summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/forum/Supported_OS.mdwn5
-rw-r--r--doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment23
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn12
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment10
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment19
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment7
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn1
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment10
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__.mdwn1
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment7
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment9
-rw-r--r--doc/forum/property_combinator_ordering.mdwn8
-rw-r--r--doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment31
-rw-r--r--doc/news/propellor_demo.mdwn8
-rw-r--r--doc/news/version_1.1.0.mdwn33
-rw-r--r--doc/security.mdwn2
-rw-r--r--doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment10
-rw-r--r--doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment8
-rw-r--r--doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment17
-rw-r--r--doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment22
-rw-r--r--doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment13
-rw-r--r--doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment11
-rw-r--r--doc/todo/editor_for_privdata__63__.mdwn4
-rw-r--r--doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment9
-rw-r--r--doc/todo/etckeeper.mdwn1
-rw-r--r--doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment9
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn3
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment30
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment7
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment19
-rw-r--r--doc/todo/git_push_over_propellor_ssh_channel.mdwn13
-rw-r--r--doc/todo/info_propigation_out_of_nested_properties.mdwn4
-rw-r--r--doc/todo/port_info_for_properties_for_firewall.mdwn24
-rw-r--r--doc/todo/type_level_port_conflict_detection.mdwn5
36 files changed, 414 insertions, 3 deletions
diff --git a/doc/forum/Supported_OS.mdwn b/doc/forum/Supported_OS.mdwn
new file mode 100644
index 00000000..f17b9054
--- /dev/null
+++ b/doc/forum/Supported_OS.mdwn
@@ -0,0 +1,5 @@
+What are the requirements for the configured OS ? Does it need to be Debian ?
+
+Would Propellor work for Arch linux, RHEL, Windows, AIX or linux on pSeries) ?
+
+Cheers
diff --git a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
new file mode 100644
index 00000000..3a2055ea
--- /dev/null
+++ b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-07T15:58:03Z"
+ content="""
+I have heard of propellor being used on OSX. Probably that user wrote their
+own code for OSX specific stuff.
+
+Propellor properites can be parameterized by OS. Currently it has support
+for Debian and some untested support for Ubuntu. A property can be parameterized
+like this:
+
+ foo :: Property
+ foo = property "foo" withOS desc $ \o -> case o of
+ (Just (System (Debian _) _)) -> ensureProperty fooDebian
+ (Just (System (Ubuntu _) _)) -> ensureProperty fooUbuntu
+
+The first step for adding a new OS will be to modify <http://hackage.haskell.org/package/propellor-1.0.0/docs/Propellor-Types-OS.html>.
+Compilation will then warn about all OS parameterized properties that
+need to be updated to support your added OS, and it can be taken from there.
+
+I'll accept reasonable patches to support other OS's.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
new file mode 100644
index 00000000..c88defcf
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
@@ -0,0 +1,12 @@
+Hello,
+
+I am trying propellor on Debian Jessie (haskell is fantastic for this sort or things) to setup one of my computer.
+
+On my network, the system administrator set proxies for http and https.
+These information are available via a http://proxy/proxy.pac URL.
+
+So I would like to know what should be done to extract this information and set it for all users on the system ?
+
+Cheers
+
+Frederic
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
new file mode 100644
index 00000000..6bf8844d
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T15:44:13Z"
+ content="""
+You could, for example, use Propellor.Propety.Cmd.cmdProperty
+to run a command that sets up the proxying. If there's not a single command
+that does it, you could cause propellor to fetch the url and deploy the
+info itself.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
new file mode 100644
index 00000000..8458ee49
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 2"
+ date="2014-11-25T17:55:25Z"
+ content="""
+In my case I need to wget the proxy.pac file and parse it to find the right proxy.
+
+what worried me is that these proxy.pac things are dynamical depending on the ip of the sender AND the receive.
+It work nicely with web browser, but not with the unix http_proxy and HTTPS_PROXY env.
+
+nevertheless, I can create something to parse my local setup and extract the right http_proxy.
+
+Is there something available in Propellor to set a global environment variable in /etc/environment (the right place for this ?)
