summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Borg.hs4
-rw-r--r--src/Propellor/Property/SiteSpecific/Branchable.hs41
-rw-r--r--src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs29
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs103
4 files changed, 87 insertions, 90 deletions
diff --git a/src/Propellor/Property/Borg.hs b/src/Propellor/Property/Borg.hs
index dab07985..9d49fdf4 100644
--- a/src/Propellor/Property/Borg.hs
+++ b/src/Propellor/Property/Borg.hs
@@ -36,6 +36,9 @@ data BorgRepoOpt
-- | Use to specify a ssh private key to use when accessing a
-- BorgRepo.
= UseSshKey FilePath
+ -- | Use to specify an environment variable to set when running
+ -- borg on a BorgRepo.
+ | UsesEnvVar (String, String)
repoLoc :: BorgRepo -> String
repoLoc (BorgRepo s) = s
@@ -53,6 +56,7 @@ runBorgEnv (BorgRepo _) = []
runBorgEnv (BorgRepoUsing os _) = map go os
where
go (UseSshKey k) = ("BORG_RSH", "ssh -i " ++ k)
+ go (UsesEnvVar (k, v)) = (k, v)
installed :: Property DebianLike
installed = withOS desc $ \w o -> case o of
diff --git a/src/Propellor/Property/SiteSpecific/Branchable.hs b/src/Propellor/Property/SiteSpecific/Branchable.hs
index 3d23f7d9..3c4d44a1 100644
--- a/src/Propellor/Property/SiteSpecific/Branchable.hs
+++ b/src/Propellor/Property/SiteSpecific/Branchable.hs
@@ -6,10 +6,10 @@ import qualified Propellor.Property.File as File
import qualified Propellor.Property.User as User
import qualified Propellor.Property.Ssh as Ssh
import qualified Propellor.Property.Postfix as Postfix
-import qualified Propellor.Property.Gpg as Gpg
import qualified Propellor.Property.Sudo as Sudo
import qualified Propellor.Property.Borg as Borg
import qualified Propellor.Property.Cron as Cron
+import Propellor.Property.SiteSpecific.JoeySites (rsyncNetBorgRepo)
server :: [Host] -> Property (HasInfo + DebianLike)
server hosts = propertyList "branchable server" $ props
@@ -39,35 +39,34 @@ server hosts = propertyList "branchable server" $ props
& Postfix.installed
& Postfix.mainCf ("mailbox_command", "procmail -a \"$EXTENSION\"")
- & Borg.backup "/" (Borg.BorgRepo "joey@eubackup.kitenet.net:/home/joey/lib/backup/branchable/pell.borg") Cron.Daily
+ -- backup everything except the contents of sites, which are
+ -- backed up by ikiwiki-hosting.
+ & Borg.backup "/" (rsyncNetBorgRepo "pell.borg" []) Cron.Daily
[ "--exclude=/proc/*"
- , "--exclude=/sys/*"
- , "--exclude=/run/*"
- , "--exclude=/tmp/*"
- , "--exclude=/var/tmp/*"
- , "--exclude=/var/backups/ikiwiki-hosting-web/*"
- , "--exclude=/var/cache/*"
- , "--exclude=/home/*/source/*"
- , "--exclude=/home/*/public_html/*"
- , "--exclude=/home/*/.git/*"
- ]
- [ Borg.KeepDays 7
- , Borg.KeepWeeks 5
- , Borg.KeepMonths 12
- , Borg.KeepYears 1
- ]
- -- gpg key that can be used to decrypt the borg backup key
- & Gpg.keyImported (Gpg.GpgKeyId obnamkey) (User "root")
+ , "--exclude=/sys/*"
+ , "--exclude=/run/*"
+ , "--exclude=/tmp/*"
+ , "--exclude=/var/tmp/*"
+ , "--exclude=/var/backups/ikiwiki-hosting-web/*"
+ , "--exclude=/var/cache/*"
+ , "--exclude=/home/*/source/*"
+ , "--exclude=/home/*/source.git/*"
