propellor spin

author: Joey Hess <joey@kitenet.net> 2014-04-13 11:58:22 -0400
committer: Joey Hess <joey@kitenet.net> 2014-04-13 11:58:22 -0400
commit: 456dd534ce2984535a9fc36bad2aff9e6ee2863a (patch)
tree: a981748a5c0a62c67832969c9e852c5741780821 /Propellor/Property/OpenId.hs
parent: 6d1263043112d0c70ae8d76fcbc998e6d853fafa (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs
index c397bdb8..b896180f 100644
--- a/Propellor/Property/OpenId.hs
+++ b/Propellor/Property/OpenId.hs
@@ -4,8 +4,10 @@ import Propellor
 import qualified Propellor.Property.File as File
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.Service as Service
+import Utility.FileMode
 
 import Data.List
+import System.Posix.Files
 
 providerFor :: [UserName] -> String -> Property
 providerFor users baseurl = propertyList desc $
@@ -16,11 +18,18 @@ providerFor users baseurl = propertyList desc $
 		(map setbaseurl) "/etc/simpleid/config.inc"
 	] ++ map identfile users
   where
-	identfile u = File.hasPrivContent $ concat
-		[ "/var/lib/simpleid/identities/", u, ".identity" ]
 	url = "http://"++baseurl++"/simpleid"
 	desc = "openid provider " ++ url
 	setbaseurl l
 		| "SIMPLEID_BASE_URL" `isInfixOf` l = 
 			"define('SIMPLEID_BASE_URL', '"++url++"');"
 		| otherwise = l
+	
+	identfile u = combineProperties desc
+		[ File.hasPrivContent f
+		-- the identitites directory controls access, so open up
+		-- file mode
+		, File.mode f (combineModes (ownerWriteMode:readModes))
+		]
+	  where
+		f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ]
author	Joey Hess <joey@kitenet.net>	2014-04-13 11:58:22 -0400
committer	Joey Hess <joey@kitenet.net>	2014-04-13 11:58:22 -0400
commit	456dd534ce2984535a9fc36bad2aff9e6ee2863a (patch)
tree	a981748a5c0a62c67832969c9e852c5741780821 /Propellor/Property/OpenId.hs
parent	6d1263043112d0c70ae8d76fcbc998e6d853fafa (diff)