update ssh host keys

29 files changed, 380 insertions, 1305 deletions

diff --git a/hiera/ant.yaml b/hiera/ant.yaml
index dbfbebf..59e9afd 100644
--- a/hiera/ant.yaml
+++ b/hiera/ant.yaml
@@ -8,8 +8,6 @@ couch:
     epmd_port: 4369
     neighbors: 
       - thrips.demo.bitmask.net
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -24,10 +22,6 @@ couch:
       password: CyhRSafC4SUGQ9F762Qfv3TPQDqTjn2G
       salt: e3ee9259723d0cbd8b3265dbe8b4e21e
       username: nickserver
-    replication: 
-      password: gPFMMKdZaTHF24nQGYQTDHkAduQcarBm
-      salt: 215a1f508e2b564978f98e43231e1506
-      username: replication
     soledad: 
       password: cGqWZqTdFc_fuSZvfPtUTL_7uMA6d5YC
       salt: 514355e86f1d3fa4de42b677de21281d
@@ -80,9 +74,6 @@ mail:
   smarthost: 
     - leech.demo.bitmask.net
 name: ant
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: internal_service
 services: 
   - couchdb
@@ -123,29 +114,25 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    ednp_clients: 
-      thrips_9002: 
-        accept_port: 4001
-        connect: thrips.demo.bitmask.i
-        connect_port: 19002
-        original_port: 9002
-    epmd_clients: 
-      thrips_4369: 
-        accept_port: 4000
-        connect: thrips.demo.bitmask.i
-        connect_port: 14369
-        original_port: 4369
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: 
+    thrips_9002: 
+      accept_port: 4001
+      connect: thrips.demo.bitmask.i
+      connect_port: 19002
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: 
+    thrips_4369: 
+      accept_port: 4000
+      connect: thrips.demo.bitmask.i
+      connect_port: 14369
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
   - demo
   - seattle
@@ -211,9 +198,6 @@ x509:
       BQxrMTmmPg9p/pQgsRd0zrMBAHVVOWIUdEvMe9d6JMsHabOsDG+nySGrDAgTuBf3
       Eqk8NgcHUMUFnnESUmcKjsMsn/fSQceYG06R8nNBsq1vpH9Vv+7kvgJx4WQCjg==
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEpQIBAAKCAQEAms2pFpXAyOqZ54YccmnQBFYTXQAdqCs5mpr0xSOPwI9J25nn
@@ -243,4 +227,3 @@ x509:
       /DVs7/l3QcdZumI+MVs1fSMQWAvad7PSC5GOr7s1KcMxi0nHkFZ1de0=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/canvasback.yaml b/hiera/canvasback.yaml
index 1f8d46f..4980fcf 100644
--- a/hiera/canvasback.yaml
+++ b/hiera/canvasback.yaml
@@ -105,9 +105,9 @@ development:
   site_config: true
 dns: 
   aliases: 
-    - api.cdev.bitmask.net
     - canvasback.cdev.bitmask.net
     - cdev.bitmask.net
+    - api.cdev.bitmask.net
     - nicknym.cdev.bitmask.net
   public: true
 domain: 
@@ -119,15 +119,12 @@ domain:
 enabled: true
 environment: clientdev
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      gadwall: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
+  servers: 
+    gadwall: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
 hosts: 
   chipmonk: 
     domain_full: chipmonk.cdev.bitmask.net
@@ -156,9 +153,6 @@ nickserver:
     username: nickserver
   domain: nicknym.cdev.bitmask.net
   port: 6425
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - webapp
@@ -199,29 +193,25 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    couch_client: 
-      gadwall_5984: 
-        accept_port: 4000
-        connect: gadwall.cdev.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    gadwall_5984: 
+      accept_port: 4000
+      connect: gadwall.cdev.bitmask.i
+      connect_port: 15984
 tags: 
   - clientdev
   - dc
 webapp: 
   admins: 
-    - azul
     - elijah
+    - varac
+    - micah
     - kwadronaut
     - mcnair
     - meanderingcode
-    - micah
-    - varac
+    - azul
   allow_anonymous_certs: false
   allow_limited_certs: false
-  allow_registration: true
   allow_unlimited_certs: true
   api_version: 1
   client_certificates: 
@@ -237,29 +227,16 @@ webapp:
     password: _CatyL3Ienc4wRrfPubrhyfYCFmCyt9t
     salt: 1c1dd6eb78f027414f1638bd6c902a5a
     username: webapp
-  customization_dir: /srv/leap/files/webapp/
+  customization_dir: /etc/leap/files/webapp/
   default_service_level: 1
   domain: cdev.bitmask.net
-  engines: 
-    - support
-  forbidden_usernames: 
-    - admin
-    - administrator
-    - arin-admin
-    - certmaster
-    - contact
-    - info
-    - maildrop
-    - postmaster
-    - ssladmin
-    - www-data
   git: 
     revision: origin/master
     source: "https://leap.se/git/leap_web"
   modules: 
+    - user
     - billing
     - help
-    - user
   nagios_test_user: 
     password: HpR8dKsLPnYXjQaHXfC3rP_dM3CpXKIL
     username: nagios_test
@@ -572,4 +549,3 @@ x509:
       QJ+JGFsRME7FZQr9oetc7XefTczI1a0ENLiVTDeTgi4g2mqly3uSIg==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/chameleon.yaml b/hiera/chameleon.yaml
index ffccfeb..e7b07cd 100644
--- a/hiera/chameleon.yaml
+++ b/hiera/chameleon.yaml
@@ -137,10 +137,10 @@ development:
   site_config: true
 dns: 
   aliases: 
-    - api.unstable.bitmask.net
     - chameleon.unstable.bitmask.net
-    - nicknym.unstable.bitmask.net
     - unstable.bitmask.net
+    - api.unstable.bitmask.net
+    - nicknym.unstable.bitmask.net
   public: true
 domain: 
   full: chameleon.unstable.bitmask.net
@@ -151,15 +151,12 @@ domain:
 enabled: true
 environment: unstable
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      panda: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
+  servers: 
+    panda: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
 hosts: 
   ant: 
     domain_full: ant.demo.bitmask.net
@@ -184,12 +181,12 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   deer: 
     domain_full: deer.dev.bitmask.net
