From e31210248defec9ca3559c20b25f4b06d94ba4da Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 21:16:03 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index ef96e086..04ff37a2 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -23,3 +23,12 @@ satellite = setup `requires` installed , ("postfix/destinations", "string", " ") , ("postfix/mailname", "string", hn) ] + +-- | Sets up a file by running a property (which the filename is passed +-- to). If the setup property makes a change, postmap will be run on the +-- file, and postfix will be reloaded. +mappedFile :: FilePath -> (FilePath -> Property) -> Property +mappedFile f setup = setup f + `onChange` cmdProperty postmap [postmap] + where + postmap = "postmap " ++ f -- cgit v1.3-2-g0d8e From 3e41d350f4e9105c75bfabd11e740329cfc808d1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 22:20:16 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 43 ++++++++++++++++++++++-- src/Propellor/Property/SiteSpecific/JoeySites.hs | 3 +- 2 files changed, 43 insertions(+), 3 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 04ff37a2..03b4367e 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -2,6 +2,10 @@ module Propellor.Property.Postfix where import Propellor import qualified Propellor.Property.Apt as Apt +import Propellor.Property.File + +import qualified Data.Map as M +import Data.List installed :: Property installed = Apt.serviceInstalledRunning "postfix" @@ -29,6 +33,41 @@ satellite = setup `requires` installed -- file, and postfix will be reloaded. mappedFile :: FilePath -> (FilePath -> Property) -> Property mappedFile f setup = setup f - `onChange` cmdProperty postmap [postmap] + `onChange` cmdProperty "postmap" [f] + +-- | Parses main.cf, and removes any initial configuration lines that are +-- overridden to other values later in the file. +-- +-- For example, to add some settings, removing any old settings: +-- +-- > mainCf `File.containsLines` +-- > [ "# I like bars." +-- > , "foo = bar" +-- > ] `onChange` dedupMainCf +-- +-- Note that multiline configurations that continue onto the next line +-- are not currently supported. +dedupMainCf :: Property +dedupMainCf = fileProperty "postfix main.cf dedupped" go mainCf where - postmap = "postmap " ++ f + go ls = + let parsed = map parse ls + in dedup [] (keycounts $ rights parsed) parsed + + parse l + | "#" `isPrefixOf` l = Left l + | "=" `isInfixOf` l = Right (separate (== '=') l) + | otherwise = Left l + fmt k v = k ++ "=" ++ v + + keycounts = M.fromListWith (+) . map (\(k, _v) -> (k, (1 :: Integer))) + + dedup c _ [] = reverse c + dedup c kc ((Left v):rest) = dedup (v:c) kc rest + dedup c kc ((Right (k, v)):rest) = case M.lookup k kc of + Just n | n > 1 -> dedup c (M.insert k (n - 1) kc) rest + _ -> dedup (fmt k v:c) kc rest + +-- | The main config file for postfix. +mainCf :: FilePath +mainCf = "/etc/postfix/main.cf" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index f9bbb50b..c7acb9eb 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -423,7 +423,7 @@ kiteMailServer = propertyList "kitenet.net mail server" ) `describe` "postfix virtual file configured" , Postfix.mappedFile "/etc/postfix/relay_clientcerts" $ flip File.hasPrivContentExposed ctx - , "/etc/postfix/main.cf" `File.containsLines` + , Postfix.mainCf `File.containsLines` [ "myhostname = kitenet.net" , "mydomain = $myhostname" , "append_dot_mydomain = no" @@ -464,6 +464,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "smtp_use_tls = yes" , "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache" ] + `onChange` Postfix.dedupMainCf `onChange` Service.restarted "postfix" `describe` "postfix configured" , Apt.serviceInstalledRunning "dovecot-imapd" -- cgit v1.3-2-g0d8e From f4ce2124ac91c13475193fbfe25fb6877cd3228b Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 