recompile

author: elijah <elijah@riseup.net> 2016-04-09 10:34:46 -0700
committer: elijah <elijah@riseup.net> 2016-04-09 10:34:46 -0700
commit: 3d75bc820b671dacae72fb3cc7aad2e8da3b293a (patch)
tree: 923ad6d876eaa467e290bb2930091e11b5aee9f1
parent: 9f002e16620c037c123b464c2bbeea0842f8ed2c (diff)
9 files changed, 164 insertions, 53 deletions
diff --git a/hiera/alpaca.yaml b/hiera/alpaca.yaml
index 26bdda9..ffbeb23 100644
--- a/hiera/alpaca.yaml
+++ b/hiera/alpaca.yaml
@@ -3,6 +3,8 @@ api:
   ca_cert_uri: "https://mail.bitmask.net/ca.crt"
   domain: api.mail.bitmask.net
   port: 4430
+  uri: "https://api.mail.bitmask.net:4430/1"
+  version: 1
 clamav: 
   whitelisted_addresses: []
 contacts: 
@@ -185,6 +187,10 @@ haproxy:
         writable: true
 hosts: 
   alpaca: 
+    aliases: 
+      - api.mail.bitmask.net
+      - mail.bitmask.net
+      - nicknym.mail.bitmask.net
     domain_full: alpaca.mail.bitmask.net
     domain_internal: alpaca.mail.bitmask.i
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtpKckyjDgSw555znY6Ww2ZHzYZvNkf/dm6Xml4SVM4hFTUVIhgAuFXoUcMjwOcAzbnqPdZN/zGCzTGGBnPrw9YvwaP2oso1b/tysEGYvemvxJlLxo7wQKLbTj8u89LahGFZhoUBFxIX6u0f4gBFURGKHgotyjRJq5tM19CjgnO7L3lhjXl/04Zd5mmQPoHuGNi8wjxZVHLi+cbmG1qXFIXhqb1nDjq2dJh+NJGRZ4IrkkNYYB/V1RlQvHfJ6eof7pyVUWLwyOBe11DkyOooKl/pOkH4jVVCKP2Asbdu7nlqq6il88pQpL0CsikikWvMgWJ9TqafI2kBJ6QX484foH"
@@ -205,8 +211,10 @@ mx:
     private_key: /srv/leap/files/mx/dkim.key
     public_key: /srv/leap/files/mx/dkim.pub
     selector: babcfe98e4
-  key_lookup_domain: bitmask.net
+  key_lookup_domain: mail.bitmask.net
 mynetworks: 
+  - "1.209.122.111"
+  - "1.209.122.112"
   - "1.209.122.123"
   - "176.53.69.13"
   - "176.53.69.14"
@@ -215,9 +223,6 @@ mynetworks:
   - "198.252.153.83"
   - "198.252.153.85"
   - "199.119.112.150"
-  - "199.119.112.151"
-  - "199.119.112.152"
-  - "199.119.112.153"
   - "199.119.112.205"
   - "199.119.112.206"
   - "199.119.112.207"
@@ -336,6 +341,11 @@ stunnel:
 tags: 
   - dc
   - mail
+testing: 
+  api_hosts: 
+    - alpaca.mail.bitmask.net
+  api_uri: "https://api.mail.bitmask.net:4430/1"
+  monitor_auth_token: vv2LEtHFDmIcK4H2LsXTsI74Vt5IXKU2
 webapp: 
   admins: 
     - azul
@@ -349,6 +359,10 @@ webapp:
   allow_limited_certs: false
   allow_registration: true
   allow_unlimited_certs: true
+  api_tokens: 
+    allowed_ips: 
+      - "199.119.112.223"
+    monitor: vv2LEtHFDmIcK4H2LsXTsI74Vt5IXKU2
   api_version: 1
   client_certificates: 
     bit_size: 2048
diff --git a/hiera/cat.yaml b/hiera/cat.yaml
index 50d1ffd..a899be7 100644
--- a/hiera/cat.yaml
+++ b/hiera/cat.yaml
@@ -54,6 +54,16 @@ hosts:
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDlZP1jixPvDC+tI5cQpV8GpK5+OciNyCJyzdxZ0tiP6xjz76WWhynALuGQyJJilNPZLVnVnX7tLvw1aeRkvopQdF7J1f6AM+JbmX3jNqCXDjellcSPWtiKKJ2szaObfZ0yi+zkzSlG+umZ1xhMLgRHAPJaVqeNQVXygQhtuzAzd+Qpm1EAf8M8x6PJIu/Ui3S4nnB/eaZW7JtnTMhBiNzhMBsITp1ZRe4rhlH3ZrKgAztlBQix7jfRo8kXvZi65fWt0T44mjGgO5gdcZnTrGSJoJIdCN9IzESH+szc9jNJKpti0s4g3EU/pm8gfDLnI2V9J4/dOnH9/BlKfnUxbdWV"
