From babeda7843f4b52889fd717781903661c7270924 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 30 Mar 2016 21:04:06 -0400 Subject: propellor spin --- joeyconfig.hs | 1 - src/Propellor/Property/SiteSpecific/JoeySites.hs | 76 ++++++++---------------- 2 files changed, 26 insertions(+), 51 deletions(-) diff --git a/joeyconfig.hs b/joeyconfig.hs index 3852f14b..489a0f58 100644 --- a/joeyconfig.hs +++ b/joeyconfig.hs @@ -297,7 +297,6 @@ kite = host "kite.kitenet.net" $ props & alias "mail.kitenet.net" & JoeySites.kiteMailServer - & JoeySites.kitenetHttps & JoeySites.legacyWebSites & File.ownerGroup "/srv/web" (User "joey") (Group "joey") & Apt.installed ["analog"] diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 74413a3f..a6cb3794 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -126,7 +126,7 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props , "find -type d -empty | xargs --no-run-if-empty rmdir" ] uucpcommand = "/usr/bin/uucp " ++ datadir - nntpcfg = apachecfg "nntp.olduse.net" False + nntpcfg = apachecfg "nntp.olduse.net" [ " DocumentRoot " ++ datadir ++ "/" , " " , " Options Indexes FollowSymlinks" @@ -312,41 +312,27 @@ annexWebSite origin hn uuid remotes = propertyList (hn ++" website using git-ann letos :: LetsEncrypt.AgreeTOS letos = LetsEncrypt.AgreeTOS (Just "id@joeyh.name") -apacheSite :: HostName -> Bool -> Apache.ConfigFile -> RevertableProperty DebianLike DebianLike -apacheSite hn withssl middle = Apache.siteEnabled hn $ apachecfg hn withssl middle +apacheSite :: HostName -> Apache.ConfigFile -> RevertableProperty DebianLike DebianLike +apacheSite hn middle = Apache.siteEnabled hn $ apachecfg hn middle -apachecfg :: HostName -> Bool -> Apache.ConfigFile -> Apache.ConfigFile -apachecfg hn withssl middle - | withssl = vhost False ++ vhost True - | otherwise = vhost False - where - vhost ssl = - [ "" - , " ServerAdmin grue@joeyh.name" - , " ServerName "++hn++":"++show port - ] - ++ mainhttpscert ssl - ++ middle ++ - [ "" - , " ErrorLog /var/log/apache2/error.log" - , " LogLevel warn" - , " CustomLog /var/log/apache2/access.log combined" - , " ServerSignature On" - , " " - , Apache.iconDir - , "" - ] - where - port = if ssl then 443 else 80 :: Int - -mainhttpscert :: Bool -> Apache.ConfigFile -mainhttpscert False = [] -mainhttpscert True = - [ " SSLEngine on" - , " SSLCertificateFile /etc/ssl/certs/web.pem" - , " SSLCertificateKeyFile /etc/ssl/private/web.pem" - , " SSLCertificateChainFile /etc/ssl/certs/startssl.pem" +apachecfg :: HostName -> Apache.ConfigFile -> Apache.ConfigFile +apachecfg hn middle = + [ "" + , " ServerAdmin grue@joeyh.name" + , " ServerName "++hn++":"++show port + ] + ++ middle ++ + [ "" + , " ErrorLog /var/log/apache2/error.log" + , " LogLevel warn" + , " CustomLog /var/log/apache2/access.log combined" + , " ServerSignature On" + , " " + , Apache.iconDir + , "" ] + where + port = 80 :: Int gitAnnexDistributor :: Property (HasInfo + DebianLike) gitAnnexDistributor = combineProperties "git-annex distributor, including rsync server and signer" $ props @@ -770,15 +756,6 @@ hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props & "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx & "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx -kitenetHttps :: Property (HasInfo + DebianLike) -kitenetHttps = propertyList "kitenet.net https certs" $ props - & File.hasPrivContent "/etc/ssl/certs/web.pem" ctx - & File.hasPrivContent "/etc/ssl/private/web.pem" ctx - & File.hasPrivContent "/etc/ssl/certs/startssl.pem" ctx - & Apache.modEnabled "ssl" - where - ctx = Context "kitenet.net" - -- Legacy static web sites and redirections from kitenet.net to newer -- sites. legacyWebSites :: Property (HasInfo + DebianLike) @@ -788,8 +765,7 @@ legacyWebSites = propertyList "legacy web sites" $ props & Apache.modEnabled "cgi" & Apache.modEnabled "speling" & userDirHtml - & kitenetHttps - & apacheSite "kitenet.net" True + & Apache.httpsVirtualHost' "kitenet.net" "/var/www" letos -- /var/www is empty [ "DocumentRoot /var/www" , "" @@ -877,7 +853,7 @@ legacyWebSites = propertyList "legacy web sites" $ props , "rewriterule /~kyle/family/wiki(.*) http://macleawiki.branchable.com$1 [L]" ] & alias "anna.kitenet.net" - & apacheSite "anna.kitenet.net" False + & apacheSite "anna.kitenet.net" [ "DocumentRoot /home/anna/html" , "" , " Options Indexes ExecCGI" @@ -887,7 +863,7 @@ legacyWebSites = propertyList "legacy web sites" $ props ] & alias "sows-ear.kitenet.net" & alias "www.sows-ear.kitenet.net" - & apacheSite "sows-ear.kitenet.net" False + & apacheSite "sows-ear.kitenet.net" [ "ServerAlias www.sows-ear.kitenet.net" , "DocumentRoot /srv/web/sows-ear.kitenet.net" , "" @@ -900,7 +876,7 @@ legacyWebSites = propertyList "legacy web sites" $ props ] & alias "wortroot.kitenet.net" & alias "www.wortroot.kitenet.net" - & apacheSite "wortroot.kitenet.net" False + & apacheSite "wortroot.kitenet.net" [ "ServerAlias www.wortroot.kitenet.net" , "DocumentRoot /srv/web/wortroot.kitenet.net" , "" @@ -910,7 +886,7 @@ legacyWebSites = propertyList "legacy web sites" $ props , "" ] & alias "creeksidepress.com" - & apacheSite "creeksidepress.com" False + & apacheSite "creeksidepress.com" [ "ServerAlias www.creeksidepress.com" , "DocumentRoot /srv/web/www.creeksidepress.com" , "" @@ -920,7 +896,7 @@ legacyWebSites = propertyList "legacy web sites" $ props , "" ] & alias "joey.kitenet.net" - & apacheSite "joey.kitenet.net" False + & apacheSite "joey.kitenet.net" [ "DocumentRoot /var/www" , "" , " Options Indexes ExecCGI" -- cgit v1.2.3