diff options
| l--------- | config.hs | 2 | ||||
| -rw-r--r-- | debian/changelog | 19 | ||||
| -rw-r--r-- | doc/news/version_3.3.0.mdwn | 26 | ||||
| -rw-r--r-- | doc/news/version_4.3.0.mdwn | 6 | ||||
| -rw-r--r-- | doc/news/version_4.3.1.mdwn | 4 | ||||
| -rw-r--r-- | doc/news/version_4.3.2.mdwn | 3 | ||||
| -rw-r--r-- | privdata/relocate | 1 | ||||
| -rw-r--r-- | propellor.cabal | 3 | ||||
| -rw-r--r-- | src/Propellor/Property/Restic.hs | 14 | ||||
| -rw-r--r-- | src/Propellor/Property/User.hs | 25 |
10 files changed, 52 insertions, 51 deletions
@@ -1 +1 @@ -joeyconfig.hs
\ No newline at end of file +config-simple.hs
\ No newline at end of file diff --git a/debian/changelog b/debian/changelog index fdc2070e..75566e32 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,19 @@ -propellor (4.3.1) UNRELEASED; urgency=medium +propellor (4.3.3) UNRELEASED; urgency=medium + + * User: add systemGroup and use it for systemAccountFor' + Thanks, Félix Sipma. + * Export a Restic.backup' property. + Thanks, Félix Sipma. + + -- Joey Hess <id@joeyh.name> Mon, 10 Jul 2017 11:57:49 -0400 + +propellor (4.3.2) unstable; urgency=medium + + * Really include Propellor.Property.FreeDesktop. + + -- Joey Hess <id@joeyh.name> Thu, 06 Jul 2017 17:28:53 -0400 + +propellor (4.3.1) unstable; urgency=medium * Added Propellor.Property.FreeDesktop module. * Added reservedSpacePercentage to the PartSpec EDSL. @@ -13,7 +28,7 @@ propellor (4.3.1) UNRELEASED; urgency=medium "fatal: Couldn't find remote ref HEAD". The previous fix didn't work reliably. - -- Joey Hess <id@joeyh.name> Wed, 05 Jul 2017 22:57:42 -0400 + -- Joey Hess <id@joeyh.name> Thu, 06 Jul 2017 17:03:15 -0400 propellor (4.3.0) unstable; urgency=medium diff --git a/doc/news/version_3.3.0.mdwn b/doc/news/version_3.3.0.mdwn deleted file mode 100644 index 19bd5664..00000000 --- a/doc/news/version_3.3.0.mdwn +++ /dev/null @@ -1,26 +0,0 @@ -propellor 3.3.0 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Arch Linux is now supported by Propellor! - Thanks to Zihao Wang for this port. - * Added Propellor.Property.Pacman for Arch's package manager. - Maintained by Zihao Wang. - * The types of some properties changed; eg from Property DebianLike - to Property (DebianLike + ArchLinux). Also, DebianLike and Linux - are no longer type synonyms; propellor now knows that Linux includes - ArchLinux. This could require updates to code, so is a minor API change. - * GHC's fileSystemEncoding is used for all String IO, to avoid - encoding-related crashes in eg, Propellor.Property.File. - * Add --build option to simply build config.hs. - * More informative usage message. Thanks, Daniel Brooks - * Tor.hiddenService' added to support multiple ports. - Thanks, Félix Sipma. - * Apt.noPDiffs added. - Thanks, Sean Whitton. - * stack.yaml: Compile with GHC 8.0.1 against lts-7.16. - Thanks, Andrew Cowie. - * Added Propellor.Property.File.configFileName and related functions - to generate good filenames for config directories. - * Added Apt.suiteAvailablePinned, Apt.pinnedTo. - Thanks, Sean Whitton. - * Added File.containsBlock - Thanks, Sean Whitton."""]]
\ No newline at end of file diff --git a/doc/news/version_4.3.0.mdwn b/doc/news/version_4.3.0.mdwn deleted file mode 100644 index f300b984..00000000 --- a/doc/news/version_4.3.0.mdwn +++ /dev/null @@ -1,6 +0,0 @@ -propellor 4.3.0 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * DiskImage: Removed grubBooted; properties that used to need it as a - parameter now look at Info about the bootloader that is installed in - the chroot that the disk image is created from. - (API change)"""]]
\ No newline at end of file diff --git a/doc/news/version_4.3.1.mdwn b/doc/news/version_4.3.1.mdwn new file mode 100644 index 00000000..5c07307d --- /dev/null +++ b/doc/news/version_4.3.1.mdwn @@ -0,0 +1,4 @@ +propellor 4.3.1 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Added Propellor.Property.FreeDesktop module. + * Added reservedSpacePercentage to the PartSpec EDSL."""]]
\ No newline at end of file diff --git a/doc/news/version_4.3.2.mdwn b/doc/news/version_4.3.2.mdwn new file mode 100644 index 00000000..1a85d2d4 --- /dev/null +++ b/doc/news/version_4.3.2.mdwn @@ -0,0 +1,3 @@ +propellor 4.3.2 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * Really include Propellor.Property.FreeDesktop."""]]
