path: root/doc
diff options
Diffstat (limited to 'doc')
36 files changed, 405 insertions, 1 deletions
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
new file mode 100644
index 00000000..c88defcf
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac.mdwn
@@ -0,0 +1,12 @@
+I am trying propellor on Debian Jessie (haskell is fantastic for this sort or things) to setup one of my computer.
+On my network, the system administrator set proxies for http and https.
+These information are available via a http://proxy/proxy.pac URL.
+So I would like to know what should be done to extract this information and set it for all users on the system ?
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
new file mode 100644
index 00000000..6bf8844d
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_1_69d7c8fb1d62300456575bb10e935d69._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T15:44:13Z"
+ content="""
+You could, for example, use Propellor.Propety.Cmd.cmdProperty
+to run a command that sets up the proxying. If there's not a single command
+that does it, you could cause propellor to fetch the url and deploy the
+info itself.
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
new file mode 100644
index 00000000..8458ee49
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_2_da30b2621493e48ceabcfa5732dbcdf8._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 2"
+ date="2014-11-25T17:55:25Z"
+ content="""
+In my case I need to wget the proxy.pac file and parse it to find the right proxy.
+what worried me is that these proxy.pac things are dynamical depending on the ip of the sender AND the receive.
+It work nicely with web browser, but not with the unix http_proxy and HTTPS_PROXY env.
+nevertheless, I can create something to parse my local setup and extract the right http_proxy.
+Is there something available in Propellor to set a global environment variable in /etc/environment (the right place for this ?)
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
new file mode 100644
index 00000000..9bdcb4df
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_3_bd76d169af2ef2f154ad1f0f64506661._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-25T19:37:46Z"
+ content="""
+There's no Property that handles setting global environment currently, but
+it's a reasonable one to add.
+I think that /etc/environment is read by `pam_env` logins, but maybe not
+other things, so dunno.
diff --git a/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
new file mode 100644
index 00000000..d2a0b45e
--- /dev/null
+++ b/doc/forum/how_to_set_the_proxy_using_an_automatix_proxy.pac/comment_4_a6a49d35ee8a05abc982049b55d0397c._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="picca"
+ subject="comment 4"
+ date="2014-11-25T20:01:12Z"
+ content="""
+I saw that there is an haskell binding for augeas.
+Maybe this could be a nice uniform interface to deal with all the system configuration files.
+then no need to deal with the config file formats.
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
new file mode 100644
index 00000000..0815b4b3
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config.mdwn
@@ -0,0 +1 @@
+How can I modify the configuration of a managed host (which seems to be stored in /usr/local/propellor/.git/config) from the host on which I run propellor?
diff --git a/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
new file mode 100644
index 00000000..f034a377
--- /dev/null
+++ b/doc/forum/modify_managed_host_propellor__39__s_.git__47__config/comment_1_da3ebb4736a1f1012b6d27bcd33ff44f._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:40:33Z"
+ content="""
+I'm curious what you need to configure there..
+But, there seems to be a simple solution: Add a Property that configures
+the .git/config however you need to! :)
diff --git a/doc/forum/propellor_with_no_central_repository__63__.mdwn b/doc/forum/propellor_with_no_central_repository__63__.mdwn
new file mode 100644
index 00000000..5f322878
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__.mdwn
@@ -0,0 +1 @@
+Is there a way to use propellor with no central repository?
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
new file mode 100644
index 00000000..1f1456c5
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_1_6a2a5068962b17dac08609cd65887f48._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-10-31T14:39:48Z"
+ content="""
+Not yet, but see [[todo/git_push_over_propellor_ssh_channel]]
diff --git a/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
new file mode 100644
index 00000000..6a6aa946
--- /dev/null
+++ b/doc/forum/propellor_with_no_central_repository__63__/comment_2_0f035bb4bb5cc13574394505f28abe5e._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""yay!"""
+ date="2014-11-19T01:31:14Z"
+ content="""
+propellor now supports this mode by default, just use `propellor --spin
+hostname` and the changes in the local repo will be pushed and deployed to
+the host, w/o needing a centralized git repo.
diff --git a/doc/forum/property_combinator_ordering.mdwn b/doc/forum/property_combinator_ordering.mdwn
new file mode 100644
index 00000000..25549bb4
--- /dev/null
+++ b/doc/forum/property_combinator_ordering.mdwn
@@ -0,0 +1,8 @@
+when I write
+ setDistribution cfg = f `File.hasContent` cfg
+ `onChange` update
+ `requires` File.dirExists confDir
+is update called before ensuring the confiDir Exist ?
