1 files changed, 77 insertions, 73 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 2c73b3e5..18f0a32b 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -21,8 +21,10 @@ import qualified Propellor.Property.Git as Git
 import qualified Propellor.Property.Apache as Apache
 import qualified Propellor.Property.Postfix as Postfix
 import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.Grub as Grub
 import qualified Propellor.Property.HostingProvider.DigitalOcean as DigitalOcean
 import qualified Propellor.Property.HostingProvider.CloudAtCost as CloudAtCost
+import qualified Propellor.Property.HostingProvider.Linode as Linode
 import qualified Propellor.Property.SiteSpecific.GitHome as GitHome
 import qualified Propellor.Property.SiteSpecific.GitAnnexBuilder as GitAnnexBuilder
 import qualified Propellor.Property.SiteSpecific.JoeySites as JoeySites
@@ -34,7 +36,6 @@ main = defaultMain hosts --  /   \___-=O`/|O`/__|                      (____.'
      Deployed -}          --  `/-==__ _/__|/__=-|          (       \_
 hosts :: [Host]          --   *             \ | |           '--------'
 hosts =                 --                  (o)  `
-	-- My laptop
 	[ host "darkstar.kitenet.net"
 		& ipv6 "2001:4830:1600:187::2" -- sixxs tunnel
 
@@ -42,52 +43,22 @@ hosts =                 --                  (o)  `
 		& Docker.configured
 		& Docker.docked hosts "android-git-annex"
 
-	-- Nothing super-important lives here and mostly it's docker containers.
 	, standardSystem "clam.kitenet.net" Unstable "amd64"
-		& ipv4 "162.248.143.249"
-		& ipv6 "2002:5044:5531::1"
+		[ "Unreliable server. Anything here may be lost at any time!" ]
+		& ipv4 "162.248.9.29"
 
 		& CloudAtCost.decruft
 		& Apt.unattendedUpgrades
 		& Network.ipv6to4
 		& Tor.isBridge
 		& Postfix.satellite
-		& Docker.configured
-
-		& Docker.docked hosts "oldusenet-shellbox"
-		& Docker.docked hosts "openid-provider"
-		 	`requires` Apt.serviceInstalledRunning "ntp"
-		& Docker.docked hosts "ancient-kitenet"
-
-		-- I'd rather this were on diatom, but it needs unstable.
-		& alias "kgb.kitenet.net"
-		& JoeySites.kgbServer
-
-		& alias "mumble.kitenet.net"
-		& JoeySites.mumbleServer hosts
-		
-		& alias "ns9.kitenet.net"
-		& myDnsSecondary
-		
-		& alias "znc.kitenet.net"
-		& JoeySites.ircBouncer
-
-		-- For https port 443, shellinabox with ssh login to
-		-- kitenet.net
-		& alias "shell.kitenet.net"
-		& JoeySites.kiteShellBox
-
-		-- Nothing is using http port 80 on clam, so listen on
-		-- that port for ssh, for traveling on bad networks that
-		-- block 22.
-		& "/etc/ssh/sshd_config" `File.containsLine` "Port 80"
-			`onChange` Service.restarted "ssh"
 
+		& Docker.configured
 		& Docker.garbageCollected `period` Daily
-		& Apt.installed ["git-annex", "mtr", "screen"]
 	
 	-- Orca is the main git-annex build box.
 	, standardSystem "orca.kitenet.net" Unstable "amd64"
+		[ "Main git-annex build box." ]
 		& ipv4 "138.38.108.179"
 
 		& Hostname.sane
@@ -102,15 +73,27 @@ hosts =                 --                  (o)  `
 		& Docker.garbageCollected `period` Daily
 		& Apt.buildDep ["git-annex"] `period` Daily
 	
-	-- Important stuff that needs not too much memory or CPU.
+  	, standardSystem "kite.kitenet.net" Unstable "amd64"
+		[ "Welcome to the new kitenet.net server!"
+		, "This is still under construction and not yet live.."
+		]
+	  	& ipv4 "66.228.36.95"
+		& ipv6 "2600:3c03::f03c:91ff:fe73:b0d2"
+
+		& Apt.installed ["linux-image-amd64"]
+		& Linode.chainPVGrub 5
+		& Hostname.sane
+		& Apt.unattendedUpgrades
+		& Apt.installed ["systemd"]
+		& Ssh.hostKeys (Context "kitenet.net")
+	
   	, standardSystem "diatom.kitenet.net" Stable "amd64"
+	  	[ "Important stuff that needs not too much memory or CPU." ]
 		& ipv4 "107.170.31.195"
 
