summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Property/Restic.hs14
-rw-r--r--src/Propellor/Property/User.hs25
2 files changed, 25 insertions, 14 deletions
diff --git a/src/Propellor/Property/Restic.hs b/src/Propellor/Property/Restic.hs
index 64cd4091..d9d4d4be 100644
--- a/src/Propellor/Property/Restic.hs
+++ b/src/Propellor/Property/Restic.hs
@@ -9,6 +9,7 @@ module Propellor.Property.Restic
, init
, restored
, backup
+ , backup'
, KeepPolicy (..)
) where
@@ -138,17 +139,17 @@ restored dir repo = go
-- backup job will be run at a time. Other jobs will wait their turns to
-- run.
backup :: FilePath -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike)
-backup dir repo crontimes extraargs kp = backup' dir repo crontimes extraargs kp
+backup dir repo crontimes extraargs kp = backup' [dir] repo crontimes extraargs kp
`requires` restored dir repo
-- | Does a backup, but does not automatically restore.
-backup' :: FilePath -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike)
-backup' dir repo crontimes extraargs kp = cronjob
+backup' :: [FilePath] -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike)
+backup' dirs repo crontimes extraargs kp = cronjob
`describe` desc
`requires` init repo
where
desc = val repo ++ " restic backup"
- cronjob = Cron.niceJob ("restic_backup" ++ dir) crontimes (User "root") "/" $
+ cronjob = Cron.niceJob ("restic_backup" ++ intercalate "_" dirs) crontimes (User "root") "/" $
"flock " ++ shellEscape lockfile ++ " sh -c " ++ shellEscape backupcmd
lockfile = "/var/lock/propellor-restic.lock"
backupcmd = intercalate " && " $
@@ -162,9 +163,8 @@ backup' dir repo crontimes extraargs kp = cronjob
, shellEscape (getPasswordFile repo)
]
++ map shellEscape extraargs ++
- [ "backup"
- , shellEscape dir
- ]
+ [ "backup" ]
+ ++ map shellEscape dirs
pruneCommand = unwords $
[ "restic"
, "-r"
diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs
index ce2611bc..0b5bdddc 100644
--- a/src/Propellor/Property/User.hs
+++ b/src/Propellor/Property/User.hs
@@ -22,17 +22,18 @@ systemAccountFor :: User -> Property DebianLike
systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u))
systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property DebianLike
-systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
+systemAccountFor' (User u) mhome mgroup = case mgroup of
+ Nothing -> prop
+ Just g -> prop
+ `requires` systemGroup g
`describe` ("system account for " ++ u)
where
+ prop = tightenTargets $ check nouser go
nouser = isNothing <$> catchMaybeIO (getUserEntryForName u)
go = cmdProperty "adduser" $
- [ "--system" ]
+ [ "--system", "--home" ]
++
- "--home" : maybe
- ["/nonexistent", "--no-create-home"]
- ( \h -> [ h ] )
- mhome
+ maybe ["/nonexistent", "--no-create-home"] ( \h -> [h] ) mhome
++
maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup
++
@@ -42,6 +43,16 @@ systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go
, u
]
+systemGroup :: Group -> Property UnixLike
+systemGroup (Group g) = check nogroup go
+ `describe` ("system account for " ++ g)
+ where
+ nogroup = isNothing <$> catchMaybeIO (getGroupEntryForName g)
+ go = cmdProperty "addgroup"
+ [ "--system"
+ , g
+ ]
+
-- | Removes user home directory!! Use with caution.
nuked :: User -> Eep -> Property Linux
nuked user@(User u) _ = tightenTargets $ check hashomedir go
@@ -111,7 +122,7 @@ chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuc
hClose h
lockedPassword :: User -> Property DebianLike
-lockedPassword user@(User u) = tightenTargets $
+lockedPassword user@(User u) = tightenTargets $
check (not <$> isLockedPassword user) go
`describe` ("locked " ++ u ++ " password")
where