summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/documentation.mdwn5
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn34
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment30
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment38
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment11
-rw-r--r--doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment16
-rw-r--r--doc/forum/Propellor_without_superuser_privileges.mdwn3
-rw-r--r--doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment26
-rw-r--r--doc/forum/Supported_OS.mdwn5
-rw-r--r--doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment23
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn12
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment10
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment19
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment11
-rw-r--r--doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment7
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn1
-rw-r--r--doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment10
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn177
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment14
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment52
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment25
-rw-r--r--doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment44
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__.mdwn1
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment7
-rw-r--r--doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment9
-rw-r--r--doc/forum/property_combinator_ordering.mdwn8
-rw-r--r--doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment31
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn290
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment29
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment17
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment13
-rw-r--r--doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment16
-rw-r--r--doc/haskell_newbie.mdwn3
-rw-r--r--doc/news/propellor_demo.mdwn8
-rw-r--r--doc/news/version_1.2.2.mdwn4
-rw-r--r--doc/news/version_1.3.0.mdwn17
-rw-r--r--doc/news/version_1.3.1.mdwn6
-rw-r--r--doc/news/version_1.3.2.mdwn5
-rw-r--r--doc/news/version_2.2.1.mdwn6
-rw-r--r--doc/security.mdwn2
-rw-r--r--doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment10
-rw-r--r--doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment8
-rw-r--r--doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment17
-rw-r--r--doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment22
-rw-r--r--doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment13
-rw-r--r--doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment11
-rw-r--r--doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment8
-rw-r--r--doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn8
-rw-r--r--doc/todo/Wishlist:_User.hasLoginShell.mdwn9
-rw-r--r--doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment59
-rw-r--r--doc/todo/bytes_in_privData__63__.mdwn17
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment19
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment7
-rw-r--r--doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment7
-rw-r--r--doc/todo/docker_todo_list.mdwn2
-rw-r--r--doc/todo/editor_for_privdata__63__.mdwn4
-rw-r--r--doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment9
-rw-r--r--doc/todo/etckeeper.mdwn1
-rw-r--r--doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment9
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn3
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment30
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment7
-rw-r--r--doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment19
-rw-r--r--doc/todo/git_push_over_propellor_ssh_channel.mdwn13
-rw-r--r--doc/todo/info_propigation_out_of_nested_properties.mdwn109
-rw-r--r--doc/todo/issue_after_upgrading_shared_library.mdwn25
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment20
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment7
-rw-r--r--doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment17
-rw-r--r--doc/todo/lxc_containers_support.mdwn1
-rw-r--r--doc/todo/port_info_for_properties_for_firewall.mdwn24
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage.mdwn4
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment27
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment17
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment10
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment8
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment8
-rw-r--r--doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment8
-rw-r--r--doc/todo/type_level_port_conflict_detection.mdwn5
-rw-r--r--doc/writing_properties.mdwn82
81 files changed, 1710 insertions, 30 deletions
diff --git a/doc/documentation.mdwn b/doc/documentation.mdwn
index 340eb09f..99f61c04 100644
--- a/doc/documentation.mdwn
+++ b/doc/documentation.mdwn
@@ -1,14 +1,15 @@
The [API documentation](http://hackage.haskell.org/package/propellor) of
-Propellor's modules is the most important docuemntation of propellor.
+Propellor's modules is the most important documentation of propellor.
Other documentation:
* [[man page|usage]]
* [[Haskell Newbie]]
+* [[Writing Properties]]
* [[Centralized Git Repository]]
* [[Components]]
* [[Contributing]]
* [[Interface Stability]]
-* [[Coding Stye]]
+* [[Coding Style]]
* [[Security]]
* [[Debugging]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn
new file mode 100644
index 00000000..b678d8d0
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file.mdwn
@@ -0,0 +1,34 @@
+Hello,
+
+Still working on the reprepro property :)
+
+Here A property that I am using to publish a repository via apache (this is a prototype)
+
+ website :: String -> Property
+ website hn = toProp $ Apache.siteEnabled hn apachecfg
+ where
+ apachecfg = [ "<VirtualHost *>"
+ , "DocumentRoot " ++ basePath
+ , "<Directory " ++ basePath ++ ">"
+ , " Options Indexes FollowSymLinks Multiviews"
+ , " Order allow,deny"
+ , Apache.allowAll
+ , "</Directory>"
+ ] ++ concatMap deny ["db", "conf", "incoming"]
+ ++ ["</VirtualHost>"]
+
+ deny dir = [ "<Directory \"" ++ basePath ++ "apt/*/" ++ dir ++ "\">"
+ , " Order deny,allow"
+ , " Deny from all"
+ , "</Directory>"
+ ]
+
+during my test I am runing the config.hs with
+runhaskell config.hs (it work the first time, the apache config files are ok)
+
+but when I do a modification on the apachecfg and rerun the runhaskell,
+the config files are not updated. I need to remove them to have an updated version.
+
+cheers
+
+Fred
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment
new file mode 100644
index 00000000..0101ccb2
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_1_932ba6f4e444c99d8d561149d17c8fe7._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="first run"
+ date="2014-12-08T09:31:46Z"
+ content="""
+root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs
+[2014-12-08 10:27:10 CET] read: hostname [\"-f\"]
+[2014-12-08 10:27:10 CET] command line: Run \"mordor\"
+[2014-12-08 10:27:10 CET] read: git [\"remote\"]
+[2014-12-08 10:27:10 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"]
+[2014-12-08 10:27:10 CET] call: git [\"fetch\"]
+Pull from central git repository ... done
+[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+[2014-12-08 10:27:12 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+mordor has Operating System (Debian Unstable) \"i386\" ... ok
+[2014-12-08 10:27:12 CET] read: apt-cache [\"policy\",\"etckeeper\"]
+mordor apt installed etckeeper ... ok
+[2014-12-08 10:27:13 CET] read: apt-cache [\"policy\",\"ssh\"]
+mordor apt installed ssh ... ok
+[2014-12-08 10:27:13 CET] read: passwd [\"-S\",\"root\"]
+mordor root has password ... ok
+[2014-12-08 10:27:13 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"]
+[2014-12-08 10:27:14 CET] read: apt-cache [\"policy\",\"apache2\"]
+[2014-12-08 10:27:14 CET] call: a2ensite [\"--quiet\",\"reprepro\"]
+Enabling site reprepro.
+[2014-12-08 10:27:15 CET] call: sh [\"-c\",\"set -e ; service 'apache2' reload >/dev/null 2>&1 || true\"]
+mordor create reprepro ... done
+mordor overall ... done
+
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment
new file mode 100644
index 00000000..85a57383
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_2_5323336b92d9aef5a9021b924029f3af._comment
@@ -0,0 +1,38 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="second run with content modified"
+ date="2014-12-08T09:37:43Z"
+ content="""
+Second run after adding a space here
+
+ - , \" Options Indexes FollowSymLinks Multiviews\"
+ + , \" Options Indexes FollowSymLinks Multiviews\"
+
+
+ root@mordor:~/propellor/src# PROPELLOR_DEBUG=1 runhaskell config.hs
+ [2014-12-08 10:34:19 CET] read: hostname [\"-f\"]
+ [2014-12-08 10:34:19 CET] command line: Run \"mordor\"
+ [2014-12-08 10:34:19 CET] read: git [\"remote\"]
+ [2014-12-08 10:34:19 CET] read: git [\"symbolic-ref\",\"--short\",\"HEAD\"]
+ [2014-12-08 10:34:19 CET] call: git [\"fetch\"]
+ remote: Counting objects: 32, done.
+ remote: Compressing objects: 100% (6/6), done.
+ remote: Total 6 (delta 3), reused 0 (delta 0)
+ Dépaquetage des objets: 100% (6/6), fait.
+ Depuis git://git.kitenet.net/propellor
+ c5a8cae..9ac0dfb master -> origin/master
+ Pull from central git repository ... done
+ [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+ [2014-12-08 10:34:20 CET] read: git [\"show-ref\",\"--hash\",\"master\"]
+ mordor has Operating System (Debian Unstable) \"i386\" ... ok
+ [2014-12-08 10:34:20 CET] read: apt-cache [\"policy\",\"etckeeper\"]
+ mordor apt installed etckeeper ... ok
+ [2014-12-08 10:34:21 CET] read: apt-cache [\"policy\",\"ssh\"]
+ mordor apt installed ssh ... ok
+ [2014-12-08 10:34:21 CET] read: passwd [\"-S\",\"root\"]
+ mordor root has password ... ok
+ [2014-12-08 10:34:21 CET] call: a2query [\"-q\",\"-s\",\"reprepro\"]
+ mordor create reprepro ... ok
+ mordor overall ... ok
+
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment
new file mode 100644
index 00000000..5dc67fb0
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_3_531c2c5e78fb5c62e54d84231b129dc8._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 3"
+ date="2014-12-08T10:47:59Z"
+ content="""
+I forgot to say that the content of
+
+/etc/apache2/site-xxx/reprepro[.conf]
+
+is unmodifed after this second run
+"""]]
diff --git a/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment
new file mode 100644
index 00000000..a9201541
--- /dev/null
+++ b/doc/forum/Apache.siteEnabled_doesn_not_update_the_apache_config_file/comment_4_54281604c588a7229f9d987e8cdee802._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 4"""
+ date="2014-12-09T04:35:12Z"
+ content="""
+Pretty obvious why if you look at the code:
+
+ enable = check (not <$> isenabled) $
+ cmdProperty "a2ensite" ["--quiet", hn]
+ `describe` ("apache site enabled " ++ hn)
+ `requires` siteAvailable hn cf
+
+So that property was skipped entirely if the site was already enabled and never looked at the config file.
