propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit ce9018383786b656d22d79831e347c2313394460
parent 5ccd28d2c2fac1889f8bce4807d14fc17bc0ac1f
Author: rsiddharth <s@ricketyspace.net>
Date:   Mon, 20 May 2019 18:18:21 -0400

config.hs: Remove cygnus configuraton.

Diffstat:
config.hs | 479+------------------------------------------------------------------------------
1 file changed, 1 insertion(+), 478 deletions(-)

diff --git a/config.hs b/config.hs @@ -42,8 +42,6 @@ import Propellor import qualified Propellor.Property.Apt as Apt -import qualified Propellor.Property.Debootstrap as Debootstrap -import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Cron as Cron import qualified Propellor.Property.Dns as Dns import qualified Propellor.Property.Fail2Ban as Fail2Ban @@ -55,7 +53,6 @@ import qualified Propellor.Property.Postfix as Postfix import qualified Propellor.Property.Service as Service import qualified Propellor.Property.Ssh as Ssh import qualified Propellor.Property.Sudo as Sudo -import qualified Propellor.Property.Systemd as Systemd import qualified Propellor.Property.User as User @@ -68,101 +65,12 @@ hosts :: [Host] hosts = privateHosts ++ publicHosts privateHosts :: [Host] -privateHosts = [ cygnus, crux ] +privateHosts = [ crux ] publicHosts :: [Host] publicHosts = [ ara, lyra ] ++ m31 --- configure cygnus. -cygnus :: Host -cygnus = host "cygnus.ricketyspace.net" $ props - & osDebian Unstable X86_64 - & Locale.available "en_US.UTF-8" - & File.hasContent "/etc/motd" (["At cygnus."]) - -- apt config. - & Apt.stdSourcesList - & Apt.unattendedUpgrades - & Apt.safeUpgrade - & Apt.installed ["tor", "torsocks" - , "curl" - , "zsh", "rxvt-unicode", "tmux" - , "cvs", "git", "git-doc", "git-ftp", "git-email" - , "git-annex", "git-remote-gcrypt", "myrepos" - , "xinit", "x11-xserver-utils", "libxrandr-dev" - , "stumpwm" - , "xfonts-terminus", "fonts-noto", "unifont" - , "imagemagick", "inkscape", "gimp", "sane" - , "parcimonie", "pass", "pinentry-gtk2" - , "tomb", "wipe", "steghide" - , "python-virtualenv", "python-pip" - , "make", "make-doc", "gcc", "gcc-doc", "gcc-doc-base" - , "golang-go" - , "racket", "racket-doc" - , "glibc-doc", "glibc-doc-reference" - , "gdb", "valgrind", "exuberant-ctags" - , "mdk", "mdk-doc" - , "udisks2", "etckeeper", "acpi-support" - , "ntp", "ntp-doc", "mosh", "dnsutils", "nscd" - , "nginx-full", "network-manager", "mailutils" - , "postgresql-doc", "postgresql-client" - , "alsa-utils", "pulseaudio" - , "mpd", "mpc", "ncmpcpp", "mplayer" - , "mupdf" - , "htop" - , "chromium", "w3m", "lynx", "torbrowser-launcher" - , "redshift" - , "unzip", "zip" - , "silversearcher-ag" - , "weather-util", "weather-util-data" - , "sudo", "debian-goodies", "debootstrap" - , "aptitude" - , "systemd-container", "docker-compose" - , "anarchism" - ] - -- docker-ce - & dockerCEInstalled - -- s config. - & User.accountFor (User "s") - & User.hasLoginShell (User "s") "/usr/bin/zsh" - & User.hasSomePassword (User "s") - & Ssh.userKeyAt (Just