Merge branch 'joeyconfig' of git://git.kitenet.net/propellor into joeyconfig

Conflicts:
	src/Propellor/Property/SiteSpecific/IABak.hs

4 files changed, 56 insertions, 89 deletions

diff --git a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
index 511fd888..7f893431 100644
--- a/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
+++ b/src/Propellor/Property/SiteSpecific/GitAnnexBuilder.hs
@@ -6,9 +6,9 @@ import Propellor
 import qualified Propellor.Property.Apt as Apt
 import qualified Propellor.Property.User as User
 import qualified Propellor.Property.Cron as Cron
-import qualified Propellor.Property.Ssh as Ssh
 import qualified Propellor.Property.File as File
-import qualified Propellor.Property.Docker as Docker
+import qualified Propellor.Property.Systemd as Systemd
+import qualified Propellor.Property.Chroot as Chroot
 import Propellor.Property.Cron (Times)
 
 builduser :: UserName
@@ -48,8 +48,6 @@ autobuilder arch crontimes timeout = combineProperties "gitannexbuilder" $ props
 tree :: Architecture -> Property HasInfo
 tree buildarch = combineProperties "gitannexbuilder tree" $ props
 	& Apt.installed ["git"]
-	-- gitbuilderdir directory already exists when docker volume is used,
-	-- but with wrong owner.
 	& File.dirExists gitbuilderdir
 	& File.ownerGroup gitbuilderdir (User builduser) (Group builduser)
 	& gitannexbuildercloned
@@ -69,7 +67,6 @@ tree buildarch = combineProperties "gitannexbuilder tree" $ props
 buildDepsApt :: Property HasInfo
 buildDepsApt = combineProperties "gitannexbuilder build deps" $ props
 	& Apt.buildDep ["git-annex"]
-	& Apt.installed ["liblockfile-simple-perl"]
 	& buildDepsNoHaskellLibs
 	& Apt.buildDepIn builddir
 		`describe` "git-annex source build deps installed"
@@ -84,6 +81,13 @@ buildDepsNoHaskellLibs = Apt.installed
 	"alex", "happy", "c2hs"
 	]
 
+haskellPkgsInstalled :: String -> Property NoInfo
+haskellPkgsInstalled dir = flagFile go ("/haskellpkgsinstalled")
+  where
+	go = userScriptProperty (User builduser)
+		[ "cd " ++ builddir ++ " && ./standalone/" ++ dir ++ "/install-haskell-packages"
+		]
+
 -- Installs current versions of git-annex's deps from cabal, but only
 -- does so once.
 cabalDeps :: Property NoInfo
@@ -92,46 +96,60 @@ cabalDeps = flagFile go cabalupdated
 		go = userScriptProperty (User builduser) ["cabal update && cabal install git-annex --only-dependencies || true"]
 		cabalupdated = homedir </> ".cabal" </> "packages" </> "hackage.haskell.org" </> "00-index.cache"
 
-standardAutoBuilderContainer :: (System -> Docker.Image) -> Architecture -> Int -> TimeOut -> Docker.Container
-standardAutoBuilderContainer dockerImage arch buildminute timeout = Docker.container (arch ++ "-git-annex-builder")
-	(dockerImage $ System (Debian Testing) arch)
-	& os (System (Debian Testing) arch)
-	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	& Apt.unattendedUpgrades
-	& User.accountFor (User builduser)
-	& tree arch
-	& buildDepsApt
-	& autobuilder arch (Cron.Times $ show buildminute ++ " * * * *") timeout
-	& Docker.tweaked
+autoBuilderContainer :: (System -> Property HasInfo) -> System -> Times -> TimeOut -> Systemd.Container
+autoBuilderContainer mkprop osver@(System _ arch) crontime timeout =
+	Systemd.container name bootstrap
+		& mkprop osver
+		& buildDepsApt
+		& autobuilder arch crontime timeout
+  where
+	name = arch ++ "-git-annex-builder"
+	bootstrap = Chroot.debootstrapped osver mempty
 
-androidAutoBuilderContainer :: (System -> Docker.Image) -> Times -> TimeOut -> Docker.Container
-androidAutoBuilderContainer dockerImage crontimes timeout =
-	androidContainer dockerImage "android-git-annex-builder" (tree "android") builddir
+standardAutoBuilder :: System -> Property HasInfo
+standardAutoBuilder osver@(System _ arch) =
+	propertyList "standard git-annex autobuilder" $ props
+		& os osver
+		& Apt.stdSourcesList
+		& Apt.unattendedUpgrades
+		& User.accountFor (User builduser)
+		& tree arch
+
+armAutoBuilder :: System -> Times -> TimeOut -> Property HasInfo
+armAutoBuilder osver@(System _ arch) crontime timeout = 
+	propertyList "arm git-annex autobuilder" $ props
+		& standardAutoBuilder osver
+		& buildDepsNoHaskellLibs
+		-- Works around ghc crash with parallel builds on arm.
+		& (homedir </> ".cabal" </> "config")
+			`File.lacksLine` "jobs: $ncpus"
+		-- Install patched haskell packages for portability to
+		-- arm NAS's using old kernel versions.
+		& haskellPkgsInstalled "linux"
+		& autobuilder arch crontime timeout
+
+androidAutoBuilderContainer :: Times -> TimeOut -> Systemd.Container
+androidAutoBuilderContainer crontimes timeout =
+	androidContainer "android-git-annex-builder" (tree "android") builddir
 		& Apt.unattendedUpgrades
 		& autobuilder "android" crontimes timeout
 
