commit 5caa536e5112b49fa191f37bda5990b5411871f0
parent 8b0ef4bba2844bea02ea6a3bc23703d5d46699bb
Author: rsiddharth <s@ricketyspace.net>
Date: Tue, 23 Jan 2018 04:45:21 +0000
propellor spin
Diffstat:
config.hs | | | 35 | ++++++++++++++++++++++++++++++++++- |
1 file changed, 34 insertions(+), 1 deletion(-)
diff --git a/config.hs b/config.hs
@@ -60,7 +60,7 @@ main = defaultMain hosts
-- The hosts propellor knows about.
hosts :: [Host]
-hosts = [ cygnus, crux, ara ]
+hosts = [ cygnus, crux, ara, lyra ]
-- configure cygnus.
cygnus :: Host
@@ -627,3 +627,36 @@ araWebRobotsTxt = [
araWebIndex :: [File.Line]
araWebIndex = [""]
+
+
+-- configure lyra
+lyra :: Host
+lyra = host "lyra.ricketyspace.net" $props
+ & osDebian (Stable "stretch") X86_64
+ & ipv4 "45.55.155.185"
+ & File.hasContent "/etc/motd" (["At lyra."])
+ -- apt
+ & Apt.stdSourcesList
+ & Apt.unattendedUpgrades
+ & Apt.safeUpgrade
+ & Apt.installed ["nginx-full"
+ , "git", "etckeeper"
+ , "htop", "sudo", "zsh", "screen"
+ , "emacs", "rsync", "git-annex"
+ ]
+ -- sshd
+ & Ssh.passwordAuthentication False
+ -- system
+ & Fail2Ban.installed
+ -- root config
+ & Ssh.authorizedKey (User "root") sCanonicalSshPubKey
+ -- w config
+ & User.accountFor (User "w")
+ & User.hasLoginShell (User "w") "/usr/bin/zsh"
+ & Ssh.authorizedKey (User "w") sCanonicalSshPubKey
+ -- s config
+ & User.accountFor(User "s")
+ & User.hasPassword (User "s")
+ & User.hasLoginShell (User "s") "/usr/bin/zsh"
+ & Sudo.enabledFor (User "s")
+ & Ssh.authorizedKey (User "s") sCanonicalSshPubKey