sCanonicalSshKeyPath) - (User "s") hostContext (SshRsa, sCanonicalSshPubKey) - & User.hasGroup (User "s") (Group "docker") - --- crons. - & rsyncToMollisol - & rsyncFromCruxToMollisol - & annexToArdisol - & annexSyncFromHome - & getCruxEtc - & autoCommitCygnusRepos - & removeEmptyHomeDirs - & buildEmacs - & installEmacs - & cygnusPgDump - -- chroots. - & Chroot.provisioned cygnusEmacsBuilder - -- containers. - & Systemd.nspawned cygnusPostgresContainer - -- root config. - & User.hasSomePassword (User "root") - & Ssh.authorizedKey (User "root") sCanonicalSshPubKey - & Cron.job "etc-push" (Cron.Times "15 03 * * *") (User "root") - "/etc" "git push" - -- etc config. - & File.containsLines "/etc/hosts" cygnusHosts - & File.hasContent "/etc/mpd.conf" cygnusMpd - & File.hasContent "/etc/sudoers.d/s" cygnusSudoers - & File.containsLines "/etc/NetworkManager/NetworkManager.conf" - cygnusNetworkManager - --- nginx. - & Nginx.siteEnabled "cygnus" cygnusNginx - -- propellor. - & Cron.runPropellor (Cron.Times "30 22 * * *") - -- keys. -sCanonicalSshKeyPath :: [Char] -sCanonicalSshKeyPath = "/home/s/.ssh/id_the_rsa" - sCanonicalSshPubKey :: [Char] sCanonicalSshPubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDd7kT6tpH4zZ/hFlRmSVH1oJZZJJUvoMd89AiskXAq5rBrvZC90WVOF12OTQVQqslUVV2ze7BCC13UEfK5F2xP+7F6FDqSFApV4lBsJWLNbtDlZY23lTYqi/L6muq3x5tbqJLQjUK5ItORe0Ecqqz1ymSy+Zk+kHmHfnqyoWAQ7Z5GJkRu1B4J9uT3LJDIgLE8m4nJEOoCJ5vnycJfs0LCwHNZ67H38FV3Uw/sGibCNyCSJHQcG+nkKGYzABDcbXmWXedUq0MlRY2TjU22cOzjaAH0mf6M7m6KQCQeXjdxyyLaI3lNOzhBOU7j8/H9GqdRDH8pZ5e4xp+AG3tcrWi2E+47Qp4J9qv0YPgfj7JZ4oJhvCKGkgldOQZ8mkvjDLvAMGte0zpk2SPDlfJeFgfDHMre3nxAAzIfmhaIX2j86LdUh717BmcXDYD//9SubRLdAZrOKh4Iapcotm0STOFUlDa6nvh27DuKIIvq7v/+ID6P4fSNb4h1ktC/3lrhI21ei8ZjBulonJ9XV+BPGlnIzmWL7g5j4dMm90AqZXRRKQMAX9UIizLoCh58KR5gESszQ/8MSrELclI1fUwiY4Wxlvf6ZsGsg3c22xumxlnc85eiAYQ1LEPWNghcyqE96yrIhXrph3unLRsEbZcGxgXw/dcUtjIL9tjDO9zSN6ZuOQ== rsd@grus" @@ -172,391 +80,6 @@ sAraSshPubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTn+zicq75blG6yWY0GIkba93 sLyraSshPubKey :: [Char] sLyraSshPubKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0UdjqvAo5lICg0BwGv6aQVSO+Ew6ZXFwbwpZiXhZ03+P/Wk98mJJUln+NaKC9lbjQnAShviBy5BIPbexQJ21vvP6mh13Z6xPPtHWRYUy+Y0GYvnc8yKfsnJ2bDaXobpAprfwWpwhW01ZC2xehaZxE+w8dwdAP4v53w5XlLU733f19vRqis4Y0/jyse2BMpsVGzWiLRLprjeLOgdcDB+yLP+EnM46Yj5z0xchbO2uCozloX1yhExDJ2Z4MITx397+/3GYaPEytcMVD/YmIScU4y4nqwa8O/sg5miamD6HUzAWKOHkHgf1HosDbz4JHcEwJqgSvqTeVJ5UWWuPK7YfJ s@cygnus.ricketyspace.net" --- start cygnus snafu. -sourceCygnusEnv :: [Char] -> [Char] -sourceCygnusEnv cmd = ". $HOME/.env; " ++ cmd - ---- backup paths. ----- entisol. -mollisolFilter :: [Char] -mollisolFilter = "/home/s/v/cygnus.ricketyspace.net/" - ++ "dp/rsync-backup/filter-mollisol" - -mollisolExcludeFilter :: [Char] -mollisolExcludeFilter = "/home/s/v/cygnus.ricketyspace.net/" - ++ "dp/rsync-backup/filter-mollisol-exclude" - -mollisolBackupPath :: [Char] -mollisolBackupPath = "/media/mollisol/box/cygnus/latest/" - -ardisolAnnexPath :: [Char] -ardisolAnnexPath = "/media/ardisol/annex" - -pgDumpsDir :: [Char] -pgDumpsDir = "/home/s/.pgdumps" - ----- crux. -cruxFilter :: [Char] -cruxFilter = "/home/s/v/cygnus.ricketyspace.net/dp/rsync-backup/filter-crux" - -cruxBackupPath :: [Char] -cruxBackupPath = "/media/mollisol/box/crux/latest/" - ----- scripts. -rsyncBuTo :: [Char] -> [Char] -> [Char] -> [Char] -> [Char] -rsyncBuTo src dest rbtFilter rbtExcludeFilter = concat [ - "./rsync-bu-to " - , src, " " - , dest, " " - , rbtFilter, " " - , rbtExcludeFilter - ] - -annexTo :: [Char] -> [Char] -> [Char] -annexTo annexPath annexGetPath = "./annex-to " - ++ annexPath ++ " " ++ annexGetPath - ----- s's crons on cygnus. -rsyncToMollisol :: Property DebianLike -rsyncToMollisol = Cron.job "rsync-to-mollisol" (Cron.Times "00 03 * * *") - (User "s") "/home/s/.bin" rsyncCmd - where - rsyncCmd = rsyncBuTo "/home/s" mollisolBackupPath - mollisolFilter mollisolExcludeFilter - -rsyncFromCruxToMollisol :: Property DebianLike -rsyncFromCruxToMollisol = Cron.job "rsync-from-crux-to-mollisol" - (Cron.Times "30 03 * * *") - (User "s") "/home/s/.bin" rsyncCmd - where - rsyncCmd = sourceCygnusEnv (rsyncBuTo "s@crux:~/" cruxBackupPath - cruxFilter "") - -annexToArdisol :: Property DebianLike -annexToArdisol = Cron.job "annex-to-ardisol" (Cron.Times "45 03 * * *") - (User "s") "/home/s/.bin" annexCmd - where - annexCmd = annexTo ardisolAnnexPath "." - -annexSyncFromHome :: Property DebianLike -annexSyncFromHome = Cron.job "annex-sync-from-home" - (Cron.Times "00 03 * * *") - (User "s") "/home/s/annex" annexCmd - where - annexCmd = "git annex sync" - -getCruxEtc :: Property DebianLike -getCruxEtc = Cron.job "get-crux-etc" (Cron.Times "20 22 * * *") - (User "s") "/home/s/v/cygnus.ricketyspace.net/crux-etc" gitCmd - where - gitCmd = sourceCygnusEnv "git pull origin" - -autoCommitCygnusRepos :: Property DebianLike -autoCommitCygnusRepos = Cron.job "auto-commit-repos" - (Cron.Times "20 00 * * *") - (User "s") "/home/s/.bin/" autoCommitCmd - where - autoCommitCmd = sourceCygnusEnv "./git-difme" - -removeEmptyHomeDirs :: Property DebianLike -removeEmptyHomeDirs = Cron.job "remove-empty-home-dirs" - (Cron.Times "*/10 * * * *") - (User "s") "/home/s/" cmd - where - cmd = "rm -rf Documents Public Desktop Downloads" ++ - " Music Pictures Templates Videos" - -buildEmacs :: Property DebianLike -buildEmacs = Cron.job "build-emacs" - (Cron.Times "00 12 * * 6") - (User "s") "/home/s/.bin/" cmd - where - cmd = "/home/s/.bin/emacs-build start-make" - -installEmacs :: Property DebianLike -installEmacs = Cron.job "install-emacs" - (Cron.Times "00 14 * * 6") - (User "root") "/home/s/v/git.sv.gnu.org/emacs" cmd - where - cmd = "make install" - -cygnusPgDump :: Property DebianLike -cygnusPgDump = Cron.job "cygnusPgDump" - (Cron.Times "30 02 * * *") - (User "s") "/home/s/.bin/" cmd - where - cmd = "./pgdump " ++ "s" ++ " " ++ pgDumpsDir - ----- containers / chroots - -cygnusPostgresContainer :: Systemd.Container -cygnusPostgresContainer = Systemd.debContainer "cygnus-postgres" $ props - & osDebian (Stable "stretch") X86_64 - & Locale.available "en_US.UTF-8" - & Apt.stdSourcesList `onChange` Apt.upgrade - & Apt.cacheCleaned - & Apt.installed ["postgresql", "postgresql-plpython3"] - -cygnusEmacsBuilder :: Chroot.Chroot -cygnusEmacsBuilder = Chroot.debootstrapped Debootstrap.BuilddD dir $ props - & osDebian Unstable X86_64 - & Locale.available "en_US.UTF-8" - & Apt.stdSourcesList `onChange` Apt.upgrade - & Apt.cacheCleaned - & Apt.installed ["locales", "libtiff5-dev", "libgtk-3-dev" - , "libxpm-dev", "libgif-dev", "libgnutls28-dev" - , "libmagickwand-dev", "libncurses-dev", "git" - , "mailutils", "texinfo", "libacl1-dev" - ] - & Apt.buildDep ["emacs"] - where - dir = "/var/lib/container/emacs-builder" - ----- etc -cygnusHosts :: [File.Line] -cygnusHosts = [ - "127.0.0.2 taoup.web" - , "127.0.0.3 gnu.web" - , "127.0.0.4 rsd.web" - , "127.0.0.5 sicp.web" - , "127.0.0.6 tmp.web" - , "127.0.0.8 lp.web" - , "127.0.0.9 vm.web" - , "127.0.0.10 home.web" - , "127.0.0.11 rs.web" - , "127.0.0.12 lpsg.web" - , "127.0.0.13 cached.web" - ] - -cygnusMpd :: [File.Line] -cygnusMpd = [ - "music_directory \"/home/s/annex/music/\"" - , "playlist_directory \"/var/lib/mpd/playlists\"" - , "db_file \"/var/lib/mpd/tag_cache\"" - , "log_file \"/var/log/mpd/mpd.log\"" - , "state_file \"/var/lib/mpd/state\"" - , "sticker_file \"/var/lib/mpd/sticker.sql\"" - , "user \"mpd\"" - , "bind_to_address \"localhost\"" - , "port \"6600\"" - , "log_level \"verbose\"" - , "save_absolute_paths_in_playlists \"yes\"" - , "metadata_to_use \"artist,album,title,track,name,genre,date,composer," - ++ "performer,disc\"" - , "auto_update \"yes\"" - , "input {" - , " plugin \"curl\"" - , "}" - , "audio_output {" - , " type \"alsa\"" - , " name \"My ALSA Device\"" - , " mixer_type \"software\"" - , "}" - , "audio_output {" - , "type \"httpd\"" - , "name \"My HTTP Stream\"" - , "bind_to_address \"0.0.0.0\"" - , "quality \"10.0\"" - , "port \"8426\"" - , "format \"44100:16:1\"" - , "max_clients \"0\"" - , "}" - , "filesystem_charset \"UTF-8\"" - , "id3v1_encoding \"UTF-8\"" - ] - -cygnusNginx :: [String] -cygnusNginx = [ - "### vm server" - ,"server {" - ," ssi on;" - ," server_name vm.web;" - ," root /home/s/v/git/s/v-page;" - ," index index.php index.html;" - , "" - ," location / {" - ," autoindex on;" - ," include /etc/nginx/mime.types;" - ," rewrite ^/(land|macro|wp|wild|people|fashion).*$ " - ++ "/gallery/$1/ permanent;" - ," rewrite ^/as/photography-classes/?$ /as permanent;" - ," }" - , "" - ," location ~ \\.php$ {" - ," include snippets/fastcgi-php.conf;" - ," fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;" - ," }" - ,"}" - - ,"### rsd server" - ,"server {" - ," server_name rsd.web;" - ," root /home/s/v/ninthfloor.org/rsd-w3;" - ," index index.html;" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - - ,"### home server" - ,"server {" - ," server_name home.web;" - ," root /home/s/;" - ," index index.html;" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - - ,"### ricketyspace