From ccdb432d2d226ca366142b868b448394cffd3b9c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 7 Apr 2015 12:34:02 -0400 Subject: split out a module --- src/Propellor/Property/SiteSpecific/IABak.hs | 67 ++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 src/Propellor/Property/SiteSpecific/IABak.hs (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs new file mode 100644 index 00000000..ed394a8f --- /dev/null +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -0,0 +1,67 @@ +module Propellor.Property.SiteSpecific.IABak where + +import Propellor +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Git as Git +import qualified Propellor.Property.Cron as Cron +import qualified Propellor.Property.File as File + +gitServer :: Property HasInfo +gitServer = propertyList "iabak git server" $ props + & Git.cloned "root" repo "/usr/local/IA.BAK" (Just "server") + & Git.cloned "root" repo "/usr/local/IA.BAK/client" (Just "master") + & Git.cloned "www-data" repo "/usr/local/IA.BAK/pubkeys" (Just "pubkey") + & Apt.serviceInstalledRunning "apache2" + & cmdProperty "ln" ["-sf", "/usr/local/IA.BAK/pushme.cgi", "/usr/lib/cgi-bin/pushme.cgi"] + & File.containsLine "/etc/sudoers" "www-data ALL=NOPASSWD:/usr/local/IA.BAK/pushed.sh" + & Cron.niceJob "shardstats" (Cron.Times "*/30 * * * *") "root" "/" + "/usr/local/IA.BAK/shardstats-all" + where + repo = "https://github.com/ArchiveTeam/IA.BAK/" + +graphiteServer :: Property HasInfo +graphiteServer = propertyList "iabak graphite server" $ props + & Apt.serviceInstalledRunning "apache2" + & Apt.installed ["libapache2-mod-wsgi", "graphite-carbon", "graphite-web"] + & File.hasContent "/etc/carbon/storage-schemas.conf" + [ "[carbon]" + , "pattern = ^carbon\\." + , "retentions = 60:90d" + , "[iabak]" + , "pattern = ^iabak\\." + , "retentions = 10m:30d,1h:1y,3h,10y" + , "[default_1min_for_1day]" + , "pattern = .*" + , "retentions = 60s:1d" + ] + & graphiteCSRF + & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb" + & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey"] `flagFile` "/etc/flagFiles/graphite-user-joey" + & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x"] `flagFile` "/etc/flagFiles/graphite-user-db48x" + -- TODO: deal with passwords somehow + & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite" + & File.hasContent "/etc/apache2/iabak-graphite-web.conf" + [ "" + , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite" + , " WSGIProcessGroup _graphite" + , " WSGIImportScript /usr/share/graphite-web/graphite.wsgi process-group=_graphite application-group=%{GLOBAL}" + , " WSGIScriptAlias / /usr/share/graphite-web/graphite.wsgi" + , " Alias /content/ /usr/share/graphite-web/static/" + , " " + , " SetHandler None" + , " " + , " ErrorLog ${APACHE_LOG_DIR}/graphite-web_error.log" + , " LogLevel warn" + , " CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined" + , "" + ] + & cmdProperty "ln" ["-sf", "/etc/apache2/sites-available/iabak-graphite-web.conf", + "/etc/apache2/sites-enabled/iabak-graphite-web.conf"] + & Apt.installed ["netcat"] + & Apt.installed ["tmux"] + & Apt.installed ["emacs-nox"] + where + graphiteCSRF = withPrivData (Password "csrf-token") (Context "iabak.archiveteam.org") $ + \gettoken -> property "graphite-web CSRF token" $ + gettoken $ \token -> ensureProperty $ File.containsLine + "/etc/graphite/local_settings.py" ("SECRET_KEY = '"++ token ++"'") -- cgit v1.2.3 From 2c2cde0b5ca237182c360aa12fb4d5b42dcdea85 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 7 Apr 2015 12:36:52 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/IABak.hs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index ed394a8f..e0e96838 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -36,8 +36,8 @@ graphiteServer = propertyList "iabak graphite server" $ props ] & graphiteCSRF & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb" - & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey"] `flagFile` "/etc/flagFiles/graphite-user-joey" - & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x"] `flagFile` "/etc/flagFiles/graphite-user-db48x" + & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey", "--email=joey@localhost"] `flagFile` "/etc/flagFiles/graphite-user-joey" + & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x", "--email=db48x@localhost"] `flagFile` "/etc/flagFiles/graphite-user-db48x" -- TODO: deal with passwords somehow & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite" & File.hasContent "/etc/apache2/iabak-graphite-web.conf" -- cgit v1.2.3 From c25be89f874c6822f9f07049577e4e0acb560d57 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 7 Apr 2015 12:42:54 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/IABak.