From c90282fc7bb77bcba19cdd4adfe96af3fb1162f8 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 7 Feb 2016 16:54:17 -0400 Subject: propellor spin --- src/Propellor/Property/Apache.hs | 35 ++++++++++++++++++++---- src/Propellor/Property/SiteSpecific/JoeySites.hs | 24 ++++++---------- 2 files changed, 38 insertions(+), 21 deletions(-) (limited to 'src') diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index 709c1753..5b8128a4 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -15,7 +15,9 @@ restarted = Service.restarted "apache2" reloaded :: Property NoInfo reloaded = Service.reloaded "apache2" -type ConfigFile = [String] +type ConfigLine = String + +type ConfigFile = [ConfigLine] siteEnabled :: Domain -> ConfigFile -> RevertableProperty NoInfo siteEnabled domain cf = siteEnabled' domain cf siteDisabled domain @@ -101,7 +103,7 @@ multiSSL = check (doesDirectoryExist "/etc/apache2/conf.d") $ -- -- Works with multiple versions of apache that have different ways to do -- it. -allowAll :: String +allowAll :: ConfigLine allowAll = unlines [ "" , "Order allow,deny" @@ -112,12 +114,27 @@ allowAll = unlines , "" ] +-- | Config file fragment that can be inserted into a +-- stanza to allow apache to display directory index icons. +iconDir :: ConfigLine +iconDir = unlines + [ "" + , "Options Indexes MultiViews" + , "AllowOverride None" + , allowAll + , " " + ] + type WebRoot = FilePath -- | A basic virtual host, publishing a directory, and logging to -- the combined apache log file. Not https capable. virtualHost :: Domain -> Port -> WebRoot -> RevertableProperty NoInfo -virtualHost domain (Port p) docroot = siteEnabled domain +virtualHost domain (Port p) docroot = virtualHost' domain (Port p) docroot [] + +-- | Like `virtualHost` but with additional config lines added. +virtualHost' :: Domain -> Port -> WebRoot -> [ConfigLine] -> RevertableProperty NoInfo +virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $ [ "" , "ServerName "++domain++":"++show p , "DocumentRoot " ++ docroot @@ -125,7 +142,9 @@ virtualHost domain (Port p) docroot = siteEnabled domain , "LogLevel warn" , "CustomLog /var/log/apache2/access.log combined" , "ServerSignature On" - , "" + ] + ++ addedcfg ++ + [ "" ] -- | A virtual host using https, with the certificate obtained @@ -138,7 +157,11 @@ virtualHost domain (Port p) docroot = siteEnabled domain -- > httpsVirtualHost "example.com" "/var/www" -- > (LetsEncrypt.AgreeTos (Just "me@my.domain")) httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo -httpsVirtualHost domain docroot letos = setup +httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [] + +-- | Like `httpsVirtualHost` but with additional config lines added. +httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo +httpsVirtualHost' domain docroot letos addedcfg = setup `requires` modEnabled "rewrite" `requires` modEnabled "ssl" `before` LetsEncrypt.letsEncrypt letos domain docroot certinstaller @@ -176,6 +199,6 @@ httpsVirtualHost domain docroot letos = setup , "LogLevel warn" , "CustomLog /var/log/apache2/access.log combined" , "ServerSignature On" - ] ++ ls ++ + ] ++ ls ++ addedcfg ++ [ "" ] diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 03f2efcb..0bb98489 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -18,6 +18,7 @@ import qualified Propellor.Property.Apache as Apache import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Systemd as Systemd import qualified Propellor.Property.Fail2Ban as Fail2Ban +import qualified Propellor.Property.LetsEncrypt as LetsEncrypt import Utility.FileMode import Data.List @@ -290,24 +291,21 @@ annexWebSite origin hn uuid remotes = propertyList (hn ++" website using git-ann , "git update-server-info" ] addremote (name, url) = "git remote add " ++ shellEscape name ++ " " ++ shellEscape url - setupapache = apacheSite hn True + setupapache = Apache.httpsVirtualHost' hn dir letos [ " ServerAlias www."++hn - , "" - , " DocumentRoot /srv/web/"++hn - , " " - , " Options FollowSymLinks" - , " AllowOverride None" - , Apache.allowAll - , " " - , " " + , Apache.iconDir + , " " , " Options Indexes FollowSymLinks ExecCGI" , " AllowOverride None" , " AddHandler cgi-script .cgi" , " DirectoryIndex index.html index.cgi" - , Apache.allowAll + , Apache.allowAll , " " ] +letos :: LetsEncrypt.AgreeTOS +letos = LetsEncrypt.AgreeTOS (Just "id@joeyh.name") + apacheSite :: HostName -> Bool -> Apache.ConfigFile -> RevertableProperty NoInfo apacheSite hn withssl middle = Apache.siteEnabled hn $ apachecfg hn withssl middle @@ -329,11 +327,7 @@ apachecfg hn withssl middle , " CustomLog /var/log/apache2/access.log combined" , " ServerSignature On" , " " - , " " - , " Options Indexes MultiViews" - , " AllowOverride None" - , Apache.allowAll - , " " + , Apache.iconDir , "" ] where -- cgit v1.2.3