diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/property/apache.lisp | 9 | ||||
-rw-r--r-- | src/property/apt.lisp | 7 | ||||
-rw-r--r-- | src/property/disk.lisp | 8 | ||||
-rw-r--r-- | src/property/file.lisp | 31 |
4 files changed, 37 insertions, 18 deletions
diff --git a/src/property/apache.lisp b/src/property/apache.lisp index b299a20..56d0a16 100644 --- a/src/property/apache.lisp +++ b/src/property/apache.lisp @@ -1,6 +1,6 @@ ;;; Consfigurator -- Lisp declarative configuration management system -;;; Copyright (C) 2021 Sean Whitton <spwhitton@spwhitton.name> +;;; Copyright (C) 2021, 2024 Sean Whitton <spwhitton@spwhitton.name> ;;; This file is free software; you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by @@ -137,6 +137,13 @@ restart Apache." ,@initial "RewriteEngine On" "RewriteRule ^/.well-known/acme-challenge.* - [L]" + ,(format nil "<Directory ~A>" + (unix-namestring + (merge-pathnames + #P".well-known/acme-challenge/" + (ensure-directory-pathname htdocs)))) + "Require all granted" + "</Directory>" ,@additional-config ;; redirect everything else to https "RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L,NE]" diff --git a/src/property/apt.lisp b/src/property/apt.lisp index 11367d2..d3112e2 100644 --- a/src/property/apt.lisp +++ b/src/property/apt.lisp @@ -284,13 +284,14 @@ only upgrade Debian stable." (mapcar (lambda (m) (list* m #?"${suite}-updates" +sections+)) (get-mirrors)))) + (old-suite-p (memstr= suite '("stretch" "jessie" "buster"))) (backports (and (subtypep (type-of os) 'os:debian-stable) + (not old-suite-p) (mapcar (lambda (m) (list* m #?"${suite}-backports" +sections+)) (get-mirrors)))) - (security-suite (if (memstr= suite '("stretch" "jessie" "buster")) - #?"${suite}/updates" - #?"${suite}-security")) + (security-suite + (if old-suite-p #?"${suite}/updates" #?"${suite}-security")) (security (and (or (subtypep (type-of os) 'os:debian-stable) (subtypep (type-of os) 'os:debian-testing)) (list diff --git a/src/property/disk.lisp b/src/property/disk.lisp index e1b307c..a3d53aa 100644 --- a/src/property/disk.lisp +++ b/src/property/disk.lisp @@ -1,6 +1,6 @@ ;;; Consfigurator -- Lisp declarative configuration management system -;;; Copyright (C) 2021-2022 Sean Whitton <spwhitton@spwhitton.name> +;;; Copyright (C) 2021-2024 Sean Whitton <spwhitton@spwhitton.name> ;;; This file is free software; you can redistribute it and/or modify ;;; it under the terms of the GNU General Public License as published by @@ -364,7 +364,13 @@ The default value of 0 means the next free sector.") (defmethod create-volume ((volume partitioned-volume) (file pathname)) (with-slots (volume-contents) volume + ;; See <https://bugs.launchpad.net/ironic-python-agent/+bug/1737556>. + ;; We don't take sgdisk upstream's suggestion there to ignore the exit + ;; code of --zap-all because we do want to assert somehow that a + ;; successful zeroing-out of any old partition tables has occurred. + (mrun :may-fail "sgdisk" "--clear" file) (mrun :inform "sgdisk" "--zap-all" file) + (mrun :inform "sgdisk" ;; Turn off partition alignment when specific start sectors have ;; been specified, so that we can be sure they will be respected. diff --git a/src/property/file.lisp b/src/property/file.lisp index 8ab31d1..f5866c8 100644 --- a/src/property/file.lisp +++ b/src/property/file.lisp @@ -173,13 +173,15 @@ any of the regular expressions PATTERNS." (containing-directory-exists destination) (maybe-write-remote-file-data destination iden1 iden2))) -(defproplist host-data-uploaded :posix - (destination - ;; Require an absolute path because we don't know the remote home - ;; directory at hostattrs time, so can't resolve it ourselves. - &aux (destination (unix-namestring - (ensure-pathname destination :want-absolute t)))) - (data-uploaded (get-hostname) destination destination)) +(defpropspec host-data-uploaded :posix (&rest destinations) + (loop with hn = (get-hostname) + for destination in destinations + ;; Require absolute paths because we don't know the remote home + ;; directory at hostattrs time, so can't resolve it ourselves. + for destination* = (unix-namestring + (ensure-pathname destination :want-absolute t)) + collect `(data-uploaded ,hn ,destination* ,destination*) into propapps + finally (return (cons 'seqprops propapps)))) (defprop secret-uploaded :posix (iden1 iden2 destination) (:desc #?"${destination} installed") @@ -189,12 +191,15 @@ any of the regular expressions PATTERNS." (:apply (maybe-write-remote-file-data destination iden1 iden2 :mode #o600))) -(defproplist host-secret-uploaded :posix - (destination - ;; Require an absolute path like with HOST-DATA-UPLOADED. - &aux (destination (unix-namestring - (ensure-pathname destination :want-absolute t)))) - (secret-uploaded (get-hostname) destination destination)) +(defpropspec host-secret-uploaded :posix (&rest destinations) + (loop with hn = (get-hostname) + for destination in destinations + ;; Require absolute paths like with HOST-DATA-UPLOADED. + for destination* = (unix-namestring + (ensure-pathname destination :want-absolute t)) + collect `(secret-uploaded ,hn ,destination* ,destination*) + into propapps + finally (return (cons 'seqprops propapps)))) (defprop data-cache-purged :posix () "Ensure that any prerequisite data cached in the remote home directory is removed." |