summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--propellor.cabal1
-rw-r--r--src/Propellor/Property/Dhparams.hs26
2 files changed, 27 insertions, 0 deletions
diff --git a/propellor.cabal b/propellor.cabal
index d9157eb1..b2ecb3d8 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -103,6 +103,7 @@ Library
Propellor.Property.Cron
Propellor.Property.DebianMirror
Propellor.Property.Debootstrap
+ Propellor.Property.Dhparams
Propellor.Property.DiskImage
Propellor.Property.DiskImage.PartSpec
Propellor.Property.Dns
diff --git a/src/Propellor/Property/Dhparams.hs b/src/Propellor/Property/Dhparams.hs
new file mode 100644
index 00000000..2c30cb87
--- /dev/null
+++ b/src/Propellor/Property/Dhparams.hs
@@ -0,0 +1,26 @@
+-- | Maintainer: FĂ©lix Sipma <felix+propellor@gueux.org>
+
+module Propellor.Property.Dhparams where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import Utility.FileMode
+import Utility.SafeCommand
+
+
+length' :: Int
+length' = 2048
+
+file :: FilePath
+file = "/etc/ssl/private/dhparams.pem"
+
+safeDhparams :: Property DebianLike
+safeDhparams = propertyList "safe dhparams" $ props
+ & File.dirExists (takeDirectory file)
+ & Apt.installed ["openssl"]
+ & check (not <$> doesFileExist file) (createDhparams file length')
+
+createDhparams :: FilePath -> Int -> Property UnixLike
+createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h ->
+ cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h })