From d08c98d8b33cab9c7008ee36ff88950c96af2e38 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 10 Feb 2015 20:29:04 -0400 Subject: propellor spin --- config-joey.hs | 7 +------ src/Propellor/Property/SiteSpecific/JoeySites.hs | 15 +++++++++++++-- src/Propellor/Property/Ssh.hs | 18 ++++++++++++++---- 3 files changed, 28 insertions(+), 12 deletions(-) diff --git a/config-joey.hs b/config-joey.hs index 37dea8d7..7fb31f6d 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -236,12 +236,7 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64" & alias "git.joeyh.name" & JoeySites.gitServer hosts - & JoeySites.annexWebSite "/srv/git/downloads.git" - "downloads.kitenet.net" - "840760dc-08f0-11e2-8c61-576b7e66acfd" - [("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")] - `requires` Ssh.keyImported SshRsa "joey" (Context "downloads.kitenet.net") - `requires` Ssh.knownHost hosts "eubackup.kitenet.net" "joey" + & JoeySites.downloads hosts & JoeySites.gitAnnexDistributor & JoeySites.annexWebSite "/srv/git/joey/tmp.git" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index ae71a3ca..114a30d4 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -68,9 +68,11 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props oldUseNetBackup = Obnam.backup datadir (Cron.Times "33 4 * * *") [ "--repository=sftp://2318@usw-s002.rsync.net/~/olduse.net" , "--client-name=spool" + , "--ssh-key=" ++ keyfile ] Obnam.OnlyClient - `requires` Ssh.keyImported SshRsa "root" (Context "olduse.net") + `requires` Ssh.keyImported' (Just keyfile) SshRsa "root" (Context "olduse.net") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" + keyfile = "/root/.ssh/olduse.net.key" oldUseNetShellBox :: Property HasInfo oldUseNetShellBox = propertyList "olduse.net shellbox" $ props @@ -140,9 +142,10 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props & Obnam.latestVersion & Obnam.backupEncrypted "/srv/git" (Cron.Times "33 3 * * *") [ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net" + , "--ssh-key=" ++ sshkey , "--client-name=wren" -- historical ] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1") - `requires` Ssh.keyImported SshRsa "root" (Context "git.kitenet.net") + `requires` Ssh.keyImported' (Just sshkey) SshRsa "root" (Context "git.kitenet.net") `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.authorizedKeys "family" (Context "git.kitenet.net") `requires` User.accountFor "family" @@ -166,6 +169,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props & website "git.joeyh.name" & Apache.modEnabled "cgi" where + sshkey = "/root/.ssh/git.kitenet.net.key" website hn = apacheSite hn True [ " DocumentRoot /srv/web/git.kitenet.net/" , " " @@ -266,6 +270,13 @@ mainhttpscert True = , " SSLCertificateKeyFile /etc/ssl/private/web.pem" , " SSLCertificateChainFile /etc/ssl/certs/startssl.pem" ] + +downloads :: [Host] -> Property HasInfo +downloads hosts = annexWebSite "/srv/git/downloads.git" + "downloads.kitenet.net" + "840760dc-08f0-11e2-8c61-576b7e66acfd" + [("eubackup", "ssh://eubackup.kitenet.net/~/lib/downloads/")] + `requires` Ssh.knownHost hosts "eubackup.kitenet.net" "joey" gitAnnexDistributor :: Property HasInfo gitAnnexDistributor = combineProperties "git-annex distributor, including rsync server and signer" $ props diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 6bbf2b15..d9cf9a48 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -12,6 +12,7 @@ module Propellor.Property.Ssh ( pubKey, getPubKey, keyImported, + keyImported', knownHost, authorizedKeys, listenPort @@ -147,8 +148,15 @@ getPubKey = asks (_sshPubKey . hostInfo) -- | Sets up a user with a ssh private key and public key pair from the -- PrivData. +-- +-- If the user already has a private/public key, it is left unchanged. keyImported :: IsContext c => SshKeyType -> UserName -> c -> Property HasInfo -keyImported keytype user context = combineProperties desc +keyImported = keyImported' Nothing + +-- | A file can be speficied to write the key to somewhere other than +-- usual. Allows a user to have multiple keys for different roles. +keyImported' :: IsContext c => Maybe FilePath -> SshKeyType -> UserName -> c -> Property HasInfo +keyImported' dest keytype user context = combineProperties desc [ installkey (SshPubKey keytype user) (install writeFile ".pub") , installkey (SshPrivKey keytype user) (install writeFileProtected "") ] @@ -168,9 +176,11 @@ keyImported keytype user context = combineProperties desc , File.ownerGroup (takeDirectory f) user user ] ) - keyfile ext = do - home <- homeDirectory <$> getUserEntryForName user - return $ home ".ssh" "id_" ++ fromKeyType keytype ++ ext + keyfile ext = case dest of + Nothing -> do + home <- homeDirectory <$> getUserEntryForName user + return $ home ".ssh" "id_" ++ fromKeyType keytype ++ ext + Just f -> return $ f ++ ext fromKeyType :: SshKeyType -> String fromKeyType SshRsa = "rsa" -- cgit v1.2.3