summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/DotDir.hs5
-rw-r--r--src/Propellor/Property/LetsEncrypt.hs4
-rw-r--r--src/Propellor/Property/Sbuild.hs18
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs2
4 files changed, 24 insertions, 5 deletions
diff --git a/src/Propellor/DotDir.hs b/src/Propellor/DotDir.hs
index f32b52a4..79b0b43f 100644
--- a/src/Propellor/DotDir.hs
+++ b/src/Propellor/DotDir.hs
@@ -308,13 +308,16 @@ minimalConfig = do
stackcontent =
-- This should be the same resolver version in propellor's
-- own stack.yaml
- [ "resolver: lts-5.10"
+ [ "resolver: " ++ stackResolver
, "packages:"
, "- '.'"
, "extra-deps:"
, "- propellor-" ++ showVersion Package.version
]
+stackResolver :: String
+stackResolver = "lts-5.10"
+
fullClone :: IO Result
fullClone = do
d <- dotPropellor
diff --git a/src/Propellor/Property/LetsEncrypt.hs b/src/Propellor/Property/LetsEncrypt.hs
index 592a1e1d..9e4898dd 100644
--- a/src/Propellor/Property/LetsEncrypt.hs
+++ b/src/Propellor/Property/LetsEncrypt.hs
@@ -8,10 +8,8 @@ import qualified Propellor.Property.Apt as Apt
import System.Posix.Files
--- Not using the certbot name yet, until it reaches jessie-backports and
--- testing.
installed :: Property DebianLike
-installed = Apt.installed ["letsencrypt"]
+installed = Apt.installed ["certbot"]
-- | Tell the letsencrypt client that you agree with the Let's Encrypt
-- Subscriber Agreement. Providing an email address is recommended,
diff --git a/src/Propellor/Property/Sbuild.hs b/src/Propellor/Property/Sbuild.hs
index 2647e69e..bfa264a8 100644
--- a/src/Propellor/Property/Sbuild.hs
+++ b/src/Propellor/Property/Sbuild.hs
@@ -66,6 +66,7 @@ module Propellor.Property.Sbuild (
-- blockNetwork,
installed,
keypairGenerated,
+ keypairInsecurelyGenerated,
shareAptCache,
usableBy,
) where
@@ -320,7 +321,22 @@ keypairGenerated = check (not <$> doesFileExist secKeyFile) $ go
go = tightenTargets $
cmdProperty "sbuild-update" ["--keygen"]
`assume` MadeChange
- secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+secKeyFile :: FilePath
+secKeyFile = "/var/lib/sbuild/apt-keys/sbuild-key.sec"
+
+-- | Generate the apt keys needed by sbuild using a low-quality source of
+-- randomness
+--
+-- Useful on throwaway build VMs.
+keypairInsecurelyGenerated :: Property DebianLike
+keypairInsecurelyGenerated = check (not <$> doesFileExist secKeyFile) go
+ where
+ go :: Property DebianLike
+ go = combineProperties "sbuild keyring insecurely generated" $ props
+ & Apt.installed ["rng-tools"]
+ & cmdProperty "rngd" ["-r", "/dev/urandom"] `assume` MadeChange
+ & keypairGenerated
-- another script from wiki.d.o/sbuild
ccachePrepared :: Property DebianLike
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index a6cb3794..e3bef900 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -683,6 +683,8 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
& Apt.serviceInstalledRunning "mailman"
& Postfix.service ssmtp
+
+ & Apt.installed ["fetchmail"]
where
ctx = Context "kitenet.net"
pinescript = "/usr/local/bin/pine"