From 3368bdd0a18a58f10fbec8880562ad63b85bcfd5 Mon Sep 17 00:00:00 2001
From: Joey Hess <joey@kitenet.net>
Date: Sun, 30 Mar 2014 00:28:56 -0400
Subject: improvements

---
 HostProp.hs | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

(limited to 'HostProp.hs')

diff --git a/HostProp.hs b/HostProp.hs
index 5eb060b1..6bef0b25 100644
--- a/HostProp.hs
+++ b/HostProp.hs
@@ -15,24 +15,30 @@ main = ensureProperties . getProperties =<< getHostName
  - Properties for that system. -}
 getProperties :: HostName -> [Property]
 getProperties "clam" =
-	[ Apt.stdSourcesList Apt.Unstable `onChange` Apt.upgrade
-	, Apt.installed ["etckeeper"]
+	-- Clean up the system as installed by cloudatcost.com
+	[ User.nuked "user"
+	, Apt.removed ["exim4"] `onChange` Apt.autoRemove
 	, Hostname.set "clam.kitenet.net"
-	, Apt.installed ["ssh"]
 	, Ssh.uniqueHostKeys
+	-- This is my standard system setup
+	, Apt.stdSourcesList Apt.Unstable `onChange` Apt.upgrade
+	, Apt.installed ["etckeeper"]
+	, Apt.installed ["ssh"]
 	, Apt.installed ["git", "myrepos"]
 	, GitHome.installedFor "root"
+	-- Harden the system, but only once root's authorized_keys
+	-- is safely in place.
 	, check (Ssh.hasAuthorizedKeys "root") $
 		Ssh.passwordAuthentication False
 	, check (Ssh.hasAuthorizedKeys "root") $
 		User.lockedPassword "root"
 	, User.nonsystem "joey"
-	, User.nuked "user"
 	, Apt.installed ["sudo"]
-	, lineInfFile "/etc/sudoers" "joey ALL=(ALL:ALL) ALL"
+	, lineInFile "/etc/sudoers" "joey ALL=(ALL:ALL) ALL"
 	, GitHome.installedFor "joey"
-	, Apt.removed ["exim4"] `onChange` Apt.autoRemove
+	-- Clam is a tor bridge.
 	, Apt.installed ["tor"]
+	-- Should come last as it reboots.
 	, Apt.installed ["systemd-sysv"] `onChange` Reboot.scheduled "+10"
 	]
 -- add more hosts here...
-- 
cgit v1.3-2-g0d8e