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index e0e96838..52f6e668 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -37,7 +37,9 @@ graphiteServer = propertyList "iabak graphite server" $ props & graphiteCSRF & cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb" & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=joey", "--email=joey@localhost"] `flagFile` "/etc/flagFiles/graphite-user-joey" + `flagFile` "/etc/graphite-superuser-joey" & cmdProperty "graphite-manage" ["createsuperuser", "--noinput", "--username=db48x", "--email=db48x@localhost"] `flagFile` "/etc/flagFiles/graphite-user-db48x" + `flagFile` "/etc/graphite-superuser-db48x" -- TODO: deal with passwords somehow & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite" & File.hasContent "/etc/apache2/iabak-graphite-web.conf" -- cgit v1.2.3 From 8d2e46ab98dbdd2391355b2799959dc09c85984f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 7 Apr 2015 12:46:26 -0400 Subject: propellor spin --- config-joey.hs | 3 +++ src/Propellor/Property/SiteSpecific/IABak.hs | 8 ++------ 2 files changed, 5 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/config-joey.hs b/config-joey.hs index 150c044e..513adcf9 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -314,6 +314,9 @@ iabak = host "iabak.archiveteam.org" & Apt.installed ["etckeeper"] & Apt.installed ["ssh"] & Apt.installed ["vim", "screen", "less"] + & Apt.installed ["netcat"] + & Apt.installed ["tmux"] + & Apt.installed ["emacs-nox"] & User.hasSomePassword "root" & User.accountFor "joey" & User.hasSomePassword "joey" diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index 52f6e668..d349a7ee 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -5,6 +5,7 @@ import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Git as Git import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.File as File +import qualified Propellor.Property.Apache as Apache gitServer :: Property HasInfo gitServer = propertyList "iabak git server" $ props @@ -42,7 +43,7 @@ graphiteServer = propertyList "iabak graphite server" $ props `flagFile` "/etc/graphite-superuser-db48x" -- TODO: deal with passwords somehow & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite" - & File.hasContent "/etc/apache2/iabak-graphite-web.conf" + & Apache.siteEnabled "iabak-graphite-web" [ "" , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite" , " WSGIProcessGroup _graphite" @@ -57,11 +58,6 @@ graphiteServer = propertyList "iabak graphite server" $ props , " CustomLog ${APACHE_LOG_DIR}/graphite-web_access.log combined" , "" ] - & cmdProperty "ln" ["-sf", "/etc/apache2/sites-available/iabak-graphite-web.conf", - "/etc/apache2/sites-enabled/iabak-graphite-web.conf"] - & Apt.installed ["netcat"] - & Apt.installed ["tmux"] - & Apt.installed ["emacs-nox"] where graphiteCSRF = withPrivData (Password "csrf-token") (Context "iabak.archiveteam.org") $ \gettoken -> property "graphite-web CSRF token" $ -- cgit v1.2.3 From c704271c52dce90a24287a85a3a7cf284176593f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 7 Apr 2015 12:51:40 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/IABak.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index d349a7ee..35e6c2b7 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -43,6 +43,8 @@ graphiteServer = propertyList "iabak graphite server" $ props `flagFile` "/etc/graphite-superuser-db48x" -- TODO: deal with passwords somehow & File.ownerGroup "/var/lib/graphite/graphite.db" "_graphite" "_graphite" + & "/etc/apache2/ports.conf" `File.containsLine` "Listen 8080" + `onChange` Apache.restarted & Apache.siteEnabled "iabak-graphite-web" [ "" , " WSGIDaemonProcess _graphite processes=5 threads=5 display-name='%{GROUP}' inactivity-timeout=120 user=_graphite group=_graphite" -- cgit v1.2.3 From 15569ee17a712742d1293bf2560a95fc4379e6b6 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 9 Apr 2015 00:42:51 -0400 Subject: remove ssh key from desc, too long --- src/Propellor/Property/Ssh.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/Propellor/Property/Ssh.hs b/src/Propellor/Property/Ssh.hs index 320136ee..1fbf92ec 100644 --- a/src/Propellor/Property/Ssh.hs +++ b/src/Propellor/Property/Ssh.hs @@ -242,7 +242,7 @@ authorizedKey user l = property desc $ do , File.ownerGroup (takeDirectory f) user user ] where - desc = user ++ " has autorized_keys line " ++ l + desc = user ++ " has autorized_keys" -- | Makes the ssh server listen on a given port, in addition to any other -- ports it is configured to listen on. -- cgit v1.2.3 From aa278d34a03ee77b0d78cd784ef7d1aaa00921f3 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sat, 11 Apr 2015 10:13:17 -0400 Subject: expand --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 235a3a75..1a3099f4 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -460,7 +460,7 @@ githubMirrors = , ("etckeeper", plzuseurl "http://etckeeper.branchable.com/todo/") ] where - plzuseurl u = "please submit changes to " ++ u ++ " instead of using github pull requests" + plzuseurl u = "Please submit changes to " ++ u ++ " instead of using github pull requests, which are not part of my workflow. -- A robot acting on behalf of Joey Hess" rsyncNetBackup :: [Host] -> Property NoInfo rsyncNetBackup hosts = Cron.niceJob "rsync.net copied in daily" (Cron.Times "30 5 * * *") -- cgit v1.2.3