From b21feb9e8d82f17fb7445379cda2f57e2eae8213 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 8 Sep 2014 10:56:08 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 6fe10c02..f0ce106a 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -545,6 +545,8 @@ kiteMailServer = propertyList "kitenet.net mail server" [ "inbox-path={localhost/novalidate-cert}inbox" ] `describe` "pine configured to use local imap server" + + , Apt.serviceInstalledRunning "mailman" ] where ctx = Context "kitenet.net" -- cgit v1.2.3 From 0126c41a5315ad5dfa95b358ab7786638ebc1723 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 8 Sep 2014 12:46:54 -0400 Subject: propellor spin --- config-joey.hs | 8 ++++---- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/Propellor') diff --git a/config-joey.hs b/config-joey.hs index 6b99f0f5..c4c90ced 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -413,7 +413,7 @@ monsters = -- but do want to track their public keys etc. - mail - /postfix - /postgrey - - mailman + - /mailman - /spamassassin - sqwebmail (cannot use this with dovecot, alternatives?) - /imap server @@ -438,12 +438,12 @@ monsters = -- but do want to track their public keys etc. - / switch kitenet.net dns and enable pop.kitenet.net etc aliass - / point wren.kitenet.net at kite.kitenet.net temporarily - / (make old.kitenet.net alias) - - - reconfigure errol's email client to use new server + - / reconfigure errol's email client to use new server - / on darkstar: re-run offlinimap against new server - - - test mail (blocked on dns propigation) + - - test sending mail (blocked on dns propigation) - - test virus filtering - / test http://kitenet.net/~kyle/ (user home dirs) - - - test mailman + - / test mailman - / migrate user cron jobs -} , host "mouse.kitenet.net" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index f0ce106a..4eb6d477 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -482,7 +482,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "header_checks = pcre:$config_directory/obscure_client_relay.pcre" , "# Enable postgrey." - , "smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023" + , "smtpd_recipient_restrictions = permit_tls_clientcerts,permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023" , "# Enable spamass-milter and amavis-milter." , "smtpd_milters = unix:/spamass/spamass.sock unix:amavis/amavis.sock" -- cgit v1.2.3 From f2bdab547e2b49eace86ff86e9db84f8ae8b9836 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 8 Sep 2014 15:18:42 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 4eb6d477..0b3e5f8a 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -452,6 +452,8 @@ kiteMailServer = propertyList "kitenet.net mail server" ] `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" + , addDNS (MX 0 $ AbsDomain "joeyh.name") + , addDNS (MX 0 $ AbsDomain "ikiwiki.info") , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" `onChange` Postfix.reloaded -- cgit v1.2.3 From 599168ddcbffe6ab3b12b9d01e91b0c51e6c3bd5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 8 Sep 2014 15:20:53 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 0b3e5f8a..4eb6d477 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -452,8 +452,6 @@ kiteMailServer = propertyList "kitenet.net mail server" ] `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" - , addDNS (MX 0 $ AbsDomain "joeyh.name") - , addDNS (MX 0 $ AbsDomain "ikiwiki.info") , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" `onChange` Postfix.reloaded -- cgit v1.2.3 From d8367de73a6c3df75a5ccd8d783ff48adf1cf7be Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 10 Sep 2014 22:56:42 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 4eb6d477..e90265e8 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -541,8 +541,9 @@ kiteMailServer = propertyList "kitenet.net mail server" `onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes)) `describe` "pine wrapper script" - , "/etc/pine.conf" `File.containsLines` - [ "inbox-path={localhost/novalidate-cert}inbox" + , "/etc/pine.conf" `File.hasContent` + [ "# deployed with propellor" + , "inbox-path={localhost/novalidate-cert/NoRsh}inbox" ] `describe` "pine configured to use local imap server" -- cgit v1.2.3 From acd46384939d2bd8ea4a7190193306e60a471513 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 10 Sep 2014 23:01:19 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index e90265e8..0a8c01b3 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -708,8 +708,8 @@ legacyWebSites = propertyList "legacy web sites" ] , alias "joey.kitenet.net" , toProp $ Apache.siteEnabled "joey.kitenet.net" $ apachecfg "joey.kitenet.net" False - [ "DocumentRoot /home/joey/html" - , "" + [ "DocumentRoot /var/www" + , "" , " Options Indexes ExecCGI" , " AllowOverride None" , Apache.allowAll -- cgit v1.2.3 From