22:23:49 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 5 ++++- src/Propellor/Property/SiteSpecific/JoeySites.hs | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 03b4367e..027ea4cf 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -6,6 +6,7 @@ import Propellor.Property.File import qualified Data.Map as M import Data.List +import Data.Char installed :: Property installed = Apt.serviceInstalledRunning "postfix" @@ -56,7 +57,9 @@ dedupMainCf = fileProperty "postfix main.cf dedupped" go mainCf parse l | "#" `isPrefixOf` l = Left l - | "=" `isInfixOf` l = Right (separate (== '=') l) + | "=" `isInfixOf` l = + let (k, v) = separate (== '=') l + in Right ((filter (not . isSpace) k), v) | otherwise = Left l fmt k v = k ++ "=" ++ v diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index c7acb9eb..4ecdd9f0 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -396,6 +396,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "CRON=1" , "NICE=\"--nicelevel 15\"" ] `onChange` Service.restarted "spamassassin" + `describe` "spamd enabled" , Apt.serviceInstalledRunning "spamass-miter" , Apt.installed ["maildrop"] , "/etc/aliases" `File.hasPrivContentExposed` ctx -- cgit v1.3-2-g0d8e From 93a2b92f6215eb4b3b5bd81a2417f0edddea598c Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 23:41:17 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 027ea4cf..1cfc64d3 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -49,12 +49,13 @@ mappedFile f setup = setup f -- Note that multiline configurations that continue onto the next line -- are not currently supported. dedupMainCf :: Property -dedupMainCf = fileProperty "postfix main.cf dedupped" go mainCf - where - go ls = - let parsed = map parse ls - in dedup [] (keycounts $ rights parsed) parsed - +dedupMainCf = fileProperty "postfix main.cf dedupped" dedupCf mainCf + +dedupCf :: [String] -> [String] +dedupCf ls = + let parsed = map parse ls + in dedup [] (keycounts $ rights parsed) parsed + where parse l | "#" `isPrefixOf` l = Left l | "=" `isInfixOf` l = -- cgit v1.3-2-g0d8e From 8b90fc9a5217f92da0e3c10423f299f1df15ac5a Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 17 Jul 2014 23:43:33 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 1cfc64d3..3b35eee6 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -62,7 +62,7 @@ dedupCf ls = let (k, v) = separate (== '=') l in Right ((filter (not . isSpace) k), v) | otherwise = Left l - fmt k v = k ++ "=" ++ v + fmt k v = k ++ " =" ++ v keycounts = M.fromListWith (+) . map (\(k, _v) -> (k, (1 :: Integer))) -- cgit v1.3-2-g0d8e From 2812719e5466d2676db3fd5c4ac36c45bb873e89 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 01:03:05 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 9 +++++++++ src/Propellor/Property/SiteSpecific/JoeySites.hs | 18 ++++++++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 3b35eee6..1711a7dd 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -3,6 +3,7 @@ module Propellor.Property.Postfix where import Propellor import qualified Propellor.Property.Apt as Apt import Propellor.Property.File +import qualified Propellor.Property.Service as Service import qualified Data.Map as M import Data.List @@ -11,6 +12,9 @@ import Data.Char installed :: Property installed = Apt.serviceInstalledRunning "postfix" +restarted :: Property +restarted = Service.restarted "postfix" + -- | Configures postfix as a satellite system, which -- relats all mail through a relay host, which defaults to smtp.domain. -- @@ -36,6 +40,11 @@ mappedFile :: FilePath -> (FilePath -> Property) -> Property mappedFile f setup = setup f `onChange` cmdProperty "postmap" [f] +-- | Run newaliases command, which should be done after changing +-- /etc/aliases. +newaliases :: Property +newaliases = trivial $ cmdProperty "newaliases" [] + -- | Parses