summaryrefslogtreecommitdiff
path: root/config-joey.hs
diff options
context:
space:
mode:
Diffstat (limited to 'config-joey.hs')
-rw-r--r--config-joey.hs136
1 files changed, 84 insertions, 52 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 2a173776..32b70c14 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -25,6 +25,7 @@ import qualified Propellor.Property.Obnam as Obnam
import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Systemd as Systemd
import qualified Propellor.Property.Journald as Journald
+import qualified Propellor.Property.Chroot as Chroot
import qualified Propellor.Property.OS as OS
import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
import qualified Propellor.Property.HostingProvider.Linode as Linode
@@ -45,6 +46,7 @@ hosts = -- (o) `
, gnu
, clam
, orca
+ , honeybee
, kite
, elephant
, beaver
@@ -74,8 +76,6 @@ darkstar = host "darkstar.kitenet.net"
& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
& Apt.buildDep ["git-annex"] `period` Daily
- & Docker.configured
- ! Docker.docked gitAnnexAndroidDev
& JoeySites.postfixClientRelay (Context "darkstar.kitenet.net")
& JoeySites.dkimMilter
@@ -83,7 +83,6 @@ darkstar = host "darkstar.kitenet.net"
gnu :: Host
gnu = host "gnu.kitenet.net"
& Apt.buildDep ["git-annex"] `period` Daily
- & Docker.configured
& JoeySites.postfixClientRelay (Context "gnu.kitenet.net")
& JoeySites.dkimMilter
@@ -97,18 +96,18 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64"
& Ssh.randomHostKeys
& Apt.unattendedUpgrades
& Network.ipv6to4
+
& Tor.isRelay
& Tor.named "kite1"
& Tor.bandwidthRate (Tor.PerMonth "400 GB")
- & Docker.configured
- & Docker.garbageCollected `period` Daily
- & Docker.docked webserver
+ & Systemd.nspawned webserver
& File.dirExists "/var/www/html"
- & File.notPresent "/var/www/html/index.html"
- & "/var/www/index.html" `File.hasContent` ["hello, world"]
+ & File.notPresent "/var/www/index.html"
+ & "/var/www/html/index.html" `File.hasContent` ["hello, world"]
& alias "helloworld.kitenet.net"
- & Docker.docked oldusenetShellBox
+
+ & Systemd.nspawned oldusenetShellBox
& JoeySites.scrollBox
& alias "scroll.joeyh.name"
@@ -129,15 +128,46 @@ orca = standardSystem "orca.kitenet.net" Unstable "amd64"
& Apt.unattendedUpgrades
& Postfix.satellite
+ & Apt.serviceInstalledRunning "ntp"
& Systemd.persistentJournal
- & Docker.configured
- & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "amd64" 15 "2h")
- & Docker.docked (GitAnnexBuilder.standardAutoBuilderContainer dockerImage "i386" 45 "2h")
- & Docker.docked (GitAnnexBuilder.armelCompanionContainer dockerImage)
- & Docker.docked (GitAnnexBuilder.armelAutoBuilderContainer dockerImage (Cron.Times "1 3 * * *") "5h")
- & Docker.docked (GitAnnexBuilder.androidAutoBuilderContainer dockerImage (Cron.Times "1 1 * * *") "3h")
- & Docker.garbageCollected `period` Daily
- & Apt.buildDep ["git-annex"] `period` Daily
+
+ & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
+ GitAnnexBuilder.standardAutoBuilder
+ (System (Debian Unstable) "amd64") fifteenpast "2h")
+ & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
+ GitAnnexBuilder.standardAutoBuilder
+ (System (Debian Unstable) "i386") fifteenpast "2h")
+ & Systemd.nspawned (GitAnnexBuilder.androidAutoBuilderContainer
+ (Cron.Times "1 1 * * *") "3h")
+ where
+ fifteenpast = Cron.Times "15 * * * *"
+
+honeybee :: Host
+honeybee = standardSystem "honeybee.kitenet.net" Testing "armhf"
+ [ "Arm git-annex build box." ]
+ & ipv6 "2001:4830:1600:187::2"
+
+ -- No unattended upgrades as there is currently no console access.
