propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 78b0f0282b2decef3b1ff33a961fc34e6dfb2c84
parent bc8a1b198f8ebec08b2f1486acfbe432c734a485
Author: rsiddharth <s@ricketyspace.net>
Date:   Fri,  5 Jul 2019 20:24:13 -0400

propellor spin

Diffstat:
config.hs | 65+----------------------------------------------------------------
1 file changed, 1 insertion(+), 64 deletions(-)

diff --git a/config.hs b/config.hs @@ -1,7 +1,7 @@ -- This is the main configuration file for Propellor, and is used to build -- the propellor program. https://propellor.branchable.com/ --- Copyright © 2017, 2018 rsiddharth <s@ricketyspace.net> +-- Copyright © 2019 rsiddharth <s@ricketyspace.net> -- License: BSD2 -- -- _________ @@ -238,7 +238,6 @@ lyra = host "lyra.ricketyspace.net" $props & Nginx.installed & Nginx.siteEnabled "ricketyspace.net" ricketyspaceNetNginx & Nginx.siteEnabled "git.ricketyspace.net" ricketyspaceNetGitNginx - & Nginx.siteEnabled "fsfi.ricketyspace.net" ricketyspaceNetFSFINginx & ricketyspaceNetDhparamPem & ricketyspaceNetCert `onChange` Nginx.restarted & ricketyspaceNetCertKey @@ -246,8 +245,6 @@ lyra = host "lyra.ricketyspace.net" $props & ricketyspaceNetGitCertKey & ricketyspaceNetLyraCert & ricketyspaceNetLyraCertKey - & ricketyspaceNetFSFICert - & ricketyspaceNetFSFICertKey -- cgit & rsCgitRC -- git-daemon @@ -464,57 +461,6 @@ ricketyspaceNetGitNginx = [ ] -ricketyspaceNetFSFINginx :: [String] -ricketyspaceNetFSFINginx = [ - "# Adapted from https://gist.github.com/konklone/6532544" - , "" - , "server {" - , " listen 80;" - , " listen [::]:80;" - , " server_name fsfi.ricketyspace.net;" - , " return 301 https://$host$request_uri;" - , "}" - , "" - , "server {" - , " listen 443 ssl http2;" - , " listen [::]:443 ssl http2;" - , " server_name fsfi.ricketyspace.net;" - , "" - , " access_log /var/log/nginx/fsfi-access.log;" - , " error_log /var/log/nginx/fsfi-error.log;" - , "" - , " root /home/w/fsfi;" - , " default_type text/plain;" - , " ssi on;" - , "" - , " # Path to certificate and private key." - , " # The .crt may omit the root CA cert, if it's a standard CA that ships with clients." - , " ssl_certificate /etc/ssl/certs/fsfi.rs.net.chained.le.pem;" - , " ssl_certificate_key /etc/ssl/private/fsfi.rs.net.d.le.key;" - , "" - , " add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';" - , "" - , " ssl_prefer_server_ciphers on;" - , " ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !MD5 !EXP !DSS !PSK !SRP !kECDH !CAMELLIA !RC4 !SEED';" - , "" - , " ssl_protocols TLSv1.2 TLSv1.1 TLSv1;" - , "" - , " # as recommended by http://nginx.org/en/docs/http/configuring_https_servers.html" - , " ssl_session_cache shared:SSL:10m;" - , " ssl_session_timeout 10m;" - , " keepalive_timeout 70;" - , "" - , " # nginx 1.5.9+ ONLY" - , " ssl_buffer_size 1400;" - , "" - , " #" - , " # Generated by OpenSSL with the following command:" - , " # openssl dhparam -outform pem -out dhparam2048.pem 2048" - , " ssl_dhparam /etc/ssl/certs/dhparam4096.pem;" - , "}" - ] - - --- certs ricketyspaceNetDhparamPem :: Property (HasInfo + UnixLike) ricketyspaceNetDhparamPem = File.hasPrivContent @@ -548,15 +494,6 @@ ricketyspaceNetLyraCertKey :: Property (HasInfo + UnixLike) ricketyspaceNetLyraCertKey = File.hasPrivContent "/etc/ssl/private/lyra.rs.net.d.le.key" (Context "lyra.ricketyspace.net") -ricketyspaceNetFSFICert :: Property (HasInfo + UnixLike) -ricketyspaceNetFSFICert = File.hasPrivContent - cert (Context "fsfi.ricketyspace.net") - `onChange` File.mode cert 0O0644 - where cert = "/etc/ssl/certs/fsfi.rs.net.chained.le.pem" - -ricketyspaceNetFSFICertKey :: Property (HasInfo + UnixLike) -ricketyspaceNetFSFICertKey = File.hasPrivContent - "/etc/ssl/private/fsfi.rs.net.d.le.key" (Context "fsfi.ricketyspace.net") --- dkim ricketyspaceNetOpenDkimConf :: [File.Line]