 -- Android is cross-built in a Debian i386 container, using the Android NDK.
 androidContainer
 	:: (IsProp (Property (CInfo NoInfo i)), (Combines (Property NoInfo) (Property i)))
-	=> (System -> Docker.Image)
-	-> Docker.ContainerName
+	=> Systemd.MachineName
 	-> Property i
 	-> FilePath
-	-> Docker.Container
-androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.container name
-	(dockerImage osver)
+	-> Systemd.Container
+androidContainer name setupgitannexdir gitannexdir = Systemd.container name bootstrap
 	& os osver
 	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	& Docker.tweaked
 	& User.accountFor (User builduser)
 	& File.dirExists gitbuilderdir
 	& File.ownerGroup homedir (User builduser) (Group builduser)
-	& buildDepsApt
 	& flagFile chrootsetup ("/chrootsetup")
 		`requires` setupgitannexdir
-	& flagFile haskellpkgsinstalled ("/haskellpkgsinstalled")
+	& haskellPkgsInstalled "android"
   where
 	-- Use git-annex's android chroot setup script, which will install
 	-- ghc-android and the NDK, all build deps, etc, in the home
@@ -139,54 +157,5 @@ androidContainer dockerImage name setupgitannexdir gitannexdir = Docker.containe
 	chrootsetup = scriptProperty
 		[ "cd " ++ gitannexdir ++ " && ./standalone/android/buildchroot-inchroot"
 		]
-	haskellpkgsinstalled = userScriptProperty (User builduser)
-		[ "cd " ++ gitannexdir ++ " && ./standalone/android/install-haskell-packages"
-		]
-	osver = System (Debian Testing) "i386"
-
--- armel builder has a companion container using amd64 that
--- runs the build first to get TH splices. They need
--- to have the same versions of all haskell libraries installed.
-armelCompanionContainer :: (System -> Docker.Image) -> Docker.Container
-armelCompanionContainer dockerImage = Docker.container "armel-git-annex-builder-companion"
-	(dockerImage $ System (Debian Unstable) "amd64")
-	& os (System (Debian Testing) "amd64")
-	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	-- This volume is shared with the armel builder.
-	& Docker.volume gitbuilderdir
-	& User.accountFor (User builduser)
-	-- Install current versions of build deps from cabal.
-	& tree "armel"
-	& buildDepsNoHaskellLibs
-	& cabalDeps
-	-- The armel builder can ssh to this companion.
-	& Docker.expose "22"
-	& Apt.serviceInstalledRunning "ssh"
-	& Ssh.authorizedKeys (User builduser) (Context "armel-git-annex-builder")
-	& Docker.tweaked
-
-armelAutoBuilderContainer :: (System -> Docker.Image) -> Times -> TimeOut -> Docker.Container
-armelAutoBuilderContainer dockerImage crontimes timeout = Docker.container "armel-git-annex-builder"
-	(dockerImage $ System (Debian Unstable) "armel")
-	& os (System (Debian Testing) "armel")
-	& Apt.stdSourcesList
-	& Apt.installed ["systemd"]
-	& Apt.installed ["openssh-client"]
-	& Docker.link "armel-git-annex-builder-companion" "companion"
-	& Docker.volumes_from "armel-git-annex-builder-companion"
-	& User.accountFor (User builduser)
-	-- TODO: automate installing haskell libs
-	-- (Currently have to run
-	-- git-annex/standalone/linux/install-haskell-packages
-	-- which is not fully automated.)
-	& buildDepsNoHaskellLibs
-	& autobuilder "armel" crontimes timeout
-		`requires` tree "armel"
-	& Ssh.keyImported SshRsa (User builduser) (Context "armel-git-annex-builder")
-	& trivial writecompanionaddress
-	& Docker.tweaked
-  where
-	writecompanionaddress = scriptProperty
-		[ "echo \"$COMPANION_PORT_22_TCP_ADDR\" > " ++ homedir </> "companion_address"
-		] `describe` "companion_address file"
+	osver = System (Debian (Stable "jessie")) "i386"
+	bootstrap = Chroot.debootstrapped osver mempty
diff --git a/src/Propellor/Property/SiteSpecific/GitHome.hs b/src/Propellor/Property/SiteSpecific/GitHome.hs
index d6dce7c0..40f2ecd8 100644
--- a/src/Propellor/Property/SiteSpecific/GitHome.hs
+++ b/src/Propellor/Property/SiteSpecific/GitHome.hs
@@ -3,7 +3,6 @@ module Propellor.Property.SiteSpecific.GitHome where
 import Propellor
 import qualified Propellor.Property.Apt as Apt
 import Propellor.Property.User
-import Utility.SafeCommand
 
