Merge branch 'joeyconfig'

author: Joey Hess <joeyh@joeyh.name> 2016-02-24 17:12:43 -0400
committer: Joey Hess <joeyh@joeyh.name> 2016-02-24 17:12:43 -0400
commit: c716d1a0d4b18737b133ba9cc23c97388f72f5c0 (patch)
tree: 7be06dd25e433685d921c8ce344bd5f9d2cb03d2 /config-joey.hs
parent: a2323b58c2edba99f06d7810b95da05aecb20b5f (diff)
parent: 90219e30615e09779469ceae272cf41943d43585 (diff)
1 files changed, 23 insertions, 9 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 5c3d376b..e84eb360 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -261,23 +261,32 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
 	& Ssh.passwordAuthentication True
 	-- Since ssh password authentication is allowed:
 	& Fail2Ban.installed
+	& Apt.serviceInstalledRunning "ntp"
+	& "/etc/timezone" `File.hasContent` ["US/Eastern"]
+
 	& Obnam.backupEncrypted "/" (Cron.Times "33 1 * * *")
-		[ "--repository=sftp://2318@usw-s002.rsync.net/~/kite.obnam"
+		[ "--repository=sftp://2318@usw-s002.rsync.net/~/kite-root.obnam"
 		, "--client-name=kitenet.net"
+		, "--exclude=/home"
 		, "--exclude=/var/cache"
 		, "--exclude=/var/tmp"
-		, "--exclude=/home/joey/lib"
+		, "--exclude=/srv/git"
+		, "--exclude=/var/spool/oldusenet"
 		, "--exclude=.*/tmp/"
 		, "--one-file-system"
 		, Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4, Obnam.KeepMonths 6]
 		] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
-		`requires` Ssh.userKeys (User "root")
-			(Context "kite.kitenet.net")
-			[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
-			]
+		`requires` rootsshkey
+		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
+	& Obnam.backupEncrypted "/home" (Cron.Times "33 3 * * *")
+		[ "--repository=sftp://2318@usw-s002.rsync.net/~/kite-home.obnam"
+		, "--client-name=kitenet.net"
+		, "--exclude=/home/joey/lib"
+		, "--one-file-system"
+		, Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4, Obnam.KeepMonths 6]
+		] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
+		`requires` rootsshkey
 		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
-	& Apt.serviceInstalledRunning "ntp"
-	& "/etc/timezone" `File.hasContent` ["US/Eastern"]
 
 	& alias "smtp.kitenet.net"
 	& alias "imap.kitenet.net"
@@ -337,6 +346,11 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
 	& Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html"
 		(LetsEncrypt.AgreeTOS (Just "id@joeyh.name"))
 	& alias "letsencrypt.joeyh.name"
+  where
+	rootsshkey = Ssh.userKeys (User "root")
+		(Context "kite.kitenet.net")
+		[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
+		]
 
 elephant :: Host
 elephant = standardSystem "elephant.kitenet.net" Unstable "amd64"
@@ -583,7 +597,7 @@ myDnsPrimary dnssec domain extras = (if dnssec then Dns.signedPrimary (Weekly No
 monsters :: [Host]    -- Systems I don't manage with propellor,
 monsters =            -- but do want to track their public keys etc.
 	[ host "usw-s002.rsync.net"
-		& Ssh.hostPubKey SshEd25519 "ssh-ed25519 SHA256:DBW4gxagH9Q3Avnus+dxaoOS5L/Q/tZlT42bcoMp+4Y"
+		& Ssh.hostPubKey SshEd25519 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB7yTEBGfQYdwG/oeL+U9XPMIh/dW7XNs9T+M79YIOrd"
 	, host "github.com" 
 		& Ssh.hostPubKey SshRsa "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="
 	, host "gitlab.com"
author	Joey Hess <joeyh@joeyh.name>	2016-02-24 17:12:43 -0400
committer	Joey Hess <joeyh@joeyh.name>	2016-02-24 17:12:43 -0400
commit	c716d1a0d4b18737b133ba9cc23c97388f72f5c0 (patch)
tree	7be06dd25e433685d921c8ce344bd5f9d2cb03d2 /config-joey.hs
parent	a2323b58c2edba99f06d7810b95da05aecb20b5f (diff)
parent	90219e30615e09779469ceae272cf41943d43585 (diff)