+ -- (Also, system is not currently running a stock kernel,
+ -- although it should be able to.)
+ & Postfix.satellite
+ & Apt.serviceInstalledRunning "aiccu"
+ & Apt.serviceInstalledRunning "swapspace"
+ & Apt.serviceInstalledRunning "ntp"
+
+ -- Not using systemd-nspawn because it's broken (kernel issue?)
+ -- & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer
+ -- GitAnnexBuilder.armAutoBuilder
+ -- builderos Cron.Daily "22h")
+ & Chroot.provisioned
+ (Chroot.debootstrapped builderos mempty "/var/lib/container/armel-git-annex-builder"
+ & "/etc/timezone" `File.hasContent` ["America/New_York"]
+ & GitAnnexBuilder.armAutoBuilder
+ builderos (Cron.Times "1 1 * * *") "12h"
+ )
+ where
+ -- Using unstable to get new enough ghc for TH on arm.
+ builderos = System (Debian Unstable) "armel"
-- This is not a complete description of kite, since it's a
-- multiuser system with eg, user passwords that are not deployed
@@ -222,9 +252,6 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
, "zsh"
]
- & Docker.configured
- & Docker.garbageCollected `period` Daily
-
& alias "nntp.olduse.net"
& JoeySites.oldUseNetServer hosts
@@ -281,13 +308,14 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
& myDnsSecondary
& Docker.configured
- & Docker.docked oldusenetShellBox
& Docker.docked openidProvider
`requires` Apt.serviceInstalledRunning "ntp"
& Docker.docked ancientKitenet
& Docker.docked jerryPlay
& Docker.garbageCollected `period` (Weekly (Just 1))
+ & Systemd.nspawned oldusenetShellBox
+
& JoeySites.scrollBox
& alias "scroll.joeyh.name"
& alias "eu.scroll.joeyh.name"
@@ -295,7 +323,7 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
-- For https port 443, shellinabox with ssh login to
-- kitenet.net
& alias "shell.kitenet.net"
- & Docker.docked kiteShellBox
+ & Systemd.nspawned kiteShellBox
-- Nothing is using http port 80, so listen on
-- that port for ssh, for traveling on bad networks that
-- block 22.
@@ -316,6 +344,7 @@ beaver = host "beaver.kitenet.net"
-- Branchable is not completely deployed with propellor yet.
pell :: Host
pell = host "pell.branchable.com"
+ & alias "branchable.com"
& ipv4 "66.228.46.55"
& ipv6 "2600:3c03::f03c:91ff:fedf:c0e5"
@@ -371,22 +400,21 @@ iabak = host "iabak.archiveteam.org"
--' __|II| ,.
---- __|II|II|__ ( \_,/\
--'-------'\o/-'-.-'-.-'-.- __|II|II|II|II|___/ __/ -'-.-'-.-'-.-'-.-'-.-'-
--------------------------- | [Docker] / --------------------------
+-------------------------- | [Containers] / --------------------------
-------------------------- : / ---------------------------
--------------------------- \____, o ,' ----------------------------
---------------------------- '--,___________,' -----------------------------
-- Simple web server, publishing the outside host's /var/www
-webserver :: Docker.Container
+webserver :: Systemd.Container
webserver = standardStableContainer "webserver"
- & Docker.publish "80:80"
- & Docker.volume "/var/www:/var/www"
+ & Systemd.bind "/var/www"
& Apt.serviceInstalledRunning "apache2"
-- My own openid provider. Uses php, so containerized for security
-- and administrative sanity.
openidProvider :: Docker.Container
-openidProvider = standardStableContainer "openid-provider"
+openidProvider = standardStableDockerContainer "openid-provider"
& alias "openid.kitenet.net"
& Docker.publish "8081:80"
& OpenId.providerFor [User "joey", User "liw"]
@@ -394,39 +422,30 @@ openidProvider = standardStableContainer "openid-provider"
-- Exhibit: kite's 90's website.
