From 1495db6cd103bf5f9f4635dbbfe807c7c1f39b2e Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 14:01:30 -0400 Subject: propellor spin --- Propellor/Property/Apache.hs | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 Propellor/Property/Apache.hs (limited to 'Propellor/Property/Apache.hs') diff --git a/Propellor/Property/Apache.hs b/Propellor/Property/Apache.hs new file mode 100644 index 00000000..5e32b0da --- /dev/null +++ b/Propellor/Property/Apache.hs @@ -0,0 +1,28 @@ +module Propellor.Property.Apache where + +import Propellor +import qualified Propellor.Property.File as File +import qualified Propellor.Property.Apt as Apt + +type ConfigFile = [String] + +siteEnabled :: HostName -> ConfigFile -> RevertableProperty +siteEnabled hn cf = RevertableProperty enable disable + where + enable = siteAvailable hn cf + `onChange` cmdProperty "a2ensite" ["--quiet", hn] + `requires` Apt.installed ["apache2"] + disable = File.notPresent (siteCfg hn) + `onChange` cmdProperty "a2dissite" ["--quiet", hn] + +siteAvailable :: HostName -> ConfigFile -> Property +siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf) + `describe` ("apache site available " ++ hn) + where + comment = "# deployed with propellor, do not modify" + +siteCfg :: HostName -> FilePath +siteCfg hn = "/etc/apache2/sites-available/" ++ hn ++ ".conf" + +restart :: Property +restart = cmdProperty "service" ["apache2", "restart"] -- cgit v1.3-2-g0d8e From 96f07ef513f6447baec8f66d52d4490ef627a588 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 14:36:19 -0400 Subject: propellor spin --- Propellor/Property/Apache.hs | 32 ++++++++++++++++++++++------ Propellor/Property/Git.hs | 3 +++ Propellor/Property/SiteSpecific/JoeySites.hs | 1 + 3 files changed, 30 insertions(+), 6 deletions(-) (limited to 'Propellor/Property/Apache.hs') diff --git a/Propellor/Property/Apache.hs b/Propellor/Property/Apache.hs index 5e32b0da..81daf9e7 100644 --- a/Propellor/Property/Apache.hs +++ b/Propellor/Property/Apache.hs @@ -3,17 +3,21 @@ module Propellor.Property.Apache where import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Service as Service type ConfigFile = [String] siteEnabled :: HostName -> ConfigFile -> RevertableProperty siteEnabled hn cf = RevertableProperty enable disable where - enable = siteAvailable hn cf - `onChange` cmdProperty "a2ensite" ["--quiet", hn] - `requires` Apt.installed ["apache2"] + enable = cmdProperty "a2ensite" ["--quiet", hn] + `requires` siteAvailable hn cf + `requires` installed + `onChange` reloaded disable = File.notPresent (siteCfg hn) `onChange` cmdProperty "a2dissite" ["--quiet", hn] + `requires` installed + `onChange` reloaded siteAvailable :: HostName -> ConfigFile -> Property siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf) @@ -21,8 +25,24 @@ siteAvailable hn cf = siteCfg hn `File.hasContent` (comment:cf) where comment = "# deployed with propellor, do not modify" +modEnabled :: String -> RevertableProperty +modEnabled modname = RevertableProperty enable disable + where + enable = cmdProperty "a2enmod" ["--quiet", modname] + `requires` installed + `onChange` reloaded + disable = cmdProperty "a2dismod" ["--quiet", modname] + `requires` installed + `onChange` reloaded + siteCfg :: HostName -> FilePath -siteCfg hn = "/etc/apache2/sites-available/" ++ hn ++ ".conf" +siteCfg hn = "/etc/apache2/sites-available/" ++ hn + +installed :: Property +installed = Apt.installed ["apache2"] + +restarted :: Property +restarted = cmdProperty "service" ["apache2", "restart"] -restart :: Property -restart = cmdProperty "service" ["apache2", "restart"] +reloaded :: Property +reloaded = Service.reloaded "apache2" diff --git a/Propellor/Property/Git.hs b/Propellor/Property/Git.hs index b2a53800..1dae94bf 100644 --- a/Propellor/Property/Git.hs +++ b/Propellor/Property/Git.hs @@ -80,6 +80,9 @@ cloned owner url dir mbranch = check originurl (Property desc checkout) removeDirectoryRecursive dir createDirectoryIfMissing True (takeDirectory dir) ensureProperty $ userScriptProperty owner $ catMaybes + -- The mbranch diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs index 907233bd..4b98fe0b 100644 --- a/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/Propellor/Property/SiteSpecific/JoeySites.hs @@ -57,6 +57,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" , Git.cloned "root" "/srv/git/joey/git.kitenet.net.git" "/srv/web/git.kitenet.net" Nothing , website "git.kitenet.net" , website "git.joeyh.name" + , toProp $ Apache.modEnabled "cgi" -- ssh keys for branchable and github repo hooks -- TODO: upgrade to newer git-annex-shell for notification ] -- cgit v1.3-2-g0d8e From 90370dc57576ec6d4701acd4b5672eeba269a386 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 17:50:44 -0400 Subject: stable-backports can't be used :( --- Propellor/Property/Apache.hs | 4 ++++ Propellor/Property/Apt.hs | 15 ++++++++------- Propellor/Types/OS.hs | 7 +++++++ config-joey.hs | 6 ++++++ 4 files changed, 25 insertions(+), 7 deletions(-) (limited to 'Propellor/Property/Apache.hs') diff --git a/Propellor/Property/Apache.hs b/Propellor/Property/Apache.hs index 81daf9e7..eab87862 100644 --- a/Propellor/Property/Apache.hs +++ b/Propellor/Property/Apache.hs @@ -11,10 +11,12 @@ siteEnabled :: HostName -> ConfigFile -> RevertableProperty siteEnabled hn cf = RevertableProperty enable disable where enable = cmdProperty "a2ensite" ["--quiet", hn] + `describe` ("apache site enabled " ++ hn) `requires` siteAvailable hn cf `requires` installed `onChange` reloaded disable = File.notPresent (siteCfg hn) + `describe` ("apache site disabled " ++ hn) `onChange` cmdProperty "a2dissite" ["--quiet", hn] `requires` installed `onChange` reloaded @@ -29,9 +31,11 @@ modEnabled :: String -> RevertableProperty modEnabled modname = RevertableProperty enable disable where enable = cmdProperty "a2enmod" ["--quiet", modname] + `describe` ("apache module enabled " ++ modname) `requires` installed `onChange` reloaded disable = cmdProperty "a2dismod" ["--quiet", modname] + `describe` ("apache module disabled " ++ modname) `requires` installed `onChange` reloaded diff --git a/Propellor/Property/Apt.hs b/Propellor/Property/Apt.hs index b7c281ce..5c095d64 100644 --- a/Propellor/Property/Apt.hs +++ b/Propellor/Property/Apt.hs @@ -24,8 +24,8 @@ showSuite Unstable = "unstable" showSuite Experimental = "experimental" showSuite (DebianRelease r) = r -backportSuite :: DebianSuite -> String -backportSuite suite = showSuite suite ++ "-backports" +backportSuite :: String +backportSuite = showSuite stableRelease ++ "-backports" debLine :: String -> Url -> [Section] -> Line debLine suite mirror sections = unwords $ @@ -41,11 +41,11 @@ stdSections = ["main", "contrib", "non-free"] binandsrc :: String -> DebianSuite -> [Line] binandsrc url suite - | suite == Stable = [l, srcLine l, bl, srcLine bl] + | isStable suite = [l, srcLine l, bl, srcLine bl] | otherwise = [l, srcLine l] where l = debLine (showSuite suite) url stdSections - bl = debLine (backportSuite suite) url stdSections + bl = debLine backportSuite url stdSections debCdn :: DebianSuite -> [Line] debCdn = binandsrc "http://cdn.debian.net/debian" @@ -56,7 +56,7 @@ kernelOrg = binandsrc "http://mirrors.kernel.org/debian" -- | Only available for Stable and Testing securityUpdates :: DebianSuite -> [Line] securityUpdates suite - | suite == Stable || suite == Testing = + | isStable suite || suite == Testing = let l = "deb http://security.debian.org/ " ++ showSuite suite ++ "/updates " ++ unwords stdSections in [l, srcLine l] | otherwise = [] @@ -104,9 +104,10 @@ installed' params ps = robustly $ check (isInstallable ps) go installedBackport :: [Package] -> Property installedBackport ps = withOS desc $ \o -> case o of - (Just (System (Debian suite) _)) -> - ensureProperty $ installed' ["-t", backportSuite suite, "-y"] ps Nothing -> error "cannot install backports; os not declared" + (Just (System (Debian suite) _)) + | isStable suite -> + ensureProperty $ installed' ["-t", backportSuite, "-y"] ps _ -> error $ "backports not supported on " ++ show o where desc = (unwords $ "apt installed backport":ps) diff --git a/Propellor/Types/OS.hs b/Propellor/Types/OS.hs index 5b0e376d..0635b271 100644 --- a/Propellor/Types/OS.hs +++ b/Propellor/Types/OS.hs @@ -15,5 +15,12 @@ data Distribution data DebianSuite = Experimental | Unstable | Testing | Stable | DebianRelease Release deriving (Show, Eq) +-- | The release that currently corresponds to stable. +stableRelease :: DebianSuite +stableRelease = DebianRelease "wheezy" + +isStable :: DebianSuite -> Bool +isStable s = s == Stable || s == stableRelease + type Release = String type Architecture = String diff --git a/config-joey.hs b/config-joey.hs index 055c1a65..031b493f 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -86,6 +86,12 @@ hosts = "840760dc-08f0-11e2-8c61-576b7e66acfd" [("turtle", "ssh://turtle.kitenet.net/~/lib/downloads/")] & Apt.buildDep ["git-annex"] `period` Daily + -- rsync server for git-annex autobuilders + & Apt.installed ["rsync"] + & hasPrivContent "/etc/rsyncd.conf" + & hasPrivContent "/etc/rsyncd.secrets" + & "/etc/default/rsync" `File.containsLine` "" + `describe` "rsync server enabled" & cname "tmp.kitenet.net" & JoeySites.annexWebSite hosts "/srv/git/joey/tmp.git" -- cgit v1.3-2-g0d8e From 56dd63916925627773cb2cf590f1c8191470dccc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 21:04:34 -0400 Subject: propellor spin --- Propellor/Property/Apache.hs | 10 ++++++++++ Propellor/Property/SiteSpecific/JoeySites.hs | 10 ++++++---- config-joey.hs | 1 + 3 files changed, 17 insertions(+), 4 deletions(-) (limited to 'Propellor/Property/Apache.hs') diff --git a/Propellor/Property/Apache.hs b/Propellor/Property/Apache.hs index eab87862..f45ef9df 100644 --- a/Propellor/Property/Apache.hs +++ b/Propellor/Property/Apache.hs @@ -50,3 +50,13 @@ restarted = cmdProperty "service" ["apache2", "restart"] reloaded :: Property reloaded = Service.reloaded "apache2" + +-- | Configure apache to use SNI to differentiate between +-- https hosts. +multiSSL :: Property +multiSSL = "/etc/apache2/conf.d/ssl" `File.hasContent` + [ "NameVirtualHost *:443" + , "SSLStrictSNIVHostCheck off" + ] + `describe` "apache SNI enabled" + `onChange` reloaded diff --git a/Propellor/Property/SiteSpecific/JoeySites.hs b/Propellor/Property/SiteSpecific/JoeySites.hs index bd6e93f3..73a8f71f 100644 --- a/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/Propellor/Property/SiteSpecific/JoeySites.hs @@ -65,7 +65,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" , toProp $ Git.daemonRunning "/srv/git" , "/etc/gitweb.conf" `File.containsLines` [ "$projectroot = '/srv/git';" - , "@git_base_url_list = ('git://git.kitenet.net', 'http://git.kitenet.net/git', 'ssh://git.kitenet.net/srv/git');" + , "@git_base_url_list = ('git://git.kitenet.net', 'http://git.kitenet.net/git', 'https://git.kitenet.net/git', 'ssh://git.kitenet.net/srv/git');" , "# disable snapshot download; overloads server" , "$feature{'snapshot'}{'default'} = [];" ] @@ -99,9 +99,11 @@ type AnnexUUID = String -- | A website, with files coming from a git-annex repository. annexWebSite :: [Host] -> Git.RepoUrl -> HostName -> AnnexUUID -> [(String, Git.RepoUrl)] -> Property -annexWebSite hosts origin hn uuid remotes = Git.cloned "joey" origin dir Nothing - `onChange` setup - `onChange` setupapache +annexWebSite hosts origin hn uuid remotes = propertyList (hn ++" website using git-annex") + [ Git.cloned "joey" origin dir Nothing + `onChange` setup + , setupapache + ] where dir = "/srv/web/" ++ hn setup = userScriptProperty "joey" setupscript diff --git a/config-joey.hs b/config-joey.hs index 08093043..235a749b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -81,6 +81,7 @@ hosts = & File.hasPrivContent "/etc/ssl/private/web.pem" & File.hasPrivContent "/etc/ssl/certs/startssl.pem" & Apache.modEnabled "ssl" + & Apache.multiSSL & File.ownerGroup "/srv/web" "joey" "joey" & cname "git.kitenet.net" -- cgit v1.3-2-g0d8e