From fac02a6a82bb8a377f63e5e83c7afeb228bb0538 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 13 Feb 2015 15:59:50 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 9644cb72..78751c77 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -125,17 +125,6 @@ mumbleServer hosts = combineProperties hn $ props where hn = "mumble.debian.net" -obnamLowMem :: Property NoInfo -obnamLowMem = combineProperties "obnam tuned for low memory use" - [ Obnam.latestVersion - , "/etc/obnam.conf" `File.containsLines` - [ "[config]" - , "# Suggested by liw to keep Obnam memory consumption down (at some speed cost)." - , "upload-queue-size = 96" - , "lru-size = 96" - ] - ] - -- git.kitenet.net and git.joeyh.name gitServer :: [Host] -> Property HasInfo gitServer hosts = propertyList "git.kitenet.net setup" $ props @@ -282,7 +271,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync & "/etc/default/rsync" `File.containsLine` "RSYNC_ENABLE=true" `onChange` Service.running "rsync" & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild" - & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-mavericks" + & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-yosemite" -- git-annex distribution signing key & Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey" where -- cgit v1.3-2-g0d8e From 5b56a416c17be95ad5b54a886a29ef3b6a72d223 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 19 Feb 2015 18:40:50 -0400 Subject: endpoint --- src/Propellor/Property/SiteSpecific/JoeySites.hs | 1 + 1 file changed, 1 insertion(+) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs index 78751c77..005f12d1 100644 --- a/src/Propellor/Property/SiteSpecific/JoeySites.hs +++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -272,6 +272,7 @@ gitAnnexDistributor = combineProperties "git-annex distributor, including rsync `onChange` Service.running "rsync" & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild" & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/x86_64-apple-yosemite" + & endpoint "/srv/web/downloads.kitenet.net/git-annex/autobuild/windows" -- git-annex distribution signing key & Gpg.keyImported (Gpg.GpgKeyId "89C809CB") "joey" where -- cgit v1.3-2-g0d8e From fa7656f74356ca1f85f225cbdf2f6c1f56fe788f Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Wed, 25 Feb 2015 14:58:40 -0400 Subject: Add shebang to cron.daily etc files. --- debian/changelog | 1 + src/Propellor/Property/Cron.hs | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'src/Propellor/Property') diff --git a/debian/changelog b/debian/changelog index ef4b8a28..b31c7ed2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ propellor (2.1.1) UNRELEASED; urgency=medium * When running shimmed (eg in a docker container), improve process name visible in ps. + * Add shebang to cron.daily etc files. -- Joey Hess Mon, 16 Feb 2015 19:00:48 -0400 diff --git a/src/Propellor/Property/Cron.hs b/src/Propellor/Property/Cron.hs index fd365c8f..2a28a157 100644 --- a/src/Propellor/Property/Cron.hs +++ b/src/Propellor/Property/Cron.hs @@ -30,7 +30,10 @@ data Times job :: Desc -> Times -> UserName -> FilePath -> String -> Property NoInfo job desc times user cddir command = combineProperties ("cronned " ++ desc) [ cronjobfile `File.hasContent` - [ "# Generated by propellor" + [ case times of + Times _ -> "" + _ -> "#!/bin/sh\nset -e" + , "# Generated by propellor" , "" , "SHELL=/bin/sh" , "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" -- cgit v1.3-2-g0d8e From e8b0e7c6ca34365710d1066984bd3d7026621b70 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 27 Feb 2015 18:55:51 -0400 Subject: propellor spin --- config-joey.hs | 5 +- debian/changelog | 3 +- propellor.cabal | 2 +- src/Propellor/Property/Tor.hs | 110 ++++++++++++++++++++++-------------------- 4 files changed, 65 insertions(+), 55 deletions(-) (limited to 'src/Propellor/Property') diff --git a/config-joey.hs b/config-joey.hs index 1bd558ff..bd1a4965 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -84,8 +84,9 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64" & Ssh.randomHostKeys & Apt.unattendedUpgrades & Network.ipv6to4 - & Tor.named "kite1" Tor.isRelay' - & Postfix.satellite + & Tor.isRelay + & Tor.named "kite1" + & Tor.bandwidthRate "128 kibibytes" & Docker.configured & Docker.garbageCollected `period` Daily diff --git a/debian/changelog b/debian/changelog index b31c7ed2..47e683c9 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,9 @@ -propellor (2.1.1) UNRELEASED; urgency=medium +propellor (2.2.0) UNRELEASED; urgency=medium * When running shimmed (eg in a docker container), improve process name visible in ps. * Add