main.cf, and removes any initial configuration lines that are -- overridden to other values later in the file. -- diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index a42349d6..0838af47 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -392,12 +392,15 @@ kiteMailServer = propertyList "kitenet.net mail server" , Apt.serviceInstalledRunning "spamassassin" , "/etc/default/spamassassin" `File.containsLines` - [ "ENABLED=1" + [ "# Propellor deployed" + , "ENABLED=1" + , "CRON=1" , "OPTIONS=\"--create-prefs --max-children 5 --helper-home-dir\"" , "CRON=1" , "NICE=\"--nicelevel 15\"" ] `onChange` Service.restarted "spamassassin" `describe` "spamd enabled" + `requires` Apt.serviceInstalledRunning "cron" , Apt.serviceInstalledRunning "spamass-milter" -- Add -m to prevent modifying messages Subject or body. @@ -408,7 +411,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , Apt.installed ["maildrop"] , "/etc/maildroprc" `File.hasContent` - [ "# Global maildrop filter file (deployed with propellor" + [ "# Global maildrop filter file (deployed with propellor)" , "DEFAULT=\"$HOME/Maildir\"" , "MAILBOX=\"$DEFAULT/.\"" , "# Filter spam to a spam folder, unless .keepspam exists" @@ -422,22 +425,21 @@ kiteMailServer = propertyList "kitenet.net mail server" `describe` "maildrop configured" , "/etc/aliases" `File.hasPrivContentExposed` ctx - `onChange` cmdProperty "newaliases" ["newaliases"] + `onChange` Postfix.newaliases , hasJoeyCAChain , "/etc/ssl/certs/postfix.pem" `File.hasPrivContentExposed` ctx , "/etc/ssl/private/postfix.pem" `File.hasPrivContent` ctx , "/etc/postfix/mydomain" `File.containsLines` [ "/.*\\.kitenet\\.net/\tOK" - , "/mooix\\.net/\tOK" , "/ikiwiki\\.info/\tOK" , "/joeyh\\.name/\tOK" ] - `onChange` Service.restarted "postfix" + `onChange` Postfix.restarted `describe` "postfix mydomain file configured" , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" - `onChange` Service.restarted "postfix" + `onChange` Postfix.restarted `describe` "postfix obscure_client_relay file configured" , Postfix.mappedFile "/etc/postfix/virtual" (flip File.containsLines @@ -445,6 +447,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "@joeyh.name\tjoey" ] ) `describe` "postfix virtual file configured" + `onChange` Postfix.restarted , Postfix.mappedFile "/etc/postfix/relay_clientcerts" $ flip File.hasPrivContentExposed ctx , Postfix.mainCf `File.containsLines` @@ -489,13 +492,12 @@ kiteMailServer = propertyList "kitenet.net mail server" , "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache" ] `onChange` Postfix.dedupMainCf - `onChange` Service.restarted "postfix" + `onChange` Postfix.restarted `describe` "postfix configured" , Apt.serviceInstalledRunning "dovecot-imapd" , Apt.serviceInstalledRunning "dovecot-pop3d" - , Apt.serviceInstalledRunning "cron" , Apt.installed ["bsd-mailx"] ] where -- cgit v1.3-2-g0d8e From 6957f28945bc4360882c8337f91d471de8fbadee Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 02:08:13 -0400 Subject: propellor spin --- config-joey.hs | 20 ++++++++++++++------ src/Propellor/Property/Postfix.hs | 3 +++ src/Propellor/Property/SiteSpecific/JoeySites.hs | 8 ++++---- 3 files changed, 21 insertions(+), 10 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/config-joey.hs b/config-joey.hs index 6db3e81d..b95a3278 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -75,7 +75,10 @@ hosts = -- (o) ` & Docker.garbageCollected `period` Daily & Apt.buildDep ["git-annex"] `period` Daily - , standardSystem "kite.kitenet.net" Unstable "amd64" + -- This is not a complete description of kite, since it's a + -- multiuser system with eg, user passwords that are not deployed + -- with propellor. + , standardSystemUnhardened "kite.kitenet.net" Unstable "amd64" [ "Welcome to the new kitenet.net server!" , "This is still under