propellor spin

author: Joey Hess <joey@kitenet.net> 2014-03-30 20:18:45 -0400
committer: Joey Hess <joey@kitenet.net> 2014-03-30 20:18:45 -0400
commit: 614d49789566cdf119997bf12c0d7494e386d4dd (patch)
tree: 8a3d11703c38832edcf834a52f353a09e46616b8 /Propellor.hs
parent: 385a1de0ce80427e3d7d87c291758bf20f03fcf2 (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/Propellor.hs b/Propellor.hs
index 71f552d6..2b7f978e 100644
--- a/Propellor.hs
+++ b/Propellor.hs
@@ -19,8 +19,6 @@ getProperties :: HostName -> [Property]
 getProperties hostname@"clam.kitenet.net" =
 	[ cleanCloudAtCost hostname
 	, standardSystem Apt.Unstable
-	, User.hasPassword "root"
-	, User.hasPassword "joey"
 	-- Clam is a tor bridge.
 	, Tor.isBridge
 	, Apt.installed ["docker.io"]
@@ -44,19 +42,19 @@ standardSystem suite = propertyList "standard system"
 	, Apt.installed ["etckeeper"]
 	, Apt.installed ["ssh"]
 	, GitHome.installedFor "root"
+	, User.hasSomePassword "root"
 	-- Harden the system, but only once root's authorized_keys
 	-- is safely in place.
 	, check (Ssh.hasAuthorizedKeys "root") $
 		Ssh.passwordAuthentication False
-	, check (Ssh.hasAuthorizedKeys "root") $
-		User.lockedPassword "root"
-	, Apt.installed ["vim"]
 	, User.sshAccountFor "joey"
 	, Apt.installed ["sudo"]
 	-- nopasswd because no password is set up for joey.
 	, "sudoer joey" ==>
 		"/etc/sudoers" `File.containsLine` "joey ALL=(ALL:ALL) NOPASSWD:ALL"
+	, User.hasSomePassword "joey"
 	, GitHome.installedFor "joey"
+	, Apt.installed ["vim", "screen"]
 	-- I use postfix, or no MTA.
 	, Apt.removed ["exim4"] `onChange` Apt.autoRemove
 	]
author	Joey Hess <joey@kitenet.net>	2014-03-30 20:18:45 -0400
committer	Joey Hess <joey@kitenet.net>	2014-03-30 20:18:45 -0400
commit	614d49789566cdf119997bf12c0d7494e386d4dd (patch)
tree	8a3d11703c38832edcf834a52f353a09e46616b8 /Propellor.hs
parent	385a1de0ce80427e3d7d87c291758bf20f03fcf2 (diff)