 		& DigitalOcean.distroKernel
 		& Hostname.sane
-		& Ssh.hostKey SshDsa
-		& Ssh.hostKey SshRsa
-		& Ssh.hostKey SshEcdsa
+		& Ssh.hostKeys (Context "diatom.kitenet.net")
 		& Apt.unattendedUpgrades
 		& Apt.serviceInstalledRunning "ntp"
 		& Postfix.satellite
@@ -120,9 +103,9 @@ hosts =                 --                  (o)  `
 		& Apt.serviceInstalledRunning "swapspace"
 	
 		& Apt.serviceInstalledRunning "apache2"
-		& File.hasPrivContent "/etc/ssl/certs/web.pem"
-		& File.hasPrivContent "/etc/ssl/private/web.pem"
-		& File.hasPrivContent "/etc/ssl/certs/startssl.pem"
+		& File.hasPrivContent "/etc/ssl/certs/web.pem" (Context "kitenet.net")
+		& File.hasPrivContent "/etc/ssl/private/web.pem" (Context "kitenet.net")
+		& File.hasPrivContent "/etc/ssl/certs/startssl.pem" (Context "kitenet.net")
 		& Apache.modEnabled "ssl"
 		& Apache.multiSSL
 		& File.ownerGroup "/srv/web" "joey" "joey"
@@ -163,34 +146,18 @@ hosts =                 --                  (o)  `
 		
 		& Dns.secondaryFor ["animx"] hosts "animx.eu.org"
 
-	-- storage and backup server
-	, standardSystem "elephant.kitenet.net" Unstable "amd64"
+	, let ctx = Context "elephant.kitenet.net"
+	  in standardSystem "elephant.kitenet.net" Unstable "amd64"
+	  	[ "Storage, big data, and backups, omnomnom!" ]
 		& ipv4 "193.234.225.114"
 
+		& Grub.chainPVGrub "hd0,0" "xen/xvda1" 30
 		& Hostname.sane
 		& Postfix.satellite
 		& Apt.unattendedUpgrades
-		& Ssh.hostKey SshDsa
-		& Ssh.hostKey SshRsa
-		& Ssh.hostKey SshEcdsa
-		& Ssh.keyImported SshRsa "joey"
-
-		-- PV-grub chaining
-		-- http://notes.pault.ag/linode-pv-grub-chainning/
-		-- (Adapted to use xvda1/hd0,0 instead of xvda/hd0)
-		& "/boot/grub/menu.lst" `File.hasContent`
-			[ "default 1" 
-			, "timeout 30"
-			, ""
-			, "title grub-xen shim"
-			, "root (hd0,0)"
-			, "kernel /boot/xen-shim"
-			, "boot"
-			]
-		& "/boot/load.cf" `File.hasContent`
-			[ "configfile (xen/xvda1)/boot/grub/grub.cfg" ]
-		& Apt.installed ["grub-xen"]
-		& flagFile (scriptProperty ["update-grub; grub-mkimage --prefix '(xen/xvda1)/boot/grub' -c /boot/load.cf -O x86_64-xen /usr/lib/grub/x86_64-xen/*.mod > /boot/xen-shim"]) "/boot/xen-shim"
+		& Ssh.hostKeys ctx
+		& Ssh.keyImported SshRsa "joey" ctx
+		& Apt.serviceInstalledRunning "swapspace"
 
 		& alias "eubackup.kitenet.net"
 		& Apt.installed ["obnam", "sshfs", "rsync"]
@@ -201,8 +168,43 @@ hosts =                 --                  (o)  `
 		& alias "podcatcher.kitenet.net"
 		& Apt.installed ["git-annex"]
 		