shebang to cron.daily etc files. + * Some changes to tor configuration, minor API change. -- Joey Hess Mon, 16 Feb 2015 19:00:48 -0400 diff --git a/propellor.cabal b/propellor.cabal index 41520baa..06154571 100644 --- a/propellor.cabal +++ b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 2.1.0 +Version: 2.2.0 Cabal-Version: >= 1.6 License: BSD3 Maintainer: Joey Hess diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 8176e643..bf03d631 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -5,6 +5,7 @@ import qualified Propellor.Property.File as File import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Service as Service import Utility.FileMode +import Utility.DataUnits import System.Posix.Files import Data.Char @@ -17,60 +18,36 @@ type NodeName = String -- -- Uses port 443 isBridge :: Property NoInfo -isBridge = isBridge' [] - -isBridge' :: [String] -> Property NoInfo -isBridge' extraconfig = server config +isBridge = configured + [ ("BridgeRelay", "1") + , ("Exitpolicy", "reject *:*") + , ("ORPort", "443") + ] `describe` "tor bridge" - where - config = - [ "BridgeRelay 1" - , "Exitpolicy reject *:*" - , "ORPort 443" - ] ++ extraconfig + `requires` server -- | Sets up a tor relay. -- -- Uses port 443 isRelay :: Property NoInfo -isRelay = isRelay' [] - -isRelay' :: [String] -> Property NoInfo -isRelay' extraconfig = server config +isRelay = configured + [ ("BridgeRelay", "0") + , ("Exitpolicy", "reject *:*") + , ("ORPort", "443") + ] `describe` "tor relay" - where - config = - [ "BridgeRelay 0" - , "Exitpolicy reject *:*" - , "ORPort 443" - ] ++ extraconfig - --- | Converts a property like isBridge' or isRelay' to be a named --- node, with a known private key. + `requires` server + +-- | Makes the tor node be named, with a known private key. -- -- This can be moved to a different IP without needing to wait to -- accumulate trust. --- --- The base property can be used to start out and then upgraded to --- a named property later. -named :: NodeName -> ([String] -> Property NoInfo) -> Property HasInfo -named n basep = p `describe` (getDesc p ++ " " ++ n) - where - p = basep ["Nickname " ++ saneNickname n] - `requires` torPrivKey (Context ("tor " ++ n)) - --- | A tor server (bridge, relay, or exit) --- Don't use if you just want to run tor for personal use. -server :: [String] -> Property NoInfo -server extraconfig = setup - `requires` Apt.installed ["tor", "ntp"] - `describe` "tor server" +named :: NodeName -> Property HasInfo +named n = configured [("Nickname", n')] + `describe` ("tor node named " ++ n') + `requires` torPrivKey (Context ("tor " ++ n)) where - setup = mainConfig `File.hasContent` config - `onChange` restarted - config = - [ "SocksPort 0" - ] ++ extraconfig + n' = saneNickname n torPrivKey :: Context -> Property HasInfo torPrivKey context = f `File.hasPrivContent` context @@ -80,15 +57,47 @@ torPrivKey context = f `File.hasPrivContent` context where f = "/var/lib/tor/keys/secret_id_key" +-- | A tor server (bridge, relay, or exit) +-- Don't use if you just want to run tor for personal use. +server :: Property NoInfo +server = configured [("SocksPort", "0")] + `requires` Apt.installed ["tor", "ntp"] + `describe` "tor server" + +-- | Specifies configuration settings. Any lines in the config file +-- that set other values for the specified settings will be removed, +-- while other settings are left as-is. Tor is restarted when +-- configuration is changed. +configured :: [(String, String)] -> Property NoInfo +configured settings = File.fileProperty "tor configured" go mainConfig + `onChange` restarted + where + ks = map fst settings + go ls = map toconfig $ + filter (\(k, _) -> k `notElem` ks) (map fromconfig ls) + ++ settings + toconfig (k, v) = k ++ " " ++ v + fromconfig = separate (== ' ') + +type BwLimit = String + +-- | Limit incoming and outgoing traffic to the specified +-- amount, per second. +-- +-- For example, "30 kibibytes" is the minimum limit for a useful relay. +bandwidthRate :: BwLimit -> Property NoInfo +bandwidthRate s = case readSize dataUnits s of + Just sz -> configured [("BandwidthRate", show sz ++ " bytes")] + Nothing -> property ("unable to parse " ++ s) noChange + hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo hiddenServiceAvailable hn port = hiddenServiceHostName prop where - prop = mainConfig `File.containsLines` - [ unwords ["HiddenServiceDir", varLib hn] - , unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port] + prop = configured + [ ("HiddenServiceDir", varLib hn) + , ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port]) ] `describe` "hidden service