propellor spin

1 files changed, 26 insertions, 50 deletions

diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 74413a3f..a6cb3794 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -126,7 +126,7 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
 		, "find -type d -empty | xargs --no-run-if-empty rmdir"
 		]
 	uucpcommand = "/usr/bin/uucp " ++ datadir
-	nntpcfg = apachecfg "nntp.olduse.net" False
+	nntpcfg = apachecfg "nntp.olduse.net"
 		[ "  DocumentRoot " ++ datadir ++ "/"
 		, "  <Directory " ++ datadir ++ "/>"
 		, "    Options Indexes FollowSymlinks"
@@ -312,41 +312,27 @@ annexWebSite origin hn uuid remotes = propertyList (hn ++" website using git-ann
 letos :: LetsEncrypt.AgreeTOS
 letos = LetsEncrypt.AgreeTOS (Just "id@joeyh.name")
 
-apacheSite :: HostName -> Bool -> Apache.ConfigFile -> RevertableProperty DebianLike DebianLike
-apacheSite hn withssl middle = Apache.siteEnabled hn $ apachecfg hn withssl middle
+apacheSite :: HostName -> Apache.ConfigFile -> RevertableProperty DebianLike DebianLike
+apacheSite hn middle = Apache.siteEnabled hn $ apachecfg hn middle
 
-apachecfg :: HostName -> Bool -> Apache.ConfigFile -> Apache.ConfigFile
-apachecfg hn withssl middle
-	| withssl = vhost False ++ vhost True
-	| otherwise = vhost False
-  where
-	vhost ssl = 
-		[ "<VirtualHost *:"++show port++">"
-		, "  ServerAdmin grue@joeyh.name"
-		, "  ServerName "++hn++":"++show port
-		]
-		++ mainhttpscert ssl
-		++ middle ++
-		[ ""
-		, "  ErrorLog /var/log/apache2/error.log"
-		, "  LogLevel warn"
-		, "  CustomLog /var/log/apache2/access.log combined"
-		, "  ServerSignature On"
-		, "  "
-		, Apache.iconDir
-		, "</VirtualHost>"
-		]
-	  where
-		port = if ssl then 443 else 80 :: Int
-
-mainhttpscert :: Bool -> Apache.ConfigFile
-mainhttpscert False = []
-mainhttpscert True = 
-	[ "  SSLEngine on"
-	, "  SSLCertificateFile /etc/ssl/certs/web.pem"
-	, "  SSLCertificateKeyFile /etc/ssl/private/web.pem"
-	, "  SSLCertificateChainFile /etc/ssl/certs/startssl.pem"
+apachecfg :: HostName -> Apache.ConfigFile -> Apache.ConfigFile
+apachecfg hn middle = 
+	[ "<VirtualHost *:"++show port++">"
+	, "  ServerAdmin grue@joeyh.name"
+	, "  ServerName "++hn++":"++show port
 	]
+	++ middle ++
+	[ ""
+	, "  ErrorLog /var/log/apache2/error.log"
+	, "  LogLevel warn"
+	, "  CustomLog /var/log/apache2/access.log combined"
+	, "  ServerSignature On"
+	, "  "
+	, Apache.iconDir
+	, "</VirtualHost>"
+	]
+	  where
+		port = 80 :: Int
 		
 gitAnnexDistributor :: Property (HasInfo + DebianLike)
 gitAnnexDistributor = combineProperties "git-annex distributor, including rsync server and signer" $ props
@@ -770,15 +756,6 @@ hasPostfixCert ctx = combineProperties "postfix tls cert installed" $ props
 	& "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx
 	& "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx
 
-kitenetHttps :: Property (HasInfo + DebianLike)
-kitenetHttps = propertyList "kitenet.net https certs" $ props
-	& File.hasPrivContent "/etc/ssl/certs/web.pem" ctx
-	& File.hasPrivContent "/etc/ssl/private/web.pem" ctx
-	& File.hasPrivContent "/etc/ssl/certs/startssl.pem" ctx
-	& Apache.modEnabled "ssl"
-  where
-	ctx = Context "kitenet.net"
-
 -- Legacy static web sites and redirections from kitenet.net to newer
 -- sites.
 legacyWebSites :: Property (HasInfo + DebianLike)
@@ -788,8 +765,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 	& Apache.modEnabled "cgi"
 	& Apache.modEnabled "speling"
 	& userDirHtml
-	& kitenetHttps
-	& apacheSite "kitenet.net" True
+	& Apache.httpsVirtualHost' "kitenet.net" "/var/www" letos
 		-- /var/www is empty
 		[ "DocumentRoot /var/www"
 		, "<Directory /var/www>"
@@ -877,7 +853,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		, "rewriterule /~kyle/family/wiki(.*) http://macleawiki.branchable.com$1 [L]"
 		]
 	& alias "anna.kitenet.net"
-	& apacheSite "anna.kitenet.net" False
+	& apacheSite "anna.kitenet.net"
 		[ "DocumentRoot /home/anna/html"
 		, "<Directory /home/anna/html/>"
 		, "  Options Indexes ExecCGI"
@@ -887,7 +863,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		]
 	& alias "sows-ear.kitenet.net"
 	& alias "www.sows-ear.kitenet.net"
-	& apacheSite "sows-ear.kitenet.net" False
+	& apacheSite "sows-ear.kitenet.net"
 		[ "ServerAlias www.sows-ear.kitenet.net"
 		, "DocumentRoot /srv/web/sows-ear.kitenet.net"
 		, "<Directory /srv/web/sows-ear.kitenet.net>"
@@ -900,7 +876,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		]
 	& alias "wortroot.kitenet.net"
 	& alias "www.wortroot.kitenet.net"
-	& apacheSite "wortroot.kitenet.net" False
+	& apacheSite "wortroot.kitenet.net"
 		[ "ServerAlias www.wortroot.kitenet.net"
 		, "DocumentRoot /srv/web/wortroot.kitenet.net"
 		, "<Directory /srv/web/wortroot.kitenet.net>"
@@ -910,7 +886,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		, "</Directory>"
 		]
 	& alias "creeksidepress.com"
-	& apacheSite "creeksidepress.com" False
+	& apacheSite "creeksidepress.com"
 		[ "ServerAlias www.creeksidepress.com"
 		, "DocumentRoot /srv/web/www.creeksidepress.com"
 		, "<Directory /srv/web/www.creeksidepress.com>"
@@ -920,7 +896,7 @@ legacyWebSites = propertyList "legacy web sites" $ props
 		, "</Directory>"
 		]
 	& alias "joey.kitenet.net"
-	& apacheSite "joey.kitenet.net" False
+	& apacheSite "joey.kitenet.net"
 		[ "DocumentRoot /var/www"
 		, "<Directory /var/www/>"
 		, "  Options Indexes ExecCGI"