+		& alias "znc.kitenet.net"
+		& JoeySites.ircBouncer
+
+		-- I'd rather this were on diatom, but it needs unstable.
+		& alias "kgb.kitenet.net"
+		& JoeySites.kgbServer
+
+		& alias "mumble.kitenet.net"
+		& JoeySites.mumbleServer hosts
+		
+		& alias "ns3.kitenet.net"
+		& myDnsSecondary
+		
 		& Docker.configured
+
+		& Docker.docked hosts "oldusenet-shellbox"
+		& Docker.docked hosts "openid-provider"
+		 	`requires` Apt.serviceInstalledRunning "ntp"
+		& Docker.docked hosts "ancient-kitenet"
+
 		& Docker.garbageCollected `period` (Weekly (Just 1))
+		
+		-- For https port 443, shellinabox with ssh login to
+		-- kitenet.net
+		& alias "shell.kitenet.net"
+		& JoeySites.kiteShellBox
+		-- Nothing is using http port 80, so listen on
+		-- that port for ssh, for traveling on bad networks that
+		-- block 22.
+		& "/etc/ssh/sshd_config" `File.containsLine` "Port 80"
+			`onChange` Service.restarted "ssh"
+		
+		-- temp
+		& Docker.docked hosts "amd64-git-annex-builder"
+		& Docker.docked hosts "i386-git-annex-builder"
+		& Docker.docked hosts "android-git-annex-builder"
+
 
 	    --'                        __|II|      ,.
 	  ----                      __|II|II|__   (  \_,/\
@@ -255,22 +257,25 @@ hosts =                 --                  (o)  `
 	-- temp for an acquantance
 	] ++ monsters
 
+type Motd = [String]
+
 -- This is my standard system setup.
-standardSystem :: HostName -> DebianSuite -> Architecture -> Host
-standardSystem hn suite arch = host hn
+standardSystem :: HostName -> DebianSuite -> Architecture -> Motd -> Host
+standardSystem hn suite arch motd = host hn
 	& os (System (Debian suite) arch)
+	& File.hasContent "/etc/motd" ("":motd++[""])
 	& Apt.stdSourcesList `onChange` Apt.upgrade
 	& Apt.cacheCleaned
 	& Apt.installed ["etckeeper"]
 	& Apt.installed ["ssh"]
 	& GitHome.installedFor "root"
-	& User.hasSomePassword "root"
+	& User.hasSomePassword "root" (Context hn)
 	-- Harden the system, but only once root's authorized_keys
 	-- is safely in place.
 	& check (Ssh.hasAuthorizedKeys "root")
 		(Ssh.passwordAuthentication False)
 	& User.accountFor "joey"
-	& User.hasSomePassword "joey"
+	& User.hasSomePassword "joey" (Context hn)
 	& Sudo.enabledFor "joey"
 	& GitHome.installedFor "joey"
 	& Apt.installed ["vim", "screen", "less"]
@@ -309,14 +314,14 @@ branchableSecondary :: RevertableProperty
 branchableSecondary = Dns.secondaryFor ["branchable.com"] hosts "branchable.com"
 
 -- Currently using diatom (ns2) as primary with secondaries
--- clam (ns9) and gandi.
+-- elephant (ns3) and gandi.
 -- kite handles all mail.
 myDnsPrimary :: Domain -> [(BindDomain, Record)] -> RevertableProperty
 myDnsPrimary domain extras = Dns.primary hosts domain
 	(Dns.mkSOA "ns2.kitenet.net" 100) $
 	[ (RootDomain, NS $ AbsDomain "ns2.kitenet.net")
+	, (RootDomain, NS $ AbsDomain "ns3.kitenet.net")
 	, (RootDomain, NS $ AbsDomain "ns6.gandi.net")
-	, (RootDomain, NS $ AbsDomain "ns9.kitenet.net")
 	, (RootDomain, MX 0 $ AbsDomain "kitenet.net")
 	, (RootDomain, TXT "v=spf1 a ?all")
 	] ++ extras
@@ -350,7 +355,6 @@ monsters =	      -- but do want to track their public keys etc.
 		& ipv4 "80.68.85.49"
 		& ipv6 "2001:41c8:125:49::10"
 		& alias "kitenet.net"
-		& alias "kite.kitenet.net"
 		& alias "ns1.kitenet.net"
 		& alias "ftp.kitenet.net"
 		& alias "mail.kitenet.net"
@@ -377,7 +381,7 @@ monsters =	      -- but do want to track their public keys etc.
 		 -   some static websites
 		 - bitlbee
 		 - prosody
-		 -   (used by anna and daddy's git-annex)
+		 -   (used by daddy's git-annex)
 		 - named
 		 -   (branchable is still pushing to here
 		 -    (thinking it's ns2.branchable.com), but it's no