From 0515fcb0f93ef90270dcd2c475194be1c439b578 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 30 Mar 2014 23:59:07 -0400 Subject: more prep --- Propellor/Property/Docker.hs | 4 +-- README | 2 +- config.hs | 83 ++++++++++++++++++++++++++++++++++++++++++++ propellor.cabal | 2 +- propellor.hs | 80 ------------------------------------------ 5 files changed, 87 insertions(+), 84 deletions(-) create mode 100644 config.hs delete mode 100644 propellor.hs diff --git a/Propellor/Property/Docker.hs b/Propellor/Property/Docker.hs index 43c78d85..3f7e470e 100644 --- a/Propellor/Property/Docker.hs +++ b/Propellor/Property/Docker.hs @@ -4,8 +4,8 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt -{- | Configures docker with an authentication file, so that images can be - - pushed to index.docker.io. -} +-- | Configures docker with an authentication file, so that images can be +-- pushed to index.docker.io. configured :: Property configured = Property "docker configured" go `requires` installed where diff --git a/README b/README index a85e34a8..4f74d96c 100644 --- a/README +++ b/README @@ -11,7 +11,7 @@ to a system, and "make" can be used to pull down any new changes, and compile and run propellor. This can be done by a cron job, or something can ssh in and run it. -Properties are defined using Haskell. Edit propellor.hs to get started. +Properties are defined using Haskell. Edit config.hs to get started. There is no special language as used in puppet, chef, ansible, etc.. just the full power of Haskell. Hopefully that power can be put to good use in diff --git a/config.hs b/config.hs new file mode 100644 index 00000000..6cad0710 --- /dev/null +++ b/config.hs @@ -0,0 +1,83 @@ +{- This is the main configuration file for Propellor, and is used to build + - the propellor program. -} + +import Propellor +import Propellor.CmdLine +import qualified Propellor.Property.File as File +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Network as Network +import qualified Propellor.Property.Ssh as Ssh +import qualified Propellor.Property.Sudo as Sudo +import qualified Propellor.Property.User as User +import qualified Propellor.Property.Hostname as Hostname +import qualified Propellor.Property.Reboot as Reboot +import qualified Propellor.Property.Tor as Tor +import qualified Propellor.Property.Docker as Docker +import qualified Propellor.Property.GitHome as GitHome +import qualified Propellor.Property.JoeySites as JoeySites + +main :: IO () +main = defaultMain getProperties + +{- | This is where the system's HostName, either as returned by uname + - or one specified on the command line, is converted into a list of + - Properties for that system. + - + - Edit this to configure propellor! + -} +getProperties :: HostName -> Maybe [Property] +getProperties hostname@"clam.kitenet.net" = Just + [ cleanCloudAtCost hostname + , standardSystem Apt.Unstable + , Network.ipv6to4 + -- Clam is a tor bridge, and an olduse.net shellbox. + , Tor.isBridge + , JoeySites.oldUseNetshellBox + -- I play with docker on clam. + , Docker.configured + -- This is not an important system so I don't want to need to + -- manually upgrade it. + , Apt.unattendedUpgrades True + -- Should come last as it reboots. + , Apt.installed ["systemd-sysv"] `onChange` Reboot.now + ] +-- add more hosts here... +--getProperties "foo" = +getProperties _ = Nothing + +-- This is my standard system setup +standardSystem :: Apt.Suite -> Property +standardSystem suite = propertyList "standard system" + [ Apt.stdSourcesList suite `onChange` Apt.upgrade + , Apt.installed ["etckeeper"] + , Apt.installed ["ssh"] + , GitHome.installedFor "root" + , User.hasSomePassword "root" + -- Harden the system, but only once root's authorized_keys + -- is safely in place. + , check (Ssh.hasAuthorizedKeys "root") $ + Ssh.passwordAuthentication False + , User.sshAccountFor "joey" + , User.hasSomePassword "joey" + , Sudo.enabledFor "joey" + , GitHome.installedFor "joey" + , Apt.installed ["vim", "screen"] + -- I use postfix, or no MTA. + , Apt.removed ["exim4"] `onChange` Apt.autoRemove + ] + +-- Clean