diff options
| author | Joey Hess <joey@kitenet.net> | 2014-03-30 00:28:56 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-03-30 00:28:56 -0400 |
| commit | 3368bdd0a18a58f10fbec8880562ad63b85bcfd5 (patch) | |
| tree | ecc22f01c33c19a5bdb1a0b09a3244c2973f75ca /HostProp.hs | |
| parent | c1ad516a6c85d5fc7733151bcae07495e69319ea (diff) | |
improvements
Diffstat (limited to 'HostProp.hs')
| -rw-r--r-- | HostProp.hs | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/HostProp.hs b/HostProp.hs index 5eb060b1..6bef0b25 100644 --- a/HostProp.hs +++ b/HostProp.hs @@ -15,24 +15,30 @@ main = ensureProperties . getProperties =<< getHostName - Properties for that system. -} getProperties :: HostName -> [Property] getProperties "clam" = - [ Apt.stdSourcesList Apt.Unstable `onChange` Apt.upgrade - , Apt.installed ["etckeeper"] + -- Clean up the system as installed by cloudatcost.com + [ User.nuked "user" + , Apt.removed ["exim4"] `onChange` Apt.autoRemove , Hostname.set "clam.kitenet.net" - , Apt.installed ["ssh"] , Ssh.uniqueHostKeys + -- This is my standard system setup + , Apt.stdSourcesList Apt.Unstable `onChange` Apt.upgrade + , Apt.installed ["etckeeper"] + , Apt.installed ["ssh"] , Apt.installed ["git", "myrepos"] , GitHome.installedFor "root" + -- Harden the system, but only once root's authorized_keys + -- is safely in place. , check (Ssh.hasAuthorizedKeys "root") $ Ssh.passwordAuthentication False , check (Ssh.hasAuthorizedKeys "root") $ User.lockedPassword "root" , User.nonsystem "joey" - , User.nuked "user" , Apt.installed ["sudo"] - , lineInfFile "/etc/sudoers" "joey ALL=(ALL:ALL) ALL" + , lineInFile "/etc/sudoers" "joey ALL=(ALL:ALL) ALL" , GitHome.installedFor "joey" - , Apt.removed ["exim4"] `onChange` Apt.autoRemove + -- Clam is a tor bridge. , Apt.installed ["tor"] + -- Should come last as it reboots. , Apt.installed ["systemd-sysv"] `onChange` Reboot.scheduled "+10" ] -- add more hosts here... |