summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joeyh.hs124
-rw-r--r--config-simple.hs (renamed from simple-config.hs)0
l---------[-rw-r--r--]config.hs129
-rw-r--r--propellor.cabal3
4 files changed, 127 insertions, 129 deletions
diff --git a/config-joeyh.hs b/config-joeyh.hs
new file mode 100644
index 00000000..2deed805
--- /dev/null
+++ b/config-joeyh.hs
@@ -0,0 +1,124 @@
+-- | This is the live config file used by propellor's author.
+
+import Propellor
+import Propellor.CmdLine
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.Network as Network
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.Sudo as Sudo
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Hostname as Hostname
+import qualified Propellor.Property.Reboot as Reboot
+import qualified Propellor.Property.Tor as Tor
+import qualified Propellor.Property.Docker as Docker
+import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
+import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
+import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
+import Data.List
+
+main :: IO ()
+main = defaultMain [host, Docker.containerProperties container]
+
+-- | This is where the system's HostName, either as returned by uname
+-- or one specified on the command line, is converted into a list of
+-- Properties for that system.
+--
+-- Edit this to configure propellor!
+host :: HostName -> Maybe [Property]
+host hostname@"clam.kitenet.net" = standardSystem Unstable $ props
+ -- Clam is a tor bridge, and an olduse.net shellbox and other
+ -- fun stuff.
+ & cleanCloudAtCost hostname
+ & Apt.unattendedUpgrades
+ & Network.ipv6to4
+ & Apt.installed ["git-annex", "mtr"]
+ & Tor.isBridge
+ & JoeySites.oldUseNetshellBox
+ & Docker.configured
+ & File.dirExists "/var/www"
+ ! Docker.docked container hostname "webserver"
+ ! Docker.docked container hostname "amd64-git-annex-builder"
+ & Docker.garbageCollected
+host hostname@"orca.kitenet.net" = standardSystem Unstable $ props
+ -- Orca is the main git-annex build box.
+ & Hostname.set hostname
+ & Apt.unattendedUpgrades
+ & Docker.configured
+ & Apt.buildDep ["git-annex"]
+ & Docker.docked container hostname "amd64-git-annex-builder"
+ ! Docker.docked container hostname "i386-git-annex-builder"
+ & Docker.garbageCollected
+-- add more hosts here...
+--host "foo.example.com" =
+host _ = Nothing
+
+-- | This is where Docker containers are set up. A container
+-- can vary by hostname where it's used, or be the same everywhere.
+container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container)
+container _host name
+ | name == "webserver" = Just $ Docker.containerFrom
+ (image $ System (Debian Unstable) "amd64")
+ [ Docker.publish "8080:80"
+ , Docker.volume "/var/www:/var/www"
+ , Docker.inside $ props
+ & serviceRunning "apache2"
+ `requires` Apt.installed ["apache2"]
+ ]
+ | "-git-annex-builder" `isSuffixOf` name =
+ let arch = takeWhile (/= '-') name
+ in Just $ Docker.containerFrom
+ (image $ System (Debian Unstable) arch)
+ [ Docker.inside $ props & GitAnnexBuilder.builder arch "15 * * * *" True ]
+ | otherwise = Nothing
+
+-- | Docker images I prefer to use.
+-- Edit as suites you, or delete this function and just put the image names
+-- above.
+image :: System -> Docker.Image
+image (System (Debian Unstable) "amd64") = "joeyh/debian-unstable"
+image (System (Debian Unstable) "i386") = "joeyh/debian-unstable-i386"
+image _ = "debian"
+
+-- This is my standard system setup
+standardSystem :: DebianSuite -> [Property] -> Maybe [Property]
+standardSystem suite customprops = Just $
+ standardprops : customprops ++ [endprops]
+ where
+ standardprops = propertyList "standard system" $ props
+ & Apt.stdSourcesList suite `onChange` Apt.upgrade
+ & Apt.installed ["etckeeper"]
+ & Apt.installed ["ssh"]
+ & GitHome.installedFor "root"
+ & User.hasSomePassword "root"
+ -- Harden the system, but only once root's authorized_keys
+ -- is safely in place.
+ & check (Ssh.hasAuthorizedKeys "root")
+ (Ssh.passwordAuthentication False)
+ & User.accountFor "joey"
+ & User.hasSomePassword "joey"
+ & Sudo.enabledFor "joey"
+ & GitHome.installedFor "joey"
+ & Apt.installed ["vim", "screen", "less"]
+ & Cron.runPropellor "30 * * * *"
+ -- I use postfix, or no MTA.
+ & Apt.removed ["exim4"] `onChange` Apt.autoRemove
+ -- May reboot, so comes last.
+ endprops = Apt.installed ["systemd-sysv"] `onChange` Reboot.now
+
+-- Clean up a system as installed by cloudatcost.com
+cleanCloudAtCost :: HostName -> Property
+cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
+ [ Hostname.set hostname
+ , Ssh.uniqueHostKeys
+ , "worked around grub/lvm boot bug #743126" ==>
+ "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
+ `onChange` cmdProperty "update-grub" []
+ `onChange` cmdProperty "update-initramfs" ["-u"]
+ , combineProperties "nuked cloudatcost cruft"
+ [ File.notPresent "/etc/rc.local"
+ , File.notPresent "/etc/init.d/S97-setup.sh"
+ , User.nuked "user" User.YesReallyDeleteHome
+ ]
+ ]
diff --git a/simple-config.hs b/config-simple.hs
index 840bad02..840bad02 100644
--- a/simple-config.hs
+++ b/config-simple.hs
diff --git a/config.hs b/config.hs
index 1aa5c6dd..ec313725 100644..120000
--- a/config.hs
+++ b/config.hs
@@ -1,128 +1 @@
--- | This is the main configuration file for Propellor, and is used to build
--- the propellor program.
