propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 6d48ea2685568c45c5b9ca37fd8914db980d0d1e
parent a13adc6fbd48fc9eb814fefe30af34526d00e680
Author: rsiddharth <s@ricketyspace.net>
Date:   Thu, 25 Jan 2018 22:37:17 +0000

propellor spin

Diffstat:
config.hs | 16++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/config.hs b/config.hs @@ -42,6 +42,7 @@ import Propellor import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.Cmd as Cmd import qualified Propellor.Property.Debootstrap as Debootstrap import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Cron as Cron @@ -649,9 +650,11 @@ lyra = host "lyra.ricketyspace.net" $props & Ssh.passwordAuthentication False -- system & Fail2Ban.installed + --- nginx & Nginx.installed & Nginx.siteEnabled "ricketyspace.net" ricketyspaceNetNginx & Nginx.siteEnabled "git.ricketyspace.net" gitRicketyspaceNetNginx + & lyraInstallDhparamPem -- root config & Ssh.authorizedKey (User "root") sCanonicalSshPubKey -- w config @@ -683,7 +686,7 @@ ricketyspaceNetNginx = [ , " listen [::]:443 ssl spdy;" , " server_name ricketyspace.net;" , "" - , " root /home/s/rs_pub;" + , " root /home/w/pub;" , " error_page 404 /404.html;" , " error_page 403 /403.html;" , " default_type text/plain;" @@ -747,7 +750,7 @@ gitRicketyspaceNetNginx = [ , " error_log /var/log/nginx/cgit-error.log;" , "" , "" - , " root /home/s/public_cgit/;" + , " root /home/w/pub_cgit/;" , " #error_page 404 /404.html;" , " #error_page 403 /403.html;" , " default_type text/plain;" @@ -793,3 +796,12 @@ gitRicketyspaceNetNginx = [ , " ssl_dhparam /etc/ssl/certs/dhparam4096.pem;" , "}" ] + +lyraInstallDhparamPem :: Property Debian +lyraInstallDhparamPem = tightenTargets $ cmdProperty "openssl" [ + "dhparam", + "-outform" + ,"pem" + , "-out", "/etc/ssl/certs/dhparam4096.pem" + , "4096" + ] `assume` MadeChange