summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs25
-rw-r--r--src/Propellor/Property/Apache.hs16
2 files changed, 24 insertions, 17 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 99deef43..91daff08 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -174,8 +174,9 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& JoeySites.kiteMailServer
& JoeySites.kitenetHttps
- & Apache.multiSSL
& JoeySites.legacyWebSites
+ & File.ownerGroup "/srv/web" "joey" "joey"
+ & Apt.installed ["analog"]
& alias "git.kitenet.net"
& alias "git.joeyh.name"
@@ -214,6 +215,8 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& Docker.configured
& Docker.garbageCollected `period` Daily
! Docker.docked oldusenetShellBox
+
+ & JoeySites.oldUseNetServer hosts
diatom :: Host
diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
@@ -224,21 +227,21 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64"
, (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA2QAJEuvbTmaN9ex9i9bjPhMGj+PHUYq2keIiaIImJ+8mo+yKSaGUxebG4tpuDPx6KZjdycyJt74IXfn1voGUrfzwaEY9NkqOP3v6OWTC3QeUGqDCeJ2ipslbEd9Ep9XBp+/ldDQm60D0XsIZdmDeN6MrHSbKF4fXv1bqpUoUILk=")
]
- & DigitalOcean.distroKernel
- & Apt.unattendedUpgrades
- & Apt.serviceInstalledRunning "ntp"
- & Postfix.satellite
+ -- & DigitalOcean.distroKernel
+ -- & Apt.unattendedUpgrades
+ -- & Apt.serviceInstalledRunning "ntp"
+ -- & Postfix.satellite
-- Diatom has 500 mb of memory, so tune for that.
- & JoeySites.obnamLowMem
+ -- & JoeySites.obnamLowMem
-- & Apt.serviceInstalledRunning "swapspace"
- & Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
+ -- & Cron.job "memory use logged" (Cron.Times "*/5 * * * *") "root" "/" "(date; free; ps --sort -rss axl | head -n10) >> /var/log/memory.log"
& Apt.serviceInstalledRunning "apache2"
- & JoeySites.kitenetHttps
- & Apache.multiSSL
- & File.ownerGroup "/srv/web" "joey" "joey"
- & Apt.installed ["analog"]
+ -- & JoeySites.kitenetHttps
+ -- & Apache.multiSSL
+ -- & File.ownerGroup "/srv/web" "joey" "joey"
+ -- & Apt.installed ["analog"]
-- & alias "git.kitenet.net"
-- & alias "git.joeyh.name"
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index e598de1f..a7c7e690 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -70,13 +70,17 @@ reloaded = Service.reloaded "apache2"
-- | Configure apache to use SNI to differentiate between
-- https hosts.
+--
+-- This was off by default in apache 2.2.22. Newver versions enable
+-- it by default. This property uses the filename used by the old version.
multiSSL :: Property NoInfo
-multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
- [ "NameVirtualHost *:443"
- , "SSLStrictSNIVHostCheck off"
- ]
- `describe` "apache SNI enabled"
- `onChange` reloaded
+multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $
+ "/etc/apache2/conf.d/ssl" `File.hasContent`
+ [ "NameVirtualHost *:443"
+ , "SSLStrictSNIVHostCheck off"
+ ]
+ `describe` "apache SNI enabled"
+ `onChange` reloaded
-- | Config file fragment that can be inserted into a <Directory>
-- stanza to allow global read access to the directory.