+
+I've put in a fix.
+"""]]
diff --git a/doc/forum/Propellor_without_superuser_privileges.mdwn b/doc/forum/Propellor_without_superuser_privileges.mdwn
new file mode 100644
index 00000000..d7288a72
--- /dev/null
+++ b/doc/forum/Propellor_without_superuser_privileges.mdwn
@@ -0,0 +1,3 @@
+Joey uses propellor to popular his /home/joey on hosts he controls. I'd like to use it to populate my home directory on hosts where I don't have root. If someone gives me a shell account on a Debian box, it would be great to just run `propellor --spin` to have apply properties such as having certain stuff downloaded and compiled in `~/local/bin`, putting cronjobs in place, and checking stuff out with `myrepos`.
+
+Does propellor assume root access at a deep enough level that writing properties to do this stuff would be impractical?
diff --git a/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment
new file mode 100644
index 00000000..1a38ef94
--- /dev/null
+++ b/doc/forum/Propellor_without_superuser_privileges/comment_1_021ecbb1b8bd7e26776b49ec75e90d0c._comment
@@ -0,0 +1,26 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-26T19:26:00Z"
+ content="""
+I think that the root assumptions are in basically 3 places:
+
+* Many Properties assume they're run as root, and will fail if they're not.
+ Probably not a problem in practice for most of them. It might be nice
+ to make a few, such as `User.hasSomePassword` work when run as a normal
+ user.
+
+* Propellor's self-deployment involves running apt-get to instal ghc,
+ etc. This could be modified to check if it's not root and do a local
+ user of ghc if necessary.
+
+* `localdir = "/usr/local" and this is used in various places by eg,
+ `--spin`. It is, however, entirely possible to run "./propellor" in
+ some other directory, which causes it to run in that directory
+ and ensure the properties of localhost. `--spin` could certianly be
+ taught to run in a user mode where it uses "~/.propellor/" instead of
+ `localdir`.
+
+I think that's all! I don't plan to try to add this feature myself, but
+will be happy to support anyone who wants to work on it.
+"""]]
diff --git a/doc/forum/Supported_OS.mdwn b/doc/forum/Supported_OS.mdwn
new file mode 100644
index 00000000..f17b9054
--- /dev/null
+++ b/doc/forum/Supported_OS.mdwn
@@ -0,0 +1,5 @@
+What are the requirements for the configured OS ? Does it need to be Debian ?
+
+Would Propellor work for Arch linux, RHEL, Windows, AIX or linux on pSeries) ?
+
+Cheers
diff --git a/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
new file mode 100644
index 00000000..3a2055ea
--- /dev/null
+++ b/doc/forum/Supported_OS/comment_1_f324bed708305e2667bd00f80544dd90._comment
@@ -0,0 +1,23 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-07T15:58:03Z"
+ content="""
+I have heard of propellor being used on OSX. Probably that user wrote their
+own code for OSX specific stuff.
+
+Propellor properites can be parameterized by OS. Currently it has support
+for Debian and some untested support for Ubuntu. A property can be parameterized
+like this:
+
+ foo :: Property
+ foo = property "foo" withOS desc $ \o -> case o of
+ (Just (System (Debian _) _)) -> ensureProperty fooDebian
+ (Just (System (Ubuntu _) _)) -> ensureProperty fooUbuntu
+
+The first step for adding a new OS will be to modify <http://hackage.haskell.org/package/propellor-1.0.0/docs/Propellor-Types-OS.html>.
+Compilation will then warn about all OS parameterized properties that
+need to be updated to support your added OS, and it can be taken from there.
+
+I'll accept reasonable patches to support other OS's.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
new file mode 100644
index 00000000..c88defcf
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
@@ -0,0 +1,12 @@
+Hello,
+
+I am trying propellor on Debian Jessie (haskell is fantastic for this sort or things) to setup one of my computer.
+
+On my network, the system administrator set proxies for http and https.
+These information are available via a http://proxy/proxy.pac URL.
+
+So I would like to know what should be done to extract this information and set it for all users on the system ?
+
+Cheers
+
+Frederic
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
new file mode 100644
index 00000000..6bf8844d
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T15:44:13Z"
+ content="""
+You could, for example, use Propellor.Propety.Cmd.cmdProperty
+to run a command that sets up the proxying. If there's not a single command
+that does it, you could cause propellor to fetch the url and deploy the
+info itself.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
new file mode 100644
index 00000000..8458ee49
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 2"
+ date="2014-11-25T17:55:25Z"
+ content="""
+In my case I need to wget the proxy.pac file and parse it to find the right proxy.
+
+what worried me is that these proxy.pac things are dynamical depending on the ip of the sender AND the receive.
+It work nicely with web browser, but not with the unix http_proxy and HTTPS_PROXY env.
+
+nevertheless, I can create something to parse my local setup and extract the right http_proxy.
+
+Is there something available in Propellor to set a global environment variable in /etc/environment (the right place for this ?)
+
+cheers
+
+Frederic
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
new file mode 100644
index 00000000..9bdcb4df
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T19:37:46Z"
+ content="""
+There's no Property that handles setting global environment currently, but
+it's a reasonable one to add.
+
+I think that /etc/environment is read by `pam_env` logins, but maybe not
+other things, so dunno.
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
new file mode 100644
index 00000000..d2a0b45e
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 4"
+ date="2014-11-25T20:01:12Z"
+ content="""
+I saw that there is an haskell binding for augeas.
+
+Maybe this could be a nice uniform interface to deal with all the system configuration files.
+then no need to deal with the config file formats.
+
+"""]]
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
new file mode 100644
index 00000000..d670fa3b
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_5_7783b8a96c8032a39ff3b5b446a976ed._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 5"
+ date="2014-11-27T08:17:36Z"
+ content="""
+Just looked at augeas, and add it to propellor would be great. Much more robust than Propellor.Property.File.{containsLine,containsLines,lacksLine}, at least.
+"""]]
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
new file mode 100644
index 00000000..0815b4b3
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
@@ -0,0 +1 @@
+How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor?
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
new file mode 100644
index 00000000..f034a377
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:40:33Z"
+ content="""
+I'm curious what you need to configure there..
+
+But, there seems to be a simple solution: Add a Property that configures
+the .git/config however you need to! :)
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn
new file mode 100644
index 00000000..0a50fc91
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__.mdwn
@@ -0,0 +1,177 @@
+Having taken the inital hurdle of getting propellor running
+(cf. my last post in this forum), I am beginning to like propellor
+quite a lot. - This comes not too much as a surprise, as I am
+a Haskeller really. - I would love to use it for all my configuration
+needs, and to that end ditch ansible.
+
+Propellor's biggest show stopper for me is this (maybe I am misunderstanding
+propellor?):
+
+I can run
+
+```
+ propellor --spin myhost
+```
+
+from the command line, and all the tasks/properties that I have
+defined myhost to have beforehand will be executed/realized/configured.
+
+Say eg. I haved defined (sorry for the bad formatting,
+seems I have to do it line by line to get the markdown look nice)
+
+```
+myhost :: Host
+```
+
+```
+myhost = host "myhost"
+ & os (System (Debian Testing) "amd64")
+ & emacs
+ & apt
+```
+
+```
+emacs :: Property HasInfo
+```
+
+```
+emacs = propertyList "install & configure emacs" $ props
+ & Apt.installed ["emacs"
+ , "auto-complete-el"]
+```
+
+```
+ apt :: Property HasInfo
+```
+
+```
+apt = propertyList "apt update + upgrade" $ props
+ & Apt.update
+ & Apt.upgrade
+```
+
+
+Then running
+
+```
+ propellor --spin myhost
+```
+
+will make sure, that emacs is installed, and all my
+packages on myhost are up to date.
+
+It does so every time I run propellor, but normally I install
+emacs only once (and I know it's installed), whereas
+the apt update+upgrade combo I would want to run every other day.
+
+So what I would like is this: have just a minimal config for
+myhost, like this:
+
+```
+myhost :: Host
+```
+
+```
+myhost = host "myhost"
+ & os (System (Debian Testing) "amd64")
+```
+
+and then run a task (require a property ?) on myhost, somehow
+from the command line, like this
+
+```
+ propellor --spin myhost --task apt
+```
+
+Many other properties / installation steps I could run in this
+manner, like installing emacs initially
+
+```
+ propellor --spin myhost --task emacs
+```
+
+In ansible I can do this with playbooks:
+
+```
+ ansible-playbook -l myhost apt.yml
+```
+
+with some preconfigured playbook apt.yml that does just
+the apt update + upgrade task and nothing else. But I would
+have other tasks in other playbooks of course: I can install & configure
+emacs on myhost
+
+```
+ ansible-playbook -l myhost emacs.yml
+```
+
+etc.