     ip_address: "199.119.112.206"
     port: 22
+  donkey: 
+    aliases: 
+      - api.unstable.bitmask.net
+      - nicknym.unstable.bitmask.net
+      - unstable.bitmask.net
+    domain_full: donkey.unstable.bitmask.net
+    domain_internal: donkey.unstable.bitmask.i
+    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDeGJUfpwMo9Iw6cSY4Z5SRuJ9/DjxEUU37qF35MfhLnSzaQO8I/SATo93X5wL+wP4M9XxJoOhiB3PQh27QfAKiDr6ZT5xAqYCThG/vLx9v7bP9ROayZxaSisMxI0hVOXAzFt5CXX0W0Bh9XlM8rhmdobnAIhqm2vt1g6seYRCPGLX7O6qgddveFQ7TzL6eFco55nlhHXhM+s3rXTY5FCOCB5zETW80zpKencwdt2H8+CDhYru/rRKbv1BDvvM28+noOrMS1MLjKeCLvHKNFymNdOSqdmBwyiNE6afpuVXDq+Q+CG/0qvbyDEJX31CnGtHYkz3LBqOBh+OOi6YfqTl"
+    ip_address: "199.119.112.207"
+    port: 22
 ip_address: "199.119.112.206"
 location: 
   country_code: US
@@ -71,6 +81,8 @@ mx:
     selector: babcfe98e4
   key_lookup_domain: unstable.bitmask.net
 mynetworks: 
+  - "1.209.122.111"
+  - "1.209.122.112"
   - "1.209.122.123"
   - "176.53.69.13"
   - "176.53.69.14"
@@ -79,9 +91,6 @@ mynetworks:
   - "198.252.153.83"
   - "198.252.153.85"
   - "199.119.112.150"
-  - "199.119.112.151"
-  - "199.119.112.152"
-  - "199.119.112.153"
   - "199.119.112.205"
   - "199.119.112.206"
   - "199.119.112.207"
@@ -184,6 +193,11 @@ stunnel:
 tags: 
   - dc
   - unstable
+testing: 
+  api_hosts: 
+    - donkey.unstable.bitmask.net
+  api_uri: "https://api.unstable.bitmask.net:4430/1"
+  monitor_auth_token: pAfrMH9kd7FfdKq5m2k9FxYhghhpZ5Qr
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
diff --git a/hiera/donkey.yaml b/hiera/donkey.yaml
index ec19b63..a6d36eb 100644
--- a/hiera/donkey.yaml
+++ b/hiera/donkey.yaml
@@ -3,6 +3,8 @@ api:
   ca_cert_uri: "https://unstable.bitmask.net/ca.crt"
   domain: api.unstable.bitmask.net
   port: 4430
+  uri: "https://api.unstable.bitmask.net:4430/1"
+  version: 1
 contacts: 
   - sysdev@leap.se
 definition_files: 
@@ -190,6 +192,10 @@ hosts:
     ip_address: "199.119.112.205"
     port: 22
   alpaca: 
+    aliases: 
+      - api.mail.bitmask.net
+      - mail.bitmask.net
+      - nicknym.mail.bitmask.net
     domain_full: alpaca.mail.bitmask.net
     domain_internal: alpaca.mail.bitmask.i
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtpKckyjDgSw555znY6Ww2ZHzYZvNkf/dm6Xml4SVM4hFTUVIhgAuFXoUcMjwOcAzbnqPdZN/zGCzTGGBnPrw9YvwaP2oso1b/tysEGYvemvxJlLxo7wQKLbTj8u89LahGFZhoUBFxIX6u0f4gBFURGKHgotyjRJq5tM19CjgnO7L3lhjXl/04Zd5mmQPoHuGNi8wjxZVHLi+cbmG1qXFIXhqb1nDjq2dJh+NJGRZ4IrkkNYYB/V1RlQvHfJ6eof7pyVUWLwyOBe11DkyOooKl/pOkH4jVVCKP2Asbdu7nlqq6il88pQpL0CsikikWvMgWJ9TqafI2kBJ6QX484foH"
@@ -213,12 +219,6 @@ hosts:
