propellor

propellor config for hosts.
git clone git://git.ricketyspace.net/propellor.git
Log | Files | Refs | LICENSE

commit e10c2e9832fba3ba5440bbb18ac9fa51ea18e149
parent 4e46bd9bf0b5fd69b73737eedb7f9391761c6bb9
Author: rsiddharth <s@ricketyspace.net>
Date:   Mon, 29 Jan 2018 06:11:29 +0000

propellor spin

Diffstat:
config.hs | 15+++++++++++++++
1 file changed, 15 insertions(+), 0 deletions(-)

diff --git a/config.hs b/config.hs @@ -45,6 +45,7 @@ import qualified Propellor.Property.Apt as Apt import qualified Propellor.Property.Debootstrap as Debootstrap import qualified Propellor.Property.Chroot as Chroot import qualified Propellor.Property.Cron as Cron +import qualified Propellor.Property.Dns as Dns import qualified Propellor.Property.Fail2Ban as Fail2Ban import qualified Propellor.Property.File as File import qualified Propellor.Property.Locale as Locale @@ -562,6 +563,8 @@ cygnusNetworkManager = [ crux :: Host crux = host "crux.ricketyspace.net" $props & osDebian (Stable "stretch") X86_64 + & ipv4 "45.55.79.15" + & ipv6 "2604:a880:800:10::a12:5001" & File.hasContent "/etc/motd" (["At crux."]) -- apt & Apt.stdSourcesList @@ -649,6 +652,7 @@ lyra = host "lyra.ricketyspace.net" $props & osDebian (Stable "stretch") X86_64 & Locale.available "en_US.UTF-8" & ipv4 "45.55.155.185" + & ipv6 "2604:a880:800:10::2f6:b001" & File.hasContent "/etc/motd" (["At lyra."]) -- apt & Apt.stdSourcesList @@ -673,6 +677,17 @@ lyra = host "lyra.ricketyspace.net" $props & ricketyspaceNetCertKey & ricketyspaceNetGitCert & ricketyspaceNetGitCertKey + -- bind + & Dns.primary hosts "ricketyspace.net" + (Dns.mkSOA "lyra.ricketyspace.net" 20180129) + [ + (RootDomain, NS $ RelDomain "lyra") + , (RootDomain, NS $ AbsDomain "ns6.gandi.net") + , (RootDomain, MX 0 $ AbsDomain "ricketyspace.net") + , (RootDomain, TXT "v=spf1 mx -all") + --, (RootDomain, SPF "v=spf1 mx -all") + , (RelDomain "mail._domainkey", TXT "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ClUrJTSt/UISOTEoZy36SfCjuyuajJVGEzYrhuysn2CA3MNt6y3dsHrjalA04Bix02KySMVEHcbScsd54MHhvk364pOkapuAEFIAmvY9SiZGRWsKMK5tgq/aSgH6xFg6M1CupV4QHWFgk193juiEdnB8uwXKTxOdKP/P/xbU3h98MFvXmNzT8sEr5VMZHiTdzqcxCLLfhx27iwjFJh4td6y+0n5YO/M2zf3n9ikXIof/dw4lA5Xo2icI3G88LMl9Tk4vcY0UVXXXulKmrnrn96Nyow0zU31kB/NUb1HbOxaVLz7KJThS+U9NV/66vZ5blwg7aExJXkPfVEtLTca+wIDAQAB") + ] -- root config & Ssh.authorizedKey (User "root") sCanonicalSshPubKey -- w config