+
+Related to that (but maybe not strictly the same question):
+
+I wouldn't mind writing my own haskell script that does
+the command line parsing (with optparse applicative eg):
+I could have options for
+
+```
+ --host (myhost/...)
+```
+
+and
+
+```
+ --task (emacs/apt/...)
+```
+
+and then just call into propellor. Unfortunately propellor's
+defaultMain does more than I want: gets the command line
+from processCmdLine.
+
+So I tried to create my own otherMain (similar to defaultMain,
+but would let me do my own command line parsing):
+
+```
+ otherMain :: [Host] -> CmdLine -> IO ()
+```
+
+but then at some point just gave up: for one thing: things
+were getting complicated, because of all the indirection:
+the propellor command line tool recompiles itself (?),
+does all this git stuff etc.
+
+And then: maybe I am approaching things in the wrong direction:
+maybe it's just not meant to be used that way
+(but ansible works fine for me in this regard)?
+
+And I thought: I don't really want to start a major programming
+task just to get this thing working, the way that seems
+reasonable to me. Or maybe it's possible already, and I just
+don't know how to use it? (So I am stuck with ansible for the time
+being).
+
+Still more or less related:
+
+Say this otherMain function existed, that allowed me to
+to do my own command line parsing and just
+call propellor on some host with the one or the other task,
+I am not 100% what's the right
+way to ensure/require/execute such a task on a host:
+
+above I am just using
+
+```
+ host & property
+```
+
+(from PropAccum), but maybe ensureProperty is better suited
+for that?
+
+Also for the wish list: some CONFIG_FILE env variable that
+would allow me to keep my config.hs somewhere other than
+in ~/.propellor/config.hs
+
+
+Anyway, thanks so far
+I would certainly want to switch to propellor completely.
+
+ Andreas
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment
new file mode 100644
index 00000000..273dc758
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_1_8959a79735aa3fa13ee37e57eb5a92e1._comment
@@ -0,0 +1,14 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-14T18:48:23Z"
+ content="""
+By composing these things at the command-line, you're using the
+command-line, rather than haskell, for describing your system. I don't
+think that's a win.
+
+As far as properties that you don't want to have run every time, see
+`Propellor.Property.Scheduled.period`. For example:
+
+ & Apt.update `period` Daily
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment
new file mode 100644
index 00000000..3eca3457
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_2_f07c33b4a14cdc0b78695de49875c9b5._comment
@@ -0,0 +1,52 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="comment 2"
+ date="2015-04-14T19:24:46Z"
+ content="""
+using the command line: well yes, that's right.
+Still: I can configure a lot of details in haskell (ansible playbooks):
+
+my emacs task eg. is not only ensuring that emacs is installed
+(as in the example above), but I also set some links to my
+elisp config files, ensure that cask installed etc.
+
+another task for me is installing X windows:
+again lots of details: not only the xorg packages,
+but some links to .xsession files, window manager config
+files etc.
+
+and yes: I am happy, that I can spell out the details
+of these tasks in propellor/haskell.
+
+I just don't see the point of ensuring them again and again
+with every spin of propellor, and I would want
+to be able to run just this one task on the command line.
+
+
+concerning
+```
+ Apt.update `period` Daily
+```
+thanks, will have a look.
+but I guess this is cron job (will see),
+in general I think I will want to stick to my habit, that I want
+to see what's going on (what is upgraded), thus prefer
+to not run any cron jobs for apt upgrades
+
+My overall message / concern is: I don't want to completly change my
+habits, just because I am using propellor
+
+I had the habit of installing my computers task by task
+
+I had the habit of logging in to one of my systems, and
+doing apt-get update && apt-get upgrade
+
+I want my config tool to help me achieve things in my
+way that I am used to.
+
+
+
+
+
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment
new file mode 100644
index 00000000..144915df
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_3_06c63446531f56e4c93f64f6bcfba2b1._comment
@@ -0,0 +1,25 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-04-14T19:42:22Z"
+ content="""
+[period](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Scheduled.html)
+is not a cron job, it just modifies the Property to only do anything
+every so often.
+
+It's also possible to modify a Property so it only runs once.
+[flagFile](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html#v:flagFile)
+can be used to do that.
+
+But there are good reasons for propellor to default to checking all
+Properties of a system each time:
+
+* It means that most Properties are idempotent, which has many good
+ features, like being able to recover from a crash.
+* If a system no longer has a configured Property, to fix it back to having
+ the property it's supposed to have.
+* Or, if it can't be fixed, to tell you with an error message in red.
+* It keeps propellor mostly stateless; rather than having to record state
+ about how it thinks a system is, which could diverge from reality,
+ it just looks at how it actually is.
+"""]]
diff --git a/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment
new file mode 100644
index 00000000..ecd20630
--- /dev/null
+++ b/doc/forum/my_experience_with_propellor:_how_to_run_a_single_task_on_a_host__63__/comment_4_f52f30380b4fe58292fcf0ef368efbb1._comment
@@ -0,0 +1,44 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="comment 4"
+ date="2015-04-15T10:15:17Z"
+ content="""
+Well thanks a lot, and yes I am learning: propellor has a lot
+of powerful features under the hood already.
+
+I still remain sceptical for the time being:
+
+Propellor's overall approach seems: one spin of propellor does ensure
+that a complete systems is properly installed (and then one can
+declare exceptions: don't check this every time...). I can even see
+how this is useful: if I where a sys admin with a huge farm of
+systems, I wouldn't want to deal with half installed systems, but just
+have propellor do a complete job.
+
+As far as I am only concerned with a few personal computers of mine, I
+prefer to stick to my task by task approach, though, and for tasks
+that come up reapeatedly (like keeping my apt cache + installed
+packages up to date) that seems reasonable to me as well. - having
+only a minimal required configuration for a host, and then building
+upon that (I think/hope, you got the idea by now). The fact, that
+this model is nicely supported by ansible, seems to suggest at least,
+that this kind of reasoning/approach is not completely flawed.
+
+What is not 100% clear to me: if propellor could be bent to support my
+kind of workflow: I would think that it's possible? (even though I
+might not have the time to bend it that way myself). Or are there any
+fundamental issues with it?
+
+What I am suggesting is: that propellor be at my disposal,
+more as a library, and would not also impose a certain
+command line interface / workflow on me.
+
+Anyway, you would certainly win me as a user (don't know
+how much that counts, and cannot speak for other people's
+needs).
+
+Thanks anyway.
+ Andreas
+
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn
new file mode 100644
index 00000000..5f322878
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn
@@ -0,0 +1 @@
+Is there a way to use propellor with no central repository?
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
new file mode 100644
index 00000000..1f1456c5
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:39:48Z"
+ content="""
+Not yet, but see [[todo/git_push_over_propellor_ssh_channel]]
+"""]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
new file mode 100644
index 00000000..6a6aa946
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""yay!"""
+ date="2014-11-19T01:31:14Z"
+ content="""
+propellor now supports this mode by default, just use `propellor --spin
+hostname` and the changes in the local repo will be pushed and deployed to
+the host, w/o needing a centralized git repo.
+"""]]
diff --git a/doc/forum/property_combinator_ordering.mdwn b/doc/forum/property_combinator_ordering.mdwn
new file mode 100644
index 00000000..25549bb4
--- /dev/null
+++ b/doc/forum/property_combinator_ordering.mdwn
@@ -0,0 +1,8 @@
+when I write
+
+ setDistribution cfg = f `File.hasContent` cfg
+ `onChange` update
+ `requires` File.dirExists confDir
+
+is update called before ensuring the confiDir Exist ?
+It seems to me but who knows ?
diff --git a/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
new file mode 100644
index 00000000..c41abd90
--- /dev/null
+++ b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
@@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-01T15:53:11Z"
+ content="""
+I think that should behave intuitively, but of course if you're unsure
+of this kind of thing, adding parens is a good way to disambiguate the
+code.
+
+ (f `File.hasContent` cfg `onChange` update)
+ `requires` File.dirExists confDir
+
+Written that way, it's explicit that the parenthesized part runs
+together as one action.
+
+Or, we can do a quick test in ghci:
+
+ joey@darkstar:~/src/propellor/src#joeyconfig>ghci Propellor.hs Propellor/Property.hs
+ *Propellor> let f1 = property "hasContent" (liftIO (print "f1") >> return MadeChange)
+ *Propellor> let f2 = property "update" (liftIO (print "f2") >> return MadeChange)
+ *Propellor> let f3 = property "dirExists" (liftIO (print "f3") >> return MadeChange)
+ *Propellor> runPropellor (Host "foo" [] mempty) $ ensureProperty $ f1 `onChange` f2 `requires` f3
+ "dirExists"
+ "hasContent"
+ "update"
+ MadeChange
+
+So, yes, it's behaving as it should, first ensuring that the `requires`
+property is met, and then running the main property, and since it made a
+change, following up by running the `onChange` property.
