diff options
| author | Joey Hess <joey@kitenet.net> | 2014-10-10 11:36:47 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2014-10-10 11:36:47 -0400 |
| commit | 07f745ef9ca23982d7ef7e89bd6a638077a65ded (patch) | |
| tree | 9acc6ddda92f98d4c951045d4dcf406207c809ba /src/Propellor/Property/SiteSpecific | |
| parent | 2028464268c9e4696c59ee6626a9e315c88ad935 (diff) | |
| parent | 31f84270fddbf07221a6c1ea30e7a8c05db29115 (diff) | |
Merge branch 'joeyconfig'
Conflicts:
debian/changelog
privdata/privdata.gpg
Diffstat (limited to 'src/Propellor/Property/SiteSpecific')
| -rw-r--r-- | src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs | 11 | ||||
| -rw-r--r-- | src/Propellor/Property/SiteSpecific/JoeySites.hs | 32 |
2 files changed, 30 insertions, 13 deletions
diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs index 4cb26a50..056578a1 100644 --- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs +++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs @@ -98,6 +98,7 @@ standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.conta & tree arch & buildDepsApt & autobuilder arch (show buildminute ++ " * * * *") timeout + & Docker.tweaked androidAutoBuilderContainer :: (System -> Docker.Image) -> Cron.CronTimes -> TimeOut -> Host androidAutoBuilderContainer dockerImage crontimes timeout = @@ -108,8 +109,8 @@ androidAutoBuilderContainer dockerImage crontimes timeout = -- Android is cross-built in a Debian i386 container, using the Android NDK. androidContainer :: (System -> Docker.Image) -> Docker.ContainerName -> Property -> FilePath -> Host androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name - (dockerImage $ System (Debian Stable) "i386") - & os (System (Debian Stable) "i386") + (dockerImage osver) + & os osver & Apt.stdSourcesList & Apt.installed ["systemd"] & User.accountFor builduser @@ -118,6 +119,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe & buildDepsNoHaskellLibs & flagFile chrootsetup ("/chrootsetup") `requires` setupgitannexdir + & Docker.tweaked -- TODO: automate installing haskell libs -- (Currently have to run -- git-annex/standalone/android/install-haskell-packages @@ -129,6 +131,7 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe chrootsetup = scriptProperty [ "cd " ++ gitannexdir ++ " && ./standalone/android/buildchroot-inchroot" ] + osver = System (Debian (Stable "wheezy")) "i386" -- armel builder has a companion container using amd64 that -- runs the build first to get TH splices. They need @@ -139,7 +142,6 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & os (System (Debian Testing) "amd64") & Apt.stdSourcesList & Apt.installed ["systemd"] - & Apt.unattendedUpgrades -- This volume is shared with the armel builder. & Docker.volume gitbuilderdir & User.accountFor builduser @@ -151,13 +153,13 @@ armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder- & Docker.expose "22" & Apt.serviceInstalledRunning "ssh" & Ssh.authorizedKeys builduser (Context "armel-git-annex-builder") + & Docker.tweaked armelAutoBuilderContainer :: (System -> Docker.Image) -> Cron.CronTimes -> TimeOut -> Host armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "armel-git-annex-builder" (dockerImage $ System (Debian Unstable) "armel") & os (System (Debian Testing) "armel") & Apt.stdSourcesList - & Apt.unattendedUpgrades & Apt.installed ["systemd"] & Apt.installed ["openssh-client"] & Docker.link "armel-git-annex-builder-companion" "companion" @@ -172,6 +174,7 @@ armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "arme `requires` tree "armel" & Ssh.keyImported SshRsa builduser (Context "armel-git-annex-builder") & trivial writecompanionaddress + & Docker.tweaked where writecompanionaddress = scriptProperty [ "echo \"$COMPANION_PORT_22_TCP_ADDR\" > " ++ homedir </> "companion_address" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 6fe10c02..77af65fa 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -70,7 +70,10 @@ oldUseNetServer hosts = propertyList ("olduse.net server") datadir = "/var/spool/oldusenet" oldUseNetShellBox :: Property -oldUseNetShellBox = oldUseNetInstalled "oldusenet" +oldUseNetShellBox = propertyList "olduse.net shellbox" + [ oldUseNetInstalled "oldusenet" + , Service.running "oldusenet" + ] oldUseNetInstalled :: Apt.Package -> Property oldUseNetInstalled pkg = check (not <$> Apt.isInstalled pkg) $ @@ -376,7 +379,7 @@ obnamRepos :: [String] -> Property obnamRepos rs = propertyList ("obnam repos for " ++ unwords rs) (mkbase : map mkrepo rs) where - mkbase = mkdir "/home/joey/lib/backup" + mkbase = mkdir "/home/joey/lib/backup" `requires` mkdir "/home/joey/lib" mkrepo r = mkdir ("/home/joey/lib/backup/" ++ r ++ ".obnam") mkdir d = File.dirExists d @@ -452,8 +455,16 @@ kiteMailServer = propertyList "kitenet.net mail server" ] `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" - , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` - "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" + , "/etc/postfix/obscure_client_relay.pcre" `File.hasContent` + -- Remove received lines for mails relayed from trusted + -- clients. These can be a privacy vilation, or trigger + -- spam filters. + [ "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" + -- Munge local Received line for postfix running on a + -- trusted client that relays through. These can trigger + -- spam filters. + , "/^Received: by ([^.]+)\\.kitenet\\.net.*/ REPLACE Received: by kitenet.net" + ] `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" , Postfix.mappedFile "/etc/postfix/virtual" @@ -482,7 +493,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "header_checks = pcre:$config_directory/obscure_client_relay.pcre" , "# Enable postgrey." - , "smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023" + , "smtpd_recipient_restrictions = permit_tls_clientcerts,permit_mynetworks,reject_unauth_destination,check_policy_service inet:127.0.0.1:10023" , "# Enable spamass-milter and amavis-milter." , "smtpd_milters = unix:/spamass/spamass.sock unix:amavis/amavis.sock" @@ -541,10 +552,13 @@ kiteMailServer = propertyList "kitenet.net mail server" `onChange` (pinescript `File.mode` combineModes (readModes ++ executeModes)) `describe` "pine wrapper script" - , "/etc/pine.conf" `File.containsLines` - [ "inbox-path={localhost/novalidate-cert}inbox" + , "/etc/pine.conf" `File.hasContent` + [ "# deployed with propellor" + , "inbox-path={localhost/novalidate-cert/NoRsh}inbox" ] `describe` "pine configured to use local imap server" + + , Apt.serviceInstalledRunning "mailman" ] where ctx = Context "kitenet.net" @@ -705,8 +719,8 @@ legacyWebSites = propertyList "legacy web sites" ] , alias "joey.kitenet.net" , toProp $ Apache.siteEnabled "joey.kitenet.net" $ apachecfg "joey.kitenet.net" False - [ "DocumentRoot /home/joey/html" - , "<Directory /home/joey/html/>" + [ "DocumentRoot /var/www" + , "<Directory /var/www/>" , " Options Indexes ExecCGI" , " AllowOverride None" , Apache.allowAll |