From 1b2a63f7fda4411adc71da3f43b173ffe7e7eb10 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 10 Oct 2015 13:46:00 -0400 Subject: propellor spin --- src/Propellor/Property/Apache.hs | 30 ++++++++++++++++++++---------- src/Propellor/Property/OpenId.hs | 33 +++++++++++++++++++++++++-------- 2 files changed, 45 insertions(+), 18 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index 49e3d525..b4bbdc32 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -5,7 +5,14 @@ import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service -type ConfigFile = [String] +installed :: Property NoInfo +installed = Apt.installed ["apache2"] + +restarted :: Property NoInfo +restarted = Service.restarted "apache2" + +reloaded :: Property NoInfo +reloaded = Service.reloaded "apache2" -- | A basic virtual host, publishing a directory, and logging to -- the combined apache log file. @@ -21,6 +28,8 @@ virtualHost hn (Port p) docroot = siteEnabled hn , "" ] +type ConfigFile = [String] + siteEnabled :: HostName -> ConfigFile -> RevertableProperty siteEnabled hn cf = enable disable where @@ -65,6 +74,16 @@ modEnabled modname = enable disable `onChange` reloaded isenabled = boolSystem "a2query" [Param "-q", Param "-m", Param modname] +-- | Make apache listen on the specified ports. +-- +-- Note that ports are also specified inside a site's config file, +-- so that also needs to be changed. +listenPorts :: [Port] -> Property NoInfo +listenPorts ps = "/etc/apache2/ports.conf" `File.hasContent` map portline ps + `onChange` restarted + where + portline (Port n) = "Listen " ++ show n + -- This is a list of config files because different versions of apache -- use different filenames. Propellor simply writes them all. siteCfg :: HostName -> [FilePath] @@ -75,15 +94,6 @@ siteCfg hn = , "/etc/apache2/sites-available/" ++ hn ++ ".conf" ] -installed :: Property NoInfo -installed = Apt.installed ["apache2"] - -restarted :: Property NoInfo -restarted = Service.restarted "apache2" - -reloaded :: Property NoInfo -reloaded = Service.reloaded "apache2" - -- | Configure apache to use SNI to differentiate between -- https hosts. -- diff --git a/src/Propellor/Property/OpenId.hs b/src/Propellor/Property/OpenId.hs index 1f6f2559..6becee62 100644 --- a/src/Propellor/Property/OpenId.hs +++ b/src/Propellor/Property/OpenId.hs @@ -3,19 +3,29 @@ module Propellor.Property.OpenId where import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt -import qualified Propellor.Property.Service as Service +import qualified Propellor.Property.Apache as Apache import Data.List -providerFor :: [User] -> String -> Property HasInfo -providerFor users baseurl = propertyList desc $ map toProp - [ Apt.serviceInstalledRunning "apache2" - , Apt.installed ["simpleid"] - `onChange` Service.restarted "apache2" - , File.fileProperty (desc ++ " configured") +-- | Openid provider, using the simpleid PHP CGI, with apache. +-- +-- Runs on usual port by defualt. When a nonstandard port is specified, +-- apache is limited to listening only on that port. Warning: Specifying +-- a port won't compose well with other apache properties on the same +-- host. +providerFor :: [User] -> HostName -> Maybe Port -> Property HasInfo +providerFor users hn mp = propertyList desc $ props + & Apt.serviceInstalledRunning "apache2" + & apacheconfigured + & Apt.installed ["simpleid"] + `onChange` Apache.restarted + & File.fileProperty (desc ++ " configured") (map setbaseurl) "/etc/simpleid/config.inc" - ] ++ map identfile users + & propertyList desc (map identfile users) where + baseurl = hn ++ case mp of + Nothing -> "" + Just (Port p) -> show p url = "http://"++baseurl++"/simpleid" desc = "openid provider " ++ url setbaseurl l @@ -23,6 +33,13 @@ providerFor users baseurl = propertyList desc $ map toProp "define('SIMPLEID_BASE_URL', '"++url++"');" | otherwise = l + apacheconfigured = case mp of + Nothing -> toProp $ + Apache.virtualHost hn (Port 80) "/var/www/html" + Just p -> propertyList desc $ props + & Apache.listenPorts [p] + & Apache.virtualHost hn p "/var/www/html" + -- the identities directory controls access, so open up -- file mode identfile (User u) = File.hasPrivContentExposed -- cgit v1.2.3