     domain_internal: deer.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDz1/VqEz2qDtR1lgUqhnS8G8wYaDwbB1lPsBhloyCFHuSKmr2DGjmVSVYKtmTXnQZhAuOQuME4RHiVgNPUAKOBGDTyA5eCdjUeguZm4CnZU0ISBj1iKSa1l7RHZDZmirC62f8OJ6Ma9Ls62BZN8Vy4T7v55qn5Ky+D+/XrDqlES3zTHoNWkR3Xn1JDZ1Ov20qvB2wdYRL6LStcB915BE1e56IrnOEq7ybg5h84Jtpx8fyq1Geynjoz3q3YUAQuhziawM6seQk+v7QUTGMHD/xyaRD/VZqGn65k4suin4OHb1gFysxf2xdwzEnhheItXZontQue5DgjE8GE/OlRCvdx"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBORp1ohUpy+qSPhgklCvujSTGeIsHdY9hBDJZimfeRZFq3ZuZvLltrvla8++BBTCskgEUdGtNivK9I0oCviyDeA="
     ip_address: "202.85.227.195"
   demodex: 
     domain_full: demodex.dev.bitmask.net
@@ -199,12 +196,12 @@ hosts:
   elephant: 
     domain_full: elephant.dev.bitmask.net
     domain_internal: elephant.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClpJntSyXlBMiHfmZ6xIo1NiNCgomVOWrkl3nH+9nzqimKWqikp2DlR6jWSMebTyyuy8rB/1lbj7/Z3AxNXjUoOpGpyKrE3viNYZie4Y4QDn3hFPMxHjoYcD/OerosFFZe8Byf0ExTQ4VPmzNKdcTJN/QFjWWZk5AElX2OLnpSYOOBUwiDQeAJkALMmInXYO/+IXeBsygYND8+KZb0qfLpvgPYa4t0p8WVuRS/c0o+dtATmc2HN6N1YxEnmuzx1h1UDO6k4PRNDbO8+U7zsGagEpMJmzGc+liJxwDCgLCieQAxriXWTpiqxJ55pDtLIJKONaNP2UsUai2b9xQ9NsNN"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOktOAJ7qxG2pC+qGVJTMNLMZGdhyInsuCX7phvQSTJxo2HNTUcSR/CJuLwsV0yqBVTmbrUNBCJS/n+x6bVqUeg="
     ip_address: "176.53.69.13"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   frog: 
     domain_full: frog.bitmask.net
@@ -254,12 +251,12 @@ hosts:
   snail: 
     domain_full: snail.dev.bitmask.net
     domain_internal: snail.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8wxuY3ytE1h/XDKYUkcAwIoGjhWTOafRrziSbpIxwNmadSKPh/sv7kUweRexFdoh+H1uLVGmN/YEciZvq6L7HomH1eX00NamZBJyBE9018cNOfD4943Lqs+LIQDDNVis+4fVoOdyVco+Q1U/bnUQcbAa1eRZ4LzAm8pDDyzdtFGFJEeHt1xsqEqyHv5As6lNMwpgRGDUFUOZClyUc/2gvPWx6GReCuwyXNUYRt99eN+p+F3mjSk5n0dzRsi32Mo550pHHJxIlbnJifq15Q4DqVMBoYGHYWFHfDdjb5G9botPa3NF/7Db/yNQQ9EZPBOIDf135lgduK53OM5spDg9b"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK+IgHh5d/DYKrfzc8yGSBiNxFOg8vnTTfuykuQK3wO9F7Obzxuux/qlvHV1yPV0I9id72bduDfyfngMU5jqugY="
     ip_address: "176.53.69.14"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   thrips: 
     domain_full: thrips.demo.bitmask.net
@@ -269,7 +266,7 @@ hosts:
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
   wallaby: 
     domain_full: wallaby.demo.bitmask.net
@@ -286,11 +283,6 @@ mail:
   smarthost: 
     - octopus.unstable.bitmask.net
 nagios: 
-  domains_internal: 
-    - cdev.bitmask.i
-    - demo.bitmask.i
-    - dev.bitmask.i
-    - unstable.bitmask.i
   hosts: 
     ant: 
       domain_full_suffix: demo.bitmask.net
@@ -311,8 +303,8 @@ nagios:
       domain_internal: chameleon.unstable.bitmask.i
       ip_address: "199.119.112.10"
       services: 
-        - monitor
         - webapp
+        - monitor
       ssh_port: 4422
     chipmonk: 
       domain_full_suffix: cdev.bitmask.net
@@ -473,13 +465,10 @@ nickserver:
     username: nickserver
   domain: nicknym.unstable.bitmask.net
   port: 6425
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
-  - monitor
   - webapp
+  - monitor
 ssh: 
   authorized_keys: 
     azul: 
@@ -527,30 +516,26 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    couch_client: 
-      panda_5984: 
-        accept_port: 4000
-        connect: panda.unstable.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    panda_5984: 
+      accept_port: 4000
+      connect: panda.unstable.bitmask.i
+      connect_port: 15984
 tags: 
+  - unstable
   - dc
   - sandbox-braintree
-  - unstable
 webapp: 
   admins: 
-    - azul
     - elijah
+    - varac
+    - micah
     - kwadronaut
     - mcnair
     - meanderingcode
-    - micah
-    - varac
+    - azul
   allow_anonymous_certs: false
   allow_limited_certs: false
-  allow_registration: true
   allow_unlimited_certs: true
   api_version: 1
   billing: 
@@ -572,29 +557,16 @@ webapp:
     password: enfhmsmcLc3Az3GF6TFKwRk99Iqjm2ew
     salt: 478bf7e8ca879a9711b279055f00153e
     username: webapp
-  customization_dir: /srv/leap/files/webapp/
+  customization_dir: /etc/leap/files/webapp/
   default_service_level: 1
   domain: unstable.bitmask.net
-  engines: 
-    - support
-  forbidden_usernames: 
-    - admin
-    - administrator
-    - arin-admin
-    - certmaster
-    - contact
-    - info
-    - maildrop
-    - postmaster
-    - ssladmin
-    - www-data
   git: 
     revision: origin/develop
     source: "https://leap.se/git/leap_web"
   modules: 
+    - user
     - billing
     - help
-    - user
   nagios_test_user: 
     password: SvVjM5NCe2RF6XwTtZ7dGxAZ7E7KeSNS
     username: nagios_test
@@ -908,4 +880,3 @@ x509:
       MXxW/683yhX/wP2WfhDpam3gZjAOmRUXjb4OmevRF2jlwLOJssykv7A=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/chipmonk.yaml b/hiera/chipmonk.yaml
index b2220e3..167f258 100644
--- a/hiera/chipmonk.yaml
+++ b/hiera/chipmonk.yaml
@@ -18,15 +18,12 @@ domain:
 enabled: true
 environment: clientdev
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      gadwall: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
+  servers: 
+    gadwall: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
 hosts: 
   chipmonk: 
     domain_full: chipmonk.cdev.bitmask.net
@@ -48,41 +45,38 @@ mail:
   smarthost: []
 mynetworks: 
   - "176.53.69.127"
-  - "176.53.69.13"
-  - "176.53.69.14"
-  - "176.53.69.21"
-  - "176.53.69.22"
+  - "199.119.112.9"
+  - "192.168.5.9"
   - "176.53.69.23"
-  - "192.168.5.10"
-  - "192.168.5.12"
-  - "192.168.5.16"
-  - "192.168.5.19"
-  - "192.168.5.23"
-  - "192.168.5.4"
+  - "199.119.112.5"
   - "192.168.5.5"
-  - "192.168.5.8"
-  - "192.168.5.9"
-  - "198.252.153.82"
-  - "198.252.153.83"
-  - "198.252.153.85"
+  - "176.53.69.21"
+  - "204.13.164.171"
   - "199.119.112.10"