+It seems to me but who knows ?
diff --git a/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
new file mode 100644
index 00000000..c41abd90
--- /dev/null
+++ b/doc/forum/property_combinator_ordering/comment_1_0ea2186b5cfa7eadaf38ac2e97fc4a2c._comment
@@ -0,0 +1,31 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-12-01T15:53:11Z"
+ content="""
+I think that should behave intuitively, but of course if you're unsure
+of this kind of thing, adding parens is a good way to disambiguate the
+ (f `File.hasContent` cfg `onChange` update)
+ `requires` File.dirExists confDir
+Written that way, it's explicit that the parenthesized part runs
+together as one action.
+Or, we can do a quick test in ghci:
+ joey@darkstar:~/src/propellor/src#joeyconfig>ghci Propellor.hs Propellor/Property.hs
+ *Propellor> let f1 = property "hasContent" (liftIO (print "f1") >> return MadeChange)
+ *Propellor> let f2 = property "update" (liftIO (print "f2") >> return MadeChange)
+ *Propellor> let f3 = property "dirExists" (liftIO (print "f3") >> return MadeChange)
+ *Propellor> runPropellor (Host "foo" [] mempty) $ ensureProperty $ f1 `onChange` f2 `requires` f3
+ "dirExists"
+ "hasContent"
+ "update"
+ MadeChange
+So, yes, it's behaving as it should, first ensuring that the `requires`
+property is met, and then running the main property, and since it made a
+change, following up by running the `onChange` property.
diff --git a/doc/news/propellor_demo.mdwn b/doc/news/propellor_demo.mdwn
new file mode 100644
index 00000000..362f56e6
--- /dev/null
+++ b/doc/news/propellor_demo.mdwn
@@ -0,0 +1,8 @@
+A quick demo of propellor.
+<video controls src=""></video>
+(Audio quality is clipped/fast in places, unfortunately this was a problem
+with the source recording.)
diff --git a/doc/news/version_0.8.3.mdwn b/doc/news/version_0.8.3.mdwn
new file mode 100644
index 00000000..82f400c0
--- /dev/null
+++ b/doc/news/version_0.8.3.mdwn
@@ -0,0 +1,11 @@
+propellor 0.8.3 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * The Debian package now includes a single-revision git repository in
+ /usr/src/propellor/, and ~/.propellor/ is set up to use this repository as
+ its origin remote. This avoids relying on the security of the github
+ repository when using the Debian package.
+ * The /usr/bin/propellor wrapper will warn when ~/.propellor/ is out of date
+ and a newer version is available, after which git merge upstream/master
+ can be run to merge it.
+ * Included the config.hs symlink to config-simple.hs in the cabal and Debian
+ packages."""]] \ No newline at end of file
diff --git a/doc/news/version_0.9.0.mdwn b/doc/news/version_0.9.0.mdwn
new file mode 100644
index 00000000..f50a6b29
--- /dev/null
+++ b/doc/news/version_0.9.0.mdwn
@@ -0,0 +1,12 @@
+propellor 0.9.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Avoid encoding the current stable suite in propellor's code,
+ since that poses a difficult transition around the release,
+ and can easily be wrong if an older version of propellor is used.
+ Instead, the os property for a stable system includes the suite name
+ to use, eg Stable "wheezy".
+ * stdSourcesList uses the stable suite name, to avoid unwanted
+ immediate upgrades to the next stable release.
+ * debCdn switched from to, which seems to be
+ better managed now.
+ * Docker: Avoid committing container every time it's started up."""]] \ No newline at end of file
diff --git a/doc/news/version_0.9.1.mdwn b/doc/news/version_0.9.1.mdwn
new file mode 100644
index 00000000..1a7039cf
--- /dev/null
+++ b/doc/news/version_0.9.1.mdwn
@@ -0,0 +1,6 @@
+propellor 0.9.1 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Docker: Add ability to control when containers restart.
+ * Docker: Default to always restarting containers, so they come back
+ up after reboots and docker daemon upgrades.
+ * Fix loop when a docker host that does not exist was docked."""]] \ No newline at end of file
diff --git a/doc/news/version_0.9.2.mdwn b/doc/news/version_0.9.2.mdwn
new file mode 100644
index 00000000..ee7d618d
--- /dev/null
+++ b/doc/news/version_0.9.2.mdwn
@@ -0,0 +1,8 @@
+propellor 0.9.2 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * Added nginx module, contributed by Félix Sipma.