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn
new file mode 100644
index 00000000..1fde595c
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine.mdwn
@@ -0,0 +1,290 @@
+I'm trying to get propellor running, and for now, I'd prefer
+to not use a central git repo, according to what I have read
+
+```
+ propellor --spin host
+```
+
+should do just that: not use git.
+
+So I have cabal installed propellor locally, and
+in addition cloned
+
+```
+ git clone git://propellor.branchable.com/ .propellor
+```
+
+in my $HOME
+
+My local machine (from where I run propellor) runs debian testing, the
+machine I want to spin to: softland, debian unstable+experimental,
+ie. unstable in general + all things ghc from experimental, to get ghc
+7.8.4 (but not any more than that from experimental).
+
+was not sure, what the right propellor config would be in that case:
+
+```
+& os (System (Debian Experimental) "amd64")
+```
+which I have used, or
+
+```
+ & os (System (Debian Unstable) "amd64")
+```
+because in general I want Unstable
+
+
+First thing I notice, when running
+
+
+```
+$ propellor --spin softland
+```
+
+propellor nevertheless tries to git push (but fails, obviously,
+somewhere down in propellors output):
+
+```
+...
+Building propellor-2.2.1...
+Preprocessing library propellor-2.2.1...
+In-place registering propellor-2.2.1...
+Preprocessing executable 'propellor' for propellor-2.2.1...
+Preprocessing executable 'propellor-config' for propellor-2.2.1...
+Propellor build ... done
+[master 8ca2715] propellor spin
+Git commit ... done
+Counting objects: 10, done.
+Delta compression using up to 2 threads.
+Compressing objects: 100% (8/8), done.
+Writing objects: 100% (10/10), 913 bytes | 0 bytes/s, done.
+Total 10 (delta 6), reused 0 (delta 0)
+remote: you are not allowed to change config.hs
+To git://propellor.branchable.com/
+ ! [remote rejected] master -> master (pre-receive hook declined)
+error: failed to push some refs to 'git://propellor.branchable.com/'
+Push to central git repository ... failed
+Stop listening request sent.
+Hit http://ftp.uk.debian.org sid InRelease
+Hit http://ftp.uk.debian.org experimental InRelease
+Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B]
+...
+```
+
+Note in particular the lines:
+
+```
+ To git://propellor.branchable.com/
+ ! [remote rejected] master -> master (pre-receive hook declined)
+ error: failed to push some refs to 'git://propellor.branchable.com/'
+ Push to central git repository ... failed
+```
+
+Shouldn't propellor be completely quiet about git /
+not try to push at all?
+
+OK, never mind, let's see what's next: some long
+output, propellor finally fails, I assume it's because
+of my sid+experimental configuration?
+
+
+```
+Stop listening request sent.
+Hit http://ftp.uk.debian.org sid InRelease
+Hit http://ftp.uk.debian.org experimental InRelease
+Get:1 http://ftp.uk.debian.org sid/main amd64 Packages/DiffIndex [7,876 B]
+Get:2 http://ftp.uk.debian.org sid/contrib amd64 Packages/DiffIndex [7,819 B]
+Get:3 http://ftp.uk.debian.org sid/non-free amd64 Packages/DiffIndex [7,819 B]
+Get:4 http://ftp.uk.debian.org sid/contrib Translation-en/DiffIndex [7,819 B]
+Get:5 http://ftp.uk.debian.org sid/main Translation-en/DiffIndex [7,876 B]
+Get:6 http://ftp.uk.debian.org sid/non-free Translation-en/DiffIndex [7,819 B]
+Get:7 http://ftp.uk.debian.org sid/main Sources [7,633 kB]
+Get:8 http://ftp.uk.debian.org sid/contrib Sources [57.1 kB]
+Get:9 http://ftp.uk.debian.org sid/non-free Sources [105 kB]
+Get:10 http://ftp.uk.debian.org experimental/main Sources/DiffIndex [7,819 B]
+Get:11 http://ftp.uk.debian.org experimental/contrib Sources/DiffIndex [7,819 B]
+Get:12 http://ftp.uk.debian.org experimental/non-free Sources/DiffIndex [7,819 B]
+Get:13 http://ftp.uk.debian.org experimental/main amd64 Packages/DiffIndex [7,819 B]
+Get:14 http://ftp.uk.debian.org experimental/contrib amd64 Packages/DiffIndex [7,819 B]
+Get:15 http://ftp.uk.debian.org experimental/contrib Translation-en/DiffIndex [7,819 B]
+Get:16 http://ftp.uk.debian.org experimental/main Translation-en/DiffIndex [7,819 B]
+Fetched 7,897 kB in 6s (1,169 kB/s)
+Reading package lists...
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping gnupg, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping ghc, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping cabal-install, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-async-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-missingh-dev : Depends: libghc-hunit-dev-1.2.5.2-6e02e
+ Depends: libghc-array-dev-0.4.0.1-3b784
+ Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-containers-dev-0.5.0.0-ab1da
+ Depends: libghc-directory-dev-1.2.0.1-91a78
+ Depends: libghc-filepath-dev-1.3.0.1-b12cb
+ Depends: libghc-hslogger-dev-1.2.1-028cc
+ Depends: libghc-mtl-dev-2.1.2-94c72
+ Depends: libghc-network-dev-2.4.1.2-040ce
+ Depends: libghc-old-locale-dev-1.0.0.5-6729c
+ Depends: libghc-old-time-dev-1.1.0.1-2f8ea
+ Depends: libghc-parsec-dev-3.1.3-6c6e2
+ Depends: libghc-process-dev-1.1.0.2-76e05
+ Depends: libghc-random-dev-1.0.1.1-43fdc
+ Depends: libghc-regex-compat-dev-0.95.1-121c7
+ Depends: libghc-time-dev-1.4.0.1-10dc4
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-hslogger-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-containers-dev-0.5.0.0-ab1da
+ Depends: libghc-directory-dev-1.2.0.1-91a78
+ Depends: libghc-mtl-dev-2.1.2-94c72
+ Depends: libghc-network-dev-2.4.1.2-040ce
+ Depends: libghc-old-locale-dev-1.0.0.5-6729c
+ Depends: libghc-process-dev-1.1.0.2-76e05
+ Depends: libghc-time-dev-1.4.0.1-10dc4
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-unix-compat-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-unix-dev-2.6.0.1-4f219
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-ansi-terminal-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-ifelse-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+E: Unable to correct problems, you have held broken packages.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-network-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-quickcheck2-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Skipping libghc-mtl-dev, it is already installed and upgrade is not set.
+0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+Reading package lists...
+Building dependency tree...
+Reading state information...
+Some packages could not be installed. This may mean that you have
+requested an impossible situation or if you are using the unstable
+distribution that some required packages have not yet been created
+or been moved out of Incoming.
+The following information may help to resolve the situation:
+The following packages have unmet dependencies:
+ libghc-monadcatchio-transformers-dev : Depends: libghc-base-dev-4.6.0.1-8aa5d
+ Depends: libghc-extensible-exceptions-dev-0.1.1.4-255a3
+ Depends: libghc-monads-tf-dev-0.1.0.2-731f0
+ Depends: libghc-transformers-dev-0.3.0.0-ff2bb
+E: Unable to correct problems, you have held broken packages.
+Downloading the latest package list from hackage.haskell.org
+Skipping download: Local and remote files match.
+Resolving dependencies...
+All the requested packages are already installed:
+Use --reinstall if you want to reinstall anyway.
+Resolving dependencies...
+Configuring propellor-2.2.1...
+Building propellor-2.2.1...
+Preprocessing library propellor-2.2.1...
+In-place registering propellor-2.2.1...
+Preprocessing executable 'propellor' for propellor-2.2.1...
+Preprocessing excaecutable 'propellor-bal: can't find source for configconf in src
+ig' for propellor-2.2.1...
+propellor: user error (ssh ["-o","ControlPath=/home/rx/.ssh/propellor/softland.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@softland","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot softland ; fi'"] exited 1)
+rx@varenne ~/work/propellor $
+```
+
+I should add, that I have tried to --spin to another
+machine, and ... finally got that working:
+
+
+```
+ , host "laptop"
+ & os (System (Debian Testing) "amd64")
+```
+
+Not sure, if I need more than that, want to keep it to the
+minimum first, anyway:
+
+
+```
+ propellor --spin laptop
+```
+
+this works, yeah - sorry for the noise, above - but still I get
+
+
+```
+Git commit ... done
+To git://propellor.branchable.com/
+ ! [rejected] master -> master (fetch first)
+error: failed to push some refs to 'git://propellor.branchable.com/'
+hint: Updates were rejected because the remote contains work that you do
+hint: not have locally. This is usually caused by another repository pushing
+hint: to the same ref. You may want to first integrate the remote changes
+hint: (e.g., 'git pull ...') before pushing again.
+hint: See the 'Note about fast-forwards' in 'git push --help' for details.
+Push to central git repository ... failed
+```
+
+Possible to turn off these git push attempts?