+ , "--exclude=/home/*/public_html/*"
+ , "--exclude=/home/*/.git/*"
+ ]
+ [ Borg.KeepDays 7
+ , Borg.KeepWeeks 5
+ , Borg.KeepMonths 12
+ , Borg.KeepYears 1
+ ]
& Ssh.userKeys (User "root") (Context "branchable.com")
[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2PqTSupwncqeffNwZQXacdEWp7L+TxllIxH7WjfRMb3U74mQxWI0lwqLVW6Fox430DvhSqF1y5rJBvTHh4i49Tc9lZ7mwAxA6jNOP6bmdfteaKKYmUw5qwtJW0vISBFu28qBO11Nq3uJ1D3Oj6N+b3mM/0D3Y3NoGgF8+2dLdi81u9+l6AQ5Jsnozi2Ni/Osx2oVGZa+IQDO6gX8VEP4OrcJFNJe8qdnvItcGwoivhjbIfzaqNNvswKgGzhYLOAS5KT8HsjvIpYHWkyQ5QUX7W/lqGSbjP+6B8C3tkvm8VLXbmaD+aSkyCaYbuoXC2BoJdS7Jh8phKMwPJmdYVepn")
]
- & Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
& Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& adminuser "joey"
& adminuser "liw"
where
- obnamkey = "41E1A9B9"
adminuser u = propertyList ("admin user " ++ u) $ props
& User.accountFor (User u)
& User.hasSomePassword (User u)
diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
index e3d21ac1..7984a2aa 100644
--- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
+++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
@@ -151,7 +151,7 @@ stackInstalled = withOS "stack installed" $ \w o ->
manualinstall :: Architecture -> Property Linux
manualinstall arch = tightenTargets $ check (not <$> doesFileExist binstack) $
propertyList "stack installed from upstream tarball" $ props
- & cmdProperty "wget" ["https://www.stackage.org/stack/linux-" ++ archname, "-O", tmptar]
+ & cmdProperty "wget" [url, "-O", tmptar]
`assume` MadeChange
& File.dirExists tmpdir
& cmdProperty "tar" ["xf", tmptar, "-C", tmpdir, "--strip-components=1"]
@@ -160,27 +160,30 @@ stackInstalled = withOS "stack installed" $ \w o ->
`assume` MadeChange
& cmdProperty "rm" ["-rf", tmpdir, tmptar]
`assume` MadeChange
+ & case arch of
+ ARMEL -> setupRevertableProperty $
+ "/lib/ld-linux-armhf.so.3"
+ `File.isSymlinkedTo`
+ File.LinkTarget "/lib/ld-linux.so.3"
+ _ -> doNothing
where
- -- See https://www.stackage.org/stack/ for the list of
- -- binaries.
- archname = case arch of
- X86_32 -> "i386"
- X86_64 -> "x86_64"
- ARMHF -> "arm"
+ url = case arch of
+ X86_32 -> "https://www.stackage.org/stack/linux-i386"
+ X86_64 -> "https://www.stackage.org/stack/linux-x86_64"
+ ARMEL -> "https://github.com/commercialhaskell/stack/releases/download/v1.7.1/stack-1.7.1-linux-arm.tar.gz"
-- Probably not available.
- a -> architectureToDebianArchString a
+ a -> "https://www.stackage.org/stack/linux-" ++ architectureToDebianArchString a
binstack = "/usr/bin/stack"
tmptar = "/root/stack.tar.gz"
tmpdir = "/root/stack"
-armAutoBuilder :: DebianSuite -> Architecture -> Flavor -> Property (HasInfo + Debian)
-armAutoBuilder suite arch flavor =
+armAutoBuilder :: (DebianSuite -> Architecture -> Flavor -> Property (HasInfo + Debian)) -> DebianSuite -> Architecture -> Flavor -> Property (HasInfo + Debian)
+armAutoBuilder baseautobuilder suite arch flavor =
propertyList "arm git-annex autobuilder" $ props
- & standardAutoBuilder suite arch flavor
- & buildDepsApt
+ & baseautobuilder suite arch flavor
-- Works around ghc crash with parallel builds on arm.
