From 266fbe7f20dbefc4709b323bc316f4ae33206ec6 Mon Sep 17 00:00:00 2001
From: Jelmer Vernooij <jelmer@debian.org>
Date: Sun, 20 Sep 2015 14:25:37 +0000
Subject: Add aiccu module.

---
 src/Propellor/Property/Aiccu.hs | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 src/Propellor/Property/Aiccu.hs

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
new file mode 100644
index 00000000..c6c1569a
--- /dev/null
+++ b/src/Propellor/Property/Aiccu.hs
@@ -0,0 +1,27 @@
+module Propellor.Property.Aiccu where
+
+import Propellor
+import qualified Propellor.Property.Apt as Apt
+
+confPath :: FilePath
+confPath = "/etc/aiccu.conf"
+
+config :: String -> String -> PrivData -> [String]
+config u t p = [ "protocol tic"
+	       , "server tic.sixxs.net"
+	       , "username " ++ u
+	       , "password " ++ (privDataVal p)
+	       , "ipv6_interface sixxs"
+	       , "tunnel_id " ++ t
+	       , "daemonize true"
+	       , "automatic true"
+	       , "requiretls true"
+	       , "makebeats true"
+	       ]
+
+hasConfig :: String -> String -> Property HasInfo
+hasConfig t u = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $ property "aiccu configured" . writeConfig
+	where writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
+	      writeConfig getpassword = getpassword $ go
+	      go (Password u, p) = makeChange $ writeFile confPath (unlines $ config u t p)
+	      go (f, _) = error $ "Unexpected type of privdata: " ++ show f
-- 
cgit v1.3-2-g0d8e


From ca5f973c2b745b75da57d4b3953d50604165fcd0 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 14:37:41 -0400
Subject: reformat and fix warning about 2 definitions of 'u'

---
 src/Propellor/Property/Aiccu.hs | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index c6c1569a..e6d4f7fe 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -7,21 +7,23 @@ confPath :: FilePath
 confPath = "/etc/aiccu.conf"
 
 config :: String -> String -> PrivData -> [String]
-config u t p = [ "protocol tic"
-	       , "server tic.sixxs.net"
-	       , "username " ++ u
-	       , "password " ++ (privDataVal p)
-	       , "ipv6_interface sixxs"
-	       , "tunnel_id " ++ t
-	       , "daemonize true"
-	       , "automatic true"
-	       , "requiretls true"
-	       , "makebeats true"
-	       ]
+config u t p = 
+	[ "protocol tic"
+	, "server tic.sixxs.net"
+	, "username " ++ u
+	, "password " ++ (privDataVal p)
+	, "ipv6_interface sixxs"
+	, "tunnel_id " ++ t
+	, "daemonize true"
+	, "automatic true"
+	, "requiretls true"
+	, "makebeats true"
+	]
 
 hasConfig :: String -> String -> Property HasInfo
 hasConfig t u = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $ property "aiccu configured" . writeConfig
-	where writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
-	      writeConfig getpassword = getpassword $ go
-	      go (Password u, p) = makeChange $ writeFile confPath (unlines $ config u t p)
-	      go (f, _) = error $ "Unexpected type of privdata: " ++ show f
+  where
+	writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
+	writeConfig getpassword = getpassword $ go
+	go (Password u', p) = makeChange $ writeFile confPath (unlines $ config u' t p)
+	go (f, _) = error $ "Unexpected type of privdata: " ++ show f
-- 
cgit v1.3-2-g0d8e


From 2f4340bb1b235f6aec9a6a28233ee28d82b499a3 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 14:49:15 -0400
Subject: a few improvements

---
 src/Propellor/Property/Aiccu.hs | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index e6d4f7fe..e3070c90 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -1,12 +1,29 @@
-module Propellor.Property.Aiccu where
+module Propellor.Property.Aiccu (
+	installed,
+	reloaded,
+	confPath,
+	UserName,
+	TunnelId,
+	hasConfig,
+) where
 
 import Propellor
 import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.Service as Service
+import qualified Propellor.Property.File as File
+
+installed :: Property NoInfo
+installed = Apt.installed ["aiccu"]
+
+reloaded :: Property NoInfo
+reloaded = Service.reloaded "aiccu"
 
 confPath :: FilePath
 confPath = "/etc/aiccu.conf"
 
-config :: String -> String -> PrivData -> [String]
+type TunnelId = String
+
+config :: UserName -> TunnelId -> PrivData -> [File.Line]
 config u t p = 
 	[ "protocol tic"
 	, "server tic.sixxs.net"
@@ -20,10 +37,13 @@ config u t p =
 	, "makebeats true"
 	]
 
-hasConfig :: String -> String -> Property HasInfo
-hasConfig t u = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $ property "aiccu configured" . writeConfig
+-- | Configures an ipv6 tunnel using sixxs.net, with the given TunneId
+-- and sixx.net UserName.
+hasConfig :: TunnelId -> UserName -> Property HasInfo
+hasConfig t u = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $
+	property "aiccu configured" . writeConfig
   where
 	writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
-	writeConfig getpassword = getpassword $ go
-	go (Password u', p) = makeChange $ writeFile confPath (unlines $ config u' t p)
+	writeConfig getpassword = getpassword $ ensureProperty . go
+	go (Password u', p) = confPath `File.hasContent` config u' t p
 	go (f, _) = error $ "Unexpected type of privdata: " ++ show f
-- 
cgit v1.3-2-g0d8e