+
+
+Thanks,
+ Andreas
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment
new file mode 100644
index 00000000..cfe1750a
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_1_df7ac45d7e576e8d73a8665521dbd6e0._comment
@@ -0,0 +1,29 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="finally got it working"
+ date="2015-03-27T05:15:26Z"
+ content="""
+can spin to softland, my sid+experimental host now.
+
+with recent git://propellor.branchable.com/ updates
+and have used:
+
+```
+ & os (System (Debian Experimental) \"amd64\")
+```
+
+so sorry for the noise, still not sure about:
+
+* how to express my installation properly:
+ mostly unstable, ghc stuff from experimental
+
+* how to turn off the git push to branchable attempts
+ when just spinning to one of my mashines:
+ have set now:
+ ```
+ git branch --unset-upstream
+ ```
+ which shortcuts these attempts at least.
+
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment
new file mode 100644
index 00000000..51c3fc53
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_2_8600d257d92f786f2fcf0d4934f727d5._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-03-30T23:22:17Z"
+ content="""
+Pushing to origin is needed when using propellor in the central git
+repository deployment mode. So it makes sense for --spin to try to push.
+If that push fails for some reason, it's not a fatal error, since propellor
+--spin also does peer-to-peer pushes.
+
+I don't think I want to get into trying to determine if a particular origin
+repo url is read-only or read-write. It can be hard to tell with eg
+a https url.
+
+Why don't you just `git remote rename origin upstream`? If the remote
+is not called origin, propellor will ignore it.
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment
new file mode 100644
index 00000000..ed34d6a7
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_3_f1ca62944fe0303db6f1dc0916e8c967._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-03-30T23:26:38Z"
+ content="""
+As to a mixed unstable/experimental machine, such a machine has a Property
+of having somepackage installed from experimental. One way to represent
+that is by defining a property:
+
+installedFromExperimental :: [Package] -> Property NoInfo
+installedFromExperimental = Apt.installed' ["-y", "-texperimental"]
+
+"""]]
diff --git a/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment
new file mode 100644
index 00000000..72b21450
--- /dev/null
+++ b/doc/forum/trying_to_--spin_to_a_sid+experimental_machine/comment_4_d0d946df7455d079af9bc331da6fac55._comment
@@ -0,0 +1,16 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawm-czsfuWENKQ0GI8l0gnGTeF1JEli1mA0"
+ nickname="Andreas"
+ subject="thanks a lot"
+ date="2015-04-06T21:11:46Z"
+ content="""
+thanks for your your commments (both of them),
+and fair enough: have just renamed my origin remote to upstream,
+will try your installedFromExperimental suggestion next.
+
+
+I will have more questions about propellor,
+but aske them in a different thread
+(as they are not really about installation)
+
+"""]]
diff --git a/doc/haskell_newbie.mdwn b/doc/haskell_newbie.mdwn
index 39a62f45..38da5ab0 100644
--- a/doc/haskell_newbie.mdwn
+++ b/doc/haskell_newbie.mdwn
@@ -114,7 +114,8 @@ That's really all there is to configuring Propellor. Once you
have a `config.hs` ready to try out, you can run `propellor --spin $host`
on one of the hosts configured in it.
-See the [[README]] for a further quick start.
+See the [[README]] for a further quick start and [[Writing Properties]]
+for guidance on extending propellor with your own custom properties.
(If you'd like to learn a little Haskell after all, check out
[Learn You a Haskell for Great Good](http://learnyouahaskell.com/).)
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn
new file mode 100644
index 00000000..362f56e6
--- /dev/null
+++ b/doc/news/propellor_demo.mdwn
@@ -0,0 +1,8 @@
+A quick demo of propellor.
+
+<video controls src="http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm"></video>
+
+[video](http://downloads.kitenet.net/talks/propellor_demo/propellor_demo.webm)
+
+(Audio quality is clipped/fast in places, unfortunately this was a problem
+with the source recording.)
diff --git a/doc/news/version_1.2.2.mdwn b/doc/news/version_1.2.2.mdwn
new file mode 100644
index 00000000..c10940fd
--- /dev/null
+++ b/doc/news/version_1.2.2.mdwn
@@ -0,0 +1,4 @@
+propellor 1.2.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Revert ensureProperty warning message, too many false positives in places
+ where Info is correctly propigated. Better approach needed."""]] \ No newline at end of file
diff --git a/doc/news/version_1.3.0.mdwn b/doc/news/version_1.3.0.mdwn
new file mode 100644
index 00000000..87abb2f7
--- /dev/null
+++ b/doc/news/version_1.3.0.mdwn
@@ -0,0 +1,17 @@
+propellor 1.3.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * --spin checks if the DNS matches any configured IP address property
+ of the host, and if not, sshes to the host by IP address.
+ * Detect #774376 and refuse to use docker if the system is so broken
+ that docker exec doesn't enter a chroot.
+ * Update intermediary propellor in --spin --via
+ * Added support for DNSSEC.
+ * Ssh.hostKey and Ssh.hostKeys no longer install public keys from
+ the privdata. Instead, the public keys are included in the
+ configuration. (API change)
+ * Ssh.hostKeys now removes any host keys of types that the host is not
+ configured to have.
+ * sshPubKey is renamed to Ssh.pubKey, and has an added SshKeyType
+ parameter. (API change)
+ * CloudAtCost.deCruft no longer forces randomHostKeys.
+ * Fix build with process 1.2.1.0."""]] \ No newline at end of file
diff --git a/doc/news/version_1.3.1.mdwn b/doc/news/version_1.3.1.mdwn
new file mode 100644
index 00000000..74a39ac4
--- /dev/null
+++ b/doc/news/version_1.3.1.mdwn
@@ -0,0 +1,6 @@
+propellor 1.3.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Fix bug that prevented deploying ssh host keys when the file for the
+ key didn't already exist.
+ * DNS records for hosts with known ssh public keys now automatically
+ include SSHFP records."""]] \ No newline at end of file
diff --git a/doc/news/version_1.3.2.mdwn b/doc/news/version_1.3.2.mdwn
new file mode 100644
index 00000000..77902008
--- /dev/null
+++ b/doc/news/version_1.3.2.mdwn
@@ -0,0 +1,5 @@
+propellor 1.3.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * SSHFP records are also generated for CNAMES of hosts.
+ * Merge Utiity modules from git-annex.
+ * Ignore bogus DNS when spinning the local host."""]] \ No newline at end of file
diff --git a/doc/news/version_2.2.1.mdwn b/doc/news/version_2.2.1.mdwn
new file mode 100644
index 00000000..69f7faa3
--- /dev/null
+++ b/doc/news/version_2.2.1.mdwn
@@ -0,0 +1,6 @@
+propellor 2.2.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * userScriptProperty now passes --shell /bin/sh, so it can be used
+ even for users with nonstandard shells.
+ * Fix bug in docker propellor shim setup introduced in last release,
+ which broke provisioning of new docker containers."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 12ae18de..831b2b41 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -29,7 +29,7 @@ in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
-extracts the private that that the $host needs, and sends it to to the
+extracts the private data that the $host needs, and sends it to to the
$host using ssh. This lets a host know its own private data, without
seeing all the rest.
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
+
+Thanks
+"""]]
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ ip="131.252.200.111"
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
+"""]]
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case bitbucket.org, and the URL used is git@bitbucket.org:abailly/capital-match-infra.git which implies connection goes through SSH
+
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+
+Thanks for your help
+"""]]
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+
+
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
+
+
+"""]]
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
+"""]]
diff --git a/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
new file mode 100644
index 00000000..be8ac7f9
--- /dev/null
+++ b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2014-11-19T01:35:59Z"
+ content="""
+@Arnaud, see [[centralized_repository]], including its documentation of a
+"deploy" remote, which can be used to configure the url that remote hosts
+should pull from.
+
+Also, propellor can be used now without any centralized repository.
+"""]]
diff --git a/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment
new file mode 100644
index 00000000..e9d20642
--- /dev/null
+++ b/doc/security/comment_7_ebbb6f3617c879715a35900a07ea1909._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawkgUir7k_amh9RFp4D3QutX1fGh_nd7ko4"
+ nickname="Philipp"
+ subject="Passwords in PrivData"
+ date="2014-12-13T18:25:23Z"
+ content="""
+I wonder if there could be a shortcut in PrivData handling that hashes the input with crypt() instead of passing it raw to a machine. For instance passwords are stored in plain on the target machines, while this is not required to set the password in shadow: the hash would suffice. I think this page should at least spell out that fact.
+"""]]
diff --git a/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn
new file mode 100644
index 00000000..7a59fc20
--- /dev/null
+++ b/doc/todo/Bug_in_Property.Ssh.authorizedKey.mdwn
@@ -0,0 +1,8 @@
+If Ssh.authorizedKey in propellor 2.0.0 is used to create .ssh/authorized_keys for
+a user other than root, it will be owned by root:root and won't
+work for the user. Adding a key to an existing authorized_keys
+file doesn't change its ownership and therefore works fine.
