summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/SiteSpecific/JoeySites.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/SiteSpecific/JoeySites.hs')
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs78
1 files changed, 64 insertions, 14 deletions
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index a48ebf9c..f02dc6f0 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -520,7 +520,6 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
& "/etc/aliases" `File.hasPrivContentExposed` ctx
`onChange` Postfix.newaliases
- & hasPostfixCert ctx
& "/etc/postfix/mydomain" `File.containsLines`
[ "/.*\\.kitenet\\.net/\tOK"
@@ -583,9 +582,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "milter_default_action = accept"
, "# TLS setup -- server"
- , "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
- , "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem"
- , "smtpd_tls_key_file = /etc/ssl/private/postfix.pem"
+ , "smtpd_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "smtpd_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+ , "smtpd_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
, "smtpd_tls_loglevel = 1"
, "smtpd_tls_received_header = yes"
, "smtpd_use_tls = yes"
@@ -593,9 +592,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache"
, "# TLS setup -- client"
- , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
- , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
- , "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
+ , "smtp_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "smtp_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+ , "smtp_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
, "smtp_tls_loglevel = 1"
, "smtp_use_tls = yes"
, "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache"
@@ -614,6 +613,12 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
"!include auth-passwdfile.conf.ext"
`onChange` Service.restarted "dovecot"
`describe` "dovecot auth.conf"
+ & "/etc/dovecot/conf.d/10-ssl.conf" `File.containsLines`
+ [ "ssl_cert = </etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "ssl_key = </etc/letsencrypt/live/kitenet.net/privkey.pem"
+ ]
+ `onChange` Service.restarted "dovecot"
+ `describe` "dovecot letsencrypt certs"
& File.hasPrivContent dovecotusers ctx
`onChange` (dovecotusers `File.mode`
combineModes [ownerReadMode, groupReadMode])
@@ -711,16 +716,9 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut
, "smtp_sasl_tls_security_options = noanonymous"
, "relayhost = [kitenet.net]"
, "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
- , "# kite's fingerprint"
- , "smtp_tls_fingerprint_cert_match = 13:B0:0C:F3:11:83:A5:EB:A9:37:C6:C5:ED:16:60:86"
]
`onChange` Postfix.reloaded
-hasPostfixCert :: Context -> Property (HasInfo + UnixLike)
-hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props
- & "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
- & "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
-
-- Legacy static web sites and redirections from kitenet.net to newer
-- sites.
legacyWebSites :: Property (HasInfo + DebianLike)
@@ -795,6 +793,15 @@ legacyWebSites = propertyList "legacy web sites" $ props
, "# Redirect all to joeyh.name."
, "rewriterule (.*) http://joeyh.name$1 [r]"
]
+ & alias "homepower.joeyh.name"
+ & apacheSite "homepower.joeyh.name"
+ [ "DocumentRoot /srv/web/homepower.joeyh.name"
+ , "<Directory /srv/web/homepower.joeyh.name>"
+ , " Options Indexes ExecCGI"
+ , " AllowOverride None"
+ , Apache.allowAll
+ , "</Directory>"
+ ]
where
kitenetcfg =
-- /var/www is empty
@@ -931,6 +938,49 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer
& "/etc/systemd/logind.conf" `ConfFile.containsIniSetting`
("Login", "LidSwitchIgnoreInhibited", "no")
+-- My home power monitor.
+homePowerMonitor :: IsContext c => User -> c -> (SshKeyType, Ssh.PubKeyText) -> Property (HasInfo + DebianLike)
+homePowerMonitor user ctx sshkey = propertyList "home power monitor" $ props
+ & Apache.installed
+ & Apt.installed ["python2", "python-pymodbus"]
+ & File.ownerGroup "/var/www/html" user (userGroup user)
+ & Git.cloned user "git://git.kitenet.net/joey/homepower" d Nothing
+ `onChange` buildpoller
+ & Systemd.enabled servicename
+ `requires` serviceinstalled
+ `onChange` Systemd.started servicename
+ & Cron.niceJob "homepower upload"
+ (Cron.Times "1 * * * *") user d rsynccommand
+ `requires` Ssh.userKeyAt (Just sshkeyfile) user ctx sshkey
+ where
+ d = "/var/www/html/homepower"
+ sshkeyfile = d </> ".ssh/key"
+ buildpoller = userScriptProperty (User "joey")
+ [ "cd " ++ d
+ , "make"
+ ]
+ `assume` MadeChange
+ `requires` Apt.installed ["ghc", "make"]
+ servicename = "homepower"
+ servicefile = "/etc/systemd/system/" ++ servicename ++ ".service"
+ serviceinstalled = servicefile `File.hasContent`
+ [ "[Unit]"
+ , "Description=home power monitor"
+ , ""
+ , "[Service]"
+ , "ExecStart=" ++ d ++ "/poller"
+ , "WorkingDirectory=" ++ d
+ , "User=joey"
+ , "Group=joey"
+ , ""
+ , "[Install]"
+ , "WantedBy=multi-user.target"
+ ]
+ -- Only upload when eth0 is up; eg the satellite internet is up.
+ -- Any changes to the rsync command will need my .authorized_keys
+ -- rsync server command to be updated too.
+ rsynccommand = "if ip route | grep '^default' | grep -q eth0; then rsync -e 'ssh -i" ++ sshkeyfile ++ "' -avz rrds/recent/ joey@kitenet.net:/srv/web/homepower.joeyh.name/rrds/recent/; fi"
+
-- My home router, running hostapd and dnsmasq for wlan0,
-- with eth0 connected to a satellite modem, and a fallback ppp connection.
homeRouter :: Property (HasInfo + DebianLike)