From 97fdc43f8a49c87c730471442cf2117bf0a75d64 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 7 Feb 2016 22:01:17 -0400 Subject: property is revertable --- config-joey.hs | 2 -- src/Propellor/Property/Apache.hs | 17 +++++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index fc7bd681..5c3d376b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -337,8 +337,6 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" & Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html" (LetsEncrypt.AgreeTOS (Just "id@joeyh.name")) & alias "letsencrypt.joeyh.name" - -- to revert above, partially: - -- ! Apache.virtualHost "letsencrypt.joeyh.name" (Port 443) "/var/www/html" elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index d0bcadfa..dee7a5fc 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -156,16 +156,21 @@ virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $ -- -- > httpsVirtualHost "example.com" "/var/www" -- > (LetsEncrypt.AgreeTOS (Just "me@my.domain")) -httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo +-- +-- Note that reverting this property does not remove the certificate from +-- letsencrypt's cert store. +httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> RevertableProperty NoInfo httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [] -- | Like `httpsVirtualHost` but with additional config lines added. -httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo -httpsVirtualHost' domain docroot letos addedcfg = setuphttp - `requires` modEnabled "rewrite" - `requires` modEnabled "ssl" - `before` setuphttps +httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> RevertableProperty NoInfo +httpsVirtualHost' domain docroot letos addedcfg = setup teardown where + setup = setuphttp + `requires` modEnabled "rewrite" + `requires` modEnabled "ssl" + `before` setuphttps + teardown = siteDisabled domain setuphttp = siteEnabled' domain $ -- The sslconffile is only created after letsencrypt gets -- the cert. The "*" is needed to make apache not error -- cgit v1.2.3