diff options
| author | Joey Hess <joey@kitenet.net> | 2014-03-30 02:37:45 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-03-30 02:37:45 -0400 |
| commit | c4afc9c90f9016b3ecfa96193c531c73ccbdeae4 (patch) | |
| tree | a478d34bd26b9af628a139ea11ffb760976a4f60 /Propellor.hs | |
| parent | 47a0785fbc45a60560fbe4d34582f5215485c00f (diff) | |
rename
Diffstat (limited to 'Propellor.hs')
| -rw-r--r-- | Propellor.hs | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/Propellor.hs b/Propellor.hs new file mode 100644 index 00000000..1bc1373a --- /dev/null +++ b/Propellor.hs @@ -0,0 +1,61 @@ +import Property +import HostName +import qualified Property.Apt as Apt +import qualified Property.Ssh as Ssh +import qualified Property.User as User +import qualified Property.Hostname as Hostname +import qualified Property.Reboot as Reboot +import qualified Property.Tor as Tor +import qualified Property.GitHome as GitHome + +main :: IO () +main = ensureProperties . getProperties =<< getHostName + +{- This is where the system's HostName, either as returned by uname + - or one specified on the command line, is converted into a list of + - Properties for that system. -} +getProperties :: HostName -> [Property] +getProperties hostname@"clam.kitenet.net" = + [ cleanCloudAtCost hostname + , standardSystem Apt.Unstable + -- This is not an important system so I don't want to need to + -- manually upgrade it. + , Apt.unattendedUpgrades True + -- Clam is a tor bridge. + , Tor.isBridge + -- Should come last as it reboots. + --, Apt.installed ["systemd-sysv"] `onChange` Reboot.now + ] +-- add more hosts here... +--getProperties "foo" = +getProperties h = error $ "Unknown host: " ++ h ++ " (perhaps you should specify the real hostname on the command line?)" + +-- This is my standard system setup +standardSystem :: Apt.Suite -> Property +standardSystem suite = propertyList "standard system" + [ Apt.stdSourcesList suite `onChange` Apt.upgrade + , Apt.installed ["etckeeper"] + , Apt.installed ["ssh"] + , GitHome.installedFor "root" + -- Harden the system, but only once root's authorized_keys + -- is safely in place. + , check (Ssh.hasAuthorizedKeys "root") $ + Ssh.passwordAuthentication False + , check (Ssh.hasAuthorizedKeys "root") $ + User.lockedPassword "root" + , Apt.installed ["vim"] + , User.nonsystem "joey" + , Apt.installed ["sudo"] + -- nopasswd because no password is set up for joey. + , lineInFile "/etc/sudoers" "joey ALL=(ALL:ALL) NOPASSWD:ALL" + , GitHome.installedFor "joey" + ] + +-- Clean up a system as installed by cloudatcost.com +cleanCloudAtCost :: HostName -> Property +cleanCloudAtCost hostname = propertyList "cloudatcost cleanup" + [ User.nuked "user" + , Apt.removed ["exim4"] `onChange` Apt.autoRemove + , Hostname.set hostname + , Ssh.uniqueHostKeys + ] |