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCd44smDJpmCINOnmZdyJO4x/kfziCi/UZiPMplCZN3RLEj8/eqhTo/imXNYXvx8AlwMIUsvVs4D79ukFPqICn7CF5xPuOuz+Og+Dk1rpD68Jomws13N194nOisDHlXwxmQCdFd2w+0FENd+tUmrx7AM1eQmg6D2WRw+Hmb17C7fdJwlCXz8bfTWnEWDvpwgVchpszy3WwX9Ul01j7IH3yKEM4c9GwWjJ8LgJfI1jR1jKnD6xZxuqbQ7aRoer2b6PIrIfsTB/JpuI9FtbjMuGCBusFf2+5lP/bsXeLGWU5smgGyjGNwa9ceUrhklNyXBQMz3wlBwXe4Q8u1LmM5Yi0Z"
     ip_address: "176.53.69.22"
     port: 4422
-  cowbird: 
-    domain_full: cowbird.cdev.bitmask.net
-    domain_internal: cowbird.cdev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCraaEPNaV43AZ2N0zlxwnGzaqsSU+sBtz3PlId1NZqYv27UYIXw1WKPPhLbdfcVQxM0pVSsTZ8hsfztGrRn9yW1JNzp59GjRxenOzCVen08YLlY9eKEI3UNB8nMh4HuVWxQGOiaqovCN3e0KcwImD7J35eOW14NCQ8zvzVHwIL/VhO+wpQ6ofJ0pFP78w/EZ/arbHIM4teWyRGJzcBe++kFqWoaj8Yxbdgo2ZW4iyqCwpaxLk7KHM2op/FSwrEs/cnlwyCq+xjP3QLjDT2TRgwEQycTGABhcqrJJ1SVo4sKE0DvjhVHsAy5OI296k7OE5pbGXn2ZUc2TsPUttdUajt"
-    ip_address: "199.119.112.152"
-    port: 22
   demodex: 
     domain_full: demodex.dev.bitmask.net
     domain_internal: demodex.dev.bitmask.i
@@ -232,6 +232,10 @@ hosts:
     ip_address: "199.119.112.150"
     port: 22
   donkey: 
+    aliases: 
+      - api.unstable.bitmask.net
+      - nicknym.unstable.bitmask.net
+      - unstable.bitmask.net
     domain_full: donkey.unstable.bitmask.net
     domain_internal: donkey.unstable.bitmask.i
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDeGJUfpwMo9Iw6cSY4Z5SRuJ9/DjxEUU37qF35MfhLnSzaQO8I/SATo93X5wL+wP4M9XxJoOhiB3PQh27QfAKiDr6ZT5xAqYCThG/vLx9v7bP9ROayZxaSisMxI0hVOXAzFt5CXX0W0Bh9XlM8rhmdobnAIhqm2vt1g6seYRCPGLX7O6qgddveFQ7TzL6eFco55nlhHXhM+s3rXTY5FCOCB5zETW80zpKencwdt2H8+CDhYru/rRKbv1BDvvM28+noOrMS1MLjKeCLvHKNFymNdOSqdmBwyiNE6afpuVXDq+Q+CG/0qvbyDEJX31CnGtHYkz3LBqOBh+OOi6YfqTl"
@@ -244,6 +248,10 @@ hosts:
     ip_address: "37.218.240.50"
     port: 22
   elephant: 
+    aliases: 
+      - api.dev.bitmask.net
+      - dev.bitmask.net
+      - nicknym.dev.bitmask.net
     domain_full: elephant.dev.bitmask.net
     domain_internal: elephant.dev.bitmask.i
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDbVBsw4Hnwoh1h+/J5NP6Uj6s1ViumP6zeeAtrr/ma/NrvR3x1bXmy/O396zbuFER6a8EyhGwY6WI+vKTjKWMGlOaNyNO7s9CB/keFBx4GGTcx55oHFb/WU0BzFUBoLjfEgelx/03+NIrZyW2XaPYDPdmNOfxMtetBziLugTXsXONIZBD4/QCt+LvbYdjWtziCH/EsdFuetDZ+WZrrUjCHyg2Lm8Xd48U/QrfPUb0oP8QZfoToN5l2Mxx7CnxX1s606zc/kkeaiF6+ATUPJ/6CTTdXZUN3Mg9dFMMyyZLB4TpSX7ldnwE2Wkvc/ngQjS/L8YBoMxsywPw7Q2+rFlV"
@@ -255,11 +263,11 @@ hosts:
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR/YWDsdYumj5mYunnLgQSuoNMKcItqQT/cmPkFCRp5WERouxdu/GW/0F78K+FyRTp3xwEzJ3BCF/5lbgDH9pRBLiezH+d2Lj2STz82EL0TtOTRtAhF+sK6X2/HFJ6PiIkmAlGGFiw09VR8aGdIhY9FaJATClUWEqjtdFd9BplLWasrmuEVN4kHe2dcO6SxHAfdsmhqd7YdpvfkhenBI1ZPAPYWk72fFFdV35gYBf1H1DewBcobuUCUbd+5EvTJnOfYum9noZBcQScvjuXX/pn4yHefNxh7qBlD92V1hJhK7CHiU4nw2Z4bM2oMLr6Jw81PhQf732DACPrNT+GcEEx"
     ip_address: "1.209.122.123"
     port: 22
-  goldeneye: 
-    domain_full: goldeneye.cdev.bitmask.net
