Merge branch 'joeyconfig'

5 files changed, 75 insertions, 18 deletions

diff --git a/src/Propellor/Bootstrap.hs b/src/Propellor/Bootstrap.hs
index 21d29bcc..08af6878 100644
--- a/src/Propellor/Bootstrap.hs
+++ b/src/Propellor/Bootstrap.hs
@@ -33,7 +33,7 @@ type ShellCommand = String
 -- `OSOnly` uses the OS's native packages of Cabal and all of propellor's
 -- build dependencies. It may not work on all systems.
 data Bootstrapper = Robustly Builder | OSOnly
-	deriving (Show)
+	deriving (Show, Typeable)
 
 data Builder = Cabal | Stack
 	deriving (Show, Typeable)
diff --git a/src/Propellor/Property/Attic.hs b/src/Propellor/Property/Attic.hs
index 3059a04b..9e024356 100644
--- a/src/Propellor/Property/Attic.hs
+++ b/src/Propellor/Property/Attic.hs
@@ -1,8 +1,12 @@
 -- | Maintainer: Félix Sipma <felix+propellor@gueux.org>
 --
 -- Support for the Attic backup tool <https://attic-backup.org/>
+--
+-- This module is deprecated because Attic is not available in debian
+-- stable any longer (so the installed property no longer works), and it
+-- appears to have been mostly supersceded by Borg.
 
-module Propellor.Property.Attic
+module Propellor.Property.Attic {-# DEPRECATED "Use Borg instead" #-}
 	( installed
 	, repoExists
 	, init
diff --git a/src/Propellor/Property/Locale.hs b/src/Propellor/Property/Locale.hs
index 14c6f0b0..53091fc9 100644
--- a/src/Propellor/Property/Locale.hs
+++ b/src/Propellor/Property/Locale.hs
@@ -63,7 +63,7 @@ available locale = ensureAvailable `requires` Apt.installed ["locales"]
 			then ensureProperty w $
 				fileProperty desc (foldr uncomment []) f
 					`onChange` regenerate
-			else return FailedChange -- locale unavailable for generation
+			else error $ "locale " ++ locale ++ " is not present in /etc/locale.gen, even in commented out form; cannot generate"
 	ensureUnavailable :: Property DebianLike
 	ensureUnavailable = tightenTargets $ 
 		fileProperty (locale ++ " locale not generated") (foldr comment []) f
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index 66d3c08d..7943b46e 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -1,6 +1,9 @@
 -- | Support for the Obnam backup tool <http://obnam.org/>
+--
+-- This module is deprecated because Obnam has been retired by its
+-- author.
 
-module Propellor.Property.Obnam where
+module Propellor.Property.Obnam {-# DEPRECATED "Obnam has been retired; time to transition to something else" #-} where
 
 import Propellor.Base
 import qualified Propellor.Property.Apt as Apt
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index a48ebf9c..f02dc6f0 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -520,7 +520,6 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
 
 	& "/etc/aliases" `File.hasPrivContentExposed` ctx
 		`onChange` Postfix.newaliases
-	& hasPostfixCert ctx
 
 	& "/etc/postfix/mydomain" `File.containsLines`
 		[ "/.*\\.kitenet\\.net/\tOK"
@@ -583,9 +582,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
 		, "milter_default_action = accept"
 
 		, "# TLS setup -- server"
-		, "smtpd_tls_CAfile = /etc/ssl/certs/joeyca.pem"
-		, "smtpd_tls_cert_file = /etc/ssl/certs/postfix.pem"
-		, "smtpd_tls_key_file = /etc/ssl/private/postfix.pem"
+		, "smtpd_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+		, "smtpd_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+		, "smtpd_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
 		, "smtpd_tls_loglevel = 1"
 		, "smtpd_tls_received_header = yes"
 		, "smtpd_use_tls = yes"
@@ -593,9 +592,9 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
 		, "smtpd_tls_session_cache_database = sdbm:/etc/postfix/smtpd_scache"
 