+
+-- weinzwang
+
+> Thanks, [[fixed|done]] this and will make a release.
diff --git a/doc/todo/Wishlist:_User.hasLoginShell.mdwn b/doc/todo/Wishlist:_User.hasLoginShell.mdwn
new file mode 100644
index 00000000..cf8aa73c
--- /dev/null
+++ b/doc/todo/Wishlist:_User.hasLoginShell.mdwn
@@ -0,0 +1,9 @@
+As far as I can tell there is no easy way to set a user's
+login shell. A Property User.hasLoginShell, which ensures
+that a user has a specified login shell and that said shell
+is in /etc/shells would be really helpful. Sadly, I lack the
+skills to put this together myself :(
+
+-- weinzwang
+
+> patched in and so [[done]] --[[Joey]]
diff --git a/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment
new file mode 100644
index 00000000..52043406
--- /dev/null
+++ b/doc/todo/Wishlist:_User.hasLoginShell/comment_1_c02e8783b91c3c0326bf1b317be4694f._comment
@@ -0,0 +1,59 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-19T16:07:24Z"
+ content="""
+Propellor makes it very easy to put together a property like this.
+
+Let's start with a property that combines the two properties you mentioned:
+
+ hasLoginShell :: UserName -> FilePath -> Property
+ hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell
+
+The shellEnabled property can be easily written using propellor's file
+manipulation properties.
+
+ -- Need to add an import to the top of the source file.
+ import qualified Propellor.Property.File as File
+
+ shellEnabled :: FilePath -> Property
+ shellEnabled shell = "/etc/shells" `File.containsLine` shell
+
+And then, we want to actually change the user's shell. The `chsh(1)`
+program can do that, so we can simply tell propellor the command line to
+run:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user]
+
+The only remaining problem with this is that shellSetTo runs chsh every
+time, and propellor will always display that it's made a change each time
+it runs, even when it didn't really do much. Now, there's an easy way to
+avoid that problem, we could just tell propellor that it's a trivial
+property, and then it will run chsh every time and not think it made any
+change:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = trivial $
+ cmdProperty "chsh" ["--shell", shell, user]
+
+But, it's not much harder to do this right. Let's make the property
+check if the user's shell is already set to the desired value and avoid
+doing anything in that case.
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", shell, user]
+ where
+ needchangeshell = do
+ currshell <- userShell <$> getUserEntryForName user
+ return (currshell /= shell)
+
+And that will probably all work, although I've not tested it. You might
+want to throw in some uses of `describe` to give the new properties
+more useful descriptions.
+
+I hope this has been helpful as an explanation of how to add properties to
+Propellor, and if you get these properties to work, a patch adding them
+to Propellor.User would be happily merged.
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__.mdwn b/doc/todo/bytes_in_privData__63__.mdwn
new file mode 100644
index 00000000..27297fd5
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__.mdwn
@@ -0,0 +1,17 @@
+It seems like I can't set the content of a PrivFile to arbitrary bytes.
+
+ $ propellor --set 'PrivFile "mysecret.key"' 'mycontext' < ~/mysecret.key
+ find . | grep -v /.git/ | grep -v /tmp/ | grep -v /dist/ | grep -v /doc/ | egrep '\.hs$' | xargs hothasktags | perl -ne 'print; s/Propellor\.Property\.//; print' | sort > tags 2>/dev/null || true
+ cabal build
+ Building propellor-2.2.1...
+ Preprocessing library propellor-2.2.1...
+ In-place registering propellor-2.2.1...
+ Preprocessing executable 'propellor' for propellor-2.2.1...
+ Preprocessing executable 'propellor-config' for propellor-2.2.1...
+ [70 of 70] Compiling Main ( src/config.hs, dist/build/propellor-config/propellor-config-tmp/Main.o )
+ Linking dist/build/propellor-config/propellor-config ...
+ ln -sf dist/build/propellor-config/propellor-config propellor
+
+
+ Enter private data on stdin; ctrl-D when done:
+ propellor: <stdin>: hGetContents: invalid argument (invalid byte sequence)
diff --git a/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment
new file mode 100644
index 00000000..5c1508fd
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_1_42c107179b091f74ef55aff1fc240c5e._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-20T01:04:26Z"
+ content="""
+I imagine that adding `fileEncoding stdin` to setPrivData will fix
+this crash, but I'd expect there are also other problems with encodings
+for privdata that haskell doesn't like. Similar fixes would probably
+be needed in several other places.
+
+Probably cleaner and better to convert
+`PrivData` from a String to a ByteString, and so avoid encodings
+being applied to it. I think this could be done without changing the
+file format; the privdata file uses Read/Show for serialization,
+and happily ByteString uses the same Read/Show format as String does.
+
+So, changing the type and following the compile errors should get you
+there, I think!
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment
new file mode 100644
index 00000000..10ff956a
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_2_60f577b476adc6ee1e4f18e11843df90._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2015-04-21T12:59:42Z"
+ content="""
+Would you accept a patch converting PrivData from String to ByteString?
+"""]]
diff --git a/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment
new file mode 100644
index 00000000..a1c7f62f
--- /dev/null
+++ b/doc/todo/bytes_in_privData__63__/comment_3_55f34128de77b7947d32fac71071e033._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2015-04-21T16:52:06Z"
+ content="""
+Absolutely. Thought that went w/o saying. ;)
+"""]]
diff --git a/doc/todo/docker_todo_list.mdwn b/doc/todo/docker_todo_list.mdwn
index 72ded426..1321445d 100644
--- a/doc/todo/docker_todo_list.mdwn
+++ b/doc/todo/docker_todo_list.mdwn
@@ -1,5 +1,3 @@
* There is no way for a property of a docker container to require
some property be met outside the container. For example, some servers
need ntp installed for a good date source.
-* The SimpleSh was added before `docker exec` existed, and could probably
- be eliminated by using that.
diff --git a/doc/todo/editor_for_privdata__63__.mdwn b/doc/todo/editor_for_privdata__63__.mdwn
new file mode 100644
index 00000000..8b91338c
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__.mdwn
@@ -0,0 +1,4 @@
+Would adding a way to call $EDITOR to edit privdata be possible?
+It would make sense for editing data like logcheck files.
+
+> [[done]]
diff --git a/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
new file mode 100644
index 00000000..bbe93fe3
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="http://joeyh.name/"
+ subject="comment 2"
+ date="2014-11-11T21:16:09Z"
+ content="""
+Already exists in `propellor --edit`
+
+Documentation patches accepted! :)
+"""]]
diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn
new file mode 100644
index 00000000..7dc80cef
--- /dev/null
+++ b/doc/todo/etckeeper.mdwn
@@ -0,0 +1 @@
+It would be cool to have an etckeeper module :-).
diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
new file mode 100644
index 00000000..f080f70e
--- /dev/null
+++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-06T15:46:56Z"
+ content="""
+All I've needed for this is `& Apt.installed ["etckeeper"]`
+
+Patches welcome, I suppose.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
new file mode 100644
index 00000000..046f4a6f
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
@@ -0,0 +1,3 @@
+Sometimes I forget to commit a modification, and running "propellor --spin" automatically commits this stuff. It would be better if "propellor --spin" failed (or, even better, warned the user) that there are uncommited changes, and "propellor --spin" would just always add an empty commit.
+
+> --merge added; [[done]] --[[Joey]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
new file mode 100644
index 00000000..19b2fab6
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-23T18:41:40Z"
+ content="""
+Letting --spin commit is part of my workflow. It's great when you're just
+changing config.hs to quickly blast out the changes.
+
+Granted, it is not so nice when doing Property development, as changes get
+fragmented across the spins used to test them. I'd be happy to find some
+way to improve that. Perhaps a way could be found to get this structure of
+git commits:
+
+ manual commit------------------------->manual commit--merge
+ \--spin--spin--spin--spin--spin------------/
+
+Where the second manual commit has an identical tree committed as does the
+spin just underneath it, and so the following merge doesn't change any files,
+just grafts the two branches back together.
+
+I guess that could be handled by haing a checkpoint command, that squashes
+all the previous spins since the last checkpoint together into one commit,
+lets the user edit the commit message of that, and the juggles the branches
+into place and creates the merge commit -- which then becomes the new last
+checkpoint.
+
+I'll take patches for such a thing, or more simply a way to configure --spin's
+auto-committing behavior. However, I don't want to change the default
+behavior to not commit.
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
new file mode 100644
index 00000000..3e8e5f62
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2014-11-23T20:23:24Z"
+ content="""
+Your solution seems a lot better :-).
+"""]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
new file mode 100644
index 00000000..8ad6ab49
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2014-11-23T21:12:19Z"
+ content="""
+Here's a almost-script to do it, which worked when it did it by hand:
+
+<pre>
+get old-head (git show-ref HEAD -s)
+get curr-branch (refs/heads/master eg)
+find old-commit (look back through git log for the first commit that was not "propellor spin")
+git reset old-commit
+git commit -a # user gets to edit commit message for all the spins and any staged changes here
+git merge -S -s ours old-head
+get current-commit (result of merge)
+git update-ref curr-branch current-commit
+git checkout curr-branch
+</pre>
+"""]]
diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
new file mode 100644
index 00000000..c6d42fcf
--- /dev/null
+++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
@@ -0,0 +1,13 @@
+Propellor currently needs a central git server. And it has a special-cased
+protocol during bootstrap that transfers the git repo over to a new host,
+using the ssh connection that will be used to run propellor.