 -- | Clones Joey Hess's git home directory, and runs its fixups script.
 installedFor :: User -> Property NoInfo
diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs
index 4ddc6380..8ed3b38f 100644
--- a/src/Propellor/Property/SiteSpecific/IABak.hs
+++ b/src/Propellor/Property/SiteSpecific/IABak.hs
@@ -35,7 +35,7 @@ gitServer knownhosts = propertyList "iabak git server" $ props
 	& Cron.niceJob "shardstats" (Cron.Times "*/30 * * * *") (User "root") "/"
 		"/usr/local/IA.BAK/shardstats-all"
 	& Cron.niceJob "shardmaint" Cron.Daily (User "root") "/"
-		"/usr/local/IA.BAK/shardmaint"
+		"/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint"
 
 registrationServer :: [Host] -> Property HasInfo
 registrationServer knownhosts = propertyList "iabak registration server" $ props
@@ -64,14 +64,13 @@ graphiteServer = propertyList "iabak graphite server" $ props
 		, "pattern = ^carbon\\."
 		, "retentions = 60:90d"
 		, "[iabak-connections]"
-		, "pattern = ^iabak\.shardstats\.connections"
+		, "pattern = ^iabak\\.shardstats\\.connections"
 		, "retentions = 1h:1y,3h:10y"
-		, "[iabak]"
+		, "[iabak-default]"
 		, "pattern = ^iabak\\."
 		, "retentions = 10m:30d,1h:1y,3h:10y"
 		, "[default_1min_for_1day]"
 		, "pattern = .*"
-		, "retentions = 60s:1d"
 		]
 	& graphiteCSRF
 	& cmdProperty "graphite-manage" ["syncdb", "--noinput"] `flagFile` "/etc/flagFiles/graphite-syncdb"
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 36808919..b6524f69 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -15,7 +15,6 @@ import qualified Propellor.Property.User as User
 import qualified Propellor.Property.Obnam as Obnam
 import qualified Propellor.Property.Apache as Apache
 import qualified Propellor.Property.Postfix as Postfix
-import Utility.SafeCommand
 import Utility.FileMode
 
 import Data.List
@@ -30,7 +29,6 @@ scrollBox = propertyList "scroll server" $ props
 		"libghc-bytestring-dev", "libghc-mtl-dev", "libghc-ncurses-dev",
 		"libghc-random-dev", "libghc-monad-loops-dev", "libghc-text-dev",
 		"libghc-ifelse-dev", "libghc-case-insensitive-dev",
-		"libghc-transformers-dev",
 		"libghc-data-default-dev", "libghc-optparse-applicative-dev"]
 	& userScriptProperty (User "scroll")
 		[ "cd " ++ d </> "scroll"
@@ -389,7 +387,7 @@ twitRss = combineProperties "twitter rss" $ props
 -- Work around for expired ssl cert.
 pumpRss :: Property NoInfo
 pumpRss = Cron.job "pump rss" (Cron.Times "15 * * * *") (User "joey") "/srv/web/tmp.kitenet.net/"
-	"wget https://pump2rss.com/feed/joeyh@identi.ca.atom -O pump.atom.new --no-check-certificate 2>/dev/null; sed 's/ & / /g' pump.atom.new > pump.atom"
+	"wget https://rss.io.jpope.org/feed/joeyh@identi.ca.atom -O pump.atom.new --no-check-certificate 2>/dev/null; sed 's/ & / /g' pump.atom.new > pump.atom"
 
 ircBouncer :: Property HasInfo
 ircBouncer = propertyList "IRC bouncer" $ props
@@ -407,7 +405,7 @@ ircBouncer = propertyList "IRC bouncer" $ props
 
 kiteShellBox :: Property NoInfo
 kiteShellBox = propertyList "kitenet.net shellinabox"
-	[ Apt.installed ["openssl", "shellinabox"]
+	[ Apt.installed ["openssl", "shellinabox", "openssh-client"]
 	, File.hasContent "/etc/default/shellinabox"
 		[ "# Deployed by propellor"
 		, "SHELLINABOX_DAEMON_START=1"
@@ -861,6 +859,8 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		, "  AllowOverride None"
 		, Apache.allowAll
 		, "</Directory>"
+		, "RewriteEngine On"
+		, "RewriteRule .* http://www.sowsearpoetry.org/ [L]"
 		]
 	& alias "wortroot.kitenet.net"
 	& alias "www.wortroot.kitenet.net"