summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs56
-rw-r--r--propellor.cabal2
-rw-r--r--src/Propellor/Property/SiteSpecific/Branchable.hs66
3 files changed, 70 insertions, 54 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 4f74873e..cf07dd9f 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -31,6 +31,7 @@ import qualified Propellor.Property.HostingProvider.Linode as Linode
import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
import qualified Propellor.Property.SiteSpecific.IABak as IABak
+import qualified Propellor.Property.SiteSpecific.Branchable as Branchable
import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -334,60 +335,7 @@ pell = host "pell.branchable.com"
& Apt.installed ["linux-image-amd64"]
& Linode.chainPVGrub 5
& Apt.unattendedUpgrades
-
- & "/etc/timezone" `File.hasContent` ["Etc/UTC"]
- & "/etc/locale.gen" `File.containsLines`
- [ "en_GB.UTF-8 UTF-8"
- , "en_US.UTF-8 UTF-8"
- , "fi_FI.UTF-8 UTF-8"
- ]
- `onChange` cmdProperty "locale-gen" []
-
- & Apt.installed ["etckeeper", "ssh", "popularity-contest"]
- & Apt.serviceInstalledRunning "apache2"
- & Apt.serviceInstalledRunning "ntp"
-
- & Apt.serviceInstalledRunning "openssh-server"
- & Ssh.passwordAuthentication False
- & Ssh.hostKeys (Context "branchable.com")
- [ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
- , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
- ]
-
- & Apt.installed ["procmail", "bsd-mailx"]
- & "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
- `onChange` Postfix.newaliases
- & "/etc/mailname" `File.hasContent` ["branchable.com"]
- & Postfix.installed
- & Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
-
- -- Obnam is run by a cron job in ikiwiki-hosting.
- & "/etc/obnam.conf" `File.hasContent`
- [ "[config]"
- , "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
- , "log = /var/log/obnam.log"
- , "encrypt-with = " ++ obnamkey
- , "log-level = info"
- , "log-max = 1048576"
- , "keep = 7d,5w,12m"
- , "upload-queue-size = 128"
- , "lru-size = 128"
- ]
- & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
- & Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
- & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
- & Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
-
- & adminuser "joey"
- & adminuser "liw"
- where
- obnamkey = "41E1A9B9"
- adminuser u = propertyList ("admin user " ++ u) $ props
- & User.accountFor (User u)
- & User.hasSomePassword (User u)
- & Sudo.enabledFor (User u)
- & User.hasGroup (User u) (Group "adm")
- & User.hasGroup (User u) (Group "systemd-journal")
+ & Branchable.server hosts
iabak :: Host
iabak = host "iabak.archiveteam.org"
diff --git a/propellor.cabal b/propellor.cabal
index c84dccda..16dffe31 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -110,6 +110,8 @@ Library
Propellor.Property.SiteSpecific.GitHome
Propellor.Property.SiteSpecific.JoeySites
Propellor.Property.SiteSpecific.GitAnnexBuilder
+ Propellor.Property.SiteSpecific.Branchable
+ Propellor.Property.SiteSpecific.IABak
Propellor.PropAccum
Propellor.CmdLine
Propellor.Info
diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs
new file mode 100644
index 00000000..f5950e52
