summaryrefslogtreecommitdiff
path: root/config-joey.hs
diff options
context:
space:
mode:
Diffstat (limited to 'config-joey.hs')
-rw-r--r--config-joey.hs32
1 files changed, 23 insertions, 9 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 5c3d376b..e84eb360 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -261,23 +261,32 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& Ssh.passwordAuthentication True
-- Since ssh password authentication is allowed:
& Fail2Ban.installed
+ & Apt.serviceInstalledRunning "ntp"
+ & "/etc/timezone" `File.hasContent` ["US/Eastern"]
+
& Obnam.backupEncrypted "/" (Cron.Times "33 1 * * *")
- [ "--repository=sftp://2318@usw-s002.rsync.net/~/kite.obnam"
+ [ "--repository=sftp://2318@usw-s002.rsync.net/~/kite-root.obnam"
, "--client-name=kitenet.net"
+ , "--exclude=/home"
, "--exclude=/var/cache"
, "--exclude=/var/tmp"
- , "--exclude=/home/joey/lib"
+ , "--exclude=/srv/git"
+ , "--exclude=/var/spool/oldusenet"
, "--exclude=.*/tmp/"
, "--one-file-system"
, Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4, Obnam.KeepMonths 6]
] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
- `requires` Ssh.userKeys (User "root")
- (Context "kite.kitenet.net")
- [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
- ]
+ `requires` rootsshkey
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+ & Obnam.backupEncrypted "/home" (Cron.Times "33 3 * * *")
+ [ "--repository=sftp://2318@usw-s002.rsync.net/~/kite-home.obnam"
+ , "--client-name=kitenet.net"
+ , "--exclude=/home/joey/lib"
+ , "--one-file-system"
+ , Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4, Obnam.KeepMonths 6]
+ ] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
+ `requires` rootsshkey
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
- & Apt.serviceInstalledRunning "ntp"
- & "/etc/timezone" `File.hasContent` ["US/Eastern"]
& alias "smtp.kitenet.net"
& alias "imap.kitenet.net"
@@ -337,6 +346,11 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
& Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html"
(LetsEncrypt.AgreeTOS (Just "id@joeyh.name"))
& alias "letsencrypt.joeyh.name"
+ where
+ rootsshkey = Ssh.userKeys (User "root")
+ (Context "kite.kitenet.net")
+ [ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
+ ]
elephant :: Host
elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
@@ -583,7 +597,7 @@ myDnsPrimary dnssec domain extras = (if dnssec then Dns.signedPrimary (Weekly No
monsters :: [Host] -- Systems I don't manage with propellor,
monsters = -- but do want to track their public keys etc.
[ host "usw-s002.rsync.net"
- & Ssh.hostPubKey SshEd25519 "ssh-ed25519 SHA256:DBW4gxagH9Q3Avnus+dxaoOS5L/Q/tZlT42bcoMp+4Y"
+ & Ssh.hostPubKey SshEd25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7yTEBGfQYdwG/oeL+U9XPMIh/dW7XNs9T+M79YIOrd"
, host "github.com"
& Ssh.hostPubKey SshRsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
, host "gitlab.com"