f0409ae86904bc971d49c9c189b6b1a462dac730 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 13 Sep 2014 14:17:19 -0400 Subject: disable unattended upgrades for autobuilders that mix dpkg and cabal upgrades of dpkg haskell libs can break cabal ones --- src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 4cb26a50..e96524e6 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -139,7 +139,6 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & os (System (Debian Testing) "amd64") & Apt.stdSourcesList & Apt.installed ["systemd"] - & Apt.unattendedUpgrades -- This volume is shared with the armel builder. & Docker.volume gitbuilderdir & User.accountFor builduser @@ -157,7 +156,6 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme (dockerImage $ System (Debian Unstable) "armel") & os (System (Debian Testing) "armel") & Apt.stdSourcesList - & Apt.unattendedUpgrades & Apt.installed ["systemd"] & Apt.installed ["openssh-client"] & Docker.link "armel-git-annex-builder-companion" "companion" -- cgit v1.2.3 From fc9596814522b0ebfea6cba053311831998d6b60 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 18 Sep 2014 23:50:13 -0400 Subject: propellor spin --- config-joey.hs | 1 + src/Propellor/Property/Docker.hs | 11 +++++++++++ 2 files changed, 12 insertions(+) (limited to 'src/Propellor') diff --git a/config-joey.hs b/config-joey.hs index c363110d..c2c2c878 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -362,6 +362,7 @@ standardContainer name suite arch = Docker.container name (dockerImage system) & Apt.installed ["systemd"] & Apt.unattendedUpgrades & Apt.cacheCleaned + & Docker.tweaked where system = System (Debian suite) arch diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs index 4307b850..003b7f5b 100644 --- a/src/Propellor/Property/Docker.hs +++ b/src/Propellor/Property/Docker.hs @@ -13,6 +13,7 @@ module Propellor.Property.Docker ( docked, memoryLimited, garbageCollected, + tweaked, Image, ContainerName, -- * Container configuration @@ -176,6 +177,16 @@ garbageCollected = propertyList "docker garbage collected" gcimages = property "docker images garbage collected" $ do liftIO $ report <$> (mapM removeImage =<< listImages) +-- | Tweaks a container to work well with docker. +-- +-- Currently, this consists of making pam_loginuid lines optional in +-- the pam config, to work around https://github.com/docker/docker/issues/5663 +-- which affects docker 1.2.0. +tweaked :: Property +tweaked = trivial $ + cmdProperty "sh" ["-c", "sed -ri 's/^session\\s+required\\s+pam_loginuid.so$/session optional pam_loginuid.so/' /etc/pam.d/*"] + `describe` "tweaked for docker" + -- | Configures the kernel to respect docker memory limits. -- -- This assumes the system boots using grub 2. And that you don't need any -- cgit v1.2.3 From 28a966e4b519c105140927af0830ff303693a1fc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 18 Sep 2014 23:54:42 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index e96524e6..1d4ea4b4 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -98,6 +98,7 @@ standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.conta & tree arch & buildDepsApt & autobuilder arch (show buildminute ++ " * * * *") timeout + & Docker.tweaked androidAutoBuilderContainer :: (System -> Docker.Image) -> Cron.CronTimes -> TimeOut -> Host androidAutoBuilderContainer dockerImage crontimes timeout = @@ -118,6 +119,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe & buildDepsNoHaskellLibs & flagFile chrootsetup ("/chrootsetup") `requires` setupgitannexdir + & Docker.tweaked -- TODO: automate installing haskell libs -- (Currently have to run -- git-annex/standalone/android/install-haskell-packages @@ -150,6 +152,7 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & Docker.expose "22" & Apt.serviceInstalledRunning "ssh" & Ssh.authorizedKeys builduser (Context "armel-git-annex-builder") + & Docker.tweaked armelAutoBuilderContainer :: (System -> Docker.Image) -> Cron.CronTimes -> TimeOut -> Host armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "armel-git-annex-builder" @@ -170,6 +173,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme `requires` tree "armel" & Ssh.keyImported SshRsa builduser (Context "armel-git-annex-builder") & trivial writecompanionaddress + & Docker.tweaked where writecompanionaddress = scriptProperty [ "echo \"$COMPANION_PORT_22_TCP_ADDR\" > " ++ homedir "companion_address" -- cgit v1.2.3 From f6ac681da0abef920d745ac4729c953ff64a4bb5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 23 Sep 2014 13:19:26 -0400 Subject: use Daemon.restarted consistently, and implement using Service.restarted --- src/Propellor/Property/Apache.hs | 2 +- src/Propellor/Property/Ssh.hs | 17 +++++++++-------- src/Propellor/Property/Tor.hs | 7 ++++--- 3 files changed, 14 insertions(+), 12 