ancientKitenet :: Docker.Container
-ancientKitenet = standardStableContainer "ancient-kitenet"
+ancientKitenet = standardStableDockerContainer "ancient-kitenet"
& alias "ancient.kitenet.net"
& Docker.publish "1994:80"
& Apt.serviceInstalledRunning "apache2"
- & Git.cloned (User "root") "git://kitenet-net.branchable.com/" "/var/www"
+ & Git.cloned (User "root") "git://kitenet-net.branchable.com/" "/var/www/html"
(Just "remotes/origin/old-kitenet.net")
-oldusenetShellBox :: Docker.Container
+oldusenetShellBox :: Systemd.Container
oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
& alias "shell.olduse.net"
- & Docker.publish "4200:4200"
& JoeySites.oldUseNetShellBox
--- for development of git-annex for android, using my git-annex work tree
-gitAnnexAndroidDev :: Docker.Container
-gitAnnexAndroidDev = GitAnnexBuilder.androidContainer dockerImage "android-git-annex" doNothing gitannexdir
- & Docker.volume ("/home/joey/src/git-annex:" ++ gitannexdir)
- where
- gitannexdir = GitAnnexBuilder.homedir </> "git-annex"
-
jerryPlay :: Docker.Container
-jerryPlay = standardContainer "jerryplay" Unstable "amd64"
+jerryPlay = standardDockerContainer "jerryplay" Unstable "amd64"
& alias "jerryplay.kitenet.net"
& Docker.publish "2202:22"
& Docker.publish "8001:80"
& Apt.installed ["ssh"]
& User.hasSomePassword (User "root")
- & Ssh.permitRootLogin True
-
-kiteShellBox :: Docker.Container
+ & Ssh.permitRootLogin (Ssh.RootLogin True)
+
+kiteShellBox :: Systemd.Container
kiteShellBox = standardStableContainer "kiteshellbox"
& JoeySites.kiteShellBox
- & Docker.publish "443:443"
type Motd = [String]
@@ -457,12 +476,25 @@ standardSystemUnhardened hn suite arch motd = host hn
& Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"]
`onChange` Apt.autoRemove
-standardStableContainer :: Docker.ContainerName -> Docker.Container
-standardStableContainer name = standardContainer name (Stable "wheezy") "amd64"
-
-- This is my standard container setup, Featuring automatic upgrades.
-standardContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Docker.Container
-standardContainer name suite arch = Docker.container name (dockerImage system)
+standardContainer :: Systemd.MachineName -> DebianSuite -> Architecture -> Systemd.Container
+standardContainer name suite arch = Systemd.container name chroot
+ & os system
+ & Apt.stdSourcesList `onChange` Apt.upgrade
+ & Apt.unattendedUpgrades
+ & Apt.cacheCleaned
+ where
+ system = System (Debian suite) arch
+ chroot = Chroot.debootstrapped system mempty
+
+standardStableContainer :: Systemd.MachineName -> Systemd.Container
+standardStableContainer name = standardContainer name (Stable "jessie") "amd64"
+
+standardStableDockerContainer :: Docker.ContainerName -> Docker.Container
+standardStableDockerContainer name = standardDockerContainer name (Stable "jessie") "amd64"
+
+standardDockerContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Docker.Container
+standardDockerContainer name suite arch = Docker.container name (dockerImage system)
& os system
& Apt.stdSourcesList `onChange` Apt.upgrade
& Apt.unattendedUpgrades
@@ -473,10 +505,10 @@ standardContainer name suite arch = Docker.container name (dockerImage system)
-- Docker images I prefer to use.
dockerImage :: System -> Docker.Image
-dockerImage (System (Debian Unstable) arch) = "joeyh/debian-unstable-" ++ arch
-dockerImage (System (Debian Testing) arch) = "joeyh/debian-unstable-" ++ arch
-dockerImage (System (Debian (Stable _)) arch) = "joeyh/debian-stable-" ++ arch
-dockerImage _ = "debian-stable-official" -- does not currently exist!
+dockerImage (System (Debian Unstable) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
+dockerImage (System (Debian Testing) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
+dockerImage (System (Debian (Stable _)) arch) = Docker.latestImage ("joeyh/debian-stable-" ++ arch)
+dockerImage _ = Docker.latestImage "debian-stable-official" -- does not currently exist!
myDnsSecondary :: Property HasInfo
myDnsSecondary = propertyList "dns secondary for all my domains" $ props