite) _)) ->
ensureProperty $ stdSourcesListFor suite
_ -> error "os is not declared to be Debian"
@@ -135,7 +139,7 @@ installedBackport ps = trivial $ withOS desc $ \o -> case o of
Nothing -> error "cannot install backports; os not declared"
(Just (System (Debian suite) _)) -> case backportSuite suite of
Nothing -> notsupported o
- Just bs -> ensureProperty $ runApt $
+ Just bs -> ensureProperty $ runApt $
["install", "-t", bs, "-y"] ++ ps
_ -> notsupported o
where
@@ -218,7 +222,7 @@ unattendedUpgrades = RevertableProperty enable disable
v
| enabled = "true"
| otherwise = "false"
-
+
configure = withOS "unattended upgrades configured" $ \o ->
case o of
-- the package defaults to only upgrading stable
@@ -272,4 +276,4 @@ trustsKey k = RevertableProperty trust untrust
-- space.
cacheCleaned :: Property
cacheCleaned = trivial $ cmdProperty "apt-get" ["clean"]
- `describe` "apt cache cleaned"
+ `describe` "apt cache cleaned"
diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs
index 2384a7d2..c23f060a 100644
--- a/src/Propellor/Property/Tor.hs
+++ b/src/Propellor/Property/Tor.hs
@@ -4,6 +4,11 @@ import Propellor
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service
+import Utility.FileMode
+
+import System.Posix.Files
+
+type HiddenServiceName = String
isBridge :: Property
isBridge = setup `requires` Apt.installed ["tor"]
@@ -16,7 +21,7 @@ isBridge = setup `requires` Apt.installed ["tor"]
, "Exitpolicy reject *:*"
] `onChange` restarted
-hiddenServiceAvailable :: HostName -> Int -> Property
+hiddenServiceAvailable :: HiddenServiceName -> Int -> Property
hiddenServiceAvailable hn port = hiddenServiceHostName prop
where
prop = mainConfig `File.containsLines`
@@ -31,7 +36,7 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop
warningMessage $ unlines ["hidden service hostname:", h]
return r
-hiddenService :: HostName -> Int -> Property
+hiddenService :: HiddenServiceName -> Int -> Property
hiddenService hn port = mainConfig `File.containsLines`
[ unlines ["HiddenServiceDir", varLib </> hn]
, unlines ["HiddenServicePort", show port, "127.0.0.1:" ++ show port]
@@ -39,6 +44,28 @@ hiddenService hn port = mainConfig `File.containsLines`
`describe` unlines ["hidden service available:", hn, show port]
`onChange` restarted
+hiddenServiceData :: HiddenServiceName -> Context -> Property
+hiddenServiceData hn context = combineProperties desc
+ [ installonion "hostname"
+ , installonion "private_key"
+ ]
+ where
+ desc = unlines ["hidden service data available in", varLib </> hn]
+ installonion f = withPrivData (PrivFile $ varLib </> hn </> f) context $ \getcontent ->
+ property desc $ getcontent $ install $ varLib </> hn </> f
+ install f content = ifM (liftIO $ doesFileExist f)
+ ( noChange
+ , ensureProperties
+ [ property desc $ makeChange $ do
+ createDirectoryIfMissing True (takeDirectory f)
+ writeFileProtected f content
+ , File.mode (takeDirectory f) $ combineModes
+ [ownerReadMode, ownerWriteMode, ownerExecuteMode]
+ , File.ownerGroup (takeDirectory f) user user
+ , File.ownerGroup f user user
+ ]
+ )
+
restarted :: Property
restarted = Service.restarted "tor"
@@ -50,3 +77,6 @@ varLib = "/var/lib/tor"
varRun :: FilePath
varRun = "/var/run/tor"
+
+user :: UserName
+user = "debian-tor"