up a system as installed by cloudatcost.com +cleanCloudAtCost :: HostName -> Property +cleanCloudAtCost hostname = propertyList "cloudatcost cleanup" + [ Hostname.set hostname + , Ssh.uniqueHostKeys + , "worked around grub/lvm boot bug #743126" ==> + "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true" + `onChange` cmdProperty "update-grub" [] + `onChange` cmdProperty "update-initramfs" ["-u"] + , "nuked cloudatcost cruft" ==> combineProperties + [ File.notPresent "/etc/rc.local" + , File.notPresent "/etc/init.d/S97-setup.sh" + , User.nuked "user" User.YesReallyDeleteHome + ] + ] diff --git a/propellor.cabal b/propellor.cabal index 25a6f29b..f0640540 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -24,7 +24,7 @@ Description: git clone git://git.kitenet.net/propellor Executable propellor - Main-Is: propellor.hs + Main-Is: config.hs GHC-Options: -Wall Build-Depends: MissingH, directory, filepath, base >= 4.5, base < 5, IfElse, process, bytestring, hslogger, unix-compat, ansi-terminal, diff --git a/propellor.hs b/propellor.hs deleted file mode 100644 index ccfea866..00000000 --- a/propellor.hs +++ /dev/null @@ -1,80 +0,0 @@ -import Propellor -import Propellor.CmdLine -import qualified Propellor.Property.File as File -import qualified Propellor.Property.Apt as Apt -import qualified Propellor.Property.Network as Network -import qualified Propellor.Property.Ssh as Ssh -import qualified Propellor.Property.Sudo as Sudo -import qualified Propellor.Property.User as User -import qualified Propellor.Property.Hostname as Hostname -import qualified Propellor.Property.Reboot as Reboot -import qualified Propellor.Property.Tor as Tor -import qualified Propellor.Property.Docker as Docker -import qualified Propellor.Property.GitHome as GitHome -import qualified Propellor.Property.JoeySites as JoeySites - -main :: IO () -main = defaultMain getProperties - -{- | This is where the system's HostName, either as returned by uname - - or one specified on the command line, is converted into a list of - - Properties for that system. - - - - Edit this to configure propellor! - -} -getProperties :: HostName -> Maybe [Property] -getProperties hostname@"clam.kitenet.net" = Just - [ cleanCloudAtCost hostname - , standardSystem Apt.Unstable - , Network.ipv6to4 - -- Clam is a tor bridge, and an olduse.net shellbox. - , Tor.isBridge - , JoeySites.oldUseNetshellBox - -- I play with docker on clam. - , Docker.configured - -- This is not an important system so I don't want to need to - -- manually upgrade it. - , Apt.unattendedUpgrades True - -- Should come last as it reboots. - , Apt.installed ["systemd-sysv"] `onChange` Reboot.now - ] --- add more hosts here... ---getProperties "foo" = -getProperties _ = Nothing - --- This is my standard system setup -standardSystem :: Apt.Suite -> Property -standardSystem suite = propertyList "standard system" - [ Apt.stdSourcesList suite `onChange` Apt.upgrade - , Apt.installed ["etckeeper"] - , Apt.installed ["ssh"] - , GitHome.installedFor "root" - , User.hasSomePassword "root" - -- Harden the system, but only once root's authorized_keys - -- is safely in place. - , check (Ssh.hasAuthorizedKeys "root") $ - Ssh.passwordAuthentication False - , User.sshAccountFor "joey" - , User.hasSomePassword "joey" - , Sudo.enabledFor "joey" - , GitHome.installedFor "joey" - , Apt.installed ["vim", "screen"] - -- I use postfix, or no MTA. - , Apt.removed ["exim4"] `onChange` Apt.autoRemove - ] - --- Clean up a system as installed by cloudatcost.com -cleanCloudAtCost :: HostName -> Property -cleanCloudAtCost hostname = propertyList "cloudatcost cleanup" - [ Hostname.set hostname - , Ssh.uniqueHostKeys - , "worked around grub/lvm boot bug #743126" ==> - "/etc/default/grub" `File.containsLine` "GRUB_DISABLE_LINUX_UUID=true" - `onChange` cmdProperty "update-grub" [] - `onChange` cmdProperty "update-initramfs" ["-u"] - , "nuked cloudatcost cruft" ==> combineProperties - [ File.notPresent "/etc/rc.local" - , File.notPresent "/etc/init.d/S97-setup.sh" - , User.nuked "user" User.YesReallyDeleteHome - ] - ] -- cgit v1.3-2-g0d8e