propellor spin

3 files changed, 60 insertions, 65 deletions

diff --git a/config-joey.hs b/config-joey.hs
index f1f87a27..6829faf5 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -17,7 +17,6 @@ import qualified Propellor.Property.Hostname as Hostname
 import qualified Propellor.Property.Tor as Tor
 import qualified Propellor.Property.Dns as Dns
 import qualified Propellor.Property.OpenId as OpenId
-import qualified Propellor.Property.Docker as Docker
 import qualified Propellor.Property.Git as Git
 import qualified Propellor.Property.Postfix as Postfix
 import qualified Propellor.Property.Apache as Apache
@@ -323,14 +322,10 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
 	& alias "ns3.kitenet.net"
 	& myDnsSecondary
 	
-	-- & Docker.configured
-	-- & Docker.docked openidProvider
-	-- 	`requires` Apt.serviceInstalledRunning "ntp"
-	-- & Docker.docked jerryPlay
-	-- & Docker.garbageCollected `period` (Weekly (Just 1))
-	
 	& Systemd.nspawned oldusenetShellBox
-	! Systemd.nspawned ancientKitenet
+	& Systemd.nspawned ancientKitenet
+	& Systemd.nspawned openidProvider
+	 	`requires` Apt.serviceInstalledRunning "ntp"
 	
 	& JoeySites.scrollBox
 	& alias "scroll.joeyh.name"
@@ -429,39 +424,32 @@ webserver = standardStableContainer "webserver"
 
 -- My own openid provider. Uses php, so containerized for security
 -- and administrative sanity.
-openidProvider :: Docker.Container
-openidProvider = standardStableDockerContainer "openid-provider"
-	& alias "openid.kitenet.net"
-	& Docker.publish "8081:80"
-	& OpenId.providerFor [User "joey", User "liw"]
-		"openid.kitenet.net:8081"
+openidProvider :: Systemd.Container
+openidProvider = standardStableContainer "openid-provider"
+	& alias hn
+	& OpenId.providerFor [User "joey", User "liw"] hn (Just (Port 8081))
+  where
+	hn = "openid.kitenet.net"
 
 -- Exhibit: kite's 90's website on port 1994.
 ancientKitenet :: Systemd.Container
 ancientKitenet = standardStableContainer "ancient-kitenet"
-	& alias "ancient.kitenet.net"
+	& alias hn
 	& Git.cloned (User "root") "git://kitenet-net.branchable.com/" "/var/www/html"
 		(Just "remotes/origin/old-kitenet.net")
 	& Apache.installed
-	& Apache.virtualHost "ancient.kitenet.net" (Port 1994) "/var/www/html"
+	& Apache.listenPorts [p]
+	& Apache.virtualHost hn p "/var/www/html"
 	& Apache.siteDisabled "000-default"
-	& "/etc/apache2/ports.conf" `File.hasContent` ["Listen 1994"]
-		`onChange` Apache.reloaded
+  where
+	p = Port 1994
+	hn = "ancient.kitenet.net"
 
 oldusenetShellBox :: Systemd.Container
 oldusenetShellBox = standardStableContainer "oldusenet-shellbox"
 	& alias "shell.olduse.net"
 	& JoeySites.oldUseNetShellBox
 
-jerryPlay :: Docker.Container
-jerryPlay = standardDockerContainer "jerryplay" Unstable "amd64"
-	& alias "jerryplay.kitenet.net"
-	& Docker.publish "2202:22"
-	& Docker.publish "8001:80"
-	& Apt.installed ["ssh"]
-	& User.hasPassword (User "root")
-	& Ssh.permitRootLogin (Ssh.RootLogin True)
-
 kiteShellBox :: Systemd.Container
 kiteShellBox = standardStableContainer "kiteshellbox"
 	& JoeySites.kiteShellBox
@@ -509,26 +497,6 @@ standardContainer name suite arch = Systemd.container name chroot
 standardStableContainer :: Systemd.MachineName -> Systemd.Container
 standardStableContainer name = standardContainer name (Stable "jessie") "amd64"
 
-standardStableDockerContainer :: Docker.ContainerName -> Docker.Container
-standardStableDockerContainer name = standardDockerContainer name (Stable "jessie") "amd64"
-
-standardDockerContainer :: Docker.ContainerName -> DebianSuite -> Architecture -> Docker.Container
-standardDockerContainer name suite arch = Docker.container name (dockerImage system)
-	& os system
-	& Apt.stdSourcesList `onChange` Apt.upgrade
-	& Apt.unattendedUpgrades
-	& Apt.cacheCleaned
-	& Docker.tweaked
-  where
-	system = System (Debian suite) arch
-
--- Docker images I prefer to use.
-dockerImage :: System -> Docker.Image
-dockerImage (System (Debian Unstable) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
-dockerImage (System (Debian Testing) arch) = Docker.latestImage ("joeyh/debian-unstable-" ++ arch)
-dockerImage (System (Debian (Stable _)) arch) = Docker.latestImage ("joeyh/debian-stable-" ++ arch)
-dockerImage _ = Docker.latestImage "debian-stable-official" -- does not currently exist!
-
 myDnsSecondary :: Property HasInfo
 myDnsSecondary = propertyList "dns secondary for all my domains" $ props
 	& Dns.secondary hosts "kitenet.net"
diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs
index 49e3d525..b4bbdc32 100644
--- a/src/Propellor/Property/Apache.hs
+++ b/src/Propellor/Property/Apache.hs
@@ -5,7 +5,14 @@ import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
 
