propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit dfe67c0c0d970b566d5e6fcd8d97f9e3727613fc
parent 2aa5846496a1e05303bdd4bc01ebeec999916477
Author: rsiddharth <s@ricketyspace.net>
Date:   Sat, 31 Mar 2018 06:15:40 +0000

Merge remote-tracking branch 'upstream/master'

Diffstat:
contrib/post-merge-hook | 2+-
debian/changelog | 20++++++++++++++++++--
doc/README.mdwn | 2+-
joeyconfig.hs | 1+
propellor.cabal | 2+-
src/Propellor/Property/Apt.hs | 2+-
src/Propellor/Property/Firewall.hs | 4++--
src/Propellor/Property/Laptop.hs | 4++++
src/Propellor/Property/SiteSpecific/JoeySites.hs | 8+++++---
9 files changed, 34 insertions(+), 11 deletions(-)

diff --git a/contrib/post-merge-hook b/contrib/post-merge-hook @@ -16,7 +16,7 @@ set -e commit () { if [ -n "$(git status --short privdata/relocate config.hs)" ]; then - git commit privdata/relocate config.hs -m "$1" + git commit -m "$1" fi } diff --git a/debian/changelog b/debian/changelog @@ -1,3 +1,20 @@ +propellor (5.3.4-1) unstable; urgency=medium + + * New upstream release. + + -- Sean Whitton <spwhitton@spwhitton.name> Thu, 29 Mar 2018 10:25:50 -0700 + +propellor (5.3.4) unstable; urgency=medium + + * Apt.trustsKey: Use apt-key to add key rather than manually driving gpg, + which seems to not work anymore. + Thanks, Russell Sim. + * Firewall: Reorder iptables parameters that are order + dependant to make --to-dest and --to-source work. + Thanks, Russell Sim + + -- Joey Hess <id@joeyh.name> Wed, 21 Mar 2018 14:59:15 -0400 + propellor (5.3.3-1) unstable; urgency=medium * New upstream release. @@ -10,8 +27,7 @@ propellor (5.3.3) unstable; urgency=medium Debian git bundle using an older version of propellor that set up an upstream remote. * Avoid crashing if initial fetch from origin fails when spinning a host. - * Added Propllor.Property.Openssl module contributed by contributed by - Félix Sipma. + * Added Propllor.Property.Openssl module contributed by Félix Sipma. -- Joey Hess <id@joeyh.name> Mon, 26 Feb 2018 14:34:37 -0400 diff --git a/doc/README.mdwn b/doc/README.mdwn @@ -56,4 +56,4 @@ see [configuration for the Haskell newbie](https://propellor.branchable.com/hask 7. Write some neat new properties and send patches! (Want to get your feet wet with propellor before plunging in? -[[try this|forum/Simple_quickstart_without_git__44___SSH__44___GPG]]) +[try this|http://propellor.branchable.com/forum/Simple_quickstart_without_git__44___SSH__44___GPG]) diff --git a/joeyconfig.hs b/joeyconfig.hs @@ -90,6 +90,7 @@ darkstar = host "darkstar.kitenet.net" $ props & Hostname.sane & Apt.serviceInstalledRunning "swapspace" & Laptop.powertopAutoTuneOnBoot + & Laptop.trimSSD & Grub.cmdline_Linux_default "i915.enable_psr=1" ! Grub.cmdline_Linux_default "quiet" diff --git a/propellor.cabal b/propellor.cabal @@ -1,5 +1,5 @@ Name: propellor -Version: 5.3.3 +Version: 5.3.4 Cabal-Version: >= 1.20 License: BSD2 Maintainer: Joey Hess <id@joeyh.name> diff --git a/src/Propellor/Property/Apt.hs b/src/Propellor/Property/Apt.hs @@ -447,7 +447,7 @@ trustsKey k = trustsKey' k <!> untrustKey k trustsKey' :: AptKey -> Property DebianLike trustsKey' k = check (not <$> doesFileExist f) $ property desc $ makeChange $ do withHandle StdinHandle createProcessSuccess - (proc "gpg" ["--no-default-keyring", "--keyring", f, "--import", "-"]) $ \h -> do + (proc "apt-key" ["--keyring", f, "add", "-"]) $ \h -> do hPutStr h (pubkey k) hClose h nukeFile $ f ++ "~" -- gpg dropping diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs @@ -44,8 +44,8 @@ rule c tb tg rs = property ("firewall rule: " <> show r) addIpTable toIpTable :: Rule -> [CommandParam] toIpTable r = map Param $ val (ruleChain r) : - toIpTableArg (ruleRules r) ++ - ["-t", val (ruleTable r), "-j", val (ruleTarget r)] + ["-t", val (ruleTable r), "-j", val (ruleTarget r)] ++ + toIpTableArg (ruleRules r) toIpTableArg :: Rules -> [String] toIpTableArg Everything = [] diff --git a/src/Propellor/Property/Laptop.hs b/src/Propellor/Property/Laptop.hs @@ -26,3 +26,7 @@ powertopAutoTuneOnBoot = setup <!> undo `requires` check (doesFileExist servicefile) (Systemd.disabled "powertop") servicefile = "/etc/systemd/system/powertop.service" + +-- | Enables weekly TRIM for SSDs, using systemd's fstrim.timer, +trimSSD :: Property Linux +trimSSD = Systemd.enabled "fstrim.timer" diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs @@ -636,6 +636,7 @@ dkimMilter = Postfix.mainCfFile `File.containsLines` `onChange` Postfix.dedupMainCf `onChange` Postfix.reloaded `requires` dkimInstalled + `requires` Postfix.installed -- This does not configure postfix to use the dkim milter, -- nor does it set up domainkey DNS. @@ -990,7 +991,8 @@ homeRouter = propertyList "home router" $ props `onChange` Service.restarted "dnsmasq" & ipmasq "wlan0" & Apt.serviceInstalledRunning "netplug" - & Network.dhcp' "eth0" + & Network.static' "eth0" (IPv4 "192.168.1.100") + (Just (Network.Gateway (IPv4 "192.168.1.1"))) -- When satellite is down, fall back to dialup [ ("pre-up", "poff -a || true") , ("post-down", "pon") @@ -1049,8 +1051,8 @@ laptopSoftware = Apt.installed , "xmonad", "libghc-xmonad-dev", "libghc-xmonad-contrib-dev" , "ttf-bitstream-vera" , "mairix", "offlineimap", "mutt" - , "nmap", "whois", "wireshark", "tcpdump", "iftop" - , "udevil", "pmount", "tree", "pv" + , "mtr", "nmap", "whois", "wireshark", "tcpdump", "iftop" + , "pmount", "tree", "pv" , "arbtt", "hledger", "bc" , "apache2", "ikiwiki", "libhighlight-perl" , "pal"