commit 7a532350f25659a809e8dd8a4b3a8cde5d590923
parent 20d6874ec23bc4923e95a58b102ebea9518df646
Author: rsiddharth <s@ricketyspace.net>
Date: Mon, 23 Apr 2018 00:56:59 +0000
propellor spin
Diffstat:
config.hs | | | 37 | ++++++++++++++++++++++++++----------- |
1 file changed, 26 insertions(+), 11 deletions(-)
diff --git a/config.hs b/config.hs
@@ -695,6 +695,8 @@ lyra = host "lyra.ricketyspace.net" $props
& File.dirExists "/etc/dkimkeys/ricketyspace.net"
& File.ownerGroup "/etc/dkimkeys/ricketyspace.net" (User "opendkim") (Group "opendkim")
& File.hasPrivContent "/etc/dkimkeys/ricketyspace.net/mail.private" (Context "ricketyspace.net")
+ -- postfix
+ & File.hasContent "/etc/postfix/header_checks" ricketyspaceHeaderChecks
-- bind
& Dns.primary publicHosts "ricketyspace.net"
(Dns.mkSOA "lyra.ricketyspace.net" 20180129)
@@ -709,7 +711,7 @@ lyra = host "lyra.ricketyspace.net" $props
]
-- root config
& Ssh.authorizedKey (User "root") sCanonicalSshPubKey
- & File.hasContent "/root/.tmux.conf" lyraTmuxConf
+ & File.hasContent "/root/.tmux.conf" tmuxConf
-- w config
& User.accountFor (User "w")
& User.hasLoginShell (User "w") "/usr/bin/zsh"
@@ -725,15 +727,7 @@ lyra = host "lyra.ricketyspace.net" $props
& Sudo.enabledFor (User "s")
& Ssh.authorizedKey (User "s") sCanonicalSshPubKey
-lyraTmuxConf :: [File.Line]
-lyraTmuxConf = [
- "set -g prefix C-a"
- , "unbind C-b"
- , "bind C-a send-prefix"
- , "set -g status-style bg=white"
- , "set -g status-right ''"
- ]
-
+--- nginx
ricketyspaceNetNginx :: [String]
ricketyspaceNetNginx = [
"# Adapted from https://gist.github.com/konklone/6532544"
@@ -863,6 +857,7 @@ ricketyspaceNetGitNginx = [
, "}"
]
+--- certs
ricketyspaceNetDhparamPem :: Property (HasInfo + UnixLike)
ricketyspaceNetDhparamPem = File.hasPrivContent
"/etc/ssl/certs/dhparam4096.pem" (Context "ricketyspace.net")
@@ -883,6 +878,7 @@ ricketyspaceNetGitCertKey :: Property (HasInfo + UnixLike)
ricketyspaceNetGitCertKey = File.hasPrivContent
"/etc/ssl/private/git.rs.net.d.le.key" (Context "git.ricketyspace.net")
+--- dkim
ricketyspaceNetOpenDkimConf :: [File.Line]
ricketyspaceNetOpenDkimConf = [
"KeyTable /etc/opendkim/KeyTable"
@@ -910,7 +906,26 @@ ricketyspaceNetOpenDkimTrustedHosts = [
, "ricketyspace.net"
]
--- Docker CE
+--- postfix
+ricketyspaceHeaderChecks :: [File.Line]
+ricketyspaceHeaderChecks = [
+ "/^Received:.*with ESMTPSA/ IGNORE"
+ , "/^X-Originating-IP:/ IGNORE"
+ ]
+
+-- common
+
+--- tmux conf
+tmuxConf :: [File.Line]
+tmuxConf = [
+ "set -g prefix C-a"
+ , "unbind C-b"
+ , "bind C-a send-prefix"
+ , "set -g status-style bg=white"
+ , "set -g status-right ''"
+ ]
+
+--- Docker CE
dockerCEInstalled :: Property DebianLike
dockerCEInstalled = Apt.installed ["docker-ce"]
`requires` Apt.setSourcesListD [