From 4b148a2c29a78cc07930d665283e5691a5d2156d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 26 Jul 2017 13:13:32 -0400 Subject: propellor spin --- joeyconfig.hs | 38 +++++++++++------------- src/Propellor/Property/SiteSpecific/JoeySites.hs | 19 ++++++++++++ 2 files changed, 37 insertions(+), 20 deletions(-) diff --git a/joeyconfig.hs b/joeyconfig.hs index 35b5363c..be7b9ef0 100644 --- a/joeyconfig.hs +++ b/joeyconfig.hs @@ -182,42 +182,40 @@ orca = host "orca.kitenet.net" $ props honeybee :: Host honeybee = host "honeybee.kitenet.net" $ props - & standardSystem Testing ARMHF [ "Arm git-annex build box." ] + & standardSystem Testing ARMHF [ "Home router and arm git-annex build box." ] - -- I have to travel to get console access, so no automatic - -- upgrades, and try to be robust. + -- Hard to get console access, so no automatic upgrades, + -- and try to be robust. & "/etc/default/rcS" `File.containsLine` "FSCKFIX=yes" & Apt.installed ["flash-kernel"] & "/etc/flash-kernel/machine" `File.hasContent` ["Cubietech Cubietruck"] & Apt.installed ["linux-image-armmp"] - & Network.dhcp "eth0" `requires` Network.cleanInterfacesFile & Postfix.satellite - -- ipv6 used for remote access thru firewalls - & Apt.serviceInstalledRunning "aiccu" - & ipv6 "2001:4830:1600:187::2" - -- restart to deal with failure to connect, tunnel issues, etc - & Cron.job "aiccu restart daily" Cron.Daily (User "root") "/" - "service aiccu stop; service aiccu start" - - -- In case compiler needs more than available ram - & Apt.serviceInstalledRunning "swapspace" - -- No hardware clock. & Apt.serviceInstalledRunning "ntp" - -- Runs only on weekdays. + -- Home router + & Network.dhcp "eth0" `requires` Network.cleanInterfacesFile + -- todo configure wlan0 on ip 10.1.1.1 + & Apt.serviceInstalledRunning "hostapd" -- todo write hostapd.conf 1st + & Apt.serviceInstalledRunning "dnsmasq" -- todo write dnsmasq.conf file + & JoeySites.ipmasq "eth0" "wlan0" + + -- Autobuild runs only on weekdays. & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer GitAnnexBuilder.armAutoBuilder - Unstable ARMEL Nothing weekends "23h") - -- Runs only on weekends. + Unstable ARMEL Nothing weekends "10h") + -- Autobuild runs only on weekends. & Systemd.nspawned (GitAnnexBuilder.autoBuilderContainer GitAnnexBuilder.stackAutoBuilder - (Stable "jessie") ARMEL (Just "ancient") weekdays "23h") + (Stable "jessie") ARMEL (Just "ancient") weekdays "10h") + -- In case compiler needs more than available ram + & Apt.serviceInstalledRunning "swapspace" where - weekdays = Cron.Times "15 6 * * 2-5" - weekends = Cron.Times "15 6 * * 6-7" + weekdays = Cron.Times "15 10 * * 2-5" + weekends = Cron.Times "15 10 * * 6-7" -- This is not a complete description of kite, since it's a -- multiuser system with eg, user passwords that are not deployed diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 6e0d6c4e..499409e0 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -929,3 +929,22 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer & Systemd.started "goodmorning.timer" & "/etc/systemd/logind.conf" `ConfFile.containsIniSetting` ("Login", "LidSwitchIgnoreInhibited", "no") + +-- | Enable IP masqerading, from the intif to the extif. +ipmasq :: String -> String -> Property DebianLike +ipmasq extif intif = script `File.hasContent` + [ "#!/bin/sh" + , "EXTIF=" ++ extif + , "INTIF=" ++ intif + , "if [ \"$IFACE\" != $EXTIF; then" + , "exit 0" + , "fi" + , "iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT" + , "iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT" + , "iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE" + , "echo 1 > /proc/sys/net/ipv4/ip_forward" + ] + `requires` Apt.installed ["iptables"] + `before` (script `File.mode` combineModes (readModes ++ executeModes)) + where + script = "/etc/network/if-up.d/ipmasq" -- cgit v1.2.3