diff options
| author | Joey Hess <joeyh@joeyh.name> | 2015-01-25 15:16:58 -0400 |
|---|---|---|
| committer | Joey Hess <joeyh@joeyh.name> | 2015-01-25 15:16:58 -0400 |
| commit | 401b857eef13ca7d3f7b8f6b88e9237884fcd906 (patch) | |
| tree | eb4b5c189349b5a86b3b39edbe039956d3a1a3b8 /config-joey.hs | |
| parent | 1df70ba81ddfbd4ceeb5344793f7714a35706c8f (diff) | |
| parent | cdd88b080af534231aae8a64ef327f0597a5b5b3 (diff) | |
Merge branch 'joeyconfig'
Conflicts:
doc/todo/info_propigation_out_of_nested_properties.mdwn
privdata.joey/privdata.gpg
Diffstat (limited to 'config-joey.hs')
| -rw-r--r-- | config-joey.hs | 62 |
1 files changed, 33 insertions, 29 deletions
diff --git a/config-joey.hs b/config-joey.hs index 705ad0f6..1f8a021e 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -25,6 +25,7 @@ import qualified Propellor.Property.Grub as Grub import qualified Propellor.Property.Obnam as Obnam import qualified Propellor.Property.Gpg as Gpg import qualified Propellor.Property.Systemd as Systemd +import qualified Propellor.Property.Journald as Journald import qualified Propellor.Property.OS as OS import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost @@ -46,7 +47,6 @@ hosts = -- (o) ` , kite , diatom , elephant - , testvm ] ++ monsters testvm :: Host @@ -140,11 +140,13 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" , (SshEd25519, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFZftKMnH/zH29BHMKbcBO4QsgTrstYFVhbrzrlRzBO3") ] + & Network.static "eth0" `requires` Network.cleanInterfacesFile & Apt.installed ["linux-image-amd64"] & Linode.chainPVGrub 5 & Apt.unattendedUpgrades & Systemd.installed & Systemd.persistentJournal + & Journald.systemMaxUse "500MiB" & Ssh.passwordAuthentication True -- Since ssh password authentication is allowed: & Apt.serviceInstalledRunning "fail2ban" @@ -254,7 +256,7 @@ diatom = standardSystem "diatom.kitenet.net" (Stable "wheezy") "amd64" & JoeySites.oldUseNetServer hosts & alias "ns2.kitenet.net" - & myDnsPrimary False "kitenet.net" [] + & myDnsPrimary True "kitenet.net" [] & myDnsPrimary True "joeyh.name" [] & myDnsPrimary True "ikiwiki.info" [] & myDnsPrimary True "olduse.net" @@ -327,13 +329,14 @@ elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" & Ssh.listenPort 80 - --' __|II| ,. - ---- __|II|II|__ ( \_,/\ - ------'\o/-'-.-'-.-'-.- __|II|II|II|II|___/ __/ -'-.-'-.-'-.-'-.-'- - ----------------------- | [Docker] / ---------------------- - ----------------------- : / ----------------------- - ------------------------ \____, o ,' ------------------------ - ------------------------- '--,___________,' ------------------------- + --' __|II| ,. + ---- __|II|II|__ ( \_,/\ +--'-------'\o/-'-.-'-.-'-.- __|II|II|II|II|___/ __/ -'-.-'-.-'-.-'-.-'-.-'- +-------------------------- | [Docker] / -------------------------- +-------------------------- : / --------------------------- +--------------------------- \____, o ,' ---------------------------- +---------------------------- '--,___________,' ----------------------------- + -- Simple web server, publishing the outside host's /var/www webserver :: Docker.Container webserver = standardStableContainer "webserver" @@ -434,13 +437,12 @@ dockerImage (System (Debian Testing) arch) = "joeyh/debian-unstable-" ++ arch dockerImage (System (Debian (Stable _)) arch) = "joeyh/debian-stable-" ++ arch dockerImage _ = "debian-stable-official" -- does not currently exist! -myDnsSecondary :: Property -myDnsSecondary = propertyList "dns secondary for all my domains" $ map toProp - [ Dns.secondary hosts "kitenet.net" - , Dns.secondary hosts "joeyh.name" - , Dns.secondary hosts "ikiwiki.info" - , Dns.secondary hosts "olduse.net" - ] +myDnsSecondary :: Property HasInfo +myDnsSecondary = propertyList "dns secondary for all my domains" $ props + & Dns.secondary hosts "kitenet.net" + & Dns.secondary hosts "joeyh.name" + & Dns.secondary hosts "ikiwiki.info" + & Dns.secondary hosts "olduse.net" branchableSecondary :: RevertableProperty branchableSecondary = Dns.secondaryFor ["branchable.com"] hosts "branchable.com" @@ -456,23 +458,11 @@ myDnsPrimary dnssec domain extras = (if dnssec then Dns.signedPrimary (Weekly No , (RootDomain, NS $ AbsDomain "ns4.kitenet.net") , (RootDomain, NS $ AbsDomain "ns6.gandi.net") , (RootDomain, MX 0 $ AbsDomain "kitenet.net") - -- SPF only allows IP address of kitenet.net to send mail. - , (RootDomain, TXT "v=spf1 a:kitenet.net -all") + , (RootDomain, TXT "v=spf1 a a:kitenet.net ~all") , JoeySites.domainKey ] ++ extras - -- o - -- ___ o o - {-----\ / o \ ___o o - { \ __ \ / _ (X___>-- __o - _____________________{ ______\___ \__/ | \__/ \____ |X__> - < \___//|\\___/\ \____________ _ - \ ___/ | \___ # # \ (-) - \ O O O # | \ # >=) - \______________________________# # / #__________________/ (-} - - monsters :: [Host] -- Systems I don't manage with propellor, monsters = -- but do want to track their public keys etc. [ host "usw-s002.rsync.net" @@ -508,3 +498,17 @@ monsters = -- but do want to track their public keys etc. & ipv4 "76.7.162.101" & ipv4 "76.7.162.186" ] + + + + -- o + -- ___ o o + {-----\ / o \ ___o o + { \ __ \ / _ (X___>-- __o + _____________________{ ______\___ \__/ | \__/ \____ |X__> + < \___//|\\___/\ \____________ _ + \ ___/ | \___ # # \ (-) + \ O O O # | \ # >=) + \______________________________# # / #__________________/ (-} + + |