path: root/Propellor/Property/SiteSpecific
diff options
Diffstat (limited to 'Propellor/Property/SiteSpecific')
1 files changed, 92 insertions, 0 deletions
diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs
index 46373170..81557b32 100644
--- a/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -5,6 +5,14 @@ module Propellor.Property.SiteSpecific.JoeySites where
import Propellor
import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+import qualified Propellor.Property.Gpg as Gpg
+import qualified Propellor.Property.Ssh as Ssh
+import qualified Propellor.Property.Git as Git
+import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.User as User
+import qualified Propellor.Property.Obnam as Obnam
+import qualified Propellor.Property.Apache as Apache
oldUseNetShellBox :: Property
oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
@@ -21,3 +29,87 @@ oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $
, "rm -rf /root/tmp/oldusenet"
] `describe` " built"
+-- and
+gitServer :: [Host] -> Property
+gitServer hosts = propertyList " setup"
+ [ Obnam.backup "/srv/git" "33 3 * * *"
+ [ "--repository=s"
+ , "--encrypt-with=1B169BE1"
+ , "--client-name=wren"
+ ] Obnam.OnlyClient
+ `requires` Gpg.keyImported "1B169BE1" "root"
+ `requires` Ssh.keyImported SshRsa "root"
+ `requires` Ssh.knownHost hosts "" "root"
+ `requires` Ssh.authorizedKeys "family"
+ `requires` User.accountFor "family"
+ , Apt.installed ["git", "git-annex", "rsync", "kgb-client-git", "gitweb"]
+ , File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf"
+ , toProp $ Git.daemonRunning "/srv/git"
+ , "/etc/gitweb.conf" `File.containsLines`
+ [ "$projectroot = 'srv/git';"
+ , "@git_base_url_list = ('git://', '', 'ssh://');"
+ , "# disable snapshot download; overloads server"
+ , "$feature{'snapshot'}{'default'} = [];"
+ ]
+ `describe` "gitweb configured"
+ , website ""
+ , website ""
+ -- ssh keys for branchable and github repo hooks
+ -- TODO: upgrade to newer git-annex-shell for notification
+ -- gitweb
+ ]
+ where
+ website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn)
+gitapacheconf :: HostName -> Apache.ConfigFile
+gitapacheconf hn =
+ [ "<VirtualHost *:80>"
+ , " ServerAdmin"
+ , ""
+ , " ServerName " ++ hn ++ ":80"
+ , ""
+ , " DocumentRoot /srv/web/"
+ , " <Directory /srv/web/>"
+ , " Options Indexes ExecCGI FollowSymlinks"
+ , " AllowOverride None"
+ , " DirectoryIndex index.cgi"
+ , " </Directory>"
+ , ""
+ , " ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/"
+ , " <Directory /usr/lib/cgi-bin>"
+ , " SetHandler cgi-script"
+ , " Options ExecCGI"
+ , " </Directory>"
+ , ""
+ , " ErrorLog /var/log/apache2/error.log"
+ , " LogLevel warn"
+ , " CustomLog /var/log/apache2/access.log combined"
+ , ""
+ , " # Possible values include: debug, info, notice, warn, error, crit,"
+ , " # alert, emerg."
+ , " LogLevel warn"
+ , ""
+ , " CustomLog /var/log/apache2/access.log combined"
+ , " ServerSignature On"
+ , " "
+ , " <Directory \"/usr/share/apache2/icons\">"
+ , " Options Indexes MultiViews"
+ , " AllowOverride None"
+ , " Order allow,deny"
+ , " Allow from all"
+ , " </Directory>"
+ , "</VirtualHost>"
+ ]
+-- Note: needs debian unstable for new kgb
+kgbServer :: Property
+kgbServer = propertyList " setup"
+ [ Apt.serviceInstalledRunning "kgb-bot"
+ , File.hasPrivContent "/etc/kgb-bot/kgb.conf"
+ `onChange` Service.restarted "kgb-bot"
+ , "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+ `describe` "kgb bot enabled"
+ `onChange` Service.running "kgb-bot"
+ ]