+
+This could be improved by making a git push be done whenever
+`propellor spin $host` runs. The remote propellor runs `git receive-pack`;
+the local one runs `git send-pack`.
+
+Then there would be no need for a central git repo. Although still very
+useful if you have multiple propellor driven hosts and you want to just git
+commit and let cron sort them out.
+
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/info_propigation_out_of_nested_properties.mdwn b/doc/todo/info_propigation_out_of_nested_properties.mdwn
index e6427069..536d6719 100644
--- a/doc/todo/info_propigation_out_of_nested_properties.mdwn
+++ b/doc/todo/info_propigation_out_of_nested_properties.mdwn
@@ -1,36 +1,97 @@
> Now [[fixed|done]]!! --[[Joey]]
-Currently, Info about a Host's Properties is manually gathered and
-propigated. propertyList combines the Info of the Properties in the list.
-Docker.docked extracts relevant Info from the Properties of the container
-(but not al of it, intentionally!).
+Currently, Info about a Host's Properties is propigated to the host by
+examining the tree of Properties.
-This works, but it's error-prone. Consider this example:
+This works, but there's one problem. Consider this example:
withOS desc $ \o -> case o of
(Just (System (Debian Unstable) _)) -> ensureProperty foo
_ -> ensureProperty bar
Here, the Info of `foo` is not propigated out. Nor is `bar`'s Info.
-Of course, only one of them will be run, and only its info should be propigated
-out..
+It's not really clear if just one Info, or both should be propigated out.
-This commonly afflicts eg, privData. For example, `User.hasPassword'`
-has this problem, and this prevents --list-fields from listing privdata
-that's not set from that property.
+----
One approach might be to make the Propellor monad be able to be run in two
-modes. In one mode, it actually perform IO, etc. In the other mode, all
-liftIO is a no-op, but all Info encountered is accumulated using a Reader
-monad. This might need two separate monad definitions.
-
-That is surely doable, but the withOS example above shows a problem with it --
-the OS is itself part of a Host's info, so won't be known until all its
-properties have been examined for info!
-
-Perhaps that can be finessed. We don't really need to propigate out OS info.
-Just DNS and PrivDataField Info. So info could be collected in 2 passes,
-first as it's done now by static propertyInfo values. Then take that
-and use it as the Info when running the Properties in the Reader monad.
-Combine what the Reader accumulates with the static info to get the full
-info.
+modes. In run mode, it actually performs IO, etc. In introspection mode, all
+liftIO is a no-op, but all Info encountered is accumulated using a Reader.
+This might need two separate monad definitions.
+
+That is surely doable, but consider this example:
+
+ property "demo" = do
+ needfoo <- liftIO checkFoo
+ if needfoo
+ then ensureProperty foo
+ else ensureProperty . bar =<< liftIO (getBarParam)
+
+In introspection mode, the liftIO is a no-op, but needs to return a Bool.
+That seems unlikely (how to pick which?), but even if some defaulting is
+used, only one of foo or bar's info will be seen.
+
+Worse, the bar property is not fully known until IO can be performed to get
+its parameter.
+
+----
+
+Another approach could be something like this:
+
+ withInfoFrom foo $ \callfoo ->
+ withInfoFrom bar $ \callbar ->
+ property "demo" = do
+ needfoo <- liftIO checkFoo
+ if needfoo
+ then callfoo
+ else callbar
+
+Here withInfoFrom adds foo and bar as child properties of the demo property
+that (may) call them.
+
+This approach is not fully type safe; it would be possible to call
+withInfoFrom in a way that didn't let it propigate the info.
+
+And again this doesn't solve the problem that IO can be needed to get
+a parameter of a child property.
+
+----
+
+Another approach would be to add a new SimpleProperty, which is a property
+that has no Info. Only allow calling ensureProperty on this new type.
+
+(Or, remove propertyInfo from Property, and add a new InfoProperty that
+has the info.)
+
+But, propertyList can only contain one type at a time,
+not a mixed list of Property and SimpleProperty.
+
+Could a GADT be used instead?
+
+ {-# LANGUAGE GADTs #-}
+ {-# LANGUAGE EmptyDataDecls #-}
+
+ data HasInfo
+ data NoInfo
+
+ data Property = IProperty (GProperty HasInfo) | SProperty (GProperty NoInfo)
+
+ data GProperty i where
+ GIProperty :: Desc -> Propellor Result -> Info -> GProperty HasInfo
+ GSProperty :: Desc -> Propellor Result -> GProperty NoInfo
+
+ ensureProperty :: GProperty NoInfo -> Propellor Result
+ ensureProperty (GSProperty d r) = r
+
+That works. I made a `gadtwip` git branch that elaborated on that,
+to the point that Property.File compiles, but is otherwise
+unfinished. Most definitions of `Property` need to be changed to
+`GProperty NoInfo`, so that ensureProperty can call them. It's a big,
+intrusive change, and it may complicate propellor too much.
+
+I've tried to make this change a couple times now, and not been completely
+successful so far.
+
+(I may need to make instances of Prop for `GProperty NoInfo` and `GProperty
+HasInfo`, if that's possible, and make more Property combinators work on
+Prop.)
diff --git a/doc/todo/issue_after_upgrading_shared_library.mdwn b/doc/todo/issue_after_upgrading_shared_library.mdwn
new file mode 100644
index 00000000..52e72d4a
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library.mdwn
@@ -0,0 +1,25 @@
+After upgrading my server to jessie, I noticed that propellor does not work anymore. The issue seems to be that, libffi was upgraded from libffi5:amd64 to libffi6:amd64
+
+ $ ./propellor --spin myserver
+ Building propellor-2.2.1...
+ Preprocessing library propellor-2.2.1...
+ In-place registering propellor-2.2.1...
+ Preprocessing executable 'propellor' for propellor-2.2.1...
+ Preprocessing executable 'propellor-config' for propellor-2.2.1...
+ Propellor build ... done
+
+ You need a passphrase to unlock the secret key for
+ user: bla
+
+ [master 2aabb40] propellor spin
+ Git commit ... done
+ Counting objects: 1, done.
+ Writing objects: 100% (1/1), 852 bytes | 0 bytes/s, done.
+ Total 1 (delta 0), reused 0 (delta 0)
+ To root@myserver:/var/lib/git/private/propellor.git
+ b16f1a6..2aabb40 master -> master
+ Push to central git repository ... done
+ ./propellor: error while loading shared libraries: libffi.so.5: cannot open shared object file: No such file or directory
+ propellor: user error (ssh ["-o","ControlPath=/home/myuser/.ssh/propellor/myserver.sock","-o","ControlMaster=auto","-o","ControlPersist=yes","root@myserver","sh -c 'if [ ! -d /usr/local/propellor/.git ] ; then (if ! git --version >/dev/null; then apt-get update && apt-get --no-install-recommends --no-upgrade -y install git; fi && echo STATUSNeedGitClone) || echo STATUSNeedPrecompiled ; else cd /usr/local/propellor && if ! test -x ./propellor; then ( apt-get update ; apt-get --no-upgrade --no-install-recommends -y install gnupg ; apt-get --no-upgrade --no-install-recommends -y install ghc ; apt-get --no-upgrade --no-install-recommends -y install cabal-install ; apt-get --no-upgrade --no-install-recommends -y install libghc-async-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-missingh-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-hslogger-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-unix-compat-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ansi-terminal-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-ifelse-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-network-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-quickcheck2-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-mtl-dev ; apt-get --no-upgrade --no-install-recommends -y install libghc-monadcatchio-transformers-dev ; cabal update ; cabal install --only-dependencies ) || true && cabal configure && cabal build && ln -sf dist/build/propellor-config/propellor-config propellor; fi && ./propellor --boot myserver ; fi'"] exited 127)
+
+> [[fixed|done]] --[[Joey]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment
new file mode 100644
index 00000000..77c7df83
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_1_8d9144d57871cb5d234710d1ab1b7183._comment
@@ -0,0 +1,20 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-04-02T01:14:06Z"
+ content="""
+I think I saw this once myself (have no servers older than jessie left
+now).
+
+I believe the problem can be worked around by running make clean
+in /usr/local/propellor on the server.
+
+I'm not clear yet on a good way for --spin to detect that propellor
+has failed due to this, rather than some other problem, and try
+a clean and rebuild.
+
+Hmm, xmonad should have a similar problem, since it builds a haskell
+program locally. I wonder how the debian package deals with it there.
+
+Note there's a libffi6, so this will presumably happen again..
+"""]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment
new file mode 100644
index 00000000..3f7a7bbc
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_01a3d5e006158302e12862cacee3327e._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2015-04-02T09:24:07Z"
+ content="""
+Indeed, \"make clean\" on the server worked. I don't know it could be made more robust to this kind of upgrade...
+"""]]
diff --git a/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment
new file mode 100644
index 00000000..bc89ad7f
--- /dev/null
+++ b/doc/todo/issue_after_upgrading_shared_library/comment_2_6025ec35330fbac220f2888e60be1e78._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-04-02T14:27:26Z"
+ content="""
+So I thought of two approaches.
