propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit 7a532350f25659a809e8dd8a4b3a8cde5d590923
parent 20d6874ec23bc4923e95a58b102ebea9518df646
Author: rsiddharth <s@ricketyspace.net>
Date:   Mon, 23 Apr 2018 00:56:59 +0000

propellor spin

Diffstat:
config.hs | 37++++++++++++++++++++++++++-----------
1 file changed, 26 insertions(+), 11 deletions(-)

diff --git a/config.hs b/config.hs @@ -695,6 +695,8 @@ lyra = host "lyra.ricketyspace.net" $props & File.dirExists "/etc/dkimkeys/ricketyspace.net" & File.ownerGroup "/etc/dkimkeys/ricketyspace.net" (User "opendkim") (Group "opendkim") & File.hasPrivContent "/etc/dkimkeys/ricketyspace.net/mail.private" (Context "ricketyspace.net") + -- postfix + & File.hasContent "/etc/postfix/header_checks" ricketyspaceHeaderChecks -- bind & Dns.primary publicHosts "ricketyspace.net" (Dns.mkSOA "lyra.ricketyspace.net" 20180129) @@ -709,7 +711,7 @@ lyra = host "lyra.ricketyspace.net" $props ] -- root config & Ssh.authorizedKey (User "root") sCanonicalSshPubKey - & File.hasContent "/root/.tmux.conf" lyraTmuxConf + & File.hasContent "/root/.tmux.conf" tmuxConf -- w config & User.accountFor (User "w") & User.hasLoginShell (User "w") "/usr/bin/zsh" @@ -725,15 +727,7 @@ lyra = host "lyra.ricketyspace.net" $props & Sudo.enabledFor (User "s") & Ssh.authorizedKey (User "s") sCanonicalSshPubKey -lyraTmuxConf :: [File.Line] -lyraTmuxConf = [ - "set -g prefix C-a" - , "unbind C-b" - , "bind C-a send-prefix" - , "set -g status-style bg=white" - , "set -g status-right ''" - ] - +--- nginx ricketyspaceNetNginx :: [String] ricketyspaceNetNginx = [ "# Adapted from https://gist.github.com/konklone/6532544" @@ -863,6 +857,7 @@ ricketyspaceNetGitNginx = [ , "}" ] +--- certs ricketyspaceNetDhparamPem :: Property (HasInfo + UnixLike) ricketyspaceNetDhparamPem = File.hasPrivContent "/etc/ssl/certs/dhparam4096.pem" (Context "ricketyspace.net") @@ -883,6 +878,7 @@ ricketyspaceNetGitCertKey :: Property (HasInfo + UnixLike) ricketyspaceNetGitCertKey = File.hasPrivContent "/etc/ssl/private/git.rs.net.d.le.key" (Context "git.ricketyspace.net") +--- dkim ricketyspaceNetOpenDkimConf :: [File.Line] ricketyspaceNetOpenDkimConf = [ "KeyTable /etc/opendkim/KeyTable" @@ -910,7 +906,26 @@ ricketyspaceNetOpenDkimTrustedHosts = [ , "ricketyspace.net" ] --- Docker CE +--- postfix +ricketyspaceHeaderChecks :: [File.Line] +ricketyspaceHeaderChecks = [ + "/^Received:.*with ESMTPSA/ IGNORE" + , "/^X-Originating-IP:/ IGNORE" + ] + +-- common + +--- tmux conf +tmuxConf :: [File.Line] +tmuxConf = [ + "set -g prefix C-a" + , "unbind C-b" + , "bind C-a send-prefix" + , "set -g status-style bg=white" + , "set -g status-right ''" + ] + +--- Docker CE dockerCEInstalled :: Property DebianLike dockerCEInstalled = Apt.installed ["docker-ce"] `requires` Apt.setSourcesListD [