construction and not yet live.." ] @@ -102,6 +105,8 @@ hosts = -- (o) ` & JoeySites.kiteMailServer & Apt.installed ["mutt", "alpine", "git-annex", "myrepos"] + -- Since password authentication is allowed: + & Apt.serviceInstalledRunning "fail2ban" , standardSystem "diatom.kitenet.net" Stable "amd64" [ "Important stuff that needs not too much memory or CPU." ] @@ -280,7 +285,14 @@ type Motd = [String] -- This is my standard system setup. standardSystem :: HostName -> DebianSuite -> Architecture -> Motd -> Host -standardSystem hn suite arch motd = host hn +standardSystem hn suite arch motd = standardSystemUnhardened hn suite arch motd + -- Harden the system, but only once root's authorized_keys + -- is safely in place. + & check (Ssh.hasAuthorizedKeys "root") + (Ssh.passwordAuthentication False) + +standardSystemUnhardened :: HostName -> DebianSuite -> Architecture -> Motd -> Host +standardSystemUnhardened hn suite arch motd = host hn & os (System (Debian suite) arch) & Hostname.sane & Hostname.searchDomain @@ -291,10 +303,6 @@ standardSystem hn suite arch motd = host hn & Apt.installed ["ssh"] & GitHome.installedFor "root" & User.hasSomePassword "root" (Context hn) - -- Harden the system, but only once root's authorized_keys - -- is safely in place. - & check (Ssh.hasAuthorizedKeys "root") - (Ssh.passwordAuthentication False) & User.accountFor "joey" & User.hasSomePassword "joey" (Context hn) & Sudo.enabledFor "joey" diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 1711a7dd..fbe39299 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -15,6 +15,9 @@ installed = Apt.serviceInstalledRunning "postfix" restarted :: Property restarted = Service.restarted "postfix" +reloaded :: Property +reloaded = Service.reloaded "postfix" + -- | Configures postfix as a satellite system, which -- relats all mail through a relay host, which defaults to smtp.domain. -- diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 0838af47..a6be2411 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -435,11 +435,11 @@ kiteMailServer = propertyList "kitenet.net mail server" , "/ikiwiki\\.info/\tOK" , "/joeyh\\.name/\tOK" ] - `onChange` Postfix.restarted + `onChange` Postfix.reloaded `describe` "postfix mydomain file configured" , "/etc/postfix/obscure_client_relay.pcre" `File.containsLine` "/^Received: from ([^.]+)\\.kitenet\\.net.*using TLS.*by kitenet\\.net \\(([^)]+)\\) with (E?SMTPS?A?) id ([A-F[:digit:]]+)(.*)/ IGNORE" - `onChange` Postfix.restarted + `onChange` Postfix.reloaded `describe` "postfix obscure_client_relay file configured" , Postfix.mappedFile "/etc/postfix/virtual" (flip File.containsLines @@ -447,7 +447,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "@joeyh.name\tjoey" ] ) `describe` "postfix virtual file configured" - `onChange` Postfix.restarted + `onChange` Postfix.reloaded , Postfix.mappedFile "/etc/postfix/relay_clientcerts" $ flip File.hasPrivContentExposed ctx , Postfix.mainCf `File.containsLines` @@ -492,7 +492,7 @@ kiteMailServer = propertyList "kitenet.net mail server" , "smtp_tls_session_cache_database = sdbm:/etc/postfix/smtp_scache" ] `onChange` Postfix.dedupMainCf - `onChange` Postfix.restarted + `onChange` Postfix.reloaded `describe` "postfix configured" , Apt.serviceInstalledRunning "dovecot-imapd" -- cgit v1.3-2-g0d8e From 614a6a13acd3e3a7b83dcae86dcf40eb76b824dc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 13:03:13 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index fbe39299..1a4a313a 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -19,22 +19,31 @@ reloaded :: Property reloaded = Service.reloaded "postfix" -- | Configures postfix as a satellite system, which --- relats all mail through a relay host, which defaults to smtp.domain. +-- relays all mail through a relay host, which defaults to smtp.domain. -- -- The