+  - "192.168.5.10"
+  - "198.252.153.83"
   - "199.119.112.12"
+  - "192.168.5.12"
+  - "204.13.164.162"
+  - "198.252.153.82"
   - "199.119.112.16"
+  - "192.168.5.16"
+  - "204.13.164.57"
+  - "176.53.69.14"
   - "199.119.112.19"
+  - "192.168.5.19"
+  - "176.53.69.13"
+  - "202.85.227.195"
   - "199.119.112.23"
+  - "192.168.5.23"
+  - "85.17.92.143"
+  - "176.53.69.22"
   - "199.119.112.4"
-  - "199.119.112.5"
+  - "192.168.5.4"
+  - "198.252.153.85"
   - "199.119.112.8"
-  - "199.119.112.9"
-  - "202.85.227.195"
-  - "204.13.164.162"
-  - "204.13.164.171"
-  - "204.13.164.57"
-  - "85.17.92.143"
+  - "192.168.5.8"
 name: chipmonk
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - mx
@@ -123,14 +117,11 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    couch_client: 
-      gadwall_5984: 
-        accept_port: 4000
-        connect: gadwall.cdev.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    gadwall_5984: 
+      accept_port: 4000
+      connect: gadwall.cdev.bitmask.i
+      connect_port: 15984
 tags: 
   - clientdev
   - dc
@@ -435,4 +426,3 @@ x509:
       c9OAySi7JcI0Pl9/ilUtc53EpsalTEaN3uuFlQoL8A8OKxabskS9bw==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/clam.yaml b/hiera/clam.yaml
index 599f9f2..a227516 100644
--- a/hiera/clam.yaml
+++ b/hiera/clam.yaml
@@ -26,8 +26,8 @@ couch:
       salt: 70bcff5aeb5a7ed22a96a4b43790965f
       username: nickserver
     replication: 
-      password: _mVfcIyFV_vfRFUvpNmAWYn_9KUxJ7Pv
-      salt: b53363c123da0677255bd93ec1627db7
+      password: B7LFWg7x7AQRIXdxGmsd4MjfQISB_EZj
+      salt: 868afc4ca18138cc256f57ff2a3c99a5
       username: replication
     soledad: 
       password: PgrbUREhqBGY4r4XIXQEgkk3jTH4sEJA
@@ -59,22 +59,22 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
 ip_address: "176.53.69.22"
 location: 
diff --git a/hiera/couch1.yaml b/hiera/couch1.yaml
index f0de356..0aef52d 100644
--- a/hiera/couch1.yaml
+++ b/hiera/couch1.yaml
@@ -8,8 +8,6 @@ couch:
     epmd_port: 4369
     neighbors: 
       - couch2.bitmask.net
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -24,10 +22,6 @@ couch:
       password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR
       salt: 73567fc12c27a79152620084e97b4fba
       username: nickserver
-    replication: 
-      password: fbZMru8SZ9UhaHXYRW2f9RVCjJmBwBuJ
-      salt: b2716ac90f4e9dd7b2a088d2765ae374
-      username: replication
     soledad: 
       password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp
       salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7
@@ -73,9 +67,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 name: couch1
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - couchdb
@@ -125,29 +116,25 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    ednp_clients: 
-      couch2_9002: 
-        accept_port: 4001
-        connect: couch2.bitmask.i
-        connect_port: 19002
-        original_port: 9002
-    epmd_clients: 
-      couch2_4369: 
-        accept_port: 4000
-        connect: couch2.bitmask.i
-        connect_port: 14369
-        original_port: 4369
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: 
+    couch2_9002: 
+      accept_port: 4001
+      connect: couch2.bitmask.i
+      connect_port: 19002
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: 
+    couch2_4369: 
+      accept_port: 4000
+      connect: couch2.bitmask.i
+      connect_port: 14369
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
   - local
 x509: 
@@ -212,9 +199,6 @@ x509:
       7AQ/LsmCL5K6F5OqPAUMwc7w1Jp2CSq0sqBSuyjq5Xaom2eQcRD02c1pcLfJwWRS
       iEbJwlSbPVGpScfRfoaOlyiH96btwnWvaIBgf3Ii7dLTSc2EIO5s
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEowIBAAKCAQEAzGNOpJbUz6hQrWmBUgfJPzYfVZhDeEJAalXuuXxlVU1wlsSG
@@ -244,4 +228,3 @@ x509:
       SeSdWAYGKZZAMSQInihge20dMu1TgS7R0ijeAf4LaoMEq3AOkXMf
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/couch2.yaml b/hiera/couch2.yaml
index c08b592..5b84310 100644
--- a/hiera/couch2.yaml
+++ b/hiera/couch2.yaml
@@ -8,8 +8,6 @@ couch:
     epmd_port: 4369
     neighbors: 
       - couch1.bitmask.net
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -24,10 +22,6 @@ couch:
       password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR
       salt: 73567fc12c27a79152620084e97b4fba
       username: nickserver
-    replication: 
-      password: fbZMru8SZ9UhaHXYRW2f9RVCjJmBwBuJ
-      salt: b2716ac90f4e9dd7b2a088d2765ae374
-      username: replication
     soledad: 
       password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp
       salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7
@@ -73,9 +67,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 name: couch2
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - couchdb
@@ -125,29 +116,25 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    ednp_clients: 
-      couch1_9002: 
-        accept_port: 4001
-        connect: couch1.bitmask.i
-        connect_port: 19002
-        original_port: 9002
-    epmd_clients: 
-      couch1_4369: 
-        accept_port: 4000
-        connect: couch1.bitmask.i
-        connect_port: 14369
-        original_port: 4369
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: 
+    couch1_9002: 
+      accept_port: 4001
+      connect: couch1.bitmask.i
+      connect_port: 19002
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: 
+    couch1_4369: 
+      accept_port: 4000
+      connect: couch1.bitmask.i
+      connect_port: 14369
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
   - local
 x509: 
@@ -212,9 +199,6 @@ x509:
       zXhBGqCxzoUZSCaxmCIeRBe18GoWRM0JZnpBbi4K3r3ZOIjzoEUK3L6e0tRkJCNc