& (homedir </> ".cabal" </> "config")
- `File.lacksLine` "jobs: $ncpus"
+ `File.containsLine` "jobs: 1"
-- Work around https://github.com/systemd/systemd/issues/7135
& Systemd.containerCfg "--system-call-filter=set_tls"
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 5e14d50f..e7d27de5 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -152,9 +152,8 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
(User "root")
(Context "olduse.net")
(SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0F6L76SChMCIGmeyGhlFMUTgZ3BoTbATiOSs0A7KXQoI1LTE5ZtDzzUkrQRJVpJ640pfMR7cQZyBm8tv+kYIPp0238GrX43c1vgm0L78agDnBU7r2iNMyWIwhssK8O3ZAhp8Q4KCz1r8hP2nIiD0y1D1VWW8h4KWOS7I1XCEAjOTvFvEjTh6a9MyHrcIkv7teUUzTBRjNrsyijCFRk1+pEET54RueoOmEjQcWd/sK1tYRiMZjegRLBOus2wUWsUOvznJ2iniLONUTGAWRnEV+O7hLN6CD44osJ+wkZk8bPAumTS0zcSLckX1jpdHJicmAyeniWSd4FCqm1YE6/xDD")
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
- borgrepo = Borg.BorgRepoUsing [Borg.UseSshKey keyfile]
- "joey@eubackup.kitenet.net:/home/joey/lib/backup/olduse.net/olduse.net.borg"
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+ borgrepo = rsyncNetBorgRepo "olduse.net.borg" [Borg.UseSshKey keyfile]
keyfile = "/root/.ssh/olduse.net.key"
oldUseNetShellBox :: Property DebianLike
@@ -179,22 +178,16 @@ oldUseNetInstalled pkg = check (not <$> Apt.isInstalled pkg) $
`assume` MadeChange
`describe` "olduse.net built"
-kgbServer :: Property (HasInfo + Debian)
+kgbServer :: Property (HasInfo + DebianLike)
kgbServer = propertyList desc $ props
- & installed
+ & Apt.serviceInstalledRunning "kgb-bot"
+ & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
+ `describe` "kgb bot enabled"
+ `onChange` Service.running "kgb-bot"
& File.hasPrivContent "/etc/kgb-bot/kgb.conf" anyContext
`onChange` Service.restarted "kgb-bot"
where
desc = "kgb.kitenet.net setup"
- installed :: Property Debian
- installed = withOS desc $ \w o -> case o of
- (Just (System (Debian _ Unstable) _)) ->
- ensureProperty w $ propertyList desc $ props
- & Apt.serviceInstalledRunning "kgb-bot"
- & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1"
- `describe` "kgb bot enabled"
- `onChange` Service.running "kgb-bot"
- _ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)"
-- git.kitenet.net and git.joeyh.name
gitServer :: [Host] -> Property (HasInfo + DebianLike)
@@ -207,7 +200,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
(User "root")
(Context "git.kitenet.net")
(SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLwUUkpkI9c2Wcnv/E4v9bJ7WcpiNkToltXfzRDd1F31AYrucfSMgzu3rtDpEL+wSnQLua/taJkWUWT/pyXOAh+90K6O/YeBZmY5CK01rYDz3kSTAtwHkMqednsRjdQS6NNJsuWc1reO8a4pKtsToJ3G9VAKufCkt2b8Nhqz0yLvLYwwU/mdI8DmfX6IgXhdy9njVEG/jsQnLFXY6QEfwKbIPs9O6qo4iFJg3defXX+zVMLsh3NE1P2i2VxMjxJEQdPdy9Z1sVpkiQM+mgJuylQQ5flPK8sxhO9r4uoK/JROkjPJNYoJMlsN+QlK04ABb7JV2JwhAL/Y8ypjQ13JdT")
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+ `requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
& Ssh.authorizedKeys (User "family") (Context "git.kitenet.net")
& User.accountFor (User "family")
& Apt.installed ["git", "rsync", "cgit"]
@@ -238,8 +231,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
& Apache.modEnabled "cgi"
where
sshkey = "/root/.ssh/git.kitenet.net.key"
- borgrepo = Borg.BorgRepoUsing [Borg.UseSshKey sshkey]
- "joey@eubackup.kitenet.net:/home/joey/lib/backup/git.kitenet.net/git.kitenet.net.borg"
