From bf34d6f423bd2da76938dfdc1cf4525dc17b97c5 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 4 Jan 2015 13:42:01 -0400 Subject: propellor spin --- src/Propellor/Property/Dns.hs | 10 +++++----- src/Propellor/Property/DnsSec.hs | 9 ++++++--- 2 files changed, 11 insertions(+), 8 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Dns.hs b/src/Propellor/Property/Dns.hs index 47f39718..062b278b 100644 --- a/src/Propellor/Property/Dns.hs +++ b/src/Propellor/Property/Dns.hs @@ -56,15 +56,15 @@ import Data.List primary :: [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> RevertableProperty primary hosts domain soa rs = RevertableProperty setup cleanup where - setup = setupPrimary zonefile hosts domain soa rs + setup = setupPrimary zonefile id hosts domain soa rs `onChange` Service.reloaded "bind9" cleanup = cleanupPrimary zonefile domain `onChange` Service.reloaded "bind9" zonefile = "/etc/bind/propellor/db." ++ domain -setupPrimary :: FilePath -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> Property -setupPrimary zonefile hosts domain soa rs = +setupPrimary :: FilePath -> (FilePath -> FilePath) -> [Host] -> Domain -> SOA -> [(BindDomain, Record)] -> Property +setupPrimary zonefile mknamedconffile hosts domain soa rs = withwarnings (check needupdate baseprop) `requires` servingZones where @@ -79,7 +79,7 @@ setupPrimary zonefile hosts domain soa rs = conf = NamedConf { confDomain = domain , confDnsServerType = Master - , confFile = zonefile + , confFile = mknamedconffile zonefile , confMasters = [] , confAllowTransfer = nub $ concatMap (\h -> hostAddresses h hosts) $ @@ -132,7 +132,7 @@ signedPrimary recurrance hosts domain soa rs = RevertableProperty setup cleanup where -- TODO enable dnssec options. -- dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; - setup = setupPrimary zonefile hosts domain soa rs' + setup = setupPrimary zonefile signedZoneFile hosts domain soa rs' `onChange` toProp (zoneSigned domain zonefile) `onChange` Service.reloaded "bind9" diff --git a/src/Propellor/Property/DnsSec.hs b/src/Propellor/Property/DnsSec.hs index f76a28ff..47fa9b32 100644 --- a/src/Propellor/Property/DnsSec.hs +++ b/src/Propellor/Property/DnsSec.hs @@ -44,19 +44,18 @@ zoneSigned domain zonefile = RevertableProperty setup cleanup `requires` toProp (keysInstalled domain) cleanup = combineProperties ("removed signed zone for " ++ domain) - [ File.notPresent signedzonefile + [ File.notPresent (signedZoneFile zonefile) , File.notPresent dssetfile , toProp (revert (keysInstalled domain)) ] - signedzonefile = dir domain ++ ".signed" dssetfile = dir "-" ++ domain ++ "." dir = takeDirectory zonefile -- Need to update the signed zone file if the zone file or -- any of the keys have a newer timestamp. needupdate = do - v <- catchMaybeIO $ getModificationTime signedzonefile + v <- catchMaybeIO $ getModificationTime (signedZoneFile zonefile) case v of Nothing -> return True Just t1 -> anyM (newerthan t1) $ @@ -110,3 +109,7 @@ isPublic k = k `elem` [PubZSK, PubKSK] isZoneSigningKey :: DnsSecKey -> Bool isZoneSigningKey k = k `elem` [PubZSK, PrivZSK] + +-- | dnssec-signzone makes a .signed file +signedZoneFile :: FilePath -> FilePath +signedZoneFile zonefile = zonefile ++ ".signed" -- cgit v1.2.3