propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE
commit 7a532350f25659a809e8dd8a4b3a8cde5d590923
parent 20d6874ec23bc4923e95a58b102ebea9518df646
Author: rsiddharth <s@ricketyspace.net>
Date:   Mon, 23 Apr 2018 00:56:59 +0000

propellor spin

Diffstat:

config.hs | 37++++++++++++++++++++++++++-----------


1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/config.hs b/config.hs
@@ -695,6 +695,8 @@ lyra = host "lyra.ricketyspace.net" $props
        & File.dirExists "/etc/dkimkeys/ricketyspace.net"
        & File.ownerGroup "/etc/dkimkeys/ricketyspace.net" (User "opendkim") (Group "opendkim")
        & File.hasPrivContent "/etc/dkimkeys/ricketyspace.net/mail.private" (Context "ricketyspace.net")
+       -- postfix
+       & File.hasContent "/etc/postfix/header_checks" ricketyspaceHeaderChecks
        -- bind
        & Dns.primary publicHosts "ricketyspace.net"
        (Dns.mkSOA "lyra.ricketyspace.net" 20180129)
@@ -709,7 +711,7 @@ lyra = host "lyra.ricketyspace.net" $props
        ]
        -- root config
        & Ssh.authorizedKey (User "root") sCanonicalSshPubKey
-       & File.hasContent "/root/.tmux.conf" lyraTmuxConf
+       & File.hasContent "/root/.tmux.conf" tmuxConf
        -- w config
        & User.accountFor (User "w")
        & User.hasLoginShell (User "w") "/usr/bin/zsh"
@@ -725,15 +727,7 @@ lyra = host "lyra.ricketyspace.net" $props
        & Sudo.enabledFor (User "s")
        & Ssh.authorizedKey (User "s") sCanonicalSshPubKey
 
-lyraTmuxConf :: [File.Line]
-lyraTmuxConf = [
-  "set -g prefix C-a"
-  , "unbind C-b"
-  , "bind C-a send-prefix"
-  , "set -g status-style bg=white"
-  , "set -g status-right ''"
-  ]
-
+--- nginx
 ricketyspaceNetNginx :: [String]
 ricketyspaceNetNginx = [
   "# Adapted from https://gist.github.com/konklone/6532544"
@@ -863,6 +857,7 @@ ricketyspaceNetGitNginx = [
   , "}"
   ]
 
+--- certs
 ricketyspaceNetDhparamPem :: Property (HasInfo + UnixLike)
 ricketyspaceNetDhparamPem = File.hasPrivContent
   "/etc/ssl/certs/dhparam4096.pem" (Context "ricketyspace.net")
@@ -883,6 +878,7 @@ ricketyspaceNetGitCertKey :: Property (HasInfo + UnixLike)
 ricketyspaceNetGitCertKey = File.hasPrivContent
   "/etc/ssl/private/git.rs.net.d.le.key" (Context "git.ricketyspace.net")
 
+--- dkim
 ricketyspaceNetOpenDkimConf :: [File.Line]
 ricketyspaceNetOpenDkimConf = [
   "KeyTable    /etc/opendkim/KeyTable"
@@ -910,7 +906,26 @@ ricketyspaceNetOpenDkimTrustedHosts = [
   , "ricketyspace.net"
   ]
 
--- Docker CE
+--- postfix
+ricketyspaceHeaderChecks :: [File.Line]
+ricketyspaceHeaderChecks = [
+  "/^Received:.*with ESMTPSA/ IGNORE"
+  , "/^X-Originating-IP:/ IGNORE"
+  ]
+
+-- common
+
+--- tmux conf
+tmuxConf :: [File.Line]
+tmuxConf = [
+  "set -g prefix C-a"
+  , "unbind C-b"
+  , "bind C-a send-prefix"
+  , "set -g status-style bg=white"
+  , "set -g status-right ''"
+  ]
+
+--- Docker CE
 dockerCEInstalled :: Property DebianLike
 dockerCEInstalled = Apt.installed ["docker-ce"]
   `requires` Apt.setSourcesListD [