       GXE33HbYQAtwidqDCHrb0LLWJjLeI/10avzPtGr/rqVKYufTRq1b
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEpQIBAAKCAQEAse0pV7xCoGB/dvqmIlc8nY+9/TaKtp/2qfCWAE4fa49vP3NU
@@ -244,4 +228,3 @@ x509:
       balQCbIbD77nO3413Tdg3G0mj6826wrJI4j0jvHk1HU53C7bkaL1dxo=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/elephant.yaml b/hiera/elephant.yaml
index df601fe..64c4ffa 100644
--- a/hiera/elephant.yaml
+++ b/hiera/elephant.yaml
@@ -182,22 +182,22 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
 ip_address: "176.53.69.13"
 location: 
diff --git a/hiera/elk.yaml b/hiera/elk.yaml
index 2266138..3318434 100644
--- a/hiera/elk.yaml
+++ b/hiera/elk.yaml
@@ -26,8 +26,8 @@ couch:
       salt: 70bcff5aeb5a7ed22a96a4b43790965f
       username: nickserver
     replication: 
-      password: _mVfcIyFV_vfRFUvpNmAWYn_9KUxJ7Pv
-      salt: b53363c123da0677255bd93ec1627db7
+      password: B7LFWg7x7AQRIXdxGmsd4MjfQISB_EZj
+      salt: 868afc4ca18138cc256f57ff2a3c99a5
       username: replication
     soledad: 
       password: PgrbUREhqBGY4r4XIXQEgkk3jTH4sEJA
@@ -59,22 +59,22 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
 ip_address: "176.53.69.127"
 location: 
diff --git a/hiera/frog.yaml b/hiera/frog.yaml
index 3c880d9..bfa81a1 100644
--- a/hiera/frog.yaml
+++ b/hiera/frog.yaml
@@ -19,9 +19,6 @@ location: ~
 mail: 
   smarthost: []
 name: frog
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - static
@@ -327,9 +324,6 @@ static:
       tls_only: true
   formats: 
     - amber
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - production
 x509: 
@@ -394,9 +388,6 @@ x509:
       do1tnppn3G1Y2EW18zztBS+pykt5+kFJdDAfC5tL3SNh2er+croopzn/pg7NMaS8
       7ri/3hdHttbqDQjAxbQPl1CkpyxgKbQQyPVXAMfm1xUVtw==
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEpQIBAAKCAQEAw7CiUKaxU165suQ0h2/r3qWePJ6M7AE2rVNgQSi3w0EmYlKi
@@ -426,4 +417,3 @@ x509:
       F0ZIjOlu8zvQIl+L9tpmtEELTG+8LMyycvh0bPq9baY/LhTvnFKzMHE=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/gadwall.yaml b/hiera/gadwall.yaml
index 9c8ad77..096acff 100644
--- a/hiera/gadwall.yaml
+++ b/hiera/gadwall.yaml
@@ -7,8 +7,6 @@ couch:
     ednp_port: 9002
     epmd_port: 4369
     neighbors: []
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -23,10 +21,6 @@ couch:
       password: vjJAZqxPL4BeGKAEUVuBVK5MIba_aIY5
       salt: eab38a050b5eb2569549f8e50cab9034
       username: nickserver
-    replication: 
-      password: gxbjRLwwDW5bQQx9MpbjNaqF_KdMbCng
-      salt: 751525d259cb7ec8e536b7caa21bb23c
-      username: replication
     soledad: 
       password: MrUyYGnT_44NUyBAm46L3GCLPHKVZ_De
       salt: ac15331e0c098126e04ecf7a21045079
@@ -74,9 +68,6 @@ mail:
   smarthost: 
     - chipmonk.cdev.bitmask.net
 name: gadwall
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - couchdb
@@ -125,19 +116,17 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    ednp_clients: {}
-    epmd_clients: {}
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: {}
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: {}
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
   - clientdev
   - dc
@@ -204,9 +193,6 @@ x509:
       jAR3FCr8Vvm4UoDbxvF4jeg+6Bd1D1Pz5lsMd5q/LHSk8nuTB+y2B6x96Q9/VkNc
       14teuyf5AarZxA==
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEowIBAAKCAQEA0Jt1sr/RTOJ8ue70yqv2qLeo4mAVPaZsGgtkh6l5eMrTGCOH
@@ -236,4 +222,3 @@ x509:
       C917/dIQt48xJFBcX1oRHcFoakIVB4+h41Bc8mS09cR29Og8+JPP
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/hippo.yaml b/hiera/hippo.yaml
index bea7963..0a6adec 100644
--- a/hiera/hippo.yaml
+++ b/hiera/hippo.yaml
@@ -24,11 +24,6 @@ mail:
   smarthost: 
     - leech.demo.bitmask.net
 name: hippo
-obfsproxy: 
-  gateway_address: "85.17.92.167"
-  scramblesuit: 
-    password: ONLW2MTQJJ4HUU3WGNVEC42JIF4XEWDS
-    port: 18943
 openvpn: 
   adblock: false
   allow_limited: false
@@ -51,9 +46,6 @@ openvpn:
   second_gateway_address: ~
   unlimited_prefix: UNLIMITED
   user_ips: false
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - openvpn
@@ -94,23 +86,14 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 4422
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
-  - amsterdam
   - demo
+  - amsterdam
 tor: 
   bandwidth_rate: 100
   contacts: 
     - sysdev@leap.se
   family: "deeruSaR9IekHdQGUGI,hippobagtc8Z3KPmfnT"
-  hidden_service: 
-    active: ~
-    address: ~
-    key_type: RSA
-    private_key: ~
-    public_key: ~
   nickname: hippobagtc8Z3KPmfnT
 x509: 
   ca_cert: |
@@ -209,9 +192,6 @@ x509:
       xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF
       gkVBxxt/s0R2aKM=
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   dh: |
       -----BEGIN DH PARAMETERS-----
       MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb
@@ -253,4 +233,3 @@ x509:
       Dqxr7d6Ded5Witr98xqbbXZLkwf/iUHAwT9xTnFD+2mfRIwN3ifYSA==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/leech.yaml b/hiera/leech.yaml
index a058197..a068eae 100644
--- a/hiera/leech.yaml
+++ b/hiera/leech.yaml
@@ -18,21 +18,17 @@ domain:
 enabled: true
 environment: demo
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      ant: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
-      thrips: 
-        backup: false
-        host: localhost
-        port: 4001
-        weight: 100
-        writable: true
+  servers: 
+    ant: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
+    thrips: 
+      backup: false
+      host: localhost
+      port: 4001
+      weight: 100
 hosts: 
   ant: 
     domain_full: ant.demo.bitmask.net
@@ -59,41 +55,38 @@ mail:
   smarthost: []
 mynetworks: 
   - "176.53.69.127"
-  - "176.53.69.13"
