summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--joeyconfig.hs38
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs19
2 files changed, 37 insertions, 20 deletions
diff --git a/joeyconfig.hs b/joeyconfig.hs
index 35b5363c..be7b9ef0 100644
--- a/joeyconfig.hs
+++ b/joeyconfig.hs
@@ -182,42 +182,40 @@ orca = host "orca.kitenet.net" $ props
honeybee :: Host
honeybee = host "honeybee.kitenet.net" $ props
- & standardSystem Testing ARMHF [ "Arm git-annex build box." ]
+ & standardSystem Testing ARMHF [ "Home router and arm git-annex build box." ]
- -- I have to travel to get console access, so no automatic
- -- upgrades, and try to be robust.
+ -- Hard to get console access, so no automatic upgrades,
+ -- and try to be robust.
& "/etc/default/rcS" `File.containsLine` "FSCKFIX=yes"
& Apt.installed ["flash-kernel"]
& "/etc/flash-kernel/machine" `File.hasContent` ["Cubietech Cubietruck"]
& Apt.installed ["linux-image-armmp"]
- & Network.dhcp "eth0" `requires` Network.cleanInterfacesFile
& Postfix.satellite
- -- ipv6 used for remote access thru firewalls
- & Apt.serviceInstalledRunning "aiccu"
- & ipv6 "2001:4830:1600:187::2"
- -- restart to deal with failure to connect, tunnel issues, etc
- & Cron.job "aiccu restart daily" Cron.Daily (User "root") "/"
- "service aiccu stop; service aiccu start"
-
- -- In case compiler needs more than available ram
- & Apt.serviceInstalledRunning "swapspace"
-
-- No hardware clock.
& Apt.serviceInstalledRunning "ntp"
- -- Runs only on weekdays.
+ -- Home router
+ & Network.dhcp "eth0" `requires` Network.cleanInterfacesFile
+ -- todo configure wlan0 on ip 10.1.1.1
+ & Apt.serviceInstalledRunning "hostapd" -- todo write hostapd.conf 1st
+ & Apt.serviceInstalledRunning "dnsmasq" -- todo write dnsmasq.conf file
+ & JoeySites.ipmasq "eth0" "wlan0"
+
+ -- Autobuild runs only on weekdays.
& Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
GitAnnexBuilder.armAutoBuilder
- Unstable ARMEL Nothing weekends "23h")
- -- Runs only on weekends.
+ Unstable ARMEL Nothing weekends "10h")
+ -- Autobuild runs only on weekends.
& Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
GitAnnexBuilder.stackAutoBuilder
- (Stable "jessie") ARMEL (Just "ancient") weekdays "23h")
+ (Stable "jessie") ARMEL (Just "ancient") weekdays "10h")
+ -- In case compiler needs more than available ram
+ & Apt.serviceInstalledRunning "swapspace"
where
- weekdays = Cron.Times "15 6 * * 2-5"
- weekends = Cron.Times "15 6 * * 6-7"
+ weekdays = Cron.Times "15 10 * * 2-5"
+ weekends = Cron.Times "15 10 * * 6-7"
-- This is not a complete description of kite, since it's a
-- multiuser system with eg, user passwords that are not deployed
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 6e0d6c4e..499409e0 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -929,3 +929,22 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer
& Systemd.started "goodmorning.timer"
& "/etc/systemd/logind.conf" `ConfFile.containsIniSetting`
("Login", "LidSwitchIgnoreInhibited", "no")
+
+-- | Enable IP masqerading, from the intif to the extif.
+ipmasq :: String -> String -> Property DebianLike
+ipmasq extif intif = script `File.hasContent`
+ [ "#!/bin/sh"
+ , "EXTIF=" ++ extif
+ , "INTIF=" ++ intif
+ , "if [ \"$IFACE\" != $EXTIF; then"
+ , "exit 0"
+ , "fi"
+ , "iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT"
+ , "iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT"
+ , "iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE"
+ , "echo 1 > /proc/sys/net/ipv4/ip_forward"
+ ]
+ `requires` Apt.installed ["iptables"]
+ `before` (script `File.mode` combineModes (readModes ++ executeModes))
+ where
+ script = "/etc/network/if-up.d/ipmasq"