From 456dd534ce2984535a9fc36bad2aff9e6ee2863a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 11:58:22 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index c397bdb8..b896180f 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -4,8 +4,10 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service +import Utility.FileMode import Data.List +import System.Posix.Files providerFor :: [UserName] -> String -> Property providerFor users baseurl = propertyList desc $ @@ -16,11 +18,18 @@ providerFor users baseurl = propertyList desc $ (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where - identfile u = File.hasPrivContent $ concat - [ "/var/lib/simpleid/identities/", u, ".identity" ] url = "http://"++baseurl++"/simpleid" desc = "openid provider " ++ url setbaseurl l | "SIMPLEID_BASE_URL" `isInfixOf` l = "define('SIMPLEID_BASE_URL', '"++url++"');" | otherwise = l + + identfile u = combineProperties desc + [ File.hasPrivContent f + -- the identitites directory controls access, so open up + -- file mode + , File.mode f (combineModes (ownerWriteMode:readModes)) + ] + where + f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ] -- cgit v1.3-2-g0d8e From 479045277b29919797cee341b11d30bbd15ab3d7 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 12:21:43 -0400 Subject: propellor spin --- Propellor/Property/File.hs | 5 +++++ Propellor/Property/OpenId.hs | 13 ++++--------- config-joey.hs | 20 ++++++++++++++------ 3 files changed, 23 insertions(+), 15 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/File.hs b/Propellor/Property/File.hs index d8caf366..bd33c9b8 100644 --- a/Propellor/Property/File.hs +++ b/Propellor/Property/File.hs @@ -24,6 +24,11 @@ hasPrivContent f = Property desc $ withPrivData (PrivFile f) $ \privcontent -> where desc = "privcontent " ++ f +-- | Leaves the file world-readable. +hasPrivContentExposed :: FilePath -> Property +hasPrivContentExposed f = hasPrivContent f `onChange` + mode f (combineModes (ownerWriteMode:readModes)) + -- | Ensures that a line is present in a file, adding it to the end if not. containsLine :: FilePath -> Line -> Property f `containsLine` l = fileProperty (f ++ " contains:" ++ l) go f diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index b896180f..d06bf88f 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -4,7 +4,6 @@ import Propellor import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service -import Utility.FileMode import Data.List import System.Posix.Files @@ -25,11 +24,7 @@ providerFor users baseurl = propertyList desc $ "define('SIMPLEID_BASE_URL', '"++url++"');" | otherwise = l - identfile u = combineProperties desc - [ File.hasPrivContent f - -- the identitites directory controls access, so open up - -- file mode - , File.mode f (combineModes (ownerWriteMode:readModes)) - ] - where - f = concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ] + -- the identitites directory controls access, so open up + -- file mode + identfile u = File.hasPrivContentExposed $ + concat $ [ "/var/lib/simpleid/identities/", u, ".identity" ] diff --git a/config-joey.hs b/config-joey.hs index 7537b10a..2245f8dd 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -85,18 +85,15 @@ hosts = `requires` Ssh.knownHost hosts "usw-s002.rsync.net" "root" `requires` Ssh.authorizedKeys "family" `requires` User.accountFor "family" - & Apt.installed ["git", "git-annex", "rsync", "kgb-client"] + & Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"] & Git.daemonRunning "/srv/git" -- ssh keys for branchable and github repo hooks -- TODO: upgrade to newer git-annex-shell for notification -- gitweb & cname "kgb.kitenet.net" - & Apt.serviceInstalledRunning "kgb-bot" - & File.hasPrivContent "/etc/kgb-bot/kgb.conf" - & File.hasPrivContent "/etc/kgb-bot/kgb-client.conf" - & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" - `onChange` Service.running "kgb-bot" + & Docker.docked hosts "kgb-server" + & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf" & cname "downloads.kitenet.net" & Apt.buildDep ["git-annex"] `period` Daily @@ -127,7 +124,18 @@ hosts = & Docker.publish "8081:80" & OpenId.providerFor ["joey", "liw"] "openid.kitenet.net:8081" + + -- The kgb irc bot, in a container for security and because I need + -- features not in the stable version. + , standardContainer "kgb-server" Unstable "amd64" + & Docker.publish "9999:9999" + & Apt.serviceInstalledRunning "kgb-bot" + & File.hasPrivContent "/etc/kgb-bot/kgb.conf" + & "/etc/default/kgb-bot" `File.containsLine` "BOT_ENABLED=1" + `describe` "kgb bot enabled" + `onChange` Service.running "kgb-bot" + -- Exhibit: kite's 90's website. , standardContainer "ancient-kitenet" Stable "amd64" & Docker.publish "1994:80" & Apt.serviceInstalledRunning "apache2" -- cgit v1.3-2-g0d8e From 4bcd5816d156400282e160c1ae4d5ea4b2f78bed Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 12:24:14 -0400 Subject: propellor spin --- Propellor/Property/OpenId.hs | 1 - config-joey.hs | 10 ++++++---- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index d06bf88f..4c562175 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -6,7 +6,6 @@ import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service