+
+cheers
+
+Frederic
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
new file mode 100644
index 00000000..9bdcb4df
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T19:37:46Z"
+ content="""
+There's no Property that handles setting global environment currently, but
+it's a reasonable one to add.
+
+I think that /etc/environment is read by `pam_env` logins, but maybe not
+other things, so dunno.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
new file mode 100644
index 00000000..d2a0b45e
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 4"
+ date="2014-11-25T20:01:12Z"
+ content="""
+I saw that there is an haskell binding for augeas.
+
+Maybe this could be a nice uniform interface to deal with all the system configuration files.
+then no need to deal with the config file formats.
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
new file mode 100644
index 00000000..d670fa3b
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 5"
+ date="2014-11-27T08:17:36Z"
+ content="""
+Just looked at augeas, and add it to propellor would be great. Much more robust than Propellor.Property.File.{containsLine,containsLines,lacksLine}, at least.
+"""]]
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
new file mode 100644
index 00000000..0815b4b3
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
@@ -0,0 +1 @@
+How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor?
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
new file mode 100644
index 00000000..f034a377
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:40:33Z"
+ content="""
+I'm curious what you need to configure there..
+
+But, there seems to be a simple solution: Add a Property that configures
+the .git/config however you need to! :)
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn
new file mode 100644
index 00000000..5f322878
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn
@@ -0,0 +1 @@
+Is there a way to use propellor with no central repository?
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
new file mode 100644
index 00000000..1f1456c5
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:39:48Z"
+ content="""
+Not yet, but see [[todo/git_push_over_propellor_ssh_channel]]
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
new file mode 100644
index 00000000..6a6aa946
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""yay!"""
+ date="2014-11-19T01:31:14Z"
+ content="""
+propellor now supports this mode by default, just use `propellor --spin
+hostname` and the changes in the local repo will be pushed and deployed to
+the host, w/o needing a centralized git repo.
+"""]]
diff --git a/doc/forum/property_combinator_ordering.mdwn b/doc/forum/property_combinator_ordering.mdwn
new file mode 100644
index 00000000..25549bb4
--- /dev/null
+++ b/doc/forum/property_combinator_ordering.mdwn
@@ -0,0 +1,8 @@
+when I write
+
+ setDistribution cfg = f `File.hasContent` cfg
+ `onChange` update
+ `requires` File.dirExists confDir
+
+is update called before ensuring the confiDir Exist ?
+It seems to me but who knows ?
diff --git a/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
new file mode 100644
index 00000000..c41abd90
--- /dev/null
+++ b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
@@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-01T15:53:11Z"
+ content="""
+I think that should behave intuitively, but of course if you're unsure
+of this kind of thing, adding parens is a good way to disambiguate the
+code.
+
+ (f `File.hasContent` cfg `onChange` update)
+ `requires` File.dirExists confDir
+
+Written that way, it's explicit that the parenthesized part runs
+together as one action.
+
+Or, we can do a quick test in ghci:
+
+ joey@darkstar:~/src/propellor/src#joeyconfig>ghci Propellor.hs Propellor/Property.hs
+ *Propellor> let f1 = property "hasContent" (liftIO (print "f1") >> return MadeChange)
+ *Propellor> let f2 = property "update" (liftIO (print "f2") >> return MadeChange)
+ *Propellor> let f3 = property "dirExists" (liftIO (print "f3") >> return MadeChange)
+ *Propellor> runPropellor (Host "foo" [] mempty) $ ensureProperty $ f1 `onChange` f2 `requires` f3
+ "dirExists"
+ "hasContent"
+ "update"
+ MadeChange
+
+So, yes, it's behaving as it should, first ensuring that the `requires`
+property is met, and then running the main property, and since it made a
+change, following up by running the `onChange` property.
+"""]]
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn
new file mode 100644
index 00000000..362f56e6
--- /dev/null
+++ b/doc/news/propellor_demo.mdwn
@@ -0,0 +1,8 @@
+A quick demo of propellor.
