From feeec9d3819d39cbb0c0ece3b5c6628881f2d5a1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 16:38:58 -0400 Subject: propellor spin --- Propellor/Property/SiteSpecific/JoeySites.hs | 94 +++++++++++++++++++++++----- config-joey.hs | 14 ++++- 2 files changed, 92 insertions(+), 16 deletions(-) diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs index 635d99ba..e1119469 100644 --- a/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/Propellor/Property/SiteSpecific/JoeySites.hs @@ -13,6 +13,7 @@ import qualified Propellor.Property.Service as Service import qualified Propellor.Property.User as User import qualified Propellor.Property.Obnam as Obnam import qualified Propellor.Property.Apache as Apache +import Utility.SafeCommand oldUseNetShellBox :: Property oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $ @@ -30,6 +31,21 @@ oldUseNetShellBox = check (not <$> Apt.isInstalled "oldusenet") $ ] `describe` "olduse.net built" ] +kgbServer :: Property +kgbServer = withOS desc $ \o -> case o of + (Just (System (Debian Unstable) _)) -> + ensureProperty $ propertyList desc + [ Apt.serviceInstalledRunning "kgb-bot" + , File.hasPrivContent "/etc/kgb-bot/kgb.conf" + `onChange` Service.restarted "kgb-bot" + , "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" + `describe` "kgb bot enabled" + `onChange` Service.running "kgb-bot" + ] + _ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)" + where + desc = "kgb.kitenet.net setup" + -- git.kitenet.net and git.joeyh.name gitServer :: [Host] -> Property gitServer hosts = propertyList "git.kitenet.net setup" @@ -63,6 +79,69 @@ gitServer hosts = propertyList "git.kitenet.net setup" where website hn = toProp $ Apache.siteEnabled hn (gitapacheconf hn) +type AnnexUUID = String + +-- | A website, with files coming from a git-annex repository. +annexWebSite :: Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git.RepoUrl)] -> Property +annexWebSite origin hn uuid remotes = Git.cloned "joey" origin dir Nothing + `onChange` setup + `onChange` toProp (Apache.siteEnabled hn $ annexwebsiteconf hn) + where + dir = "/srv/web/" ++ hn + setup = userScriptProperty "joey" $ + [ "cd " ++ shellEscape dir + , "git config annex.uuid " ++ shellEscape uuid + ] ++ map addremote remotes ++ + [ "git annex get" + ] + addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url + +annexwebsiteconf :: HostName -> Apache.ConfigFile +annexwebsiteconf hn = stanza 80 False ++ stanza 443 True + where + stanza :: Int -> Bool -> Apache.ConfigFile + stanza port withssl = catMaybes + [ Just $ "" + , Just $ " ServerAdmin joey@kitenet.net" + , Just $ "" + , Just $ " ServerName "++hn++":"++show port + , Just $ " ServerAlias www."++hn + , Just $ "" + , ssl $ " SSLEngine on" + , ssl $ " SSLCertificateFile /etc/ssl/certs/web.pem" + , ssl $ " SSLCertificateKeyFile /etc/ssl/private/web.pem" + , ssl $ " SSLCertificateChainFile /etc/ssl/certs/startssl.pem" + , Just $ "" + , Just $ " DocumentRoot /srv/web/"++hn + , Just $ " " + , Just $ " Options FollowSymLinks" + , Just $ " AllowOverride None" + , Just $ " " + , Just $ " " + , Just $ " Options Indexes FollowSymLinks ExecCGI" + , Just $ " AllowOverride None" + , Just $ " Order allow,deny" + , Just $ " allow from all" + , Just $ " " + , Just $ "" + , Just $ " ErrorLog /var/log/apache2/error.log" + , Just $ " LogLevel warn" + , Just $ " CustomLog /var/log/apache2/access.log combined" + , Just $ " ServerSignature On" + , Just $ " " + , Just $ " " + , Just $ " Options Indexes MultiViews" + , Just $ " AllowOverride None" + , Just $ " Order allow,deny" + , Just $ " Allow from all" + , Just $ " " + , Just $ "" + ] + where + ssl l + | withssl = Just l + | otherwise = Nothing + gitapacheconf :: HostName -> Apache.ConfigFile gitapacheconf hn = [ "" @@ -103,18 +182,3 @@ gitapacheconf hn = , " " , "" ] - -kgbServer :: Property -kgbServer = withOS desc $ \o -> case o of - (Just (System (Debian Unstable) _)) -> - ensureProperty $ propertyList desc - [ Apt.serviceInstalledRunning "kgb-bot" - , File.hasPrivContent "/etc/kgb-bot/kgb.conf" - `onChange` Service.restarted "kgb-bot" - , "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" - `describe` "kgb bot enabled" - `onChange` Service.running "kgb-bot" - ] - _ -> error "kgb server needs Debian unstable (for kgb-bot 1.31+)" - where - desc = "kgb.kitenet.net setup" diff --git a/config-joey.hs b/config-joey.hs index ed214e82..f1484031 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -74,14 +74,26 @@ hosts = & Apt.serviceInstalledRunning "ntp" & Dns.zones myDnsSecondary & Apt.serviceInstalledRunning "apache2" + & File.ownerGroup "/srv" "joey" "joey" & cname "git.kitenet.net" & cname "git.joeyh.name" & JoeySites.gitServer hosts & cname "downloads.kitenet.net" + & JoeySites.annexWebSite "/srv/git/download.git" + "downloads.kitenet.net" + "840760dc-08f0-11e2-8c61-576b7e66acfd" + [("turtle", "ssh://turtle.kitenet.net/~/lib/downloads/")] & Apt.buildDep ["git-annex"] `period` Daily - -- downloads.kitenet.net setup (including ssh key to turtle) + + & cname "tmp.kitenet.net" + & JoeySites.annexWebSite "/srv/git/joey/tmp.git" + "tmp.kitenet.net" + "274ce1ca-1226-11e2-bcbd-eb57078e31b1" + [] + + & Apt.installed ["ntop"] -- I don't run this system, so only relevant property is its -- public key. -- cgit v1.2.3