 		, "# TLS setup -- client"
-		, "smtp_tls_CAfile = /etc/ssl/certs/joeyca.pem"
-		, "smtp_tls_cert_file = /etc/ssl/certs/postfix.pem"
-		, "smtp_tls_key_file = /etc/ssl/private/postfix.pem"
+		, "smtp_tls_CAfile = /etc/letsencrypt/live/kitenet.net/fullchain.pem"
+		, "smtp_tls_cert_file = /etc/letsencrypt/live/kitenet.net/cert.pem"
+		, "smtp_tls_key_file = /etc/letsencrypt/live/kitenet.net/privkey.pem"
 		, "smtp_tls_loglevel = 1"
 		, "smtp_use_tls = yes"
 		, "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache"
@@ -614,6 +613,12 @@ kiteMailServer = propertyList "kitenet.net mail server" $ props
 		"!include auth-passwdfile.conf.ext"
 		`onChange` Service.restarted "dovecot"
 		`describe` "dovecot auth.conf"
+	& "/etc/dovecot/conf.d/10-ssl.conf" `File.containsLines`
+		[ "ssl_cert = </etc/letsencrypt/live/kitenet.net/fullchain.pem"
+		, "ssl_key = </etc/letsencrypt/live/kitenet.net/privkey.pem"
+		]
+		`onChange` Service.restarted "dovecot"
+		`describe` "dovecot letsencrypt certs"
 	& File.hasPrivContent dovecotusers ctx
 		`onChange` (dovecotusers `File.mode`
 			combineModes [ownerReadMode, groupReadMode])
@@ -711,16 +716,9 @@ postfixSaslPasswordClient = combineProperties "postfix uses SASL password to aut
 		, "smtp_sasl_tls_security_options = noanonymous"
 		, "relayhost = [kitenet.net]"
 		, "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
-		, "# kite's fingerprint"
-		, "smtp_tls_fingerprint_cert_match = 13:B0:0C:F3:11:83:A5:EB:A9:37:C6:C5:ED:16:60:86"
 		]
 		`onChange` Postfix.reloaded
 
-hasPostfixCert :: Context -> Property (HasInfo + UnixLike)
-hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props
-	& "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
-	& "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
-
 -- Legacy static web sites and redirections from kitenet.net to newer
 -- sites.
 legacyWebSites :: Property (HasInfo + DebianLike)
@@ -795,6 +793,15 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		, "# Redirect all to joeyh.name."
 		, "rewriterule (.*) http://joeyh.name$1 [r]"
 		]
+	& alias "homepower.joeyh.name"
+	& apacheSite "homepower.joeyh.name"
+		[ "DocumentRoot /srv/web/homepower.joeyh.name"
+		, "<Directory /srv/web/homepower.joeyh.name>"
+		, "  Options Indexes ExecCGI"
+		, "  AllowOverride None"
+		, Apache.allowAll
+		, "</Directory>"
+		]
   where
 	kitenetcfg =
 		-- /var/www is empty
@@ -931,6 +938,49 @@ alarmClock oncalendar (User user) command = combineProperties "goodmorning timer
 	& "/etc/systemd/logind.conf" `ConfFile.containsIniSetting`
 		("Login", "LidSwitchIgnoreInhibited", "no")
 
+-- My home power monitor.
+homePowerMonitor :: IsContext c => User -> c -> (SshKeyType, Ssh.PubKeyText) -> Property (HasInfo + DebianLike)
+homePowerMonitor user ctx sshkey = propertyList "home power monitor" $ props
+	& Apache.installed
+	& Apt.installed ["python2", "python-pymodbus"]
+	& File.ownerGroup "/var/www/html" user (userGroup user)
+	& Git.cloned user "git://git.kitenet.net/joey/homepower" d Nothing
+		`onChange` buildpoller
+	& Systemd.enabled servicename
+		`requires` serviceinstalled
+		`onChange` Systemd.started servicename
+	& Cron.niceJob "homepower upload"
+		(Cron.Times "1 * * * *") user d rsynccommand
+		`requires` Ssh.userKeyAt (Just sshkeyfile) user ctx sshkey
+  where
+	d = "/var/www/html/homepower"
+	sshkeyfile = d </> ".ssh/key"
+	buildpoller = userScriptProperty (User "joey")
+		[ "cd " ++ d
+		, "make"
+		]
+		`assume` MadeChange
+		`requires` Apt.installed ["ghc", "make"]
+	servicename = "homepower"
+	servicefile = "/etc/systemd/system/" ++ servicename ++ ".service"
+	serviceinstalled = servicefile `File.hasContent`
+		[ "[Unit]"
+		, "Description=home power monitor"
+		, ""
+		, "[Service]"
+		, "ExecStart=" ++ d ++ "/poller"
+		, "WorkingDirectory=" ++ d
+		, "User=joey"
+		, "Group=joey"
+		, ""
+		, "[Install]"
+		, "WantedBy=multi-user.target"
+		]
+	-- Only upload when eth0 is up; eg the satellite internet is up.
+	-- Any changes to the rsync command will need my .authorized_keys
+	-- rsync server command to be updated too.
+	rsynccommand = "if ip route | grep '^default' | grep -q eth0; then rsync -e 'ssh -i" ++ sshkeyfile ++ "' -avz rrds/recent/ joey@kitenet.net:/srv/web/homepower.joeyh.name/rrds/recent/; fi"
+
 -- My home router, running hostapd and dnsmasq for wlan0,
 -- with eth0 connected to a satellite modem, and a fallback ppp connection.
 homeRouter :: Property (HasInfo + DebianLike)