--- /dev/null
+++ b/src/Propellor/Property/SiteSpecific/Branchable.hs
@@ -0,0 +1,66 @@
+module Propellor.Property.SiteSpecific.Branchable where
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Postfix as Postfix
+import qualified Propellor.Property.Gpg as Gpg
+import qualified Propellor.Property.Sudo as Sudo
+
+server :: [Host] -> Property HasInfo
+server hosts = propertyList "branchable server" $ props
+ & "/etc/timezone" `File.hasContent` ["Etc/UTC"]
+ & "/etc/locale.gen" `File.containsLines`
+ [ "en_GB.UTF-8 UTF-8"
+ , "en_US.UTF-8 UTF-8"
+ , "fi_FI.UTF-8 UTF-8"
+ ]
+ `onChange` cmdProperty "locale-gen" []
+
+ & Apt.installed ["etckeeper", "ssh", "popularity-contest"]
+ & Apt.serviceInstalledRunning "apache2"
+ & Apt.serviceInstalledRunning "ntp"
+
+ & Apt.serviceInstalledRunning "openssh-server"
+ & Ssh.passwordAuthentication False
+ & Ssh.hostKeys (Context "branchable.com")
+ [ (SshDsa, "ssh-dss AAAAB3NzaC1kc3MAAACBAK9HnfpyIm8aEhKuF5oz6KyaLwFs2oWeToVkqVuykyy5Y8jWDZPtkpv+1TeOnjcOvJSZ1cCqB8iXlsP9Dr5z98w5MfzsRQM2wIw0n+wvmpPmUhjVdGh+wTpfP9bcyFHhj/f1Ymdq9hEWB26bnf4pbTbJW2ip8ULshMvn5CQ/ugV3AAAAFQCAjpRd1fquRiIuLJMwej0VcyoZKQAAAIBe91Grvz/icL3nlqXYrifXyr9dsw8bPN+BMu+hQtFsQXNJBylxwf8FtbRlmvZXmRjdVYqFVyxSsrL2pMsWlds51iXOr9pdsPG5a4OgJyRHsveBz3tz6HgYYPcr3Oxp7C6G6wrzwsaGK862SgRp/bbD226k9dODRBy3ogMhk/MvAgAAAIEApfknql3vZbDVa88ZnwbNKDOv8L1hb6blbKAMt2vJbqJMvu3EP9CsP9hGyEQh5YCAl2F9KEU3bJXN1BG76b7CiYtWK95lpL1XmCCWnJBCcdEhw998GfJS424frPw7qGmXLxJKYxEyioB90/IDp2dC+WaLcLOYHM9SroCQTIK5A1g= root@pell")
+ , (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1M0aNLgcgcgf0tkmt/8vCDZLok8Xixz7Nun9wB6NqVXxfzAR4te+zyO7FucVwyTY5QHmiwwpmyNfaC21AAILhXGm12SUKSAirF9BkQk7bhQuz4T/dPlEt3d3SxQ3OZlXtPp4LzXWOyS0OXSzIb+HeaDA+hFXlQnp/gE7RyAzR1+xhWPO7Mz1q5O/+4dXANnW32t6P7Puob6NsglVDpLrMRYjkO+0RgCVbYMzB5+UnkthkZsIINaYwsNhW2GKMKbRZeyp5en5t1NJprGXdw0BqdBqd/rcBpOxmhHE1U7rw+GS1uZwCFWWv0aZbaXEJ6wY7mETFkqs0QXi5jtoKn95Gw== root@pell")
+ ]
+
+ & Apt.installed ["procmail", "bsd-mailx"]
+ & "/etc/aliases" `File.hasPrivContentExposed` (Context "branchable.com")
+ `onChange` Postfix.newaliases
+ & "/etc/mailname" `File.hasContent` ["branchable.com"]
+ & Postfix.installed
+ & Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
+
+ -- Obnam is run by a cron job in ikiwiki-hosting.
+ & "/etc/obnam.conf" `File.hasContent`
+ [ "[config]"
+ , "repository = sftp://joey@eubackup.kitenet.net/home/joey/lib/backup/pell.obnam"
+ , "log = /var/log/obnam.log"
+ , "encrypt-with = " ++ obnamkey
+ , "log-level = info"
+ , "log-max = 1048576"
+ , "keep = 7d,5w,12m"
+ , "upload-queue-size = 128"
+ , "lru-size = 128"
+ ]
+ & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
+ & Ssh.keyImported SshRsa (User "root") (Context "branchable.com")
+ & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ & Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+
+ & adminuser "joey"
+ & adminuser "liw"
+ where
+ obnamkey = "41E1A9B9"
+ adminuser u = propertyList ("admin user " ++ u) $ props
+ & User.accountFor (User u)
+ & User.hasSomePassword (User u)
+ & Sudo.enabledFor (User u)
+ & User.hasGroup (User u) (Group "adm")
+ & User.hasGroup (User u) (Group "systemd-journal")