import Data.List -import System.Posix.Files providerFor :: [UserName] -> String -> Property providerFor users baseurl = propertyList desc $ diff --git a/config-joey.hs b/config-joey.hs index 2245f8dd..ca7a0219 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -48,6 +48,11 @@ hosts = & cname "ancient.kitenet.net" & Docker.docked hosts "ancient-kitenet" + -- I'd rather this container were on diatom, but + -- docker.io is not available in stable. + & cname "kgb.kitenet.net" + & Docker.docked hosts "kgb-server" + & Docker.garbageCollected `period` Daily & Apt.installed ["git-annex", "mtr", "screen"] @@ -86,14 +91,11 @@ hosts = `requires` Ssh.authorizedKeys "family" `requires` User.accountFor "family" & Apt.installed ["git", "git-annex", "rsync", "kgb-client-git"] + & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf" & Git.daemonRunning "/srv/git" -- ssh keys for branchable and github repo hooks -- TODO: upgrade to newer git-annex-shell for notification -- gitweb - - & cname "kgb.kitenet.net" - & Docker.docked hosts "kgb-server" - & File.hasPrivContentExposed "/etc/kgb-bot/kgb-client.conf" & cname "downloads.kitenet.net" & Apt.buildDep ["git-annex"] `period` Daily -- cgit v1.3-2-g0d8e From 2c1397c5b09f2bbc8339c9763c60fcca601bc212 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 13 Apr 2014 15:54:25 -0400 Subject: Standard apt configuration for stable now includes backports. --- Propellor/Attr.hs | 2 +- Propellor/Property/Apt.hs | 25 ++++++++++++++++++++----- Propellor/Property/OpenId.hs | 2 +- debian/changelog | 1 + 4 files changed, 23 insertions(+), 7 deletions(-) (limited to 'Propellor/Property/OpenId.hs') diff --git a/Propellor/Attr.hs b/Propellor/Attr.hs index 9a9d8446..94376b0d 100644 --- a/Propellor/Attr.hs +++ b/Propellor/Attr.hs @@ -22,7 +22,7 @@ getHostName :: Propellor HostName getHostName = asks _hostname os :: System -> AttrProperty -os system = pureAttrProperty ("OS " ++ show system) $ +os system = pureAttrProperty ("Operating " ++ show system) $ \d -> d { _os = Just system } getOS :: Propellor (Maybe System) diff --git a/Propellor/Property/Apt.hs b/Propellor/Property/Apt.hs index 4da13a2f..b7c281ce 100644 --- a/Propellor/Property/Apt.hs +++ b/Propellor/Property/Apt.hs @@ -24,9 +24,12 @@ showSuite Unstable = "unstable" showSuite Experimental = "experimental" showSuite (DebianRelease r) = r -debLine :: DebianSuite -> Url -> [Section] -> Line +backportSuite :: DebianSuite -> String +backportSuite suite = showSuite suite ++ "-backports" + +debLine :: String -> Url -> [Section] -> Line debLine suite mirror sections = unwords $ - ["deb", mirror, showSuite suite] ++ sections + ["deb", mirror, suite] ++ sections srcLine :: Line -> Line srcLine l = case words l of @@ -37,9 +40,12 @@ stdSections :: [Section] stdSections = ["main", "contrib", "non-free"] binandsrc :: String -> DebianSuite -> [Line] -binandsrc url suite = [l, srcLine l] +binandsrc url suite + | suite == Stable = [l, srcLine l, bl, srcLine bl] + | otherwise = [l, srcLine l] where - l = debLine suite url stdSections + l = debLine (showSuite suite) url stdSections + bl = debLine (backportSuite suite) url stdSections debCdn :: DebianSuite -> [Line] debCdn = binandsrc "http://cdn.debian.net/debian" @@ -62,7 +68,7 @@ securityUpdates suite -- kernel.org. stdSourcesList :: DebianSuite -> Property stdSourcesList suite = setSourcesList - (debCdn suite ++ kernelOrg suite ++ securityUpdates suite) + (concatMap (\gen -> gen suite) [debCdn, kernelOrg, securityUpdates]) `describe` ("standard sources.list for " ++ show suite) setSourcesList :: [Line] -> Property @@ -96,6 +102,15 @@ installed' params ps = robustly $ check (isInstallable ps) go where go = runApt $ params ++ ["install"] ++ ps +installedBackport :: [Package] -> Property +installedBackport ps = withOS desc $ \o -> case o of + (Just (System (Debian suite) _)) -> + ensureProperty $ installed' ["-t", backportSuite suite, "-y"] ps + Nothing -> error "cannot install backports; os not declared" + _ -> error $ "backports not supported on " ++ show o + where + desc = (unwords $ "apt installed backport":ps) + -- | Minimal install of package, without recommends. installedMin :: [Package] -> Property installedMin = installed' ["--no-install-recommends", "-y"] diff --git a/Propellor/Property/OpenId.hs b/Propellor/Property/OpenId.hs index 4c562175..051d6425 100644 --- a/Propellor/Property/OpenId.hs +++ b/Propellor/Property/OpenId.hs @@ -12,7 +12,7 @@ providerFor users baseurl = propertyList desc $ [ Apt.serviceInstalledRunning "apache2" , Apt.installed ["simpleid"] `onChange` Service.restarted "apache2" - , File.fileProperty desc + , File.fileProperty (desc ++ " configured") (map setbaseurl) "/etc/simpleid/config.inc" ] ++ map identfile users where diff --git a/debian/changelog b/debian/changelog index 4c18df20..18436b29 100644 --- a/debian/changelog +++ b/debian/changelog @@ -6,6 +6,7 @@ propellor (0.3.1) UNRELEASED; urgency=medium * Apache support. * Properties can now be satisfied differently on different operating systems. + * Standard apt configuration for stable now includes backports. -- Joey Hess Fri, 11 Apr 2014 15:00:11 -0400 -- cgit v1.3-2-g0d8e