summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Propellor/Bootstrap.hs2
-rw-r--r--src/Propellor/Property/Attic.hs6
-rw-r--r--src/Propellor/Property/Locale.hs2
-rw-r--r--src/Propellor/Property/Obnam.hs5
-rw-r--r--src/Propellor/Property/SiteSpecific/JoeySites.hs78
5 files changed, 75 insertions, 18 deletions
diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs
index 21d29bcc..08af6878 100644
--- a/src/Propellor/Bootstrap.hs
+++ b/src/Propellor/Bootstrap.hs
@@ -33,7 +33,7 @@ type ShellCommand = String
-- `OSOnly` uses the OS's native packages of Cabal and all of propellor's
-- build dependencies. It may not work on all systems.
data Bootstrapper = Robustly Builder | OSOnly
- deriving (Show)
+ deriving (Show, Typeable)
data Builder = Cabal | Stack
deriving (Show, Typeable)
diff --git a/src/Propellor/Property/Attic.hs b/src/Propellor/Property/Attic.hs
index 3059a04b..9e024356 100644
--- a/src/Propellor/Property/Attic.hs
+++ b/src/Propellor/Property/Attic.hs
@@ -1,8 +1,12 @@
-- | Maintainer: FĂ©lix Sipma <felix+propellor@gueux.org>
--
-- Support for the Attic backup tool <https://attic-backup.org/>
+--
+-- This module is deprecated because Attic is not available in debian
+-- stable any longer (so the installed property no longer works), and it
+-- appears to have been mostly supersceded by Borg.
-module Propellor.Property.Attic
+module Propellor.Property.Attic {-# DEPRECATED "Use Borg instead" #-}
( installed
, repoExists
, init
diff --git a/src/Propellor/Property/Locale.hs b/src/Propellor/Property/Locale.hs
index 14c6f0b0..53091fc9 100644
--- a/src/Propellor/Property/Locale.hs
+++ b/src/Propellor/Property/Locale.hs
@@ -63,7 +63,7 @@ available locale = ensureAvailable `requires` Apt.installed ["locales"]
then ensureProperty w $
fileProperty desc (foldr uncomment []) f
`onChange` regenerate
- else return FailedChange -- locale unavailable for generation
+ else error $ "locale " ++ locale ++ " is not present in /etc/locale.gen, even in commented out form; cannot generate"
ensureUnavailable :: Property DebianLike
ensureUnavailable = tightenTargets $
fileProperty (locale ++ " locale not generated") (foldr comment []) f
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index 66d3c08d..7943b46e 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -1,6 +1,9 @@
-- | Support for the Obnam backup tool <http://obnam.org/>
+--
+-- This module is deprecated because Obnam has been retired by its
+-- author.
-module Propellor.Property.Obnam where
+module Propellor.Property.Obnam {-# DEPRECATED "Obnam has been retired; time to transition to something else" #-} where
import Propellor.Base
import qualified Propellor.Property.Apt as Apt
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index a48ebf9c..f02dc6f0 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -520,7 +520,6 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
& "/etc/aliases" `File.hasPrivContentExposed` ctx
`onChange` Postfix.newaliases
- & hasPostfixCert ctx
& "/etc/postfix/mydomain" `File.containsLines`
[ "/.*\\.kitenet\\.net/\tOK"
@@ -583,9 +582,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "milter_default_action = accept"
, "# TLS setup -- server"
- , "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
- , "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem"
- , "smtpd_tls_key_file = /etc/ssl/private/postfix.pem"
+ , "smtpd_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "smtpd_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+ , "smtpd_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
, "smtpd_tls_loglevel = 1"
, "smtpd_tls_received_header = yes"
, "smtpd_use_tls = yes"
@@ -593,9 +592,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
, "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache"
, "# TLS setup -- client"
- , "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
- , "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
- , "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
+ , "smtp_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "smtp_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+ , "smtp_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
, "smtp_tls_loglevel = 1"
, "smtp_use_tls = yes"
, "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache"
@@ -614,6 +613,12 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
"!include auth-passwdfile.conf.ext"
`onChange` Service.restarted "dovecot"
`describe` "dovecot auth.conf"
+ & "/etc/dovecot/conf.d/10-ssl.conf" `File.containsLines`
+ [ "ssl_cert = </etc/letsencrypt/live/kitenet.net/fullchain.pem"
+ , "ssl_key = </etc/letsencrypt/live/kitenet.net/privkey.pem"
+ ]
+ `onChange` Service.restarted "dovecot"
+ `describe` "dovecot letsencrypt certs"
& File.hasPrivContent dovecotusers ctx
`onChange` (dovecotusers `File.mode`
combineModes [ownerReadMode, groupReadMode])
@@ -711,16 +716,9 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut
, "smtp_sasl_tls_security_options = noanonymous"
, "relayhost = [kitenet.net]"
, "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
- , "# kite's fingerprint"
- , "smtp_tls_fingerprint_cert_match = 13:B0:0C:F3:11:83:A5:EB:A9:37:C6:C5:ED:16:60:86"
]
`onChange` Postfix.reloaded
-hasPostfixCert :: Context -> Property (HasInfo + UnixLike)
-hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props
- & "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
- & "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
-
-- Legacy static web sites and redirections from kitenet.net to newer
-- sites.
