From 98a311476379eb8c05a7a720799cd3416091bbe7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 22 Jul 2014 15:25:07 -0400 Subject: propellor spin --- src/Propellor/Property/Apache.hs | 20 ++- src/Propellor/Property/SiteSpecific/JoeySites.hs | 171 +++++++++++++++++++++++ 2 files changed, 185 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index cf3e62cc..b1fa9d9a 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -15,15 +15,16 @@ siteEnabled hn cf = RevertableProperty enable disable `requires` siteAvailable hn cf `requires` installed `onChange` reloaded - disable = trivial $ File.notPresent (siteCfg hn) - `describe` ("apache site disabled " ++ hn) + disable = trivial $ combineProperties + ("apache site disabled " ++ hn) + (map File.notPresent (siteCfg hn)) `onChange` cmdProperty "a2dissite" ["--quiet", hn] `requires` installed `onChange` reloaded siteAvailable :: HostName -> ConfigFile -> Property -siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf) - `describe` ("apache site available " ++ hn) +siteAvailable hn cf = combineProperties ("apache site available " ++ hn) $ + map (`File.hasContent` (comment:cf)) (siteCfg hn) where comment = "# deployed with propellor, do not modify" @@ -39,8 +40,15 @@ modEnabled modname = RevertableProperty enable disable `requires` installed `onChange` reloaded -siteCfg :: HostName -> FilePath -siteCfg hn = "/etc/apache2/sites-available/" ++ hn +-- This is a list of config files because different versions of apache +-- use different filenames. Propellor simply writen them all. +siteCfg :: HostName -> [FilePath] +siteCfg hn = + -- Debian pre-2.4 + [ "/etc/apache2/sites-available/" ++ hn + -- Debian 2.4+ + , "/etc/apache2/sites-available/" ++ hn ++ ".conf" + ] installed :: Property installed = Apt.installed ["apache2"] diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index e6c4bf01..277f209b 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -21,6 +21,7 @@ import Utility.Path import Data.List import System.Posix.Files +import Data.String.Utils oldUseNetServer :: [Host] -> Property oldUseNetServer hosts = propertyList ("olduse.net server") @@ -550,3 +551,173 @@ kiteMailServer = propertyList "kitenet.net mail server" hasJoeyCAChain :: Property hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed` Context "joeyca.pem" + +kitenetHttps :: Property +kitenetHttps = propertyList "kitenet.net https certs" + [ File.hasPrivContent "/etc/ssl/certs/web.pem" ctx + , File.hasPrivContent "/etc/ssl/private/web.pem" ctx + , File.hasPrivContent "/etc/ssl/certs/startssl.pem" ctx + , toProp $ Apache.modEnabled "ssl" + ] + where + ctx = Context "kitenet.net" + +-- Legacy static web sites and redirections from kitenet.net to newer +-- sites. +legacyWebSites :: Property +legacyWebSites = propertyList "legacy web sites" + [ Apt.serviceInstalledRunning "apache2" + , toProp $ Apache.modEnabled "rewrite" + , toProp $ Apache.modEnabled "cgi" + , toProp $ Apache.modEnabled "speling" + , userDirHtml + , kitenetHttps + , toProp $ Apache.siteEnabled "kitenet.net" $ apachecfg "kitenet.net" True + -- /var/www is empty + [ "DocumentRoot /var/www" + , "" + , " Options Options Indexes FollowSymLinks MultiViews ExecCGI Includes" + , " AllowOverride None" + , " Order allow,deny" + , " allow from all" + , "" + , "ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/" + + -- for mailman cgi scripts + , "" + , " AllowOverride None" + , " Options ExecCGI" + , " Order allow,deny" + , " allow from all" + , "" + , "Alias /pipermail/ /var/lib/mailman/archives/public/" + , "" + , " Options Indexes MultiViews FollowSymlinks" + , " AllowOverride None" + , " Order allow,deny" + , " Allow from all" + , " Require all granted" + , "" + , "Alias /images/ /usr/share/images/" + , "" + , " Options Indexes MultiViews" + , " AllowOverride None" + , " Order allow,deny" + , " Allow from all" + , "" + + , "RewriteEngine On" + , "# Force hostname to kitenet.net" + , "RewriteCond %{HTTP_HOST} !^kitenet\\.net [NC]" + , "RewriteCond %{HTTP_HOST} !^$" + , "RewriteRule ^/(.