diff options
| author | Joey Hess <joey@kitenet.net> | 2014-07-18 16:40:09 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-07-18 16:40:09 -0400 |
| commit | 93730d530a722e951e51c675c1aed9fdd3c75a87 (patch) | |
| tree | 789cfbad3dcf7ea5d726c136dfdd4e5d28e0159b | |
| parent | d5abbeb116a749c77d9d594097bd83c027374384 (diff) | |
propellor spin
| -rw-r--r-- | config-joey.hs | 16 | ||||
| -rw-r--r-- | src/Propellor/Property/SiteSpecific/JoeySites.hs | 13 |
2 files changed, 21 insertions, 8 deletions
diff --git a/config-joey.hs b/config-joey.hs index a2c2554e..6b02ed49 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -90,6 +90,8 @@ hosts = -- (o) ` & Apt.unattendedUpgrades & Apt.installed ["systemd"] & Ssh.hostKeys (Context "kitenet.net") + -- Since ssh password authentication is allowed: + & Apt.serviceInstalledRunning "fail2ban" & Obnam.backup "/" "33 1 * * *" [ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam" , "--client-name=kitenet.net" @@ -107,9 +109,12 @@ hosts = -- (o) ` -- & alias "smtp.kitenet.net" -- not yet live! -- & alias "imap.kitenet.net" -- not yet live! - & Apt.installed ["git-annex", "myrepos"] - -- Since password authentication is allowed: - & Apt.serviceInstalledRunning "fail2ban" + & Apt.installed + ["git-annex", "myrepos" + , "build-essential", "make" + -- Some users have zsh as their login shell. + , "zsh" + ] , standardSystem "diatom.kitenet.net" Stable "amd64" [ "Important stuff that needs not too much memory or CPU." ] @@ -406,9 +411,8 @@ monsters = -- but do want to track their public keys etc. - mailman - /spamassassin - sqwebmail - - /courier - - /imap - - /pop + - /imap server + - /pop server - apache - some static websites - bitlbee diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 1b70807a..5f647bf2 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -511,7 +511,14 @@ kiteMailServer = propertyList "kitenet.net mail server" , "/etc/dovecot/conf.d/10-mail.conf" `File.containsLine` "mail_location = maildir:~/Maildir" `onChange` Service.reloaded "dovecot" - `describe` "dovecot configured" + `describe` "dovecot mail.conf" + , "/etc/dovecot/conf.d/10-auth.conf" `File.containsLine` + "!include auth-passwdfile.conf.ex" + `onChange` Service.restarted "dovecot" + `describe` "dovecot auth.conf" + , File.hasPrivContent dovecotusers ctx + `onChange` (dovecotusers `File.mode` + combineModes [ownerReadMode, groupReadMode]) , Apt.installed ["mutt", "bsd-mailx", "alpine"] @@ -526,7 +533,8 @@ kiteMailServer = propertyList "kitenet.net mail server" , "chmod 600 $pass" , "exec alpine -passfile $pass \"$@\"" ] - `onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes)) + `onChange` (pinescript `File.mode` + combineModes (readModes ++ executeModes)) `describe` "pine wrapper script" , "/etc/pine.conf" `File.containsLines` [ "inbox-path={localhost/novalidate-cert}inbox" @@ -536,6 +544,7 @@ kiteMailServer = propertyList "kitenet.net mail server" where ctx = Context "kitenet.net" pinescript = "/usr/local/bin/pine" + dovecotusers = "/etc/dovecot/users" hasJoeyCAChain :: Property hasJoeyCAChain = "/etc/ssl/certs/joeyca.pem" `File.hasPrivContentExposed` |