+ borgrepo = rsyncNetBorgRepo "git.kitenet.net.borg" [Borg.UseSshKey sshkey]
website hn = Apache.httpsVirtualHost' hn "/srv/web/git.kitenet.net/" letos
[ Apache.iconDir
, " <Directory /srv/web/git.kitenet.net/>"
@@ -341,12 +333,11 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync
& File.dirExists d
& File.ownerGroup d (User "joey") (Group "joey")
-downloads :: [Host] -> Property (HasInfo + DebianLike)
-downloads hosts = annexWebSite "/srv/git/downloads.git"
+downloads :: Property (HasInfo + DebianLike)
+downloads = annexWebSite "/srv/git/downloads.git"
"downloads.kitenet.net"
"840760dc-08f0-11e2-8c61-576b7e66acfd"
- [("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")]
- `requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "joey")
+ []
tmp :: Property (HasInfo + DebianLike)
tmp = propertyList "tmp.joeyh.name" $ props
@@ -377,18 +368,6 @@ ircBouncer = propertyList "IRC bouncer" $ props
where
conf = "/home/znc/.znc/configs/znc.conf"
-kiteShellBox :: Property DebianLike
-kiteShellBox = propertyList "kitenet.net shellinabox" $ props
- & Apt.installed ["openssl", "shellinabox", "openssh-client"]
- & File.hasContent "/etc/default/shellinabox"
- [ "# Deployed by propellor"
- , "SHELLINABOX_DAEMON_START=1"
- , "SHELLINABOX_PORT=443"
- , "SHELLINABOX_ARGS=\"--no-beep --service=/:SSH:kitenet.net\""
- ]
- `onChange` Service.restarted "shellinabox"
- & Service.running "shellinabox"
-
githubBackup :: Property (HasInfo + DebianLike)
githubBackup = propertyList "github-backup box" $ props
& Apt.installed ["github-backup", "moreutils"]
@@ -415,14 +394,6 @@ rsyncNetBackup hosts = Cron.niceJob "rsync.net copied in daily" (Cron.Times "30
(User "joey") "/home/joey/lib/backup" "mkdir -p rsync.net && rsync --delete -az 2318@usw-s002.rsync.net: rsync.net"
`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "joey")
-backupsBackedupFrom :: [Host] -> HostName -> FilePath -> Property DebianLike
-backupsBackedupFrom hosts srchost destdir = Cron.niceJob desc
- (Cron.Times "@reboot") (User "joey") "/" cmd
- `requires` Ssh.knownHost hosts srchost (User "joey")
- where
- desc = "backups copied from " ++ srchost ++ " on boot"
- cmd = "sleep 30m && rsync -az --bwlimit=300K --partial --delete " ++ srchost ++ ":lib/backup/ " ++ destdir </> srchost
-
podcatcher :: Property DebianLike
podcatcher = Cron.niceJob "podcatcher run hourly" (Cron.Times "55 * * * *")
(User "joey") "/home/joey/lib/sound/podcasts"
@@ -951,6 +922,7 @@ homePower user hosts ctx sshkey = propertyList "home power" $ props
user (userGroup user)
`requires` File.dirExists (takeDirectory sshkeyfile)
`requires` Ssh.knownHost hosts "kitenet.net" user
+ & File.hasPrivContentExposed "/etc/darksky-forecast-url" anyContext
where
d = "/var/www/html/homepower"
sshkeyfile = d </> ".ssh/key"
@@ -1044,15 +1016,18 @@ homePower user hosts ctx sshkey = propertyList "home power" $ props
-- rsync server command to be updated too.
rsynccommand = "rsync -e 'ssh -i" ++ sshkeyfile ++ "' -avz rrds/ joey@kitenet.net:/srv/web/homepower.joeyh.name/rrds/"
--- My home router, running hostapd and dnsmasq for wlan0,
+homerouterWifiInterface :: String
+homerouterWifiInterface = "wlan0" -- "wlx7cdd90400448" is a wifi dongle
+
+-- My home router, running hostapd and dnsmasq,
-- with eth0 connected to a satellite modem, and a fallback ppp connection.