+ * Added firewall module, contributed by Arnaud Bailly.
+ * Apache: Fix daemon reload when enabling a new module or site.
+ * Docker: Stop using; that was a compat symlink in
+ the Debian package which has been removed in 1.3.1~dfsg1-2.
+ * Orphaned the Debian package, as I am retiring from Debian."""]] \ No newline at end of file
diff --git a/doc/news/version_1.0.0.mdwn b/doc/news/version_1.0.0.mdwn
new file mode 100644
index 00000000..dc454f8b
--- /dev/null
+++ b/doc/news/version_1.0.0.mdwn
@@ -0,0 +1,24 @@
+propellor 1.0.0 released with [[!toggle text="these changes"]]
+[[!toggleable text="""
+ * propellor --spin can now be used to update remote hosts, without
+ any central git repository needed. The central git repository is
+ still useful for running propellor from cron, but this simplifies
+ getting started with propellor, and allows for more ad-hoc usage.
+ * The git repo url, if any, is updated whenever propellor --spin is used.
+ * Added prosody module, contributed by Félix Sipma.
+ * Can be used to configure tor hidden services. Thanks, Félix Sipma.
+ * When multiple gpg keys are added, ensure that the privdata file
+ can be decrypted by all of them.
+ * Convert GpgKeyId to newtype. (API change)
+ * DigitalOcean.distroKernel property now reboots into the distribution
+ kernel when necessary.
+ * Avoid outputting color setting sequences when not run on a terminal.
+ * Docker code simplified by using `docker exec`; needs docker 1.3.1.
+ * Docker containers are now a separate data type, cannot be included
+ in the main host list, and are instead passed to
+ Docker.docked. (API change)
+ * Added support for using debootstrap from propellor.
+ * Propellor can now be used to provision chroots.
+ * systemd-nspawn containers can now be managed by propellor, very similar
+ to its handling of docker containers.
+ * Debian package will be maintained by Gergely Nagy."""]] \ No newline at end of file
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 12ae18de..831b2b41 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -29,7 +29,7 @@ in cleartext private data such as passwords, ssh private keys, etc.
Instead, `propellor --spin $host` looks for a
`~/.propellor/privdata/privdata.gpg` file and if found decrypts it,
-extracts the private that that the $host needs, and sends it to to the
+extracts the private data that the $host needs, and sends it to to the
$host using ssh. This lets a host know its own private data, without
seeing all the rest.
diff --git a/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
new file mode 100644
index 00000000..4ed9ecdb
--- /dev/null
+++ b/doc/security/comment_1_6b4d8f45fc60f12b2b8c41046390cf43._comment
@@ -0,0 +1,10 @@
+[[!comment format=mdwn
+ username=""
+ nickname="Arnaud"
+ subject="Is it ok to publish to a public repository?"
+ date="2014-08-29T21:13:19Z"
+ content="""
+It is not clear to me whether or not it is safe to publish my own propellor repository to a publicly hosted service. It seems to me that when I do ./propellor --add-key MYKEYID, the private key data is stored in the repository as a commit, so pushing it exposes this data to the public. Am I wrong?
diff --git a/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
new file mode 100644
index 00000000..4d209b03
--- /dev/null
+++ b/doc/security/comment_2_7cd009d097b01bb3197210b5ea77c7d5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username=""
+ ip=""
+ subject="comment 2"
+ date="2014-08-29T21:52:02Z"
+ content="""
+--add-key puts your **public** key in the repository, not the private key.
diff --git a/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
new file mode 100644
index 00000000..4d75842d
--- /dev/null
+++ b/doc/security/comment_3_91876d995c40a24858bce61a749a3c16._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username=""
+ nickname="Arnaud"
+ subject="Remote host fails to connect"
+ date="2014-08-30T06:40:33Z"
+ content="""
+Makes sense of course, but the message one gets when doing that is a bit misleading.
+I ran into another issue: propellor deploys itself to remote host, but then the propellor instance run on remote host cannot read the remote git repo, because:
+1. the host key is not initially present in root's known_hosts, then
+2. the user's (root) public key is unknown to the remote git repo, in my case, and the URL used is which implies connection goes through SSH
+I am puzzled: Does this mean I should add some for use by the remote host deployed to? This does not make sense so there should be another way... If I change the origin url to use https, then I cannot push locally anymore.