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index e6930893..175e1966 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -54,7 +54,7 @@ installed :: Property installed = Apt.installed ["apache2"] restarted :: Property -restarted = cmdProperty "service" ["apache2", "restart"] +restarted = Service.restarted "apache2" reloaded :: Property reloaded = Service.reloaded "apache2" diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 41b93089..3ce67783 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -3,7 +3,7 @@ module Propellor.Property.Ssh ( permitRootLogin, passwordAuthentication, hasAuthorizedKeys, - restartSshd, + restarted, randomHostKeys, hostKeys, hostKey, @@ -15,6 +15,7 @@ module Propellor.Property.Ssh ( import Propellor import qualified Propellor.Property.File as File +import qualified Propellor.Property.Service as Service import Propellor.Property.User import Utility.SafeCommand import Utility.FileMode @@ -33,7 +34,7 @@ setSshdConfig setting allowed = combineProperties "sshd config" [ sshdConfig `File.lacksLine` (sshline $ not allowed) , sshdConfig `File.containsLine` (sshline allowed) ] - `onChange` restartSshd + `onChange` restarted `describe` unwords [ "ssh config:", setting, sshBool allowed ] where sshline v = setting ++ " " ++ sshBool v @@ -59,15 +60,15 @@ hasAuthorizedKeys = go <=< dotFile "authorized_keys" where go f = not . null <$> catchDefaultIO "" (readFile f) -restartSshd :: Property -restartSshd = cmdProperty "service" ["ssh", "restart"] +restarted :: Property +restarted = Service.restarted "ssh" -- | Blows away existing host keys and make new ones. -- Useful for systems installed from an image that might reuse host keys. -- A flag file is used to only ever do this once. randomHostKeys :: Property randomHostKeys = flagFile prop "/etc/ssh/.unique_host_keys" - `onChange` restartSshd + `onChange` restarted where prop = property "ssh random host keys" $ do void $ liftIO $ boolSystem "sh" @@ -91,7 +92,7 @@ hostKey keytype context = combineProperties desc [ installkey (SshPubKey keytype "") (install writeFile ".pub") , installkey (SshPrivKey keytype "") (install writeFileProtected "") ] - `onChange` restartSshd + `onChange` restarted where desc = "known ssh host key (" ++ fromKeyType keytype ++ ")" installkey p a = withPrivData p context $ \getkey -> @@ -176,7 +177,7 @@ listenPort port = RevertableProperty enable disable portline = "Port " ++ show port enable = sshdConfig `File.containsLine` portline `describe` ("ssh listening on " ++ portline) - `onChange` restartSshd + `onChange` restarted disable = sshdConfig `File.lacksLine` portline `describe` ("ssh not listening on " ++ portline) - `onChange` restartSshd + `onChange` restarted diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 78e35c89..409bb63e 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -3,6 +3,7 @@ module Propellor.Property.Tor where import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Service as Service isBridge :: Property isBridge = setup `requires` Apt.installed ["tor"] @@ -13,7 +14,7 @@ isBridge = setup `requires` Apt.installed ["tor"] , "ORPort 443" , "BridgeRelay 1" , "Exitpolicy reject *:*" - ] `onChange` restartTor + ] `onChange` restarted -restartTor :: Property -restartTor = cmdProperty "service" ["tor", "restart"] +restarted :: Property +restarted = Service.restarted "tor" -- cgit v1.2.3 From ffe36b68b4699ebde5f8fc3badcc2ace90255f32 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 11:18:12 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 0a8c01b3..caf839dd 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -452,8 +452,16 @@ kiteMailServer = propertyList "kitenet.net mail server" ] `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" - , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` - "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" + , "/etc/postfix/obscure_client_relay.pcre" `File.containsLines` + -- Remove received lines for mails relayed from trusted + -- clients. These can be a privacy vilation, or trigger + -- spam filters. + [ "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" + -- Remove local Received line for postfix running on a + -- trusted client that relays through. These can trigger + -- spam filters. + , "/^Received: by ([^.]+)\\.kitenet\\.net.*from userid.*/ IGNORE" + ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" , Postfix.mappedFile "/etc/postfix/virtual" -- cgit v1.2.3 From 3fe6e0f8bdc1915bbe9322ffa07f9349c8333d70 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 11:21:12 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index caf839dd..863a86cf 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -460,7 +460,7 @@ kiteMailServer = propertyList "kitenet.net mail server" -- Remove local Received line for postfix running on a -- trusted client that relays through. These can trigger -- spam filters. - , "/^Received: by ([^.]