-    domain_internal: goldeneye.cdev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0UeOcj5frFsFK6CxTojMr9M/Fg3/3yBmsMtEP/wGiEZ1uTmbuYSzYUicashNPrQ3NnXEmLfmQbumKT1BL2p+EtN942poQSKA3sQWNemTErJcPr3vNN5vXXcXNoTDd8WmUOOnWMw5CkMv9kkgEN2jYfQNR1olofUn7eB5e9Iu24d4IaTupLzT+e3Jh+nkH5Uqw/JMmMkoy6nvYt9OmSQ+fvZZnuMatGSgOSpLgjajIvR115ga8QYEiQ76ugO+K+afvrSe5k8/puH+Xh0B5x1OlwxaGfIfYpi9IITdzMVvr/kEop7FG4184FehdlWS5DcUPZT5dicZLVlntelU+hlLb"
-    ip_address: "199.119.112.153"
+  gecko: 
+    domain_full: gecko.cdev.bitmask.net
+    domain_internal: gecko.cdev.bitmask.i
+    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQeFFXLYpG4uHjeNrZXR0aKMGL+w7j51fS4UEC/GDvU3o7NrPV3zsn1M/O7k8LZ4rRRfPAL5RScTosAZIC4GTWpZfZPeg75+4uRv4jQuzuBV7e7dhnKHJkCXmNHbpn0BmieEw7KthX8wjV1Z9YJ951fVUJcvH/Z8gf9KREMpQa6JwtybyqJh0sPNROSEm/dG25W6KmHQAEyFyiHUR5vb/5Knt0cVLpVH6c8Wwb4O6OhtNoggMkoZLhXBwiDMwqc8f4qefX1P4WWXJSWKK8Ui51346j4hrMvB50V6VE5xPp8VkA45a+wrWlBRyXC+utkwPB08ZouL1F4Z2Ak7QQ+GD3"
+    ip_address: "1.209.122.112"
     port: 22
   hippo: 
     domain_full: hippo.bitmask.net
@@ -279,18 +287,22 @@ hosts:
     host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG02MrdDFaqZO11JbYSAAC5q/W/FCch3AQXo+dRcpErvHLmv9kWkrV1ESqfZ+s6qEfk8Aqv0vsym7YigMiGXlBo="
     ip_address: "198.252.153.83"
     port: 4422
+  mudskipper: 
+    aliases: 
+      - api.cdev.bitmask.net
+      - cdev.bitmask.net
+      - nicknym.cdev.bitmask.net
+    domain_full: mudskipper.cdev.bitmask.net
+    domain_internal: mudskipper.cdev.bitmask.i
+    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYzyrBvN1kkOgHkfc7cH3dgJC6nxnulO+6QsaX3kQuFHb6m4rKfEOPYZyzmZlrKXboAUuUDVH55Q8/Drao7QT1XtnIEC6R73tlcMmJuSTfl2IQMEaIA9voE59+Q8cWmMu5O9nzzMssZTjrMZtpfatiJ1aFntumAyjKQ0vFK4s1owBg07Yt0LDchAwBXYpELX/4pZYE2vpHrQsgH9zV/DPOZTFtXAr9SR94NXIPa6P06LEAjtYCqY2sEu2BB+OHysJNHuFJF74/l859YM5gkdd0cbn1LX0/6ch4dtqqDvydKZNlura7tb+GLV+oTz59BQ89mOPPoRfcUX6DXpl6ERz"
+    ip_address: "1.209.122.111"
+    port: 22
   otter: 
     domain_full: otter.demo.bitmask.net
     domain_internal: otter.demo.bitmask.i
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCab6r51XEW9LjZVDZs3q/aIpn+oKo468ovivZIQPMmYMs6NUJ2z7Oc9YROAM3lfxcHHShNBIpxg/pSKnQ743hHavV3y+mEPbo4W3hbByuR6GJRaKxHP42NMfNxJUHpaix8jCrMkNypFGMss9C403quy62yGfN7hWIH/pWFR9z+GvWaLpl0J1T+sadeqYGrjiWPwmo88ZAo/RRsXEORyPMz/X7+pa+DvYrg9FqOnNNK0EvHI5asxRQMojpbt6DRpOkkDPkFZp/gpGRQCAbnaKtalkfC/HhbHepGiqQwMRphcpTmnJvOfIGy+YnUoV3RwoRzb5HAT6FkJ9c4gsTs+6Rp"
     ip_address: "46.165.242.166"
     port: 4422
-  ovenbird: 
-    domain_full: ovenbird.cdev.bitmask.net
-    domain_internal: ovenbird.cdev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtsIDPQkrOkbKZIhQEckY2uQKDXXN8/rQElMCwEbNuf25rz8ec5hSaMTOidjj0aAUSe33owu7fc5xvjbm2UY8zgpp3KMUlxwB27RPuegXrheA7HfZooXGwmlrBPgzUxHEDd3bp0KyNOOzabELQAxLEeACJSnKEKrwRXg4I4yDJpxZIHC79629804ScfaAI6aamqDnl5nMrr3eozjaWfrXGd/qyOYg+q7iw9HTK9rFR0tVuy4TFc/4doCqgJ4Dqx9jY1uewjA0xMAKb+8VqvmgC9GUHXye2Q4AXGFfrzjxsGpN8KkjwhiOCG/x2nxbhXJuq92w5t9+AyJzWSP6H1UOz"
