summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--config-joey.hs7
-rw-r--r--src/Propellor/Property/Obnam.hs18
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs5
3 files changed, 18 insertions, 12 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 74647df9..583c3bd5 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -10,7 +10,6 @@ import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Network as Network
import qualified Propellor.Property.Service as Service
import qualified Propellor.Property.Ssh as Ssh
-import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Cron as Cron
import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.User as User
@@ -115,17 +114,15 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64"
& Ssh.passwordAuthentication True
-- Since ssh password authentication is allowed:
& Apt.serviceInstalledRunning "fail2ban"
- & Obnam.backup "/" "33 1 * * *"
+ & Obnam.backupEncrypted "/" "33 1 * * *"
[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
, "--client-name=kitenet.net"
- , "--encrypt-with=98147487"
, "--exclude=/var/cache"
, "--exclude=/var/tmp"
, "--exclude=/home/joey/lib"
, "--exclude=.*/tmp/"
, "--one-file-system"
- ] Obnam.OnlyClient
- `requires` Gpg.keyImported "98147487" "root"
+ ] Obnam.OnlyClient "98147487"
`requires` Ssh.keyImported SshRsa "root"
(Context "kite.kitenet.net")
`requires` Ssh.knownHost hosts "eubackup.kitenet.net" "root"
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index 1e7c2c25..e18ca3f9 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -3,6 +3,7 @@ module Propellor.Property.Obnam where
import Propellor
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Cron as Cron
+import qualified Propellor.Property.Gpg as Gpg
import Utility.SafeCommand
import Data.List
@@ -31,15 +32,24 @@ data NumClients = OnlyClient | MultipleClients
--
-- > & Obnam.backup "/srv/git" "33 3 * * *"
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
--- > , "--encrypt-with=1B169BE1"
-- > ] Obnam.OnlyClient
--- > `requires` Gpg.keyImported "1B169BE1" "root"
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
--
-- How awesome is that?
backup :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
-backup dir crontimes params numclients = backup' dir crontimes params numclients
- `requires` restored dir params
+backup dir crontimes params numclients =
+ backup' dir crontimes params numclients
+ `requires` restored dir params
+
+-- | Like backup, but the specified gpg key id is used to encrypt
+-- the repository.
+--
+-- The gpg secret key will be automatically imported
+-- into root's keyring using Propellor.Property.Gpg.keyImported
+backupEncrypted :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property
+backupEncrypted dir crontimes params numclients keyid =
+ backup dir crontimes (("--encrypt-with=" ++ keyid):params) numclients
+ `requires` Gpg.keyImported keyid "root"
-- | Does a backup, but does not automatically restore.
backup' :: FilePath -> Cron.CronTimes -> [ObnamParam] -> NumClients -> Property
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index bd9e01e2..7b8216fb 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -142,12 +142,11 @@ obnamLowMem = combineProperties "obnam tuned for low memory use"
gitServer :: [Host] -> Property
gitServer hosts = propertyList "git.kitenet.net setup"
[ Obnam.latestVersion
- , Obnam.backup "/srv/git" "33 3 * * *"
+ , Obnam.backupEncrypted "/srv/git" "33 3 * * *"
[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
, "--encrypt-with=1B169BE1"
, "--client-name=wren" -- historical
- ] Obnam.OnlyClient
- `requires` Gpg.keyImported "1B169BE1" "root"
+ ] Obnam.OnlyClient "1B169BE1"
`requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net")
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root"
`requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net")