summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Apache.hs
blob: cf3e62cc05285a1d78631c6880e40cf2c0597013 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
module Propellor.Property.Apache where

import Propellor
import qualified Propellor.Property.File as File
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.Service as Service

type ConfigFile = [String]

siteEnabled :: HostName -> ConfigFile -> RevertableProperty
siteEnabled hn cf = RevertableProperty enable disable
  where
	enable = trivial $ cmdProperty "a2ensite" ["--quiet", hn]
		`describe` ("apache site enabled " ++ hn)
		`requires` siteAvailable hn cf
		`requires` installed
		`onChange` reloaded
	disable = trivial $ File.notPresent (siteCfg hn)
		`describe` ("apache site disabled " ++ hn)
		`onChange` cmdProperty "a2dissite" ["--quiet", hn]
		`requires` installed
		`onChange` reloaded

siteAvailable :: HostName -> ConfigFile -> Property
siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf)
	`describe` ("apache site available " ++ hn)
  where
	comment = "# deployed with propellor, do not modify"

modEnabled :: String -> RevertableProperty
modEnabled modname = RevertableProperty enable disable
  where
	enable = trivial $ cmdProperty "a2enmod" ["--quiet", modname]
		`describe` ("apache module enabled " ++ modname)
		`requires` installed
		`onChange` reloaded
	disable = trivial $ cmdProperty "a2dismod" ["--quiet", modname]
		`describe` ("apache module disabled " ++ modname)
		`requires` installed
		`onChange` reloaded

siteCfg :: HostName -> FilePath
siteCfg hn = "/etc/apache2/sites-available/" ++ hn

installed :: Property
installed = Apt.installed ["apache2"]

restarted :: Property
restarted = cmdProperty "service" ["apache2", "restart"]

reloaded :: Property
reloaded = Service.reloaded "apache2"

-- | Configure apache to use SNI to differentiate between
-- https hosts.
multiSSL :: Property
multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent`
	[ "NameVirtualHost *:443"
	, "SSLStrictSNIVHostCheck off"
	]
	`describe` "apache SNI enabled"
	`onChange` reloaded