\ No newline at end of file diff --git a/privdata/relocate b/privdata/relocate deleted file mode 100644 index 271692d8..00000000 --- a/privdata/relocate +++ /dev/null @@ -1 +0,0 @@ -.joeyconfig diff --git a/propellor.cabal b/propellor.cabal index bdb209b7..7d082807 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 4.3.0 +Version: 4.3.2 Cabal-Version: >= 1.20 License: BSD2 Maintainer: Joey Hess <id@joeyh.name> @@ -114,6 +114,7 @@ Library Propellor.Property.FreeBSD Propellor.Property.FreeBSD.Pkg Propellor.Property.FreeBSD.Poudriere + Propellor.Property.FreeDesktop Propellor.Property.Fstab Propellor.Property.Git Propellor.Property.Gpg diff --git a/src/Propellor/Property/Restic.hs b/src/Propellor/Property/Restic.hs index 64cd4091..d9d4d4be 100644 --- a/src/Propellor/Property/Restic.hs +++ b/src/Propellor/Property/Restic.hs @@ -9,6 +9,7 @@ module Propellor.Property.Restic , init , restored , backup + , backup' , KeepPolicy (..) ) where @@ -138,17 +139,17 @@ restored dir repo = go -- backup job will be run at a time. Other jobs will wait their turns to -- run. backup :: FilePath -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike) -backup dir repo crontimes extraargs kp = backup' dir repo crontimes extraargs kp +backup dir repo crontimes extraargs kp = backup' [dir] repo crontimes extraargs kp `requires` restored dir repo -- | Does a backup, but does not automatically restore. -backup' :: FilePath -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike) -backup' dir repo crontimes extraargs kp = cronjob +backup' :: [FilePath] -> ResticRepo -> Cron.Times -> [ResticParam] -> [KeepPolicy] -> Property (HasInfo + DebianLike) +backup' dirs repo crontimes extraargs kp = cronjob `describe` desc `requires` init repo where desc = val repo ++ " restic backup" - cronjob = Cron.niceJob ("restic_backup" ++ dir) crontimes (User "root") "/" $ + cronjob = Cron.niceJob ("restic_backup" ++ intercalate "_" dirs) crontimes (User "root") "/" $ "flock " ++ shellEscape lockfile ++ " sh -c " ++ shellEscape backupcmd lockfile = "/var/lock/propellor-restic.lock" backupcmd = intercalate " && " $ @@ -162,9 +163,8 @@ backup' dir repo crontimes extraargs kp = cronjob , shellEscape (getPasswordFile repo) ] ++ map shellEscape extraargs ++ - [ "backup" - , shellEscape dir - ] + [ "backup" ] + ++ map shellEscape dirs pruneCommand = unwords $ [ "restic" , "-r" diff --git a/src/Propellor/Property/User.hs b/src/Propellor/Property/User.hs index ce2611bc..0b5bdddc 100644 --- a/src/Propellor/Property/User.hs +++ b/src/Propellor/Property/User.hs @@ -22,17 +22,18 @@ systemAccountFor :: User -> Property DebianLike systemAccountFor user@(User u) = systemAccountFor' user Nothing (Just (Group u)) systemAccountFor' :: User -> Maybe FilePath -> Maybe Group -> Property DebianLike -systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go +systemAccountFor' (User u) mhome mgroup = case mgroup of + Nothing -> prop + Just g -> prop + `requires` systemGroup g `describe` ("system account for " ++ u) where + prop = tightenTargets $ check nouser go nouser = isNothing <$> catchMaybeIO (getUserEntryForName u) go = cmdProperty "adduser" $ - [ "--system" ] + [ "--system", "--home" ] ++ - "--home" : maybe - ["/nonexistent", "--no-create-home"] - ( \h -> [ h ] ) - mhome + maybe ["/nonexistent", "--no-create-home"] ( \h -> [h] ) mhome ++ maybe [] ( \(Group g) -> ["--ingroup", g] ) mgroup ++ @@ -42,6 +43,16 @@ systemAccountFor' (User u) mhome mgroup = tightenTargets $ check nouser go , u ] +systemGroup :: Group -> Property UnixLike +systemGroup (Group g) = check nogroup go + `describe` ("system account for " ++ g) + where + nogroup = isNothing <$> catchMaybeIO (getGroupEntryForName g) + go = cmdProperty "addgroup" + [ "--system" + , g + ] + -- | Removes user home directory!! Use with caution. nuked :: User -> Eep -> Property Linux nuked user@(User u) _ = tightenTargets $ check hashomedir go @@ -111,7 +122,7 @@ chpasswd (User user) v ps = makeChange $ withHandle StdinHandle createProcessSuc hClose h lockedPassword :: User -> Property DebianLike -lockedPassword user@(User u) = tightenTargets $ +lockedPassword user@(User u) = tightenTargets $ check (not <$> isLockedPassword user) go `describe` ("locked " ++ u ++ " password") where |