homeRouter :: Property (HasInfo + DebianLike)
homeRouter = propertyList "home router" $ props
- & Network.static "wlan0" (IPv4 "10.1.1.1") Nothing
+ & Network.static homerouterWifiInterface (IPv4 "10.1.1.1") Nothing
`requires` Network.cleanInterfacesFile
& Apt.installed ["hostapd"]
& File.hasContent "/etc/hostapd/hostapd.conf"
- [ "interface=wlan0"
+ [ "interface=" ++ homerouterWifiInterface
, "ssid=house"
, "hw_mode=g"
, "channel=8"
@@ -1072,7 +1047,8 @@ homeRouter = propertyList "home router" $ props
& File.hasContent "/etc/dnsmasq.conf"
[ "domain-needed"
, "bogus-priv"
- , "interface=wlan0"
+ , "interface=" ++ homerouterWifiInterface
+ , "interface=eth0"
, "domain=kitenet.net"
-- lease time is short because the homepower
-- controller wants to know when clients disconnect
@@ -1080,10 +1056,13 @@ homeRouter = propertyList "home router" $ props
, "no-hosts"
, "address=/honeybee.kitenet.net/10.1.1.1"
, "address=/house.kitenet.net/10.1.1.1"
+ , "dhcp-host=0c:98:38:80:6a:f9,10.1.1.134,android-kodama"
]
`onChange` Service.restarted "dnsmasq"
- & ipmasq "wlan0"
- & Apt.serviceInstalledRunning "netplug"
+ & ipmasq homerouterWifiInterface
+ -- Used to bring down eth0 when satellite is off, which causes ppp
+ -- to start, but I am not using this currently.
+ & Apt.removed ["netplug"]
& Network.static' "eth0" (IPv4 "192.168.1.100")
(Just (Network.Gateway (IPv4 "192.168.1.1")))
-- When satellite is down, fall back to dialup
@@ -1234,8 +1213,8 @@ homeNAS = propertyList "home NAS" $ props
newtype USBHubPort = USBHubPort Int
--- Makes a USB drive with the given label automount, with a 10 minute idle
--- timeout before it unmounts.
+-- Makes a USB drive with the given label automount, and unmount after idle
+-- for a while.
--
-- The hub port is turned on and off automatically as needed, using
-- uhubctl.
@@ -1254,9 +1233,9 @@ autoMountDrive label (USBHubPort port) malias = propertyList desc $ props
, "After=" ++ hub
, "[Mount]"
-- avoid mounting whenever the block device is available,
- -- only want to automount on deman
+ -- only want to automount on demand
, "Options=noauto"
- , "What=/dev/disk/by-label/" ++ label
+ , "What=" ++ devfile
, "Where=" ++ mountpoint
, "[Install]"
, "WantedBy="
@@ -1269,11 +1248,16 @@ autoMountDrive label (USBHubPort port) malias = propertyList desc $ props
, "[Service]"
, "Type=oneshot"
, "RemainAfterExit=true"
- , "ExecStart=/usr/sbin/uhubctl -a on -p " ++ show port ++
- -- short sleep to give the drive time to wake up before
- -- it is mounted
- " ; /bin/sleep 20"
- , "ExecStop=/usr/sbin/uhubctl -a off -p " ++ show port
+ , "ExecStart=/usr/sbin/uhubctl -a on -p " ++ show port
+ , "ExecStop=/bin/sh -c 'uhubctl -a off -p " ++ show port ++
+ -- Powering off the port does not remove device
+ -- files, so ask udev to remove the devfile; it will
+ -- be added back after the drive next spins up
+ -- and so avoid mount happening before the drive is
+ -- spun up.
+ -- (This only works when the devfile is in
+ -- by-label.)
+ "; udevadm trigger --action=remove " ++ devfile ++ " || true'"
, "[Install]"
, "WantedBy="
]
@@ -1294,6 +1278,7 @@ autoMountDrive label (USBHubPort port) malias = propertyList desc $ props
[ "joey ALL= NOPASSWD: " ++ sudocommands
]
where
+ devfile = "/dev/disk/by-label/" ++ label
mountpoint = "/media/joey/" ++ label
desc = "auto mount " ++ mountpoint
hub = "startech-hub-port-" ++ show port ++ ".service"
@@ -1304,3 +1289,9 @@ autoMountDrive label (USBHubPort port) malias = propertyList desc $ props
[ "stop " ++ mountpoint
, "start " ++ mountpoint
]
+
+rsyncNetBorgRepo :: String -> [Borg.BorgRepoOpt] -> Borg.BorgRepo
+rsyncNetBorgRepo d os = Borg.BorgRepoUsing os' ("2318@usw-s002.rsync.net:" ++ d)
+ where
+ -- rsync.net has a newer borg here
+ os' = Borg.UsesEnvVar ("BORG_REMOTE_PATH", "borg1") : os