+
+<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video>
+
+[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm)
+
+(Audio quality is clipped/fast in places, unfortunately this was a problem
+with the source recording.)
diff --git a/doc/news/version_1.1.0.mdwn b/doc/news/version_1.1.0.mdwn
new file mode 100644
index 00000000..4bf09cc4
--- /dev/null
+++ b/doc/news/version_1.1.0.mdwn
@@ -0,0 +1,33 @@
+propellor 1.1.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * --spin target --via relay causes propellor to bounce through an
+ intermediate relay host, which handles any necessary uploads
+ when provisioning the target host.
+ * --spin can be passed multiple hosts, and it will provision each host
+ in turn.
+ * Add --merge, to combine multiple --spin commits into a single, more useful
+ commit.
+ * Hostname parameters not containing dots are looked up in the DNS to
+ find the full hostname.
+ * propellor --spin can now deploy propellor to hosts that do not have
+ git, ghc, or apt-get. This is accomplished by uploading a fairly
+ portable precompiled tarball of propellor.
+ * Propellor.Property.OS contains properties that can be used to do a clean
+ reinstall of the OS of an existing host. This can be used, for example,
+ to do an in-place conversion from Fedora to Debian.
+ This is experimental; use with caution!
+ * Added group-related properties. Thanks, Félix Sipma.
+ * Added Git.barerepo. Thanks, Félix Sipma.
+ * Added Grub.installed and Grub.boots properties.
+ * New HostContext can be specified when a PrivData value varies per host.
+ * hasSomePassword and hasPassword now default to using HostContext.
+ To specify a different context, use hasSomePassword' and
+ hasPassword' (API change)
+ * hasSomePassword and hasPassword now make sure shadow passwords are enabled.
+ * cron.runPropellor now runs propellor, rather than using its Makefile.
+ This is more robust.
+ * propellor.debug can be set in the git config to enable more persistent
+ debugging output.
+ * Run apt-cache policy with LANG=C so it works on other locales.
+ * endAction can be used to register an action to run once propellor
+ has successfully run on a host."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 12ae18de..831b2b41 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -29,7 +29,7 @@ in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
-extracts the private that that the $host needs, and sends it to to the
+extracts the private data that the $host needs, and sends it to to the
$host using ssh. This lets a host know its own private data, without
seeing all the rest.
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
+
+Thanks
+"""]]
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+
+Thanks for your help
+"""]]
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]
diff --git a/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
new file mode 100644
index 00000000..be8ac7f9
--- /dev/null
+++ b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2014-11-19T01:35:59Z"
+ content="""
+@Arnaud, see [[centralized_repository]], including its documentation of a
+"deploy" remote, which can be used to configure the url that remote hosts
+should pull from.
+
+Also, propellor can be used now without any centralized repository.
+"""]]
diff --git a/doc/todo/editor_for_privdata__63__.mdwn b/doc/todo/editor_for_privdata__63__.mdwn
new file mode 100644
index 00000000..8b91338c
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__.mdwn
@@ -0,0 +1,4 @@
+Would adding a way to call $EDITOR to edit privdata be possible?
+It would make sense for editing data like logcheck files.
+
+> [[done]]
diff --git a/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
new file mode 100644
index 00000000..bbe93fe3
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ subject="comment 2"
+ date="2014-11-11T21:16:09Z"
+ content="""
+Already exists in `propellor --edit`
+
+Documentation patches accepted! :)
+"""]]
diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn
new file mode 100644
index 00000000..7dc80cef
--- /dev/null
+++ b/doc/todo/etckeeper.mdwn
@@ -0,0 +1 @@
+It would be cool to have an etckeeper module :-).
diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
new file mode 100644
index 00000000..f080f70e
--- /dev/null
+++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-06T15:46:56Z"
+ content="""
+All I've needed for this is `& Apt.installed ["etckeeper"]`
+
+Patches welcome, I suppose.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
new file mode 100644
index 00000000..046f4a6f
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
@@ -0,0 +1,3 @@
+Sometimes I forget to commit a modification, and running "propellor --spin" automatically commits this stuff. It would be better if "propellor --spin" failed (or, even better, warned the user) that there are uncommited changes, and "propellor --spin" would just always add an empty commit.
+
+> --merge added; [[done]] --[[Joey]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
new file mode 100644
index 00000000..19b2fab6
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-23T18:41:40Z"
+ content="""
+Letting --spin commit is part of my workflow. It's great when you're just
+changing config.hs to quickly blast out the changes.