From 2080b5f57f5d88466a786a494fb3bf9cb4d44996 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 14:51:12 -0400
Subject: reload daemon on conf file change

---
 src/Propellor/Property/Aiccu.hs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index e3070c90..7a1e6e18 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -40,9 +40,10 @@ config u t p =
 -- | Configures an ipv6 tunnel using sixxs.net, with the given TunneId
 -- and sixx.net UserName.
 hasConfig :: TunnelId -> UserName -> Property HasInfo
-hasConfig t u = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $
-	property "aiccu configured" . writeConfig
+hasConfig t u = prop  `onChange` reloaded
   where
+	prop = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $
+		property "aiccu configured" . writeConfig
 	writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
 	writeConfig getpassword = getpassword $ ensureProperty . go
 	go (Password u', p) = confPath `File.hasContent` config u' t p
-- 
cgit v1.3-2-g0d8e


From 174fc58787ed585e047febb206d205daa447dee1 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 14:58:51 -0400
Subject: bug fix: used wrong username for config file in case where
 username/tunnelid was provided in privdata

---
 src/Propellor/Property/Aiccu.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index 7a1e6e18..16d48832 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -46,5 +46,5 @@ hasConfig t u = prop  `onChange` reloaded
 		property "aiccu configured" . writeConfig
 	writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
 	writeConfig getpassword = getpassword $ ensureProperty . go
-	go (Password u', p) = confPath `File.hasContent` config u' t p
+	go (Password _, p) = confPath `File.hasContent` config u t p
 	go (f, _) = error $ "Unexpected type of privdata: " ++ show f
-- 
cgit v1.3-2-g0d8e


From 40908a6ff603caf70a0f8653a3f6fda13e05cd37 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 15:03:51 -0400
Subject: make sure aiccu.conf is only readable by root, even if it had a
 different mode to start with

---
 src/Propellor/Property/Aiccu.hs |  2 +-
 src/Propellor/Property/File.hs  | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index 16d48832..519b8ce9 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -46,5 +46,5 @@ hasConfig t u = prop  `onChange` reloaded
 		property "aiccu configured" . writeConfig
 	writeConfig :: (((PrivDataField, PrivData) -> Propellor Result) -> Propellor Result) -> Propellor Result
 	writeConfig getpassword = getpassword $ ensureProperty . go
-	go (Password _, p) = confPath `File.hasContent` config u t p
+	go (Password _, p) = confPath `File.hasContentProtected` config u t p
 	go (f, _) = error $ "Unexpected type of privdata: " ++ show f
diff --git a/src/Propellor/Property/File.hs b/src/Propellor/Property/File.hs
index 4563fe79..a1d3037f 100644
--- a/src/Propellor/Property/File.hs
+++ b/src/Propellor/Property/File.hs
@@ -10,7 +10,15 @@ type Line = String
 
 -- | Replaces all the content of a file.
 hasContent :: FilePath -> [Line] -> Property NoInfo
-f `hasContent` newcontent = fileProperty ("replace " ++ f)
+f `hasContent` newcontent = fileProperty
+	("replace " ++ f)
+	(\_oldcontent -> newcontent) f
+
+-- | Replaces all the content of a file, ensuring that its modes do not
+-- allow it to be read or written by anyone other than the current user
+hasContentProtected :: FilePath -> [Line] -> Property NoInfo
+f `hasContentProtected` newcontent = fileProperty' writeFileProtected 
+	("replace " ++ f)
 	(\_oldcontent -> newcontent) f
 
 -- | Ensures a file has contents that comes from PrivData.
-- 
cgit v1.3-2-g0d8e


From 9f4b3e0ed4de04ba5fb754ea45402465faf30783 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Sun, 20 Sep 2015 15:05:50 -0400
Subject: aiccu's init script doesn't support reload; restart it

---
 src/Propellor/Property/Aiccu.hs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'src/Propellor/Property/Aiccu.hs')

diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs
index 519b8ce9..e8aaa7bb 100644
--- a/src/Propellor/Property/Aiccu.hs
+++ b/src/Propellor/Property/Aiccu.hs
@@ -1,6 +1,6 @@
 module Propellor.Property.Aiccu (
 	installed,
-	reloaded,
+	restarted,
 	confPath,
 	UserName,
 	TunnelId,
@@ -15,8 +15,8 @@ import qualified Propellor.Property.File as File
 installed :: Property NoInfo
 installed = Apt.installed ["aiccu"]
 
-reloaded :: Property NoInfo
-reloaded = Service.reloaded "aiccu"
+restarted :: Property NoInfo
+restarted = Service.restarted "aiccu"
 
 confPath :: FilePath
 confPath = "/etc/aiccu.conf"
@@ -28,7 +28,7 @@ config u t p =
 	[ "protocol tic"
 	, "server tic.sixxs.net"
 	, "username " ++ u
-	, "password " ++ (privDataVal p)
+	, "password " ++ privDataVal p
 	, "ipv6_interface sixxs"
 	, "tunnel_id " ++ t
 	, "daemonize true"
@@ -40,7 +40,7 @@ config u t p =
 -- | Configures an ipv6 tunnel using sixxs.net, with the given TunneId
 -- and sixx.net UserName.
 hasConfig :: TunnelId -> UserName -> Property HasInfo
-hasConfig t u = prop  `onChange` reloaded
+hasConfig t u = prop  `onChange` restarted
   where
 	prop = withSomePrivData [(Password (u++"/"++t)), (Password u)] (Context "aiccu") $
 		property "aiccu configured" . writeConfig
-- 
cgit v1.3-2-g0d8e