-    ip_address: "199.119.112.151"
-    port: 22
   snail: 
     domain_full: snail.dev.bitmask.net
     domain_internal: snail.dev.bitmask.i
@@ -304,6 +316,10 @@ hosts:
     ip_address: "199.119.112.208"
     port: 22
   wallaby: 
+    aliases: 
+      - api.demo.bitmask.net
+      - demo.bitmask.net
+      - nicknym.demo.bitmask.net
     domain_full: wallaby.demo.bitmask.net
     domain_internal: wallaby.demo.bitmask.i
     host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP/bJJ5OoSveoTEXAl26Gz0tqJkwzdA2fezMFeyoDDF6BCWntfzFZahoxHWg5alUfNMCJeYYOPYu/k05QzXThkQ="
@@ -403,15 +419,6 @@ nagios:
         - couchdb
         - soledad
       ssh_port: 4422
-    cowbird: 
-      domain_full_suffix: cdev.bitmask.net
-      domain_internal: cowbird.cdev.bitmask.i
-      domain_internal_suffix: cdev.bitmask.i
-      environment: clientdev
-      ip_address: "199.119.112.152"
-      services: 
-        - mx
-      ssh_port: 22
     demodex: 
       domain_full_suffix: dev.bitmask.net
       domain_internal: demodex.dev.bitmask.i
@@ -468,12 +475,12 @@ nagios:
       services: 
         - backup
       ssh_port: 22
-    goldeneye: 
+    gecko: 
       domain_full_suffix: cdev.bitmask.net
-      domain_internal: goldeneye.cdev.bitmask.i
+      domain_internal: gecko.cdev.bitmask.i
       domain_internal_suffix: cdev.bitmask.i
       environment: clientdev
-      ip_address: "199.119.112.153"
+      ip_address: "1.209.122.112"
       services: 
         - couchdb
         - soledad
@@ -507,6 +514,16 @@ nagios:
       services: 
         - openvpn
       ssh_port: 4422
+    mudskipper: 
+      domain_full_suffix: cdev.bitmask.net
+      domain_internal: mudskipper.cdev.bitmask.i
+      domain_internal_suffix: cdev.bitmask.i
+      environment: clientdev
+      ip_address: "1.209.122.111"
+      services: 
+        - mx
+        - webapp
+      ssh_port: 22
     otter: 
       domain_full_suffix: demo.bitmask.net
       domain_internal: otter.demo.bitmask.i
@@ -518,15 +535,6 @@ nagios:
         - openvpn
         - tor
       ssh_port: 4422
-    ovenbird: 
-      domain_full_suffix: cdev.bitmask.net
-      domain_internal: ovenbird.cdev.bitmask.i
-      domain_internal_suffix: cdev.bitmask.i
-      environment: clientdev
-      ip_address: "199.119.112.151"
-      services: 
-        - webapp
-      ssh_port: 22
     snail: 
       domain_full_suffix: dev.bitmask.net
       domain_internal: snail.dev.bitmask.i
@@ -681,6 +689,13 @@ webapp:
   allow_limited_certs: false
   allow_registration: true
   allow_unlimited_certs: true
+  api_tokens: 
+    allowed_ips: 
+      - "199.119.112.205"
+      - "199.119.112.206"
+      - "199.119.112.207"
+      - "199.119.112.208"
+    monitor: pAfrMH9kd7FfdKq5m2k9FxYhghhpZ5Qr
   api_version: 1