server" - ,"server {" - ," server_name rs.web;" - ," root /home/s/v/crux.ricketyspace.net/rs;" - ," index index.html;" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - - ,"### gnu server" - ,"server {" - ," ssi on;" - ," server_name gnu.web;" - ," root /home/s/v/cvs.sv.gnu.org/www-gnu/;" - ," index index.html, home.html;" - , "" - ," location /software/ {" - ," alias /home/s/v/cvs/gnu/software/;" - ," autoindex on;" - ," }" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - - ,"### lp server" - ,"server {" - ," ssi on;" - ," server_name lp.web;" - ," root /home/s/v/git/fsf/lp-static;" - ," index index.html;" - ,"" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - , "" - ,"### sicp server" - ,"server {" - ," ssi on;" - ," server_name sicp.web;" - ," root /home/s/annex/eat/sicp/mitpress.mit.edu/sicp;" - ," index index.html;" - ,"" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - , "" - ,"### taoup server" - ,"server {" - ," ssi on;" - ," server_name taoup.web;" - ," root /home/s/annex/eat/taoup/www.catb.org/~esr/writings/taoup/html;" - ," index index.html;" - ,"" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - , "" - ,"### combox server" - ,"server {" - ," ssi on;" - ," server_name combox.web;" - ," root /home/s/v/git/bgc/combox/docs/_build/html;" - ," index index.html;" - - ," location / {" - ," autoindex on;" - ," }" - ,"}" - , "" - ,"### lpschedule-generator server" - ,"server {" - ," ssi on;" - ," server_name lpsg.web;" - ," root /home/s/v/git/fsf/lpschedule-generator/docs/_build/html;" - ," index index.html;" - , "" - ," location / {" - - ," autoindex on;" - ," }" - ,"}" - , "" - ,"### tmp server" - ,"server {" - ," ssi on;" - ," server_name tmp.web;" - ," root /tmp;" - ," index index.html;" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - ,"### cached web server" - ,"server {" - ," ssi on;" - ," server_name cached.web;" - ," root /home/s/.cached-web;" - ," index index.html;" - , "" - ," location / {" - ," autoindex on;" - ," }" - ,"}" - ] - -cygnusSudoers :: [File.Line] -cygnusSudoers = [ - "# Host alias specification" - , "" - ,"# User alias specification" - ,"User_Alias CRYPTERS = s" - ,"User_Alias SANDBOXERS = s" - ,"User_Alias SUPER_COWS = s" - , "" - ,"# Cmnd alias specification" - ,"Cmnd_Alias CRYPT = /sbin/losetup, /sbin/cryptsetup, \\" - ," /sbin/mkfs.ext4, /bin/mount, /bin/umount, \\" - ," /usr/bin/tomb" - ,"Cmnd_Alias SANDBOX = /usr/sbin/debootstrap, /usr/bin/systemd-nspawn, \\" - ," /bin/machinectl, /usr/bin/docker" - , "" - ,"# User privilege specification" - ,"root ALL=(ALL:ALL) ALL" - , "" - ,"# Allow super cows to execute any command" - ,"SUPER_COWS ALL=(ALL:ALL) ALL" - - , "" - ,"CRYPTERS ALL = NOPASSWD: CRYPT " - ,"SANDBOXERS ALL = NOPASSWD: SANDBOX" - ] - -cygnusNetworkManager :: [File.Line] -cygnusNetworkManager = [ - "[device]" - , "wifi.scan-rand-mac-address=no" - ] --- end cygnus snafu. - -- configure crux crux :: Host crux = host "crux.ricketyspace.net" $props