+Thanks for your help
diff --git a/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
new file mode 100644
index 00000000..b2ac4d57
--- /dev/null
+++ b/doc/security/comment_4_347ce6a229a2347c5fd945eef72fd7f7._comment
@@ -0,0 +1,22 @@
+[[!comment format=mdwn
+ username=""
+ nickname="Arnaud"
+ subject="Output from propellor --spin $host"
+ date="2014-08-30T07:17:52Z"
+ content="""
+Here is the output (truncated):
+ Permission denied (publickey).
+ fatal: Could not read from remote repository.
+ Please make sure you have the correct access rights
+ and the repository exists.
+ Git fetch ... failed
+ fatal: ambiguous argument 'origin/master': unknown revision or path not in the working tree.
+ Use '--' to separate paths from revisions, like this:
+ 'git <command> [<revision>...] -- [<file>...]'
+ propellor: user error (git [\"log\",\"-n\",\"1\",\"--format=%G?\",\"origin/master\"] exited 128)
diff --git a/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
new file mode 100644
index 00000000..cc26f42d
--- /dev/null
+++ b/doc/security/comment_5_0c682e12a21d1477628ff0b80e6505d4._comment
@@ -0,0 +1,13 @@
+[[!comment format=mdwn
+ username=""
+ nickname="Arnaud"
+ subject="Got it working..."
+ date="2014-08-31T12:50:17Z"
+ content="""
+OK, I manage to get my first propellor config run fine by setting different branch.master.url and branch.master.pushUrl configurations:
+* Use a https:// based url for the first
+* Use a git:// based url for the second
+I had to nuke the remote /usr/local/propellor directory because it still had wrong configuration with a single remote url.
diff --git a/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
new file mode 100644
index 00000000..be8ac7f9
--- /dev/null
+++ b/doc/security/comment_6_e5f2fdced08fb823efed35684110a840._comment
@@ -0,0 +1,11 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 6"""
+ date="2014-11-19T01:35:59Z"
+ content="""
+@Arnaud, see [[centralized_repository]], including its documentation of a
+"deploy" remote, which can be used to configure the url that remote hosts
+should pull from.
+Also, propellor can be used now without any centralized repository.
diff --git a/doc/todo/editor_for_privdata__63__.mdwn b/doc/todo/editor_for_privdata__63__.mdwn
new file mode 100644
index 00000000..8b91338c
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__.mdwn
@@ -0,0 +1,4 @@
+Would adding a way to call $EDITOR to edit privdata be possible?
+It would make sense for editing data like logcheck files.
+> [[done]]
diff --git a/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
new file mode 100644
index 00000000..bbe93fe3
--- /dev/null
+++ b/doc/todo/editor_for_privdata__63__/comment_2_4fcbdf36f32ca7cf82593a8992167aff._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username=""
+ subject="comment 2"
+ date="2014-11-11T21:16:09Z"
+ content="""
+Already exists in `propellor --edit`
+Documentation patches accepted! :)
diff --git a/doc/todo/etckeeper.mdwn b/doc/todo/etckeeper.mdwn
new file mode 100644
index 00000000..7dc80cef
--- /dev/null
+++ b/doc/todo/etckeeper.mdwn
@@ -0,0 +1 @@
+It would be cool to have an etckeeper module :-).
diff --git a/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
new file mode 100644
index 00000000..f080f70e
--- /dev/null
+++ b/doc/todo/etckeeper/comment_1_8766da27c69bbae357d497e0e557fad2._comment
@@ -0,0 +1,9 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-06T15:46:56Z"
+ content="""
+All I've needed for this is `& Apt.installed ["etckeeper"]`
+Patches welcome, I suppose.
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
new file mode 100644
index 00000000..046f4a6f
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin.mdwn
@@ -0,0 +1,3 @@
+Sometimes I forget to commit a modification, and running "propellor --spin" automatically commits this stuff. It would be better if "propellor --spin" failed (or, even better, warned the user) that there are uncommited changes, and "propellor --spin" would just always add an empty commit.
+> --merge added; [[done]] --[[Joey]]
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
new file mode 100644
index 00000000..19b2fab6
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_1_7267d62ccc8db44bccb935836536e8a1._comment
@@ -0,0 +1,30 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2014-11-23T18:41:40Z"
+ content="""
+Letting --spin commit is part of my workflow. It's great when you're just
+changing config.hs to quickly blast out the changes.