+
+1. Propellor could copy in all the shared libraries. It already contains
+ code to do this. But, this would add overhead to every build. And it
+ might not guard against all snafus.
+
+2. Make propellor --check that should exit 0. Make --spin check that
+ propellor works and rebuild if not. Also make the runPropellor cron job
+ do that.
+
+I've gone with option #2.
+"""]]
diff --git a/doc/todo/lxc_containers_support.mdwn b/doc/todo/lxc_containers_support.mdwn
new file mode 100644
index 00000000..5e9da306
--- /dev/null
+++ b/doc/todo/lxc_containers_support.mdwn
@@ -0,0 +1 @@
+Adding lxc containers support would be great, as an alternative to docker, chroot, or systemd containers.
diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn
new file mode 100644
index 00000000..efaaba05
--- /dev/null
+++ b/doc/todo/port_info_for_properties_for_firewall.mdwn
@@ -0,0 +1,24 @@
+The firewall module could be improved if properties that set up a service
+on a port included info (see Propellor.Info and Propellor.Types.Info)
+about the port(s) used.
+
+While currently the ports have to be explicitly listed:
+
+ & Apache.installed
+ & Firewall.installed
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80))
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443))
+
+Instead the ports would be derived from the installed services.
+
+ & Apache.installed
+ & Firewall.installed
+
+There could also be some combinators to adjust the exposed
+ports of a property.
+
+ & localOnly Apache.installed
+ & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2")
+
+Such port enformation is also going to be needed as a basis of
+[[type_level_port_conflict_detection]]. --[[Joey]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage.mdwn b/doc/todo/publish_propellor_as_library_to_hackage.mdwn
new file mode 100644
index 00000000..709ee35b
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage.mdwn
@@ -0,0 +1,4 @@
+Currently, AFAIK, one needs to fork propellor repo, add its own configuration and compile propellor binary from all the source tree.
+It would be handy and more modular to allow one to have a propellor configuration linked to propellor as a library, hosted on hackage.
+
+> [[done]] --[[Joey]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment
new file mode 100644
index 00000000..8d56f0f1
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_1_00a865bf7977c0e49f54a365f4b60ce8._comment
@@ -0,0 +1,27 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2015-02-28T15:01:24Z"
+ content="""
+Unusual as it is for propellor's configuration git repo to include the full
+source code to propellor, I like this approach. It lets users change any
+existing property that is not generic enough, or makes assumptions they
+don't like, or needs porting to their OS of choice.
+
+But still, propellor is
+[on hackage](http://hackage.haskell.org/package/propellor), as
+a library. It can be used that way if you want to.
+
+I don't think that any of propellor's code cares how it's distributed,
+except for src/wrapper.hs (which cabal will install as
+~/.cabal/bin/propellor), which sets up the ~/.propellor/ repository. You
+can bypass using that wrapper if you like, and cabal install propellor and
+create your own ~/.propellor/ repository containing only your own
+config.hs, and build and use propellor that way.
+
+Where that approach becomes a problem is that propellor --spin currently
+relies on propellor's Makefile being in the repository, when bootstrapping
+propellor on a remote host. So you'll need to include a copy of that in
+your repo for --spin to work. I'd like to get rid of the need for the
+Makefile. (Only the build and deps targets are used by --spin.)
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment
new file mode 100644
index 00000000..af61b1db
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_2_29cc276929020e68eae8ae04110a3f5f._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 2"""
+ date="2015-02-28T17:08:28Z"
+ content="""
+Ok, I got --spin to not use the Makefile any more. So with the 2.2.0
+release, if you want to make ~/.propellor contain only a config.hs
+file and a foo.cabal file, that will work. The cabal file would contain
+something like:
+
+<pre>
+Executable propellor-config
+ Main-Is: config.hs
+ GHC-Options: -Wall -threaded -O0
+ Build-Depends: propellor, base >= 4.5, base < 5
+</pre>
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment
new file mode 100644
index 00000000..09628e53
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_3_efbe0ef77be957c37e745ec64452ae99._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="You rocks!"
+ date="2015-03-05T15:24:49Z"
+ content="""
+Apologies for wrong information, I did not check if propellor was on hackage. Anyway, thanks a lot for caring to \"fix\" that, will give it a try this week and keep you posted.
+
+Thanks a lot
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment
new file mode 100644
index 00000000..737e7066
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_4_6ebf2e30596ddf6eba91717576837019._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="Propellor 2.2.0 not on hackage"
+ date="2015-03-08T20:21:42Z"
+ content="""
+So I cannot depend on it right now. Do you know when it will be available there?
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment
new file mode 100644
index 00000000..85f95c17
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_5_4a4e94c637e0380adc1a43ec3d0633e1._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 5"""
+ date="2015-03-09T17:00:35Z"
+ content="""
+SImply because 2.2.0 had not been released yet. (UNRELEASED in
+changelog..)
+"""]]
diff --git a/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment
new file mode 100644
index 00000000..143f1dea
--- /dev/null
+++ b/doc/todo/publish_propellor_as_library_to_hackage/comment_6_19470170c3ef461f446b0af1d8501640._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="https://www.google.com/accounts/o8/id?id=AItOawmtnXa0F3OsNh8H7yf5EEbtuufPZG-3StI"
+ nickname="Arnaud"
+ subject="comment 6"
+ date="2015-03-10T06:28:52Z"
+ content="""
+Sorry, I did not read the changelog. Thanks for all the hard work on propellor.
+"""]]
diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn
new file mode 100644
index 00000000..5aec5775
--- /dev/null
+++ b/doc/todo/type_level_port_conflict_detection.mdwn
@@ -0,0 +1,5 @@
+See <http://stackoverflow.com/questions/26027765/using-types-to-prevent-conflicting-port-numbers-in-a-list> --[[Joey]]
+
+Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality
+and Data.Type.Bool to older versions; I got them to compile but they didn't
+work right. --[[Joey]]
diff --git a/doc/writing_properties.mdwn b/doc/writing_properties.mdwn
new file mode 100644
index 00000000..c7183e09
--- /dev/null
+++ b/doc/writing_properties.mdwn
@@ -0,0 +1,82 @@
+Propellor comes with a lot of properties you can use. But eventually,
+you'll want to write a property of your own.
+
+This isn't hard. Often propellor has some properties you can use to build
+the property you want. Need to modify the content of a file? Use any of
+the properties in
+[Propellor.Property.File](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-File.htm)
+Need to run some commands? Use [Propellor.Property.Cmd](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-Cmd.html).
+
+To combine properties, the easiest way is to use `requires`.
+
+ someproperty `requires` otherproperty
+
+[Propellor.Property.List](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property-List.html)
+has a `propertyList` combinator that's also useful.
+
+[Propellor.Property](http://hackage.haskell.org/package/propellor-2.2.1/docs/Propellor-Property.html)
+has some other functions to modify Properties in useful ways.
+For example, `check` makes a Property call an `IO Bool` to check if the
+Property needs be run.
+
+## example: User.hasLoginShell
+
+> As far as I can tell there is no easy way to set a user's
+> login shell. A Property User.hasLoginShell, which ensures
+> that a user has a specified login shell and that said shell
+> is in /etc/shells would be really helpful. Sadly, I lack the
+> skills to put this together myself :( -- weinzwang
+
+Propellor makes it very easy to put together a property like this.
+
+Let's start with a property that combines the two properties you mentioned:
+
+ hasLoginShell :: UserName -> FilePath -> Property
+ hasLoginShell user shell = shellSetTo user shell `requires` shellEnabled shell
+
+The shellEnabled property can be easily written using propellor's file
+manipulation properties.
+
+ -- Need to add an import to the top of the source file.
+ import qualified Propellor.Property.File as File
+
+ shellEnabled :: FilePath -> Property
+ shellEnabled shell = "/etc/shells" `File.containsLine` shell
+
+And then, we want to actually change the user's shell. The `chsh(1)`
+program can do that, so we can simply tell propellor the command line to
+run:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = cmdProperty "chsh" ["--shell", shell, user]
+
+The only remaining problem with this is that shellSetTo runs chsh every
+time, and propellor will always display that it's made a change each time
+it runs, even when it didn't really do much. Now, there's an easy way to
+avoid that problem, we could just tell propellor that it's a trivial
+property, and then it will run chsh every time and not think it made any
+change:
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = trivial $
+ cmdProperty "chsh" ["--shell", shell, user]
+
+But, it's not much harder to do this right. Let's make the property
+check if the user's shell is already set to the desired value and avoid
+doing anything in that case.
+
+ shellSetTo :: UserName -> FilePath -> Property
+ shellSetTo user shell = check needchangeshell $
+ cmdProperty "chsh" ["--shell", shell, user]
+ where
+ needchangeshell = do
+ currshell <- userShell <$> getUserEntryForName user
+ return (currshell /= shell)
+
+And that will probably all work, although I've not tested it. You might
+want to throw in some uses of `describe` to give the new properties
+more useful descriptions.
+
+I hope this has been helpful as an explanation of how to add properties to
+Propellor, and if you get these properties to work, a patch adding them
+to Propellor.User would be happily merged.