   billing: 
     braintree: 
diff --git a/hiera/elephant.yaml b/hiera/elephant.yaml
index 8ae02ce..cf401a7 100644
--- a/hiera/elephant.yaml
+++ b/hiera/elephant.yaml
@@ -3,6 +3,8 @@ api:
   ca_cert_uri: "https://dev.bitmask.net/ca.crt"
   domain: api.dev.bitmask.net
   port: 4430
+  uri: "https://api.dev.bitmask.net:4430/1"
+  version: 1
 contacts: 
   - micah@leap.se
   - sysdev@leap.se
@@ -307,6 +309,15 @@ webapp:
   allow_limited_certs: false
   allow_registration: true
   allow_unlimited_certs: true
+  api_tokens: 
+    allowed_ips: 
+      - "1.209.122.123"
+      - "176.53.69.13"
+      - "176.53.69.14"
+      - "176.53.69.22"
+      - "204.13.164.171"
+      - "37.218.240.50"
+    monitor: QheDQvXkM43jppngAHJzajv3wRdgeLRt
   api_version: 1
   billing: 
     braintree: 
diff --git a/hiera/gecko.yaml b/hiera/gecko.yaml
index d7a34b4..8bc0e94 100644
--- a/hiera/gecko.yaml
+++ b/hiera/gecko.yaml
@@ -58,7 +58,17 @@ firewall:
     port: 22
     to: "1.209.122.112"
   stunnel: []
-hosts: {}
+hosts: 
+  mudskipper: 
+    aliases: 
+      - api.cdev.bitmask.net
+      - cdev.bitmask.net
+      - nicknym.cdev.bitmask.net
+    domain_full: mudskipper.cdev.bitmask.net
+    domain_internal: mudskipper.cdev.bitmask.i
+    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXYzyrBvN1kkOgHkfc7cH3dgJC6nxnulO+6QsaX3kQuFHb6m4rKfEOPYZyzmZlrKXboAUuUDVH55Q8/Drao7QT1XtnIEC6R73tlcMmJuSTfl2IQMEaIA9voE59+Q8cWmMu5O9nzzMssZTjrMZtpfatiJ1aFntumAyjKQ0vFK4s1owBg07Yt0LDchAwBXYpELX/4pZYE2vpHrQsgH9zV/DPOZTFtXAr9SR94NXIPa6P06LEAjtYCqY2sEu2BB+OHysJNHuFJF74/l859YM5gkdd0cbn1LX0/6ch4dtqqDvydKZNlura7tb+GLV+oTz59BQ89mOPPoRfcUX6DXpl6ERz"
+    ip_address: "1.209.122.111"
+    port: 22
 ip_address: "1.209.122.112"
 location: 
   country_code: KR
@@ -164,6 +174,11 @@ stunnel:
 tags: 
   - clientdev
   - seoul
+testing: 
+  api_hosts: 
+    - mudskipper.cdev.bitmask.net
+  api_uri: "https://api.cdev.bitmask.net:4430/1"
+  monitor_auth_token: 5mzpqxQET7CCZwvUvzT5IcwdPdbeyyFk
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
diff --git a/hiera/leech.yaml b/hiera/leech.yaml
index e76fe89..caf9f46 100644
--- a/hiera/leech.yaml
+++ b/hiera/leech.yaml
@@ -55,6 +55,16 @@ hosts:
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxGPMkrINVARV9unydaLMxf16JFa5HWv2OqUXlwRXrhlYP8pBBAEjZaXAi3LMee3byg+NHhofSgRWd76zMW5+vX8HqXVMtCpXRzMk+1EpjA7u8xYW1dWEDMLWCjbB4aB1D1NLTD9u6mn0xJCRIUrqFMrMPyh5xD2M1WPB0lEM7rH79Hm5N4QvKPd0bEFQAYSDlV/hdArp5B1OhQxI8ROu+f6JCA4HEe3+qO8BrtGb4V1dyAdYiViL1IMIYvjQoC0lZm86KAsVDkW8kApYc3js5taSVFYcL58SVcMekjA34klC9pdCxeJNjg9whQP0cAg4/U4C9V8mW/EhzHgXU5FpZ"
     ip_address: "198.252.153.85"
     port: 4422
+  wallaby: 
+    aliases: 
+      - api.demo.bitmask.net
+      - demo.bitmask.net
+      - nicknym.demo.bitmask.net
+    domain_full: wallaby.demo.bitmask.net
+    domain_internal: wallaby.demo.bitmask.i