+)\\.kitenet\\.net.*from userid.*/ IGNORE" + -- , "/^Received: by ([^.]+)\\.kitenet\\.net.*from userid.*/ IGNORE" ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" -- cgit v1.2.3 From d1292a578643668973d3ba9352d24d6fb6fd38a0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 11:22:55 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 863a86cf..0b066bb4 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -452,7 +452,7 @@ kiteMailServer = propertyList "kitenet.net mail server" ] `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" - , "/etc/postfix/obscure_client_relay.pcre" `File.containsLines` + , "/etc/postfix/obscure_client_relay.pcre" `File.hasContent` -- Remove received lines for mails relayed from trusted -- clients. These can be a privacy vilation, or trigger -- spam filters. -- cgit v1.2.3 From c96ba00822af4147c5dc7c36a8f764ea17c7da1c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 11:27:45 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 0b066bb4..a8cfe52c 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -460,7 +460,7 @@ kiteMailServer = propertyList "kitenet.net mail server" -- Remove local Received line for postfix running on a -- trusted client that relays through. These can trigger -- spam filters. - -- , "/^Received: by ([^.]+)\\.kitenet\\.net.*from userid.*/ IGNORE" + , "/^Received: by ([^.]+)\\.kitenet\\.net \\(Postfix, from userid.*/ IGNORE" ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" -- cgit v1.2.3 From 960dd0d1f8dc59c6e2ca4c6bccdec4b8d3c161ef Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 11:29:08 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index a8cfe52c..24ff6f76 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -460,7 +460,7 @@ kiteMailServer = propertyList "kitenet.net mail server" -- Remove local Received line for postfix running on a -- trusted client that relays through. These can trigger -- spam filters. - , "/^Received: by ([^.]+)\\.kitenet\\.net \\(Postfix, from userid.*/ IGNORE" + -- , "/^Received: by ([^.]+)\\.kitenet\\.net \\(Postfix, from userid.*/ IGNORE" ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" -- cgit v1.2.3 From e5dd1f64142188b062a42f49fce0f9955daad18b Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 24 Sep 2014 14:03:23 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 24ff6f76..15dbd5e6 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -457,10 +457,10 @@ kiteMailServer = propertyList "kitenet.net mail server" -- clients. These can be a privacy vilation, or trigger -- spam filters. [ "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" - -- Remove local Received line for postfix running on a + -- Munge local Received line for postfix running on a -- trusted client that relays through. These can trigger -- spam filters. - -- , "/^Received: by ([^.]+)\\.kitenet\\.net \\(Postfix, from userid.*/ IGNORE" + , "/^Received: by ([^.]+)\\.kitenet\\.net.*/ REPLACE Received: by kitenet.net" ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" -- cgit v1.2.3 From 7fcf4edeba6727f81e9c6845cfb3272c8af05ba3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 25 Sep 2014 15:11:19 -0400 Subject: comment --- src/Propellor/CmdLine.hs | 1 + 1 file changed, 1 insertion(+) (limited to 'src/Propellor') diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index 7b39cd24..e1684c38 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -237,6 +237,7 @@ spin hn hst = do sendMarked toh marker s return True +-- Initial git clone, used for bootstrapping. sendGitClone :: HostName -> String -> IO () sendGitClone hn url = void $ actionMessage ("Pushing git repository to " ++ hn) $ do branch <- getCurrentBranch -- cgit v1.2.3 From 21117d5e2108fac5bca31e40049eee9368faee63 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Mon, 6 Oct 2014 19:44:19 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 15dbd5e6..fe961ac5 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -70,7 +70,10 @@ oldUseNetServer hosts = propertyList ("olduse.net server") datadir = "/var/spool/oldusenet" oldUseNetShellBox :: Property -oldUseNetShellBox = oldUseNetInstalled "oldusenet" +oldUseNetShellBox = propertyList "olduse.net shellbox" + [ oldUseNetInstalled "oldusenet" + , Service.running "oldusenet" + ] oldUseNetInstalled :: Apt.Package -> Property oldUseNetInstalled pkg = check (not <$> Apt.isInstalled pkg) $ -- cgit v1.2.3 From 6a674c79d7d9f58c683695114bca2bdffe671bf7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 8 Oct 2014 13:14:21 -0400 Subject: fix some accidental uses of spaces, rather than tabs, for indentation --- src/Propellor/CmdLine.hs | 8 ++++---- src/Propellor/PrivData.hs | 2 +- src/Propellor/Property.hs | 2 +- src/Propellor/Property/Cmd.hs | 2 +- src/Propellor/Property/Dns.hs | 4 ++-- src/Propellor/Property/Docker.hs | 4 ++-- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- src/Propellor/Property/Ssh.hs | 2 +- src/Propellor/Property/Sudo.hs | 2 +- src/Propellor/Types.hs | 2 +- 10 files changed, 15 insertions(+), 15 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/CmdLine.hs b/src/Propellor/CmdLine.hs index e1684c38..415b8576 100644 --- a/src/Propellor/CmdLine.hs +++ b/src/Propellor/CmdLine.hs @@ -37,9 +37,9 @@ usage = do processCmdLine :: IO CmdLine processCmdLine = go =<< getArgs where - go ("--help":_) = usage - go ("--spin":h:[]) = return $ Spin h - go ("--boot":h:[]) = return $ Boot h + go ("--help":_) = usage + go ("--spin":h:[]) = return $ Spin h + go ("--boot":h:[]) = return $ Boot h go ("--add-key":k:[]) = return $ AddKey k go ("--set":f:c:[]) = withprivfield f c Set go ("--dump":f:c:[]) = withprivfield f c Dump @@ -48,7 +48,7 @@ processCmdLine = go =<< getArgs go ("--continue":s:[]) = case readish s of Just cmdline -> return $ Continue cmdline Nothing -> errorMessage "--continue serialization failure" - go ("--chain":h:[]) = return $ Chain h + go ("--chain":h:[]) = return $ Chain h go ("--docker":h:[]) = return $ Docker h go (h:[]) | "--" `isPrefixOf` h = usage diff --git a/src/Propellor/PrivData.hs b/src/Propellor/PrivData.hs index f85ded15..f55ab74c 100644 --- a/src/Propellor/PrivData.hs +++ b/src/Propellor/PrivData.hs @@ -114,7 +114,7 @@ listPrivDataFields hosts = do showtable "Data that would be used if set:" $ map mkrow (M.keys $ M.difference wantedmap m) where - header = ["Field", "Context", "Used by"] + header = ["Field", "Context", "Used by"] mkrow k@(field, (Context context)) = [ shellEscape $ show field , shellEscape context diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs index 68b6f6a9..ce825192 100644 --- a/src/Propellor/Property.hs +++ b/src/Propellor/Property.hs @@ -31,7 +31,7 @@ propertyList desc ps = Property desc (ensureProperties ps) (combineInfos ps) combineProperties :: Desc -> [Property] -> Property combineProperties desc ps = Property desc (go ps NoChange) (combineInfos ps) where - go [] rs = return rs + go [] rs = return rs go (l:ls) rs = do r <- ensureProperty l case r of diff --git a/src/Propellor/Property/Cmd.hs b/src/Propellor/Property/Cmd.hs index bcd08246..725f5757 100644 --- a/src/Propellor/Property/Cmd.hs +++ b/src/Propellor/Property/Cmd.hs @@ -33,7 +33,7 @@ cmdProperty' cmd params env = property desc $ liftIO $ do , return FailedChange ) where - desc = unwords $ cmd : params + desc = unwords $ cmd : params -- | A property that can be satisfied by running a series of shell commands. scriptProperty :: [String] -> Property diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index ddfcf8e6..fb6d8b56 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -117,7 +117,7 @@ secondaryFor masters hosts domain = RevertableProperty setup cleanup `requires` servingZones cleanup = namedConfWritten - desc = "dns secondary for " ++ domain + desc = "dns secondary for " ++ domain conf = NamedConf { confDomain = domain , confDnsServerType = Secondary @@ -420,7 +420,7 @@ domainHost base (AbsDomain d) addNamedConf :: NamedConf -> Info addNamedConf conf = mempty { _namedconf = NamedConfMap (M.singleton domain conf) } where - domain = confDomain conf + domain = confDomain conf getNamedConf :: Propellor (M.Map Domain NamedConf) getNamedConf = asks $ fromNamedConfMap . _namedconf . hostInfo diff --git a/src/Propellor/Property/Docker.hs b/src/Propellor/Property/Docker.hs index 003b7f5b..f441197e 100644 --- a/src/Propellor/Property/Docker.hs +++ b/src/Propellor/Property/Docker.hs @@ -103,7 +103,7 @@ docked hosts cn = RevertableProperty where go desc a = property (desc ++ " " ++ cn) $ do hn <- asks hostName - let cid = ContainerId hn cn + let cid = ContainerId hn cn ensureProperties [findContainer mhost cid cn $ a cid] mhost = findHost hosts (cn2hn cn) @@ -153,7 +153,7 @@ mkContainer cid@(ContainerId hn _cn) h = Container <*> pure (map (\a -> a hn) (_dockerRunParams info)) where info = _dockerinfo $ hostInfo h' - h' = h + h' = h -- expose propellor directory inside the container & volume (localdir++":"++localdir) -- name the container in a predictable way so we diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index fe961ac5..77af65fa 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -379,7 +379,7 @@ obnamRepos :: [String] -> Property obnamRepos rs = propertyList ("obnam repos for " ++ unwords rs) (mkbase : map mkrepo rs) where - mkbase = mkdir "/home/joey/lib/backup" + mkbase = mkdir "/home/joey/lib/backup" `requires` mkdir "/home/joey/lib" mkrepo r = mkdir ("/home/joey/lib/backup/" ++ r ++ ".obnam") mkdir d = File.dirExists d diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 3ce67783..4ecdf23e 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -94,7 +94,7 @@ hostKey keytype context = combineProperties desc ] `onChange` restarted where - desc = "known ssh host key (" ++ fromKeyType keytype ++ ")" + desc = "known ssh host key (" ++ fromKeyType keytype ++ ")" installkey p a = withPrivData p context $ \getkey -> property desc $ getkey a install writer ext key = do diff --git a/src/Propellor/Property/Sudo.hs b/src/Propellor/Property/Sudo.hs index 68b56608..3651891d 100644 --- a/src/Propellor/Property/Sudo.hs +++ b/src/Propellor/Property/Sudo.hs @@ -27,6 +27,6 @@ enabledFor user = property desc go `requires` Apt.installed ["sudo"] | not (sudobaseline `isPrefixOf` l) = True | "NOPASSWD" `isInfixOf` l = locked | otherwise = True - modify locked ls + modify locked ls | sudoline locked `elem` ls = ls | otherwise = ls ++ [sudoline locked] diff --git a/src/Propellor/Types.hs b/src/Propellor/Types.hs index 037cd962..0cb02793 100644 --- a/src/Propellor/Types.hs +++ b/src/Propellor/Types.hs @@ -146,4 +146,4 @@ data CmdLine | Continue CmdLine | Chain HostName | Docker HostName - deriving (Read, Show, Eq) + deriving (Read, Show, Eq) -- cgit v1.2.3 From 1e22e178b4080e70efc262e42943e615abfdb3b9 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 8 Oct 2014 13:17:11 -0400 Subject: a few other whitespace fixups --- config-joey.hs | 8 ++++---- src/Propellor/Property/Dns.hs | 2 +- src/Propellor/SimpleSh.hs | 4 ++-- src/Propellor/Types.hs | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) (limited to 'src/Propellor') diff --git a/config-joey.hs b/config-joey.hs index f5010f37..ff09c2b5 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -102,7 +102,7 @@ kite :: Host kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64" [ "Welcome to the new kitenet.net server!" ] - & ipv4 "66.228.36.95" + & ipv4 "66.228.36.95" & ipv6 "2600:3c03::f03c:91ff:fe73:b0d2" & alias "kitenet.net" & alias "wren.kitenet.net" -- temporary @@ -221,7 +221,7 @@ diatom = standardSystem "diatom.kitenet.net" Stable "amd64" elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" - [ "Storage, big data, and backups, omnomnom!" + [ "Storage, big data, and backups, omnomnom!" , "(Encrypt all data stored here.)" ] & ipv4 "193.234.225.114" @@ -255,7 +255,7 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" & Docker.configured & Docker.docked hosts "oldusenet-shellbox" & Docker.docked hosts "openid-provider" - `requires` Apt.serviceInstalledRunning "ntp" + `requires` Apt.serviceInstalledRunning "ntp" & Docker.docked hosts "ancient-kitenet" & Docker.garbageCollected `period` (Weekly (Just 1)) @@ -410,7 +410,7 @@ myDnsPrimary domain extras = Dns.primary hosts domain monsters :: [Host] -- Systems I don't manage with propellor, -monsters = -- but do want to track their public keys etc. +monsters = -- but do want to track their public keys etc. [ host "usw-s002.rsync.net" & sshPubKey "ssh-dss AAAAB3NzaC1kc3MAAAEBAI6ZsoW8a+Zl6NqUf9a4xXSMcV1akJHDEKKBzlI2YZo9gb9YoCf5p9oby8THUSgfh4kse7LJeY7Nb64NR6Y/X7I2/QzbE1HGGl5mMwB6LeUcJ74T3TQAlNEZkGt/MOIVLolJHk049hC09zLpkUDtX8K0t1yaCirC9SxDGLTCLEhvU9+vVdVrdQlKZ9wpLUNbdAzvbra+O/IVvExxDZ9WCHrnfNA8ddVZIGEWMqsoNgiuCxiXpi8qL+noghsSQNFTXwo7W2Vp9zj1JkCt3GtSz5IzEpARQaXEAWNEM0n1nJ686YUOhou64iRM8bPC1lp3QXvvZNgj3m+QHhIempx+de8AAAAVAKB5vUDaZOg14gRn7Bp81ja/ik+RAAABACPH/bPbW912x1NxNiikzGR6clLh+bLpIp8Qie3J7DwOr8oC1QOKjNDK+UgQ7mDQEgr4nGjNKSvpDi4c1QCw4sbLqQgx1y2VhT0SmUPHf5NQFldRQyR/jcevSSwOBxszz3aq9AwHiv9OWaO3XY18suXPouiuPTpIcZwc2BLDNHFnDURQeGEtmgqj6gZLIkTY0iw7q9Tj5FOyl4AkvEJC5B4CSzaWgey93Wqn1Imt7KI8+H9lApMKziVL1q+K7xAuNkGmx5YOSNlE6rKAPtsIPHZGxR7dch0GURv2jhh0NQYvBRn3ukCjuIO5gx56HLgilq59/o50zZ4NcT7iASF76TcAAAEAC6YxX7rrs8pp13W4YGiJHwFvIO1yXLGOdqu66JM0plO4J1ItV1AQcazOXLiliny3p2/W+wXZZKd5HIRt52YafCA8YNyMk/sF7JcTR4d4z9CfKaAxh0UpzKiAk+0j/Wu3iPoTOsyt7N0j1+dIyrFodY2sKKuBMT4TQ0yqQpbC+IDQv2i1IlZAPneYGfd5MIGygs2QMfaMQ1jWAKJvEO0vstZ7GB6nDAcg4in3ZiBHtomx3PL5w+zg48S4Ed69BiFXLZ1f6MnjpUOP75pD4MP6toS0rgK9b93xCrEQLgm4oD/7TCHHBo2xR7wwcsN2OddtwWsEM2QgOkt/jdCAoVCqwQ==" , host "github.com" diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index fb6d8b56..135c765d 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -380,7 +380,7 @@ genZone hosts zdomain soa = [] -> [ret (CNAME c)] l -> map (ret . Address) l where - ret record = Right (c, record) + ret record = Right (c, record) -- Adds any other DNS records for a host located in the zdomain. hostrecords :: Host -> [Either WarningMessage (BindDomain, Record)] diff --git a/src/Propellor/SimpleSh.hs b/src/Propellor/SimpleSh.hs index 7ba30b0e..cc5c62cd 100644 --- a/src/Propellor/SimpleSh.hs +++ b/src/Propellor/SimpleSh.hs @@ -48,8 +48,8 @@ simpleSh namedpipe = do flip catchIO (\_e -> writeChan chan Done) $ do let p = (proc cmd params) - { std_in = Inherit - , std_out = CreatePipe + { std_in = Inherit + , std_out = CreatePipe , std_err = CreatePipe } (Nothing, Just outh, Just