available" - `onChange` Service.reloaded "tor" hiddenServiceHostName p = adjustPropertySatisfy p $ \satisfy -> do r <- satisfy h <- liftIO $ readFile (varLib hn "hostname") @@ -96,12 +105,11 @@ hiddenServiceAvailable hn port = hiddenServiceHostName prop return r hiddenService :: HiddenServiceName -> Int -> Property NoInfo -hiddenService hn port = mainConfig `File.containsLines` - [ unwords ["HiddenServiceDir", varLib hn] - , unwords ["HiddenServicePort", show port, "127.0.0.1:" ++ show port] +hiddenService hn port = configured + [ ("HiddenServiceDir", varLib hn) + , ("HiddenServicePort", unwords [show port, "127.0.0.1:" ++ show port]) ] `describe` unwords ["hidden service available:", hn, show port] - `onChange` restarted hiddenServiceData :: IsContext c => HiddenServiceName -> c -> Property HasInfo hiddenServiceData hn context = combineProperties desc -- cgit v1.3-2-g0d8e From f0a4e642c490c4a91e62788e0c46f192b402e7f0 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 27 Feb 2015 19:01:11 -0400 Subject: propellor spin --- src/Propellor/Property/Tor.hs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index bf03d631..27c9761f 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -9,6 +9,7 @@ import Utility.DataUnits import System.Posix.Files import Data.Char +import Data.List type HiddenServiceName = String @@ -73,7 +74,7 @@ configured settings = File.fileProperty "tor configured" go mainConfig `onChange` restarted where ks = map fst settings - go ls = map toconfig $ + go ls = sort $ map toconfig $ filter (\(k, _) -> k `notElem` ks) (map fromconfig ls) ++ settings toconfig (k, v) = k ++ " " ++ v -- cgit v1.3-2-g0d8e From d67d59a25a951f236ee9bde74fd29ed773b3dd86 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 27 Feb 2015 19:14:20 -0400 Subject: propellor spin --- config-joey.hs | 2 +- src/Propellor/Property/Tor.hs | 19 ++++++++++++++----- 2 files changed, 15 insertions(+), 6 deletions(-) (limited to 'src/Propellor/Property') diff --git a/config-joey.hs b/config-joey.hs index bd1a4965..f9f4eaa7 100644 --- a/config-joey.hs +++ b/config-joey.hs @@ -86,7 +86,7 @@ clam = standardSystem "clam.kitenet.net" Unstable "amd64" & Network.ipv6to4 & Tor.isRelay & Tor.named "kite1" - & Tor.bandwidthRate "128 kibibytes" + & Tor.bandwidthRate (Tor.PerMonth "400 GB") & Docker.configured & Docker.garbageCollected `period` Daily diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 27c9761f..3a0926be 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -80,15 +80,24 @@ configured settings = File.fileProperty "tor configured" go mainConfig toconfig (k, v) = k ++ " " ++ v fromconfig = separate (== ' ') -type BwLimit = String +data BwLimit + = PerSecond String + | PerDay String + | PerMonth String -- | Limit incoming and outgoing traffic to the specified --- amount, per second. +-- amount each. -- --- For example, "30 kibibytes" is the minimum limit for a useful relay. +-- For example, PerSecond "30 kibibytes" is the minimum limit +-- for a useful relay. bandwidthRate :: BwLimit -> Property NoInfo -bandwidthRate s = case readSize dataUnits s of - Just sz -> configured [("BandwidthRate", show sz ++ " bytes")] +bandwidthRate (PerSecond s) = bandwidthRate' s 1 +bandwidthRate (PerDay s) = bandwidthRate' s (24*60*60) +bandwidthRate (PerMonth s) = bandwidthRate' s (31*24*60*60) + +bandwidthRate' :: String -> Integer -> Property NoInfo +bandwidthRate' s divby = case readSize dataUnits s of + Just sz -> configured [("BandwidthRate", show (sz `div` divby) ++ " bytes")] Nothing -> property ("unable to parse " ++ s) noChange hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo -- cgit v1.3-2-g0d8e From 1a62575d3dc8ce703705de08ccd27b4b034a3388 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 27 Feb 2015 19:17:42 -0400 Subject: propellor spin --- src/Propellor/Property/Tor.hs | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src/Propellor/Property') diff --git a/src/Propellor/Property/Tor.hs b/src/Propellor/Property/Tor.hs index 3a0926be..7a490824 100644 --- a/src/Propellor/Property/Tor.hs +++ b/src/Propellor/Property/Tor.hs @@ -97,7 +97,9 @@ bandwidthRate (PerMonth s) = bandwidthRate' s (31*24*60*60) bandwidthRate' :: String -> Integer -> Property NoInfo bandwidthRate' s divby = case readSize dataUnits s of - Just sz -> configured [("BandwidthRate", show (sz `div` divby) ++ " bytes")] + Just sz -> let v = show (sz `div` divby) ++ " bytes" + in configured [("BandwidthRate", v)] + `describe` ("tor BandwidthRate " ++ v) Nothing -> property ("unable to parse " ++ s) noChange hiddenServiceAvailable :: HiddenServiceName -> Int -> Property NoInfo -- cgit v1.3-2-g0d8e