*) http://kitenet\\.net/$1 [L,R]" + + , "# Moved pages" + , "RewriteRule /programs/debhelper http://joeyh.name/code/debhelper/ [L]" + , "RewriteRule /programs/satutils http://joeyh.name/code/satutils/ [L]" + , "RewriteRule /programs/filters http://joeyh.name/code/filters/ [L]" + , "RewriteRule /programs/ticker http://joeyh.name/code/ticker/ [L]" + , "RewriteRule /programs/pdmenu http://joeyh.name/code/pdmenu/ [L]" + , "RewriteRule /programs/sleepd http://joeyh.name/code/sleepd/ [L]" + , "RewriteRule /programs/Lingua::EN::Words2Nums http://joeyh.name/code/Words2Nums/ [L]" + , "RewriteRule /programs/wmbattery http://joeyh.name/code/wmbattery/ [L]" + , "RewriteRule /programs/dpkg-repack http://joeyh.name/code/dpkg-repack/ [L]" + , "RewriteRule /programs/debconf http://joeyh.name/code/debconf/ [L]" + , "RewriteRule /programs/perlmoo http://joeyh.name/code/perlmoo/ [L]" + , "RewriteRule /programs/alien http://joeyh.name/code/alien/ [L]" + , "RewriteRule /~joey/blog/entry/(.+)-[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9]-[0-9][0-9].html http://joeyh.name/blog/entry/$1/ [L]" + , "RewriteRule /~anna/.* http://waldeneffect\\.org/ [R]" + , "RewriteRule /~anna/.* http://waldeneffect\\.org/ [R]" + , "RewriteRule /~anna http://waldeneffect\\.org/ [R]" + , "RewriteRule /simpleid/ http://openid.kitenet.net:8081/simpleid/" + , "# Even the kite home page is not here any more!" + , "RewriteRule ^/$ http://www.kitenet.net/ [R]" + , "RewriteRule ^/index.html http://www.kitenet.net/ [R]" + , "RewriteRule ^/joey http://www.kitenet.net/joey/ [R]" + , "RewriteRule ^/joey/index.html http://www.kitenet.net/joey/ [R]" + , "RewriteRule ^/wifi http://www.kitenet.net/wifi/ [R]" + , "RewriteRule ^/wifi/index.html http://www.kitenet.net/wifi/ [R]" + + , "# Old ikiwiki filenames for kitenet.net wiki." + , "rewritecond $1 !^/~" + , "rewritecond $1 !^/doc/" + , "rewritecond $1 !^/pipermail/" + , "rewritecond $1 !^/cgi-bin/" + , "rewritecond $1 !.*/index$" + , "rewriterule (.+).html$ $1/ [r]" + + , "# Old ikiwiki filenames for joey's wiki." + , "rewritecond $1 ^/~joey/" + , "rewritecond $1 !.*/index$" + , "rewriterule (.+).html$ http://kitenet.net/$1/ [L,R]" + + , "# ~joey to joeyh.name" + , "rewriterule /~joey/(.*) http://joeyh.name/$1 [L]" + + , "# Old familywiki location." + , "rewriterule /~family/(.*).html http://family.kitenet.net/$1 [L]" + , "rewriterule /~family/(.*).rss http://family.kitenet.net/$1/index.rss [L]" + , "rewriterule /~family(.*) http://family.kitenet.net$1 [L]" + + , "rewriterule /~kyle/bywayofscience(.*) http://bywayofscience.branchable.com$1 [L]" + , "rewriterule /~kyle/family/wiki/(.*).html http://macleawiki.branchable.com/$1 [L]" + , "rewriterule /~kyle/family/wiki/(.*).rss http://macleawiki.branchable.com/$1/index.rss [L]" + , "rewriterule /~kyle/family/wiki(.*) http://macleawiki.branchable.com$1 [L]" + ] + , alias "anna.kitenet.net" + , toProp $ Apache.siteEnabled "anna.kitenet.net" $ apachecfg "anna.kitenet.net" False + [ "DocumentRoot /home/anna/html" + , "" + , " Options Indexes ExecCGI" + , " AllowOverride None" + , "" + ] + , alias "sows-ear.kitenet.net" + , alias "www.sows-ear.kitenet.net" + , toProp $ Apache.siteEnabled "sows-ear.kitenet.net" $ apachecfg "sows-ear.kitenet.net" False + [ "ServerAlias www.sows-ear.kitenet.net" + , "DocumentRoot /srv/web/sows-ear.kitenet.net" + , "" + , " Options FollowSymLinks" + , " AllowOverride None" + , "" + ] + , alias "wortroot.kitenet.net" + , alias "www.wortroot.kitenet.net" + , toProp $ Apache.siteEnabled "wortroot.kitenet.net" $ apachecfg "wortroot.kitenet.net" False + [ "ServerAlias www.wortroot.kitenet.net" + , "DocumentRoot /srv/web/wortroot.kitenet.net" + , "" + , " Options FollowSymLinks" + , " AllowOverride None" + , "" + ] + , alias "joey.kitenet.net" + , toProp $ Apache.siteEnabled "joey.kitenet.net" $ apachecfg "joey.kitenet.net" False + [ "DocumentRoot /home/joey/html" + , "" + , " Options Indexes ExecCGI" + , " AllowOverride None" + , "" + + , "RewriteEngine On" + + , "# Old ikiwiki filenames for joey's wiki." + , "rewritecond $1 !.*/index$" + , "rewriterule (.+).html$ http://joeyh.name/$1/ [l]" + + , "rewritecond $1 !.*/index$" + , "rewriterule (.+).rss$ http://joeyh.name/$1/index.rss [l]" + + , "# Redirect all to joeyh.name." + , "rewriterule (.*) http://joeyh.name$1 [r]" + ] + ] + +userDirHtml :: Property +userDirHtml = File.fileProperty "apache userdir is html" (map munge) conf + `onChange` Apache.reloaded + `requires` (toProp $ Apache.modEnabled "userdir") + where + munge = replace "public_html" "html" + conf = "/etc/apache2/mods-available/userdir.conf" -- cgit v1.2.3