-  - "176.53.69.14"
-  - "176.53.69.21"
-  - "176.53.69.22"
+  - "199.119.112.9"
+  - "192.168.5.9"
   - "176.53.69.23"
-  - "192.168.5.10"
-  - "192.168.5.12"
-  - "192.168.5.16"
-  - "192.168.5.19"
-  - "192.168.5.23"
-  - "192.168.5.4"
+  - "199.119.112.5"
   - "192.168.5.5"
-  - "192.168.5.8"
-  - "192.168.5.9"
-  - "198.252.153.82"
-  - "198.252.153.83"
-  - "198.252.153.85"
+  - "176.53.69.21"
+  - "204.13.164.171"
   - "199.119.112.10"
+  - "192.168.5.10"
+  - "198.252.153.83"
   - "199.119.112.12"
+  - "192.168.5.12"
+  - "204.13.164.162"
+  - "198.252.153.82"
   - "199.119.112.16"
+  - "192.168.5.16"
+  - "204.13.164.57"
+  - "176.53.69.14"
   - "199.119.112.19"
+  - "192.168.5.19"
+  - "176.53.69.13"
+  - "202.85.227.195"
   - "199.119.112.23"
+  - "192.168.5.23"
+  - "85.17.92.143"
+  - "176.53.69.22"
   - "199.119.112.4"
-  - "199.119.112.5"
+  - "192.168.5.4"
+  - "198.252.153.85"
   - "199.119.112.8"
-  - "199.119.112.9"
-  - "202.85.227.195"
-  - "204.13.164.162"
-  - "204.13.164.171"
-  - "204.13.164.57"
-  - "85.17.92.143"
+  - "192.168.5.8"
 name: leech
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - mx
@@ -134,19 +127,15 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    couch_client: 
-      ant_5984: 
-        accept_port: 4000
-        connect: ant.demo.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-      thrips_5984: 
-        accept_port: 4001
-        connect: thrips.demo.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    ant_5984: 
+      accept_port: 4000
+      connect: ant.demo.bitmask.i
+      connect_port: 15984
+    thrips_5984: 
+      accept_port: 4001
+      connect: thrips.demo.bitmask.i
+      connect_port: 15984
 tags: 
   - demo
   - seattle
@@ -573,4 +562,3 @@ x509:
       aqXFA4DlcGkygA40hl2lB5NJbQVSHXXjgpAb395dasMyH8cblC34Lw==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/millipede.yaml b/hiera/millipede.yaml
index 3ca1ee0..6fdbf6b 100644
--- a/hiera/millipede.yaml
+++ b/hiera/millipede.yaml
@@ -24,11 +24,6 @@ mail:
   smarthost: 
     - leech.demo.bitmask.net
 name: millipede
-obfsproxy: 
-  gateway_address: "198.252.153.84"
-  scramblesuit: 
-    password: JFEV6NCYIV3FMV2CIZBVMNDCPJDUGUKE
-    port: 19538
 openvpn: 
   adblock: false
   allow_limited: false
@@ -51,9 +46,6 @@ openvpn:
   second_gateway_address: ~
   unlimited_prefix: UNLIMITED
   user_ips: false
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - openvpn
@@ -93,9 +85,6 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 4422
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - demo
   - seattle
@@ -196,9 +185,6 @@ x509:
       xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF
       gkVBxxt/s0R2aKM=
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   dh: |
       -----BEGIN DH PARAMETERS-----
       MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb
@@ -240,4 +226,3 @@ x509:
       WVHhd08IF7vrVOiHIn3TeXsSRV+RR079ikzCTc7ueaZhHMlg/p0=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/monitor1.yaml b/hiera/monitor1.yaml
index 9071644..3893d12 100644
--- a/hiera/monitor1.yaml
+++ b/hiera/monitor1.yaml
@@ -52,11 +52,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 nagios: 
-  domains_internal: 
-    - cdev.bitmask.i
-    - demo.bitmask.i
-    - dev.bitmask.i
-    - unstable.bitmask.i
   hosts: 
     couch1: 
       domain_full_suffix: bitmask.net
@@ -118,9 +113,6 @@ nagios:
       ssh_port: 22
   nagiosadmin_pw: Y_uRtQby7LtwXxFRhIv_qVVrwWHzYrQq
 name: monitor1
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: internal_service
 services: 
   - monitor
@@ -171,9 +163,6 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 22
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - local
 x509: 
@@ -598,4 +587,3 @@ x509:
       exVX87n7WqrJ9tG9aM0KVRNONhucBKICpzmPCCeFWsehWImIlsfn4nda
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/mx1.yaml b/hiera/mx1.yaml
index 9bf16bc..37d5ce6 100644
--- a/hiera/mx1.yaml
+++ b/hiera/mx1.yaml
@@ -18,21 +18,17 @@ domain:
 enabled: true
 environment: local
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      couch1: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 10
-        writable: true
-      couch2: 
-        backup: false
-        host: localhost
-        port: 4001
-        weight: 10
-        writable: true
+  servers: 
+    couch1: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 10
+    couch2: 
+      backup: false
+      host: localhost
+      port: 4001
+      weight: 10
 hosts: 
   couch1: 
     domain_full: couch1.bitmask.net
@@ -52,41 +48,38 @@ mail:
   smarthost: []
 mynetworks: 
   - "176.53.69.127"
-  - "176.53.69.13"
-  - "176.53.69.14"
-  - "176.53.69.21"
-  - "176.53.69.22"
+  - "199.119.112.9"
+  - "192.168.5.9"
   - "176.53.69.23"
-  - "192.168.5.10"
-  - "192.168.5.12"
-  - "192.168.5.16"
-  - "192.168.5.19"
-  - "192.168.5.23"
-  - "192.168.5.4"
+  - "199.119.112.5"
   - "192.168.5.5"
-  - "192.168.5.8"
-  - "192.168.5.9"
-  - "198.252.153.82"
-  - "198.252.153.83"
-  - "198.252.153.85"
+  - "176.53.69.21"
+  - "204.13.164.171"
   - "199.119.112.10"
+  - "192.168.5.10"
+  - "198.252.153.83"
   - "199.119.112.12"
+  - "192.168.5.12"
+  - "204.13.164.162"
+  - "198.252.153.82"
   - "199.119.112.16"
+  - "192.168.5.16"
+  - "204.13.164.57"
+  - "176.53.69.14"
   - "199.119.112.19"
+  - "192.168.5.19"
+  - "176.53.69.13"
+  - "202.85.227.195"
   - "199.119.112.23"
+  - "192.168.5.23"
+  - "85.17.92.143"
+  - "176.53.69.22"
   - "199.119.112.4"
-  - "199.119.112.5"
+  - "192.168.5.4"
+  - "198.252.153.85"
   - "199.119.112.8"
-  - "199.119.112.9"
-  - "202.85.227.195"
-  - "204.13.164.162"
-  - "204.13.164.171"