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP/bJJ5OoSveoTEXAl26Gz0tqJkwzdA2fezMFeyoDDF6BCWntfzFZahoxHWg5alUfNMCJeYYOPYu/k05QzXThkQ="
+    ip_address: "204.13.164.57"
+    port: 4422
 ip_address: "198.252.153.85"
 location: 
   country_code: US
@@ -70,8 +80,10 @@ mx:
     private_key: /srv/leap/files/mx/dkim.key
     public_key: /srv/leap/files/mx/dkim.pub
     selector: babcfe98e4
-  key_lookup_domain: bitmask.net
+  key_lookup_domain: demo.bitmask.net
 mynetworks: 
+  - "1.209.122.111"
+  - "1.209.122.112"
   - "1.209.122.123"
   - "176.53.69.13"
   - "176.53.69.14"
@@ -80,9 +92,6 @@ mynetworks:
   - "198.252.153.83"
   - "198.252.153.85"
   - "199.119.112.150"
-  - "199.119.112.151"
-  - "199.119.112.152"
-  - "199.119.112.153"
   - "199.119.112.205"
   - "199.119.112.206"
   - "199.119.112.207"
@@ -185,6 +194,11 @@ stunnel:
 tags: 
   - demo
   - seattle
+testing: 
+  api_hosts: 
+    - wallaby.demo.bitmask.net
+  api_uri: "https://api.demo.bitmask.net:4430/1"
+  monitor_auth_token: pvUz85Prt4jXF5aypSaBVeyeHBgHDcj5
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
diff --git a/hiera/snail.yaml b/hiera/snail.yaml
index aee2d54..e16d6cf 100644
--- a/hiera/snail.yaml
+++ b/hiera/snail.yaml
@@ -55,6 +55,16 @@ hosts:
     host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCd44smDJpmCINOnmZdyJO4x/kfziCi/UZiPMplCZN3RLEj8/eqhTo/imXNYXvx8AlwMIUsvVs4D79ukFPqICn7CF5xPuOuz+Og+Dk1rpD68Jomws13N194nOisDHlXwxmQCdFd2w+0FENd+tUmrx7AM1eQmg6D2WRw+Hmb17C7fdJwlCXz8bfTWnEWDvpwgVchpszy3WwX9Ul01j7IH3yKEM4c9GwWjJ8LgJfI1jR1jKnD6xZxuqbQ7aRoer2b6PIrIfsTB/JpuI9FtbjMuGCBusFf2+5lP/bsXeLGWU5smgGyjGNwa9ceUrhklNyXBQMz3wlBwXe4Q8u1LmM5Yi0Z"
     ip_address: "176.53.69.22"
     port: 4422
+  elephant: 
+    aliases: 
+      - api.dev.bitmask.net
+      - dev.bitmask.net
+      - nicknym.dev.bitmask.net
+    domain_full: elephant.dev.bitmask.net
+    domain_internal: elephant.dev.bitmask.i
+    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDbVBsw4Hnwoh1h+/J5NP6Uj6s1ViumP6zeeAtrr/ma/NrvR3x1bXmy/O396zbuFER6a8EyhGwY6WI+vKTjKWMGlOaNyNO7s9CB/keFBx4GGTcx55oHFb/WU0BzFUBoLjfEgelx/03+NIrZyW2XaPYDPdmNOfxMtetBziLugTXsXONIZBD4/QCt+LvbYdjWtziCH/EsdFuetDZ+WZrrUjCHyg2Lm8Xd48U/QrfPUb0oP8QZfoToN5l2Mxx7CnxX1s606zc/kkeaiF6+ATUPJ/6CTTdXZUN3Mg9dFMMyyZLB4TpSX7ldnwE2Wkvc/ngQjS/L8YBoMxsywPw7Q2+rFlV"
+    ip_address: "176.53.69.13"
+    port: 4422
   snail: 
     domain_full: snail.dev.bitmask.net
     domain_internal: snail.dev.bitmask.i
@@ -78,6 +88,8 @@ mx:
     selector: babcfe98e4
   key_lookup_domain: dev.bitmask.net
 mynetworks: 
+  - "1.209.122.111"
+  - "1.209.122.112"
   - "1.209.122.123"
   - "176.53.69.13"
   - "176.53.69.14"
@@ -86,9 +98,6 @@ mynetworks:
   - "198.252.153.83"
   - "198.252.153.85"
   - "199.119.112.150"
-  - "199.119.112.151"
-  - "199.119.112.152"
-  - "199.119.112.153"
   - "199.119.112.205"
   - "199.119.112.206"
   - "199.119.112.207"
@@ -221,6 +230,11 @@ stunnel:
