From 42042aefc13e235b36a28d5235a37ab4326a2400 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 7 Feb 2016 19:33:57 -0400 Subject: propellor spin --- config-joey.hs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index 75333d78..5c3d376b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -19,6 +19,7 @@ import qualified Propellor.Property.OpenId as OpenId import qualified Propellor.Property.Git as Git import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Apache as Apache +import qualified Propellor.Property.LetsEncrypt as LetsEncrypt import qualified Propellor.Property.Grub as Grub import qualified Propellor.Property.Obnam as Obnam import qualified Propellor.Property.Gpg as Gpg @@ -332,6 +333,11 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" & branchableSecondary & Dns.secondaryFor ["animx"] hosts "animx.eu.org" + -- testing + & Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html" + (LetsEncrypt.AgreeTOS (Just "id@joeyh.name")) + & alias "letsencrypt.joeyh.name" + elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" [ "Storage, big data, and backups, omnomnom!" -- cgit v1.3-2-g0d8e From c405edad6200319c35e2ac6a0ea7b83039c3835a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 7 Feb 2016 20:34:43 -0400 Subject: to revert --- config-joey.hs | 2 ++ 1 file changed, 2 insertions(+) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index 5c3d376b..fc7bd681 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -337,6 +337,8 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" & Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html" (LetsEncrypt.AgreeTOS (Just "id@joeyh.name")) & alias "letsencrypt.joeyh.name" + -- to revert above, partially: + -- ! Apache.virtualHost "letsencrypt.joeyh.name" (Port 443) "/var/www/html" elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" -- cgit v1.3-2-g0d8e From 97fdc43f8a49c87c730471442cf2117bf0a75d64 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 7 Feb 2016 22:01:17 -0400 Subject: property is revertable --- config-joey.hs | 2 -- src/Propellor/Property/Apache.hs | 17 +++++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) (limited to 'config-joey.hs') diff --git a/config-joey.hs b/config-joey.hs index fc7bd681..5c3d376b 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -337,8 +337,6 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64" & Apache.httpsVirtualHost "letsencrypt.joeyh.name" "/var/www/html" (LetsEncrypt.AgreeTOS (Just "id@joeyh.name")) & alias "letsencrypt.joeyh.name" - -- to revert above, partially: - -- ! Apache.virtualHost "letsencrypt.joeyh.name" (Port 443) "/var/www/html" elephant :: Host elephant = standardSystem "elephant.kitenet.net" Unstable "amd64" diff --git a/src/Propellor/Property/Apache.hs b/src/Propellor/Property/Apache.hs index d0bcadfa..dee7a5fc 100644 --- a/src/Propellor/Property/Apache.hs +++ b/src/Propellor/Property/Apache.hs @@ -156,16 +156,21 @@ virtualHost' domain (Port p) docroot addedcfg = siteEnabled domain $ -- -- > httpsVirtualHost "example.com" "/var/www" -- > (LetsEncrypt.AgreeTOS (Just "me@my.domain")) -httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> Property NoInfo +-- +-- Note that reverting this property does not remove the certificate from +-- letsencrypt's cert store. +httpsVirtualHost :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> RevertableProperty NoInfo httpsVirtualHost domain docroot letos = httpsVirtualHost' domain docroot letos [] -- | Like `httpsVirtualHost` but with additional config lines added. -httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> Property NoInfo -httpsVirtualHost' domain docroot letos addedcfg = setuphttp - `requires` modEnabled "rewrite" - `requires` modEnabled "ssl" - `before` setuphttps +httpsVirtualHost' :: Domain -> WebRoot -> LetsEncrypt.AgreeTOS -> [ConfigLine] -> RevertableProperty NoInfo +httpsVirtualHost' domain docroot letos addedcfg = setup teardown where + setup = setuphttp + `requires` modEnabled "rewrite" + `requires` modEnabled "ssl" + `before` setuphttps + teardown = siteDisabled domain setuphttp = siteEnabled' domain $ -- The sslconffile is only created after letsencrypt gets -- the cert. The "*" is needed to make apache not error -- cgit v1.3-2-g0d8e