summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/changelog2
-rw-r--r--propellor.cabal1
-rw-r--r--src/Propellor/Property/Openssl.hs29
3 files changed, 32 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index bc7a4a69..e1a63d61 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ propellor (5.3.3) UNRELEASED; urgency=medium
Debian git bundle using an older version of propellor that set up an
upstream remote.
* Avoid crashing if initial fetch from origin fails when spinning a host.
+ * Added Propllor.Property.Openssl module contributed by contributed by
+ Félix Sipma.
-- Joey Hess <id@joeyh.name> Mon, 19 Feb 2018 12:44:24 -0400
diff --git a/propellor.cabal b/propellor.cabal
index d9157eb1..b22abcba 100644
--- a/propellor.cabal
+++ b/propellor.cabal
@@ -140,6 +140,7 @@ Library
Propellor.Property.Nginx
Propellor.Property.Obnam
Propellor.Property.OpenId
+ Propellor.Property.Openssl
Propellor.Property.OS
Propellor.Property.Pacman
Propellor.Property.Parted
diff --git a/src/Propellor/Property/Openssl.hs b/src/Propellor/Property/Openssl.hs
new file mode 100644
index 00000000..1967301c
--- /dev/null
+++ b/src/Propellor/Property/Openssl.hs
@@ -0,0 +1,29 @@
+-- | Maintainer: Félix Sipma <felix+propellor@gueux.org>
+
+module Propellor.Property.Openssl where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import Utility.FileMode
+import Utility.SafeCommand
+
+
+installed :: Property DebianLike
+installed = Apt.installed ["openssl"]
+
+dhparamsLength :: Int
+dhparamsLength = 2048
+
+dhparams :: FilePath
+dhparams = "/etc/ssl/private/dhparams.pem"
+
+safeDhparams :: Property DebianLike
+safeDhparams = propertyList "safe dhparams" $ props
+ & File.dirExists (takeDirectory file)
+ & installed
+ & check (not <$> doesFileExist file) (createDhparams file length')
+
+createDhparams :: FilePath -> Int -> Property UnixLike
+createDhparams f l = property ("generate new dhparams: " ++ f) $ liftIO $ withUmask 0o0177 $ withFile f WriteMode $ \h ->
+ cmdResult <$> boolSystem' "openssl" [Param "dhparam", Param (show l)] (\p -> p { std_out = UseHandle h })