propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 5caa536e5112b49fa191f37bda5990b5411871f0
parent 8b0ef4bba2844bea02ea6a3bc23703d5d46699bb
Author: rsiddharth <s@ricketyspace.net>
Date:   Tue, 23 Jan 2018 04:45:21 +0000

propellor spin

Diffstat:
config.hs | 35++++++++++++++++++++++++++++++++++-
1 file changed, 34 insertions(+), 1 deletion(-)

diff --git a/config.hs b/config.hs @@ -60,7 +60,7 @@ main = defaultMain hosts -- The hosts propellor knows about. hosts :: [Host] -hosts = [ cygnus, crux, ara ] +hosts = [ cygnus, crux, ara, lyra ] -- configure cygnus. cygnus :: Host @@ -627,3 +627,36 @@ araWebRobotsTxt = [ araWebIndex :: [File.Line] araWebIndex = [""] + + +-- configure lyra +lyra :: Host +lyra = host "lyra.ricketyspace.net" $props + & osDebian (Stable "stretch") X86_64 + & ipv4 "45.55.155.185" + & File.hasContent "/etc/motd" (["At lyra."]) + -- apt + & Apt.stdSourcesList + & Apt.unattendedUpgrades + & Apt.safeUpgrade + & Apt.installed ["nginx-full" + , "git", "etckeeper" + , "htop", "sudo", "zsh", "screen" + , "emacs", "rsync", "git-annex" + ] + -- sshd + & Ssh.passwordAuthentication False + -- system + & Fail2Ban.installed + -- root config + & Ssh.authorizedKey (User "root") sCanonicalSshPubKey + -- w config + & User.accountFor (User "w") + & User.hasLoginShell (User "w") "/usr/bin/zsh" + & Ssh.authorizedKey (User "w") sCanonicalSshPubKey + -- s config + & User.accountFor(User "s") + & User.hasPassword (User "s") + & User.hasLoginShell (User "s") "/usr/bin/zsh" + & Sudo.enabledFor (User "s") + & Ssh.authorizedKey (User "s") sCanonicalSshPubKey