diff options
| author | Joey Hess <joeyh@joeyh.name> | 2016-02-07 22:01:17 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2016-02-07 22:02:15 -0400 |
| commit | 97fdc43f8a49c87c730471442cf2117bf0a75d64 (patch) | |
| tree | 10c26e2878f9bfac97bbe3b2e67c7f0e0cd45f36 | |
| parent | efbb3d0e126721e0f9487f194379806c37f1988e (diff) | |
property is revertable
| -rw-r--r-- | config-joey.hs | 2 | ||||
| -rw-r--r-- | src/Propellor/Property/Apache.hs | 17 |
2 files changed, 11 insertions, 8 deletions
diff --git a/config-joey.hs b/config-joey.hs index fc7bd681..5c3d376b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -337,8 +337,6 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" & Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html" (LetsEncrypt.AgreeTOS (Just "id@joeyh.name")) & alias "letsencrypt.joeyh.name" - -- to revert above, partially: - -- ! Apache.virtualHost "letsencrypt.joeyh.name" (Port 443) "/var/www/html" elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index d0bcadfa..dee7a5fc 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -156,16 +156,21 @@ virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $ -- -- > httpsVirtualHost "example.com" "/var/www" -- > (LetsEncrypt.AgreeTOS (Just "me@my.domain")) -httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo +-- +-- Note that reverting this property does not remove the certificate from +-- letsencrypt's cert store. +httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> RevertableProperty NoInfo httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [] -- | Like `httpsVirtualHost` but with additional config lines added. -httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo -httpsVirtualHost' domain docroot letos addedcfg = setuphttp - `requires` modEnabled "rewrite" - `requires` modEnabled "ssl" - `before` setuphttps +httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> RevertableProperty NoInfo +httpsVirtualHost' domain docroot letos addedcfg = setup <!> teardown where + setup = setuphttp + `requires` modEnabled "rewrite" + `requires` modEnabled "ssl" + `before` setuphttps + teardown = siteDisabled domain setuphttp = siteEnabled' domain $ -- The sslconffile is only created after letsencrypt gets -- the cert. The "*" is needed to make apache not error |