-  - "204.13.164.57"
-  - "85.17.92.143"
+  - "192.168.5.8"
 name: mx1
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - mx
@@ -128,19 +121,15 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    couch_client: 
-      couch1_5984: 
-        accept_port: 4000
-        connect: couch1.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-      couch2_5984: 
-        accept_port: 4001
-        connect: couch2.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    couch1_5984: 
+      accept_port: 4000
+      connect: couch1.bitmask.i
+      connect_port: 15984
+    couch2_5984: 
+      accept_port: 4001
+      connect: couch2.bitmask.i
+      connect_port: 15984
 tags: 
   - local
 x509: 
@@ -565,4 +554,3 @@ x509:
       ZxgCM4SPY7CPwZOXfXvV3suBehvJ1FJIWGz45wJAeBvH+sHIlTi4cw==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/octopus.yaml b/hiera/octopus.yaml
index 5843f10..8512f0c 100644
--- a/hiera/octopus.yaml
+++ b/hiera/octopus.yaml
@@ -18,15 +18,12 @@ domain:
 enabled: true
 environment: unstable
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      panda: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
+  servers: 
+    panda: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
 hosts: 
   octopus: 
     domain_full: octopus.unstable.bitmask.net
@@ -48,41 +45,38 @@ mail:
   smarthost: []
 mynetworks: 
   - "176.53.69.127"
-  - "176.53.69.13"
-  - "176.53.69.14"
-  - "176.53.69.21"
-  - "176.53.69.22"
+  - "199.119.112.9"
+  - "192.168.5.9"
   - "176.53.69.23"
-  - "192.168.5.10"
-  - "192.168.5.12"
-  - "192.168.5.16"
-  - "192.168.5.19"
-  - "192.168.5.23"
-  - "192.168.5.4"
+  - "199.119.112.5"
   - "192.168.5.5"
-  - "192.168.5.8"
-  - "192.168.5.9"
-  - "198.252.153.82"
-  - "198.252.153.83"
-  - "198.252.153.85"
+  - "176.53.69.21"
+  - "204.13.164.171"
   - "199.119.112.10"
+  - "192.168.5.10"
+  - "198.252.153.83"
   - "199.119.112.12"
+  - "192.168.5.12"
+  - "204.13.164.162"
+  - "198.252.153.82"
   - "199.119.112.16"
+  - "192.168.5.16"
+  - "204.13.164.57"
+  - "176.53.69.14"
   - "199.119.112.19"
+  - "192.168.5.19"
+  - "176.53.69.13"
+  - "202.85.227.195"
   - "199.119.112.23"
+  - "192.168.5.23"
+  - "85.17.92.143"
+  - "176.53.69.22"
   - "199.119.112.4"
-  - "199.119.112.5"
+  - "192.168.5.4"
+  - "198.252.153.85"
   - "199.119.112.8"
-  - "199.119.112.9"
-  - "202.85.227.195"
-  - "204.13.164.162"
-  - "204.13.164.171"
-  - "204.13.164.57"
-  - "85.17.92.143"
+  - "192.168.5.8"
 name: octopus
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - mx
@@ -123,17 +117,14 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    couch_client: 
-      panda_5984: 
-        accept_port: 4000
-        connect: panda.unstable.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    panda_5984: 
+      accept_port: 4000
+      connect: panda.unstable.bitmask.i
+      connect_port: 15984
 tags: 
-  - dc
   - unstable
+  - dc
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
@@ -435,4 +426,3 @@ x509:
       O1j7UCNyBJ70TpZ4F7RR3rcmlFbR8Moys/GrEMuUG1CJmOHRxGju2g==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/panda.yaml b/hiera/panda.yaml
index ac92386..d7a4509 100644
--- a/hiera/panda.yaml
+++ b/hiera/panda.yaml
@@ -7,8 +7,6 @@ couch:
     ednp_port: 9002
     epmd_port: 4369
     neighbors: []
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -23,10 +21,6 @@ couch:
       password: PzzQwxCvQLZUxRdS2jshMPN37Ps4qtbH
       salt: b54d7b0f595d7318d961c636fb8f5530
       username: nickserver
-    replication: 
-      password: LZg8s_Z6FCg2MZRQYjkYeE6arCIU2pCw
-      salt: b004ef682f926531fdda36e26d48c4fa
-      username: replication
     soledad: 
       password: 35MzsnEEAeHTVNhI_FaCFNS5bhd7RGEf
       salt: 7f725f3cc60c388e9af8140555e09dfa
@@ -74,9 +68,6 @@ mail:
   smarthost: 
     - octopus.unstable.bitmask.net
 name: panda
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - couchdb
@@ -125,22 +116,20 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    ednp_clients: {}
-    epmd_clients: {}
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: {}
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: {}
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
-  - dc
   - unstable
+  - dc
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
@@ -204,9 +193,6 @@ x509:
       on5r5VCjv69sw/yJCqGWUaDfPb8ui+kv+JfIsQ8BoXSaSA81OZ5HeQ11vo5Hh7TZ
       jUjUzNF+926ph4U2SgvNjQ==
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEpAIBAAKCAQEA0iB5rq3smyrvJRHApK3NapMbIZFzWfVIReFjqSt1jX6ZGWsM
@@ -236,4 +222,3 @@ x509:
       gXDYMT8LiHhMP5GD5vauBqcJwmH6kiGpqoWWirotjVaXbLcCBnyIDw==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/plain1.yaml b/hiera/plain1.yaml
index 0803790..c9f70c4 100644
--- a/hiera/plain1.yaml
+++ b/hiera/plain1.yaml
@@ -20,9 +20,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 name: plain1
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: internal_service
 services: []
 squid_deb_proxy_client: true
@@ -62,9 +59,6 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 22
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - local
 x509: 
@@ -129,9 +123,6 @@ x509:
       eETeBOj/+0v63CmHRfJ6Z98xO/MJSZFFjGS2//qTIK5xzgv/KGsCc6kAG1hraxQD
       Kr4RCrkqLyEJCJE59qGTrFnOgSL5Eg/RoCH/VEWLi/ExnlcAjaOlqA==
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEowIBAAKCAQEA1ziNA/5axlzBHy237cP9U1Fw9flwUp1cxQ5e5lfYHY3qKAvZ
@@ -161,4 +152,3 @@ x509:
       HOV/+qIAtUvR2IkgKg1W26N61zzagmn0aBP+c7EBxEtSOh2+2VHm
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/seahorse.yaml b/hiera/seahorse.yaml
index 99a6d71..567f63a 100644
--- a/hiera/seahorse.yaml
+++ b/hiera/seahorse.yaml