+
+Granted, it is not so nice when doing Property development, as changes get
+fragmented across the spins used to test them. I'd be happy to find some
+way to improve that. Perhaps a way could be found to get this structure of
+git commits:
+
+ manual commit------------------------->manual commit--merge
+ \--spin--spin--spin--spin--spin------------/
+
+Where the second manual commit has an identical tree committed as does the
+spin just underneath it, and so the following merge doesn't change any files,
+just grafts the two branches back together.
+
+I guess that could be handled by haing a checkpoint command, that squashes
+all the previous spins since the last checkpoint together into one commit,
+lets the user edit the commit message of that, and the juggles the branches
+into place and creates the merge commit -- which then becomes the new last
+checkpoint.
+
+I'll take patches for such a thing, or more simply a way to configure --spin's
+auto-committing behavior. However, I don't want to change the default
+behavior to not commit.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
new file mode 100644
index 00000000..3e8e5f62
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2014-11-23T20:23:24Z"
+ content="""
+Your solution seems a lot better :-).
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
new file mode 100644
index 00000000..8ad6ab49
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2014-11-23T21:12:19Z"
+ content="""
+Here's a almost-script to do it, which worked when it did it by hand:
+
+<pre>
+get old-head (git show-ref HEAD -s)
+get curr-branch (refs/heads/master eg)
+find old-commit (look back through git log for the first commit that was not "propellor spin")
+git reset old-commit
+git commit -a # user gets to edit commit message for all the spins and any staged changes here
+git merge -S -s ours old-head
+get current-commit (result of merge)
+git update-ref curr-branch current-commit
+git checkout curr-branch
+</pre>
+"""]]
diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
new file mode 100644
index 00000000..c6d42fcf
--- /dev/null
+++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
@@ -0,0 +1,13 @@
+Propellor currently needs a central git server. And it has a special-cased
+protocol during bootstrap that transfers the git repo over to a new host,
+using the ssh connection that will be used to run propellor.
+
+This could be improved by making a git push be done whenever
+`propellor spin $host` runs. The remote propellor runs `git receive-pack`;
+the local one runs `git send-pack`.
+
+Then there would be no need for a central git repo. Although still very
+useful if you have multiple propellor driven hosts and you want to just git
+commit and let cron sort them out.
+
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn
index 1a586be6..3beba037 100644
--- a/doc/todo/info_propigation_out_of_nested_properties.mdwn
+++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn
@@ -14,8 +14,8 @@ Of course, only one of them will be run, and only its info should be propigated
out..
This commonly afflicts eg, privData. For example, `User.hasPassword'`
-has this problem, and this prevents --list-fields from listing privdata
-that's not set from that property.
+used to have this problem, which prevented --list-fields from listing privdata
+that's not set from that property. (That was worked around.)
One approach might be to make the Propellor monad be able to be run in two
modes. In one mode, it actually perform IO, etc. In the other mode, all
diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn
new file mode 100644
index 00000000..efaaba05
--- /dev/null
+++ b/doc/todo/port_info_for_properties_for_firewall.mdwn
@@ -0,0 +1,24 @@
+The firewall module could be improved if properties that set up a service
+on a port included info (see Propellor.Info and Propellor.Types.Info)
+about the port(s) used.
+
+While currently the ports have to be explicitly listed:
+
+ & Apache.installed
+ & Firewall.installed
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80))
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443))
+
+Instead the ports would be derived from the installed services.
+
+ & Apache.installed
+ & Firewall.installed
+
+There could also be some combinators to adjust the exposed
+ports of a property.
+
+ & localOnly Apache.installed
+ & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2")
+
+Such port enformation is also going to be needed as a basis of
+[[type_level_port_conflict_detection]]. --[[Joey]]
diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn
new file mode 100644
index 00000000..5aec5775
--- /dev/null
+++ b/doc/todo/type_level_port_conflict_detection.mdwn
@@ -0,0 +1,5 @@
+See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]]
+
+Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality
+and Data.Type.Bool to older versions; I got them to compile but they didn't
+work right. --[[Joey]]