legacyWebSites :: Property (HasInfo + DebianLike)
@@ -795,6 +793,15 @@ legacyWebSites = propertyList "legacy web sites" $ props
, "# Redirect all to joeyh.name."
, "rewriterule (.*) http://joeyh.name$1 [r]"
]
+ & alias "homepower.joeyh.name"
+ & apacheSite "homepower.joeyh.name"
+ [ "DocumentRoot /srv/web/homepower.joeyh.name"
+ , "<Directory /srv/web/homepower.joeyh.name>"
+ , " Options Indexes ExecCGI"
+ , " AllowOverride None"
+ , Apache.allowAll
+ , "</Directory>"
+ ]
where
kitenetcfg =
-- /var/www is empty
@@ -931,6 +938,49 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer
& "/etc/systemd/logind.conf" `ConfFile.containsIniSetting`
("Login", "LidSwitchIgnoreInhibited", "no")
+-- My home power monitor.
+homePowerMonitor :: IsContext c => User -> c -> (SshKeyType, Ssh.PubKeyText) -> Property (HasInfo + DebianLike)
+homePowerMonitor user ctx sshkey = propertyList "home power monitor" $ props
+ & Apache.installed
+ & Apt.installed ["python2", "python-pymodbus"]
+ & File.ownerGroup "/var/www/html" user (userGroup user)
+ & Git.cloned user "git://git.kitenet.net/joey/homepower" d Nothing
+ `onChange` buildpoller
+ & Systemd.enabled servicename
+ `requires` serviceinstalled
+ `onChange` Systemd.started servicename
+ & Cron.niceJob "homepower upload"
+ (Cron.Times "1 * * * *") user d rsynccommand
+ `requires` Ssh.userKeyAt (Just sshkeyfile) user ctx sshkey
+ where
+ d = "/var/www/html/homepower"
+ sshkeyfile = d </> ".ssh/key"
+ buildpoller = userScriptProperty (User "joey")
+ [ "cd " ++ d
+ , "make"
+ ]
+ `assume` MadeChange
+ `requires` Apt.installed ["ghc", "make"]
+ servicename = "homepower"
+ servicefile = "/etc/systemd/system/" ++ servicename ++ ".service"
+ serviceinstalled = servicefile `File.hasContent`
+ [ "[Unit]"
+ , "Description=home power monitor"
+ , ""
+ , "[Service]"
+ , "ExecStart=" ++ d ++ "/poller"
+ , "WorkingDirectory=" ++ d
+ , "User=joey"
+ , "Group=joey"
+ , ""
+ , "[Install]"
+ , "WantedBy=multi-user.target"
+ ]
+ -- Only upload when eth0 is up; eg the satellite internet is up.
+ -- Any changes to the rsync command will need my .authorized_keys
+ -- rsync server command to be updated too.
+ rsynccommand = "if ip route | grep '^default' | grep -q eth0; then rsync -e 'ssh -i" ++ sshkeyfile ++ "' -avz rrds/recent/ joey@kitenet.net:/srv/web/homepower.joeyh.name/rrds/recent/; fi"
+
-- My home router, running hostapd and dnsmasq for wlan0,
-- with eth0 connected to a satellite modem, and a fallback ppp connection.
homeRouter :: Property (HasInfo + DebianLike)