---
--- This is the live config file used by propellor's author.
--- For a simpler starting point, see simple-config.hs
-
-import Propellor
-import Propellor.CmdLine
-import qualified Propellor.Property.File as File
-import qualified Propellor.Property.Apt as Apt
-import qualified Propellor.Property.Network as Network
-import qualified Propellor.Property.Ssh as Ssh
-import qualified Propellor.Property.Cron as Cron
-import qualified Propellor.Property.Sudo as Sudo
-import qualified Propellor.Property.User as User
-import qualified Propellor.Property.Hostname as Hostname
-import qualified Propellor.Property.Reboot as Reboot
-import qualified Propellor.Property.Tor as Tor
-import qualified Propellor.Property.Docker as Docker
-import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
-import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
-import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
-import Data.List
-
-main :: IO ()
-main = defaultMain [host, Docker.containerProperties container]
-
--- | This is where the system's HostName, either as returned by uname
--- or one specified on the command line, is converted into a list of
--- Properties for that system.
---
--- Edit this to configure propellor!
-host :: HostName -> Maybe [Property]
-host hostname@"clam.kitenet.net" = standardSystem Unstable $ props
- -- Clam is a tor bridge, and an olduse.net shellbox and other
- -- fun stuff.
- & cleanCloudAtCost hostname
- & Apt.unattendedUpgrades
- & Network.ipv6to4
- & Apt.installed ["git-annex", "mtr"]
- & Tor.isBridge
- & JoeySites.oldUseNetshellBox
- & Docker.configured
- & File.dirExists "/var/www"
- ! Docker.docked container hostname "webserver"
- ! Docker.docked container hostname "amd64-git-annex-builder"
- & Docker.garbageCollected
-host hostname@"orca.kitenet.net" = standardSystem Unstable $ props
- -- Orca is the main git-annex build box.
- & Hostname.set hostname
- & Apt.unattendedUpgrades
- & Docker.configured
- & Apt.buildDep ["git-annex"]
- & Docker.docked container hostname "amd64-git-annex-builder"
- ! Docker.docked container hostname "i386-git-annex-builder"
- & Docker.garbageCollected
--- add more hosts here...
---host "foo.example.com" =
-host _ = Nothing
-
--- | This is where Docker containers are set up. A container
--- can vary by hostname where it's used, or be the same everywhere.
-container :: HostName -> Docker.ContainerName -> Maybe (Docker.Container)
-container _host name
- | name == "webserver" = Just $ Docker.containerFrom
- (image $ System (Debian Unstable) "amd64")
- [ Docker.publish "8080:80"
- , Docker.volume "/var/www:/var/www"
- , Docker.inside $ props
- & serviceRunning "apache2"
- `requires` Apt.installed ["apache2"]
- ]
- | "-git-annex-builder" `isSuffixOf` name =
- let arch = takeWhile (/= '-') name
- in Just $ Docker.containerFrom
- (image $ System (Debian Unstable) arch)
- [ Docker.inside $ props & GitAnnexBuilder.builder arch "15 * * * *" True ]
- | otherwise = Nothing
-
--- | Docker images I prefer to use.
--- Edit as suites you, or delete this function and just put the image names
--- above.
-image :: System -> Docker.Image
-image (System (Debian Unstable) "amd64") = "joeyh/debian-unstable"
-image (System (Debian Unstable) "i386") = "joeyh/debian-unstable-i386"
-image _ = "debian"
-
--- This is my standard system setup
-standardSystem :: DebianSuite -> [Property] -> Maybe [Property]
-standardSystem suite customprops = Just $
- standardprops : customprops ++ [endprops]
- where
- standardprops = propertyList "standard system" $ props
- & Apt.stdSourcesList suite `onChange` Apt.upgrade
- & Apt.installed ["etckeeper"]
- & Apt.installed ["ssh"]
- & GitHome.installedFor "root"
- & User.hasSomePassword "root"
- -- Harden the system, but only once root's authorized_keys
- -- is safely in place.
- & check (Ssh.hasAuthorizedKeys "root")
- (Ssh.passwordAuthentication False)
- & User.accountFor "joey"
- & User.hasSomePassword "joey"
- & Sudo.enabledFor "joey"
- & GitHome.installedFor "joey"
- & Apt.installed ["vim", "screen", "less"]
- & Cron.runPropellor "30 * * * *"
- -- I use postfix, or no MTA.
- & Apt.removed ["exim4"] `onChange` Apt.autoRemove
- -- May reboot, so comes last.
- endprops = Apt.installed ["systemd-sysv"] `onChange` Reboot.now
-
--- Clean up a system as installed by cloudatcost.com
-cleanCloudAtCost :: HostName -> Property
-cleanCloudAtCost hostname = propertyList "cloudatcost cleanup"
- [ Hostname.set hostname
- , Ssh.uniqueHostKeys
- , "worked around grub/lvm boot bug #743126" ==>
- "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true"
- `onChange` cmdProperty "update-grub" []
- `onChange` cmdProperty "update-initramfs" ["-u"]
- , combineProperties "nuked cloudatcost cruft"
- [ File.notPresent "/etc/rc.local"
- , File.notPresent "/etc/init.d/S97-setup.sh"
- , User.nuked "user" User.YesReallyDeleteHome
- ]
- ]
+config-simple.hs \ No newline at end of file
diff --git a/propellor.cabal b/propellor.cabal
index c41601f0..b06d1071 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -14,7 +14,8 @@ Extra-Source-Files:
README.md
TODO
CHANGELOG
- simple-config.hs
+ config-simple.hs
+ config-joeyh.hs
Makefile
debian/changelog
debian/README.Debian