@@ -24,11 +24,6 @@ mail:
   smarthost: 
     - octopus.unstable.bitmask.net
 name: seahorse
-obfsproxy: 
-  gateway_address: "199.119.112.13"
-  scramblesuit: 
-    password: K52VQ53KKNVFE2TLLJKFS3SYKRKEENTO
-    port: 22088
 openvpn: 
   adblock: false
   allow_limited: false
@@ -36,7 +31,6 @@ openvpn:
   configuration: 
     auth: SHA1
     cipher: AES-128-CBC
-    fragment: 1500
     keepalive: "10 30"
     tls-cipher: DHE-RSA-AES128-SHA
     tun-ipv6: true
@@ -52,9 +46,6 @@ openvpn:
   second_gateway_address: ~
   unlimited_prefix: UNLIMITED
   user_ips: false
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - openvpn
@@ -94,12 +85,9 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 4422
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
-  - dc
   - unstable
+  - dc
 x509: 
   ca_cert: |
       -----BEGIN CERTIFICATE-----
@@ -197,9 +185,6 @@ x509:
       xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF
       gkVBxxt/s0R2aKM=
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   dh: |
       -----BEGIN DH PARAMETERS-----
       MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb
@@ -241,4 +226,3 @@ x509:
       /D+dY+CRU62HFTIwHXNviqCP0Izmq1Wh/I/LAWpc9uzmOfOcxF63+g==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/single.yaml b/hiera/single.yaml
deleted file mode 100644
index d2603ed..0000000
--- a/hiera/single.yaml
+++ /dev/null
@@ -1,564 +0,0 @@
---- 
-api: 
-  domain: api.bitmask.local
-  port: 4430
-contacts: 
-  - sysdev@leap.se
-couch: 
-  bigcouch: 
-    cookie: QnBSJJBxjqAz6KDnGMsQyW844XrIJBY7
-    ednp_port: 9002
-    epmd_port: 4369
-    neighbors: []
-  master: false
-  mode: multimaster
-  port: 5984
-  users: 
-    admin: 
-      password: _Bn6AqU54shspQxbnsQTpRySjLQKTjBh
-      salt: 3195fb6efdbf4b4825026116d5aaabfe
-      username: admin
-    leap_mx: 
-      password: Fc3qYjjVuwWAEyGDYPGYqUYUqeqJIfba
-      salt: 071d214afa9e7cfb9cba66575817f6fe
-      username: leap_mx
-    nickserver: 
-      password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR
-      salt: 73567fc12c27a79152620084e97b4fba
-      username: nickserver
-    replication: 
-      password: s5Jn4AVnDgzu5sFzUR74akrB_yyqdNGc
-      salt: 63967ed2cd906c68917ea565b38b08df
-      username: replication
-    soledad: 
-      password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp
-      salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7
-      username: soledad
-    tapicero: 
-      password: fCffkJygcPHSRmTePxXeAMSP6uQSQKnR
-      salt: 81bf56d4a7aab971412407d3a0c06462
-      username: tapicero
-    webapp: 
-      password: pg9XGGdt4Dr3WcM9PYDqMmxxKHTpvsc9
-      salt: 7e8868f8c4775290fd37d2f520d13672
-      username: webapp
-  webapp: 
-    nagios_test_pw: uI_cYvPGNDZrcXTVLH_x88QFWjJ2yCZT
-couchdb_leap_mx_user: 
-  password: Fc3qYjjVuwWAEyGDYPGYqUYUqeqJIfba
-  salt: 071d214afa9e7cfb9cba66575817f6fe
-  username: leap_mx
-definition_files: 
-  eip_service: |-
-      {
-        "gateways": [
-      
-        ],
-        "locations": {
-      
-        },
-        "openvpn_configuration": null,
-        "serial": 1,
-        "version": 1
-      }
-  provider: |-
-      {
-        "api_uri": "https://api.bitmask.local:4430",
-        "api_version": "1",
-        "ca_cert_fingerprint": "SHA256: a1bec1699d1a57ce37ad48ffc30a6ebb21a0d233b5a9250753d345a7bf40844d",
-        "ca_cert_uri": "https://bitmask.local/ca.crt",
-        "default_language": "en",
-        "description": {
-          "el": "Bitmask είναι ένα έργο του LEAP με σκοπό τον έλεγχο της απόδοσης και της αξιοπιστίας του λογισμικού LEAP. Bitmask τρέχει για τις τελευταίες αιμορραγία άκρο του κώδικα LEAP, και θα έχει πιθανότατα περισσότερες δυνατότητες και λιγότερα αξιοπιστία από άλλους φορείς παροχής υπηρεσιών.",
-          "en": "Bitmask is a project of LEAP with the purpose to test the performance and reliability of the LEAP software. Bitmask runs on the latest bleeding edge of the LEAP code, and will likely have more features and less reliability than other service providers.",
-          "es": "Bitmask es un proyecto de LEAP con el propósito de probar el rendimiento y la fiabilidad del software LEAP. Bitmask corre la última versión del código LEAP, y es de esperar que tenga más funciones y menos fiabilidad que los proveedores de servicios."
-        },
-        "domain": "bitmask.local",
-        "enrollment_policy": "open",
-        "languages": [
-          "el",
-          "en",
-          "es"
-        ],
-        "name": {
-          "en": "Bitmask"
-        },
-        "service": {
-          "allow_anonymous": true,
-          "allow_free": true,
-          "allow_limited_bandwidth": false,
-          "allow_paid": false,
-          "allow_registration": true,
-          "allow_unlimited_bandwidth": true,
-          "bandwidth_limit": 102400,
-          "default_service_level": 1,
-          "levels": {
-            "1": {
-              "description": "Please donate.",
-              "name": "free"
-            }
-          }
-        },
-        "services": [
-          "mx"
-        ]
-      }
-  smtp_service: |
-      {
-        "hosts": {
-          "single": {
-            "hostname": "single.bitmask.local",
-            "ip_address": "10.5.5.62",
-            "port": 465
-          }
-        },
-        "locations": {
-      
-        },
-        "serial": 1,
-        "version": 1
-      }
-  soledad_service: |-
-      {
-        "hosts": {
-          "single": {
-            "hostname": "single.bitmask.local",
-            "ip_address": "10.5.5.62",
-            "port": 2323
-          }
-        },
-        "locations": {