smarthost may refuse to relay mail on to other domains, without -- futher coniguration/keys. But this should be enough to get cron job -- mail flowing to a place where it will be seen. satellite :: Property -satellite = setup `requires` installed +satellite = check norelayhost setup + `requires` installed where setup = trivial $ property "postfix satellite system" $ do hn <- asks hostName + let (_, domain) = separate (== '.') hn ensureProperty $ Apt.reConfigure "postfix" [ ("postfix/main_mailer_type", "select", "Satellite system") , ("postfix/root_address", "string", "root") , ("postfix/destinations", "string", " ") , ("postfix/mailname", "string", hn) + , ("postfix/relayhost", "string", "smtp." ++ domain) ] + norelayhost = not . any relayhostset . lines + <$> readProcess "postconf" [] + relayhostset l + | l == "relayhost =" = False + | "relayhost =" `isPrefixOf` l = True + | otherwise = False -- | Sets up a file by running a property (which the filename is passed -- to). If the setup property makes a change, postmap will be run on the -- cgit v1.3-2-g0d8e From 4d38e8bfd65e935819b6c0ba07d746232de9eb08 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 13:09:55 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 1a4a313a..52c329bd 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -31,12 +31,16 @@ satellite = check norelayhost setup setup = trivial $ property "postfix satellite system" $ do hn <- asks hostName let (_, domain) = separate (== '.') hn - ensureProperty $ Apt.reConfigure "postfix" - [ ("postfix/main_mailer_type", "select", "Satellite system") - , ("postfix/root_address", "string", "root") - , ("postfix/destinations", "string", " ") - , ("postfix/mailname", "string", hn) - , ("postfix/relayhost", "string", "smtp." ++ domain) + ensureProperties + [ Apt.reConfigure "postfix" + [ ("postfix/main_mailer_type", "select", "Satellite system") + , ("postfix/root_address", "string", "root") + , ("postfix/destinations", "string", " ") + , ("postfix/mailname", "string", hn) + ] + , mainCf `containsLine` ("relayhost = " ++ domain) + `onChange` dedupMainCf + `onChange` reloaded ] norelayhost = not . any relayhostset . lines <$> readProcess "postconf" [] -- cgit v1.3-2-g0d8e From 0d188bf5f6a1ad519a660e06d7e74c6cf683ff32 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 14:33:30 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 33 +++++++++++++++++++----- src/Propellor/Property/SiteSpecific/JoeySites.hs | 2 +- 2 files changed, 27 insertions(+), 8 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 52c329bd..96bc1bc1 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -38,14 +38,14 @@ satellite = check norelayhost setup , ("postfix/destinations", "string", " ") , ("postfix/mailname", "string", hn) ] - , mainCf `containsLine` ("relayhost = " ++ domain) - `onChange` dedupMainCf + , mainCf ("relayhost", domain) `onChange` reloaded ] norelayhost = not . any relayhostset . lines <$> readProcess "postconf" [] relayhostset l | l == "relayhost =" = False + | l == "relayhost = " = False | "relayhost =" `isPrefixOf` l = True | otherwise = False @@ -61,6 +61,29 @@ mappedFile f setup = setup f newaliases :: Property newaliases = trivial $ cmdProperty "newaliases" [] +-- | The main config file for postfix. +mainCfFile :: FilePath +mainCfFile = "/etc/postfix/main.cf" + +-- | Sets a main.cf name=value pair. Does not reload postfix immediately. +mainCf :: (String, String) -> Property +mainCf (name, value) = check notset set + `describe` ("postfix main.cf " ++ setting) + where + setting = name ++ "=" ++ value + notset = (/= Just value) <$> getMainCf name + set = cmdProperty "postconf" ["-e", setting] + +-- | Gets a man.cf setting. +getMainCf :: String -> IO (Maybe String) +getMainCf name = parse . lines <$> readProcess "postconf" [name] + where + parse (l:_) = Just $ + case separate (== '=') l of + (_, (' ':v)) -> v + (_, v) -> v + parse [] = Nothing + -- | Parses main.cf, and removes any initial configuration lines that are -- overridden to other values later in the file. -- @@ -74,7 +97,7 @@ newaliases = trivial $ cmdProperty "newaliases" [] -- Note that multiline configurations that continue onto the next line -- are not currently supported. dedupMainCf :: Property -dedupMainCf = fileProperty "postfix main.cf dedupped" dedupCf mainCf +dedupMainCf = fileProperty "postfix main.cf dedupped" dedupCf mainCfFile dedupCf :: [String] -> [String] dedupCf ls = @@ -96,7 +119,3 @@ dedupCf ls = dedup c kc ((Right (k, v)):rest) = case M.lookup k kc of Just n | n > 1 -> dedup c (M.insert k (n - 1) kc) rest _ -> dedup (fmt k v:c) kc rest - --- | The main config file for postfix. -mainCf :: FilePath -mainCf = "/etc/postfix/main.cf" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index d1f22fc1..14cae614 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -461,7 +461,7 @@ kiteMailServer = propertyList "kitenet.net mail server" `onChange` Postfix.reloaded , Postfix.mappedFile "/etc/postfix/relay_clientcerts" $ flip File.hasPrivContentExposed ctx - , Postfix.mainCf `File.containsLines` + , Postfix.mainCfFile `File.containsLines` [ "myhostname = kitenet.net" , "mydomain = $myhostname" , "append_dot_mydomain = no" -- cgit v1.3-2-g0d8e From 90682a79844078b721f0e071598103ccadb44622 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 14:36:51 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index 96bc1bc1..a9815226 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -25,7 +25,7 @@ reloaded = Service.reloaded "postfix" -- futher coniguration/keys. But this should be enough to get cron job -- mail flowing to a place where it will be seen. satellite :: Property -satellite = check norelayhost setup +satellite = check (not <$> mainCfIsSet "relayhost") setup `requires` installed where setup = trivial $ property "postfix satellite system" $ do @@ -41,13 +41,6 @@ satellite = check norelayhost setup , mainCf ("relayhost", domain) `onChange` reloaded ] - norelayhost = not . any relayhostset . lines - <$> readProcess "postconf" [] - relayhostset l - | l == "relayhost =" = False - | l == "relayhost = " = False - | "relayhost =" `isPrefixOf` l = True - | otherwise = False -- | Sets up a file by running a property (which the filename is passed -- to). If the setup property makes a change, postmap will be run on the @@ -84,6 +77,13 @@ getMainCf name = parse . lines <$> readProcess "postconf" [name] (_, v) -> v parse [] = Nothing +-- | Checks if a main.cf field is set. A field that is set to "" +-- is considered not set. +mainCfIsSet :: String -> IO Bool +mainCfIsSet name = do + v <- getMainCf name + return $ v == Nothing || v == Just "" + -- | Parses main.cf, and removes any initial configuration lines that are -- overridden to other values later in the file. -- -- cgit v1.3-2-g0d8e From ef472be6a6e1270245ec50554d6d59c31e1e733d Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Jul 2014 14:42:46 -0400 Subject: propellor spin --- src/Propellor/Property/Postfix.hs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/Propellor/Property/Postfix.hs') diff --git a/src/Propellor/Property/Postfix.hs b/src/Propellor/Property/Postfix.hs index a9815226..b3d12727 100644 --- a/src/Propellor/Property/Postfix.hs +++ b/src/Propellor/Property/Postfix.hs @@ -82,7 +82,7 @@ getMainCf name = parse . lines <$> readProcess "postconf" [name] mainCfIsSet :: String -> IO Bool mainCfIsSet name = do v <- getMainCf name - return $ v == Nothing || v == Just "" + return $ v /= Nothing && v /= Just "" -- | Parses main.cf, and removes any initial configuration lines that are -- overridden to other values later in the file. -- cgit v1.3-2-g0d8e