 tags: 
   - development
   - istanbul
+testing: 
+  api_hosts: 
+    - elephant.dev.bitmask.net
+  api_uri: "https://api.dev.bitmask.net:4430/1"
+  monitor_auth_token: QheDQvXkM43jppngAHJzajv3wRdgeLRt
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
diff --git a/hiera/wallaby.yaml b/hiera/wallaby.yaml
index 9e82a0c..2186549 100644
--- a/hiera/wallaby.yaml
+++ b/hiera/wallaby.yaml
@@ -3,6 +3,8 @@ api:
   ca_cert_uri: "https://demo.bitmask.net/ca.crt"
   domain: api.demo.bitmask.net
   port: 4430
+  uri: "https://api.demo.bitmask.net:4430/1"
+  version: 1
 contacts: 
   - elijah@leap.se
   - sysdev@leap.se
@@ -335,6 +337,14 @@ webapp:
   allow_limited_certs: false
   allow_registration: true
   allow_unlimited_certs: true
+  api_tokens: 
+    allowed_ips: 
+      - "198.252.153.82"
+      - "198.252.153.83"
+      - "198.252.153.85"
+      - "204.13.164.57"
+      - "46.165.242.166"
+    monitor: pvUz85Prt4jXF5aypSaBVeyeHBgHDcj5
   api_version: 1
   client_certificates: 
     bit_size: 2048
diff --git a/secrets.json b/secrets.json
index 5e5306e..78e9f2d 100644
--- a/secrets.json
+++ b/secrets.json
@@ -17,6 +17,7 @@
     "webapp_secret_token": "MwScfJR7TbrkhSbsYIkMLuac55J48rnt"
   },
   "demo": {
+    "api_monitor_auth_token": "pvUz85Prt4jXF5aypSaBVeyeHBgHDcj5",
     "couch_admin_password": "hfY4x7epQ7BrULbZJRgu5KKk4gR_J2AW",
     "couch_admin_password_salt": "e1dca99375c513be477295f141b9f032",
     "couch_leap_mx_password": "RcW_Xm2ERaZruapjSqQkhGeGIKgFLzML",
@@ -38,6 +39,7 @@
     "webapp_secret_token": "GgKvW3NhAKwgvQuMAzdHhLDBh3g3u5Xd"
   },
   "development": {
+    "api_monitor_auth_token": "QheDQvXkM43jppngAHJzajv3wRdgeLRt",
     "couch_admin_password": "PkyRLKGfQAnmk64EXqHWBVsxJfksKXNH",
     "couch_admin_password_salt": "51d3c78980b9cf319cadbc73896f7128",
     "couch_leap_mx_password": "TISmwrYwSBmwbdDyQvJYu3_VkZmfZITc",
@@ -61,6 +63,7 @@
     "scramblesuit_port_hippo": 28975
   },
   "mail": {
+    "api_monitor_auth_token": "vv2LEtHFDmIcK4H2LsXTsI74Vt5IXKU2",
     "couch_admin_password": "5sICnwb5QCVHBcETILBhE8qUsZaF7Cuw",
     "couch_admin_password_salt": "402b758e70fc5ab21509fcb46df37f09",
     "couch_leap_mx_password": "kh8Md4qQZupTX4qAYZDHP8LAXWFIkwkq",
@@ -77,6 +80,7 @@
     "webapp_secret_token": "43bMDssusIZfqnAsDnfrKNVt9mNuLwad"
   },
   "unstable": {
+    "api_monitor_auth_token": "pAfrMH9kd7FfdKq5m2k9FxYhghhpZ5Qr",
     "couch_admin_password": "LYaDX9L9QKe2Re6p8dFKhu_t2XCxTqNZ",
     "couch_admin_password_salt": "b9d35fd378ba1598e843d5a784cfdf7e",
     "couch_leap_mx_password": "C3L8QnFCMpaKGQghMAW9gERSmhAuNvfC",
author	elijah <elijah@riseup.net>	2016-04-09 10:34:46 -0700
committer	elijah <elijah@riseup.net>	2016-04-09 10:34:46 -0700
commit	3d75bc820b671dacae72fb3cc7aad2e8da3b293a (patch)
tree	923ad6d876eaa467e290bb2930091e11b5aee9f1
parent	9f002e16620c037c123b464c2bbeea0842f8ed2c (diff)