errh, pid) <- createProcess p diff --git a/src/Propellor/Types.hs b/src/Propellor/Types.hs index 0cb02793..b606cef2 100644 --- a/src/Propellor/Types.hs +++ b/src/Propellor/Types.hs @@ -89,7 +89,7 @@ instance IsProp Property where getInfo = propertyInfo x `requires` y = Property (propertyDesc x) satisfy info where - info = getInfo y <> getInfo x + info = getInfo y <> getInfo x satisfy = do r <- propertySatisfy y case r of -- cgit v1.2.3 From 79ee61d958cdea43aec9ce7e63cbe88254641472 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 10 Oct 2014 11:27:54 -0400 Subject: stable suite changes * Avoid encoding the current stable suite in propellor's code, since that poses a difficult transition around the release, and can easily be wrong if an older version of propellor is used. Instead, the os property for a stable system includes the suite name to use, eg Stable "wheezy". * stdSourcesList uses the stable suite name, to avoid unwanted immediate upgrades to the next stable release. --- config-joey.hs | 15 ++++++---- debian/changelog | 12 ++++++++ src/Propellor/Property/Apt.hs | 32 +++++++++++++--------- src/Propellor/Property/Obnam.hs | 6 ++-- .../Property/SiteSpecific/GitAnnexBuilder.hs | 5 ++-- src/Propellor/Types/OS.hs | 11 ++++---- 6 files changed, 51 insertions(+), 30 deletions(-) (limited to 'src/Propellor') diff --git a/config-joey.hs b/config-joey.hs index ff09c2b5..2e0a757e 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -162,7 +162,7 @@ kite = standardSystemUnhardened "kite.kitenet.net" Unstable "amd64" ] diatom :: Host -diatom = standardSystem "diatom.kitenet.net" Stable "amd64" +diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64" [ "Important stuff that needs not too much memory or CPU." ] & ipv4 "107.170.31.195" @@ -282,28 +282,28 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" containers :: [Host] containers = -- Simple web server, publishing the outside host's /var/www - [ standardContainer "webserver" Stable "amd64" + [ standardStableContainer "webserver" & Docker.publish "80:80" & Docker.volume "/var/www:/var/www" & Apt.serviceInstalledRunning "apache2" -- My own openid provider. Uses php, so containerized for security -- and administrative sanity. - , standardContainer "openid-provider" Stable "amd64" + , standardStableContainer "openid-provider" & alias "openid.kitenet.net" & Docker.publish "8081:80" & OpenId.providerFor ["joey", "liw"] "openid.kitenet.net:8081" -- Exhibit: kite's 90's website. - , standardContainer "ancient-kitenet" Stable "amd64" + , standardStableContainer "ancient-kitenet" & alias "ancient.kitenet.net" & Docker.publish "1994:80" & Apt.serviceInstalledRunning "apache2" & Git.cloned "root" "git://kitenet-net.branchable.com/" "/var/www" (Just "remotes/origin/old-kitenet.net") - , standardContainer "oldusenet-shellbox" Stable "amd64" + , standardStableContainer "oldusenet-shellbox" & alias "shell.olduse.net" & Docker.publish "4200:4200" & JoeySites.oldUseNetShellBox @@ -354,6 +354,9 @@ standardSystemUnhardened hn suite arch motd = host hn & Apt.removed ["exim4", "exim4-daemon-light", "exim4-config", "exim4-base"] `onChange` Apt.autoRemove +standardStableContainer :: Docker.ContainerName -> Host +standardStableContainer name = standardContainer name (Stable "wheezy") "amd64" + -- This is my standard container setup, featuring automatic upgrades. standardContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Host standardContainer name suite arch = Docker.container name (dockerImage system) @@ -370,7 +373,7 @@ standardContainer name suite arch = Docker.container name (dockerImage system) dockerImage :: System -> Docker.Image dockerImage (System (Debian Unstable) arch) = "joeyh/debian-unstable-" ++ arch dockerImage (System (Debian Testing) arch) = "joeyh/debian-unstable-" ++ arch -dockerImage (System (Debian Stable) arch) = "joeyh/debian-stable-" ++ arch +dockerImage (System (Debian (Stable _)) arch) = "joeyh/debian-stable-" ++ arch dockerImage _ = "debian-stable-official" -- does not currently exist! myDnsSecondary :: Property diff --git a/debian/changelog b/debian/changelog index cb83b125..1ce54407 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +propellor (0.9.0) UNRELEASED; urgency=medium + + * Avoid encoding the current stable suite in propellor's code, + since that poses a difficult transition around the release, + and can easily be wrong if an older version of propellor is used. + Instead, the os property for a stable system includes the suite name + to use, eg Stable "wheezy". + * stdSourcesList uses the stable suite name, to avoid unwanted + immediate upgrades to the next stable release. + + -- Joey Hess Fri, 10 Oct 2014 11:08:55 -0400 + propellor (0.8.3) unstable; urgency=medium * The Debian package now includes a single-revision git repository in diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs index 7e02a335..d82eaed3 100644 --- a/src/Propellor/Property/Apt.hs +++ b/src/Propellor/Property/Apt.hs @@ -20,14 +20,14 @@ type Section = String type SourcesGenerator = DebianSuite -> [Line] showSuite :: DebianSuite -> String -showSuite Stable = "stable" +showSuite (Stable s) = s showSuite Testing = "testing" showSuite Unstable = "unstable" showSuite Experimental = "experimental" -showSuite (DebianRelease r) = r -backportSuite :: String -backportSuite = showSuite stableRelease ++ "-backports" +backportSuite :: DebianSuite -> Maybe String +backportSuite (Stable s) = Just (s ++ "-backports") +backportSuite _ = Nothing debLine :: String -> Url -> [Section] -> Line debLine suite mirror sections = unwords $ @@ -42,12 +42,17 @@ stdSections :: [Section] stdSections = ["main", "contrib", "non-free"] binandsrc :: String -> SourcesGenerator -binandsrc url suite - | isStable suite = [l, srcLine l, bl, srcLine bl] - | otherwise = [l, srcLine l] +binandsrc url suite = catMaybes + [ Just l + , Just $ srcLine l + , bl + , srcLine <$> bl + ] where l = debLine (showSuite suite) url stdSections - bl = debLine backportSuite url stdSections + bl = do + bs <- backportSuite suite + return $ debLine bs url stdSections debCdn :: SourcesGenerator debCdn = binandsrc "http://cdn.debian.net/debian" @@ -128,13 +133,14 @@ installed' params ps = robustly $ check (isInstallable ps) go installedBackport :: [Package] -> Property installedBackport ps = trivial $ withOS desc $ \o -> case o of Nothing -> error "cannot install backports; os not declared" - (Just (System (Debian suite) _)) - | isStable suite -> - ensureProperty $ runApt $ - ["install", "-t", backportSuite, "-y"] ++ ps - _ -> error $ "backports not supported on " ++ show o + (Just (System (Debian suite) _)) -> case backportSuite suite of + Nothing -> notsupported o + Just bs -> ensureProperty $ runApt $ + ["install", "-t", bs, "-y"] ++ ps + _ -> notsupported o where desc = (unwords $ "apt installed backport":ps) + notsupported o = error $ "backports not supported on " ++ show o -- | Minimal install of package, without recommends. installedMin :: [Package] -> Property diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs index b5c6d776..1e7c2c25 100644 --- a/src/Propellor/Property/Obnam.hs +++ b/src/Propellor/Property/Obnam.hs @@ -105,12 +105,12 @@ installed = Apt.installed ["obnam"] latestVersion :: Property latestVersion = withOS "obnam latest version" $ \o -> case o of (Just (System (Debian suite) _)) | isStable suite -> ensureProperty $ - Apt.setSourcesListD stablesources "obnam" + Apt.setSourcesListD (stablesources suite) "obnam" `requires` toProp (Apt.trustsKey key) _ -> noChange where - stablesources = - [ "deb http://code.liw.fi/debian " ++ Apt.showSuite stableRelease ++ " main" + stablesources suite = + [ "deb http://code.liw.fi/debian " ++ Apt.showSuite suite ++ " main" ] -- gpg key used by the code.liw.fi repository. key = Apt.AptKey "obnam" $ unlines diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 1d4ea4b4..056578a1 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -109,8 +109,8 @@ androidAutoBuilderContainer dockerImage crontimes timeout = -- Android is cross-built in a Debian i386 container, using the Android NDK. androidContainer :: (System -> Docker.Image) -> Docker.ContainerName -> Property -> FilePath -> Host androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name - (dockerImage $ System (Debian Stable) "i386") - & os (System (Debian Stable) "i386") + (dockerImage osver) + & os osver & Apt.stdSourcesList & Apt.installed ["systemd"] & User.accountFor builduser @@ -131,6 +131,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe chrootsetup = scriptProperty [ "cd " ++ gitannexdir ++ " && ./standalone/android/buildchroot-inchroot" ] + osver = System (Debian (Stable "wheezy")) "i386" -- armel builder has a companion container using amd64 that -- runs the build first to get TH splices. They need diff --git a/src/Propellor/Types/OS.hs b/src/Propellor/Types/OS.hs index 23cc8a29..2529e7d8 100644 --- a/src/Propellor/Types/OS.hs +++ b/src/Propellor/Types/OS.hs @@ -13,15 +13,14 @@ data Distribution | Ubuntu Release deriving (Show, Eq) -data DebianSuite = Experimental | Unstable | Testing | Stable | DebianRelease Release +-- | Debian has several rolling suites, and a number of stable releases, +-- such as Stable "wheezy". +data DebianSuite = Experimental | Unstable | Testing | Stable Release deriving (Show, Eq) --- | The release that currently corresponds to stable. -stableRelease :: DebianSuite -stableRelease = DebianRelease "wheezy" - isStable :: DebianSuite -> Bool -isStable s = s == Stable || s == stableRelease +isStable (Stable _) = True +isStable _ = False type Release = String type Architecture = String -- cgit v1.2.3