-type ConfigFile = [String]
+installed :: Property NoInfo
+installed = Apt.installed ["apache2"]
+
+restarted :: Property NoInfo
+restarted = Service.restarted "apache2"
+
+reloaded :: Property NoInfo
+reloaded = Service.reloaded "apache2"
 
 -- | A basic virtual host, publishing a directory, and logging to
 -- the combined apache log file.
@@ -21,6 +28,8 @@ virtualHost hn (Port p) docroot = siteEnabled hn
 	, "</VirtualHost>"
 	]
 
+type ConfigFile = [String]
+
 siteEnabled :: HostName -> ConfigFile -> RevertableProperty
 siteEnabled hn cf = enable <!> disable
   where
@@ -65,6 +74,16 @@ modEnabled modname = enable <!> disable
 			`onChange` reloaded
 	isenabled = boolSystem "a2query" [Param "-q", Param "-m", Param modname]
 
+-- | Make apache listen on the specified ports.
+--
+-- Note that ports are also specified inside a site's config file,
+-- so that also needs to be changed.
+listenPorts :: [Port] -> Property NoInfo
+listenPorts ps = "/etc/apache2/ports.conf" `File.hasContent` map portline ps
+	`onChange` restarted
+  where
+	portline (Port n) = "Listen " ++ show n
+
 -- This is a list of config files because different versions of apache
 -- use different filenames. Propellor simply writes them all.
 siteCfg :: HostName -> [FilePath]
@@ -75,15 +94,6 @@ siteCfg hn =
 	, "/etc/apache2/sites-available/" ++ hn ++ ".conf"
 	] 
 
-installed :: Property NoInfo
-installed = Apt.installed ["apache2"]
-
-restarted :: Property NoInfo
-restarted = Service.restarted "apache2"
-
-reloaded :: Property NoInfo
-reloaded = Service.reloaded "apache2"
-
 -- | Configure apache to use SNI to differentiate between
 -- https hosts.
 --
diff --git a/src/Propellor/Property/OpenId.hs b/src/Propellor/Property/OpenId.hs
index 1f6f2559..6becee62 100644
--- a/src/Propellor/Property/OpenId.hs
+++ b/src/Propellor/Property/OpenId.hs
@@ -3,19 +3,29 @@ module Propellor.Property.OpenId where
 import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
-import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.Apache as Apache
 
 import Data.List
 
-providerFor :: [User] -> String -> Property HasInfo
-providerFor users baseurl = propertyList desc $ map toProp
-	[ Apt.serviceInstalledRunning "apache2"
-	, Apt.installed ["simpleid"]
-		`onChange` Service.restarted "apache2"
-	, File.fileProperty (desc ++ " configured")
+-- | Openid provider, using the simpleid PHP CGI, with apache.
+--
+-- Runs on usual port by defualt. When a nonstandard port is specified,
+-- apache is limited to listening only on that port. Warning: Specifying
+-- a port won't compose well with other apache properties on the same
+-- host.
+providerFor :: [User] -> HostName -> Maybe Port -> Property HasInfo
+providerFor users hn mp = propertyList desc $ props
+	& Apt.serviceInstalledRunning "apache2"
+	& apacheconfigured
+	& Apt.installed ["simpleid"]
+		`onChange` Apache.restarted
+	& File.fileProperty (desc ++ " configured")
 		(map setbaseurl) "/etc/simpleid/config.inc"
-	] ++ map identfile users
+	& propertyList desc (map identfile users)
   where
+	baseurl = hn ++ case mp of
+		Nothing -> ""
+		Just (Port p) -> show p
 	url = "http://"++baseurl++"/simpleid"
 	desc = "openid provider " ++ url
 	setbaseurl l
@@ -23,6 +33,13 @@ providerFor users baseurl = propertyList desc $ map toProp
 			"define('SIMPLEID_BASE_URL', '"++url++"');"
 		| otherwise = l
 	
+	apacheconfigured = case mp of
+		Nothing -> toProp $
+			Apache.virtualHost hn (Port 80) "/var/www/html"
+		Just p -> propertyList desc $ props
+			& Apache.listenPorts [p]
+			& Apache.virtualHost hn p "/var/www/html"
+	
 	-- the identities directory controls access, so open up
 	-- file mode
 	identfile (User u) = File.hasPrivContentExposed