+Granted, it is not so nice when doing Property development, as changes get
+fragmented across the spins used to test them. I'd be happy to find some
+way to improve that. Perhaps a way could be found to get this structure of
+git commits:
+ manual commit------------------------->manual commit--merge
+ \--spin--spin--spin--spin--spin------------/
+Where the second manual commit has an identical tree committed as does the
+spin just underneath it, and so the following merge doesn't change any files,
+just grafts the two branches back together.
+I guess that could be handled by haing a checkpoint command, that squashes
+all the previous spins since the last checkpoint together into one commit,
+lets the user edit the commit message of that, and the juggles the branches
+into place and creates the merge commit -- which then becomes the new last
+I'll take patches for such a thing, or more simply a way to configure --spin's
+auto-committing behavior. However, I don't want to change the default
+behavior to not commit.
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
new file mode 100644
index 00000000..3e8e5f62
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_2_e4d170a14d689bef5d9174b251a4fe6f._comment
@@ -0,0 +1,7 @@
+[[!comment format=mdwn
+ username="gueux"
+ subject="comment 2"
+ date="2014-11-23T20:23:24Z"
+ content="""
+Your solution seems a lot better :-).
diff --git a/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
new file mode 100644
index 00000000..8ad6ab49
--- /dev/null
+++ b/doc/todo/fail_if_modification_not_commited_when_using_--spin/comment_3_c69eaa9c6ae5b07b5c2dd2591de965a3._comment
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 3"""
+ date="2014-11-23T21:12:19Z"
+ content="""
+Here's a almost-script to do it, which worked when it did it by hand:
+get old-head (git show-ref HEAD -s)
+get curr-branch (refs/heads/master eg)
+find old-commit (look back through git log for the first commit that was not "propellor spin")
+git reset old-commit
+git commit -a # user gets to edit commit message for all the spins and any staged changes here
+git merge -S -s ours old-head
+get current-commit (result of merge)
+git update-ref curr-branch current-commit
+git checkout curr-branch
diff --git a/doc/todo/git_push_over_propellor_ssh_channel.mdwn b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
new file mode 100644
index 00000000..c6d42fcf
--- /dev/null
+++ b/doc/todo/git_push_over_propellor_ssh_channel.mdwn
@@ -0,0 +1,13 @@
+Propellor currently needs a central git server. And it has a special-cased
+protocol during bootstrap that transfers the git repo over to a new host,
+using the ssh connection that will be used to run propellor.
+This could be improved by making a git push be done whenever
+`propellor spin $host` runs. The remote propellor runs `git receive-pack`;
+the local one runs `git send-pack`.
+Then there would be no need for a central git repo. Although still very
+useful if you have multiple propellor driven hosts and you want to just git
+commit and let cron sort them out.
+> [[done]]! --[[Joey]]
diff --git a/doc/todo/port_info_for_properties_for_firewall.mdwn b/doc/todo/port_info_for_properties_for_firewall.mdwn
new file mode 100644
index 00000000..efaaba05
--- /dev/null
+++ b/doc/todo/port_info_for_properties_for_firewall.mdwn
@@ -0,0 +1,24 @@
+The firewall module could be improved if properties that set up a service
+on a port included info (see Propellor.Info and Propellor.Types.Info)
+about the port(s) used.
+While currently the ports have to be explicitly listed:
+ & Apache.installed
+ & Firewall.installed
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 80))
+ & Firewall.addRule (Rule INPUT ACCEPT (Proto TCP :- Port 443))
+Instead the ports would be derived from the installed services.
+ & Apache.installed
+ & Firewall.installed
+There could also be some combinators to adjust the exposed
+ports of a property.
+ & localOnly Apache.installed
+ & exposedPorts [443,80] (Apt.serviceInstalledRunning "apache2")
+Such port enformation is also going to be needed as a basis of
+[[type_level_port_conflict_detection]]. --[[Joey]]
diff --git a/doc/todo/type_level_port_conflict_detection.mdwn b/doc/todo/type_level_port_conflict_detection.mdwn
new file mode 100644
index 00000000..5aec5775
--- /dev/null
+++ b/doc/todo/type_level_port_conflict_detection.mdwn
@@ -0,0 +1,5 @@
+See <> --[[Joey]]
+Needs ghc newer than 7.6.3. It may be possible to port Data.Type.Equality
+and Data.Type.Bool to older versions; I got them to compile but they didn't
+work right. --[[Joey]]