-      
-        },
-        "serial": 1,
-        "version": 1
-      }
-development: 
-  site_config: true
-dns: 
-  aliases: 
-    - api.bitmask.local
-    - bitmask.local
-    - nicknym.bitmask.local
-    - single.bitmask.local
-  public: true
-domain: 
-  full: single.bitmask.local
-  full_suffix: bitmask.local
-  internal: single.bitmask.i
-  internal_suffix: bitmask.i
-  name: single.bitmask.local
-enabled: true
-environment: local
-haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      single: 
-        backup: false
-        host: localhost
-        port: 5984
-        weight: 10
-        writable: true
-hosts: 
-  single: 
-    domain_full: single.bitmask.local
-    domain_internal: single.bitmask.i
-    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMb8quTUv+6HgRT50xFYcyCC6BwqdZiTQvjms9Xqy9lyfDQHg18Uuw6VoPIcH2Sr3qaJffL9j4sEigiFTuYzGrk="
-    ip_address: "10.5.5.62"
-ip_address: "10.5.5.62"
-location: ~
-mail: 
-  smarthost: []
-mynetworks: []
-name: single
-nickserver: 
-  couchdb_nickserver_user: 
-    password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR
-    salt: 73567fc12c27a79152620084e97b4fba
-    username: nickserver
-  domain: nicknym.bitmask.local
-  port: 6425
-openvpn: 
-  allow_free: true
-  filter_dns: true
-  free_gateway_address: "10.5.5.64"
-  gateway_address: "10.5.5.63"
-service_type: user_service
-services: 
-  - couchdb
-  - mx
-  - soledad
-  - webapp
-soledad: 
-  couchdb_soledad_user: 
-    password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp
-    salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7
-    username: soledad
-  port: 2323
-  require_couchdb: true
-ssh: 
-  authorized_keys: 
-    azul: 
-      key: AAAAB3NzaC1yc2EAAAABIwAAAQEA2rpPukC7v43Q9RvYgxAx1aDsem7+eZvvSKR+Uvkb0yRvI4h56eds1Cj0pOFOCinjIMyw+LkrhcubWDtFYzC1yTHUUcjSoIi2M+TurQZdTkMnsg2u34U61+EjOPb2jYdxBwUu9e/wDRGqih7FjFYCsHFMPH1ENVS+LZeerXn1F344HIP8VhLpWSjLAKgfMUCuvoTEqNaR4I90w1PAG0uRslYouTuxOA3VOCnf75FW7b4ZuBw1y2rmWcz9Rm5M4tz3EQCeX8v+AIKd6QQU0gFSytcelQtBVqu0YjnnL5Lp+fcKw3BJO+QQXk+OyYqGuP9WQfPPki2tEDHJ9rHcPD3l+w==
-      type: ssh-rsa
-    chiiph: 
-      key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDAotYxNrKKXihZrDd39iKrXZSm3r8L9SNzhe9JG6cPaLTYuxhrS9QejYih9noboWfsVFmNPFYH42u3/vMyJEtf1WEUqQ84Qh2oQaC3orGMdpo3fXlCwlcp9q55gZTbSkpKwjn4pmg++wdTNjMmldi1ifPDl2uVt7dUkjQk8hy7CTJofkTxrXIzGZx+OI0knuos+lNV1uU3nJ6upbBwkvxwy3S9nfZ9kq7y5PBo0wK9YkOrKIAZtCnb0nobOiFMPeQDJdBWIo0btv5tCtzqe/b28TYz6DrMWrLIEJ+t8PH6QxaB0oLtlx5fImRxykLVHEe9AO1WcV0aXW4+6ZsHRG4X
-      type: ssh-rsa
-    db: 
-      key: AAAAB3NzaC1yc2EAAAADAQABAAACAQCZoVRqaxZL4Btmt7Nfcj0jNbM5UhBSFl37MWApS9qUlx1zJeH7Vw1ZRzUT8zLtdpOyL4JrF1jJ+D25/dqdTEv5dc7I/IcUz16uVD3REi9wk9uRo05DmG1PXQ0Pp3kRGhNFTh5e1ZeGbPlxZkHyUirWGz8A6hrPTUA/k+KRsQg4nH+3UTPzZcy3jvw6YvdATFNkZ5dhKyae9T41McBEdh5yPArfuVTL/ssckTxyISF5ObsvbzuuarTeNQQO5VpFvK9luKzXpta9IRHMeAHpu88MCiMcWiZUZlaVlD9tC6OcMNxCBWWMlNwtowgBmoIZnjo7NrMsJ1ksUT4eDsvf6huu9nX3KIigSUeuWPtaPMHCghhLXLQSuIOhQWXjFzl+KzgiOZ4ahmNMqiCaRFHAHw6BRuZRxphiMq2gjvKRg6a4giDIf9gkEQ6v+tiUQoGYXuwfb0sGVJfrnZVifUz+I1j0wWCBWaY7+/LtfaNIl1byyPzG+qRhHMUlj/IALnT4DuHM+VkXNyQ0fucGcyhFxabqfdxRUT0EQok8ib06f16JBCoqdd6bn64v1M29QGFeSF0t4zjqqDik7VQvOMph2WAZv9FwhvPrmbSSs3MIe7wVBaFC8zeavrZ8oCO1U40q2UcntO6Z0NpIhnGZC7zVxguEux1moAtWIE0+JIsrbu41gQ==
-      type: ssh-rsa
-    elijah: 
-      key: AAAAB3NzaC1yc2EAAAABIwAAAQEAypuIGD2h1ZDtIRvjyqKH1qM3XKxzG/JpOATpaAtI5h8+rf3OHeDUdvuPlQfTpZiAoWjU1xsiDrxqIVgdFNe5+1WB1tDAtJ7sGBNa2u8AQTpI9mqSiwf2lXS95b+8VV8yu6woGKXrytfdXffcGyVLfzwJFl0Fmdy2J3HrbzrXYVEGrJs1SRpZ+1U+KizRs1m2MugxhNxOTroM1kKuRsjRswTSkXoXHJ/fUd+dxdJJnEsyqA9uFAH+6ljJnPscwERkd0UsgaVIniSe43jM79qcwBhFiJKejquRaw282ncQghEQpR4xtYfSnWX6SgGkOAnN8vrGjm7o3xtK8YEjGWW0LQ==
-      type: ssh-rsa
-    jessie: 
-      key: AAAAB3NzaC1yc2EAAAABIwAAAQEAu248g60EsU1m5qmmli8nQ0/CYvU7LI5sv7qOjT1vWd94UGiRjIX4hTcbKg+AXT3zB6ieaAozJ31qeoLFxQwznnMNaka5zWcQbFt6ht5q8hsxRQjKOVSfEqH/Bn7eVvlLrp6oEbaBgGixKVGF6RXTLCkmWKo3fjgRM2QY6SylSxRrr8jhGvtcGtAh/tJ4ejWL+WFOV4m77qRS81c/uhNIfgjavCpvOxWoS3mLUe8q3uRnuWqhtXX/8LSOIAbcwXk8X0uhOBRpV81Hy7k0h77JO+otc2OlhYKA2Mu8TGmw2I69YswQyKzNPSU+K2flPClO63lYuJD83jaIPGDC6YNelw==
-      type: ssh-rsa
-    kali: 
-      key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDOrTTNY60n/eMKFG4twVfInoO54HEqK2wlETb+Pe91W4sOSPaBtsP4xvk1hj/7WVg1fUN7B2MhYHZRmppyS2eMQGlaBbziFzlm3+rqn997l4CZxxkFsCINFvik60vQjdWn1Qh5gtaTWPLp8igjF43+3FdZZk8arS2AQgHixQdZ0XfjpBvvxpP3DI/VEOgOaCEI8XkDj8WTAkeQxrFmX3/TxbvGARdfYvJwYEC2qE3WABbI+DVOJfLsFmv8RW62ax8ErA63Yy3RWsgnv2Nzxwi6o6MmWcr14f1gpPybPK8KrZNJoJkDVceDTVwdTxwUfjOrI8df8NiFLVR3/lEGX+Cnd0UeKzk5Tqy84g1+MDGWkRDVyplB24fFxi/ujInlasew3uTYS2waZkNrroU2B8VO36xj8C8bn2sf3818hvjS4XD+lvpwKrKaWwWFTM89Xvu/K9KHFn3+58EbcyE88MAzuqrgDarkeXCdVT9Re0OUchmul3JOz9OnV1Osv0yi9pRCaAGTKAivnbN8DwmALz8d9FBTMxbcBgEqqGvyNe7muYTQtvTvfcKHdtF/MlTibte8YIbj7UX+c19A1VxX1eFU7mbfSxW1zXok1D0o+cUfcyUFauq6YMNDK1+FrMID+Mrm86woKB5gOmQRLJ9BARcKl9GZY2YnQAat9hRHQR8O2Q==
-      type: ssh-rsa
-    kwadronaut: 
-      key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDbZEkLGBE/VX9B+DhqAkWZMUc4HxxjyW0x1e2KRNWhrXY0nlLfl7d4OFdCMxy1nzVrCvfmdfP3tDrpPmeMrjqotWbgzhSIG63KhnVcVH6TouZ0NbsVMrNh/LscwlHr7sGoXjCOjHmuZMIr4Wfsasj1xvsgLUwUCIeXI8AXoaggBo2CGSDLtWpGO8aYcS4rVymxAXMwDf2s3cNXLbUQRb1o2Hx8VvGEYNRnrJzyPJKOEqJ7/xfnj0Ukdv3NY4sYfP0A41afcm0yZc1dxTZwletBB59szaN+APRT/TpbCQJqkcVnhNgKpv74pPTvQ/Kcr7hrmbTcpHxBF6BRElGiE8FQW/6NQpi+9PGd9AiRlAw/ZeGvMv/youfWnsgVXshlz50/PgRJNoHGz6DxR6sPulU/gpPpyWi4yy+bo3xUoa3jm1utlpoC+aO3wtYlQbS0ccmhDQwkyqLP09Yn9rTv30ZMNaCtUYX69Ju0adczaT9fIhbdbnuUpuhwrFX92Qy1W61mGFj3KkJcEj1vrJVncN8C56X/V936qzfRFr4ug9KgcN3dNJ0ISxzj5JUU1y+KJfVuTIAVxBO+OmVWH84AW44sYXps6b+kXoTU0Em8HfpBrRhhsbLXu0xyfAbRaA/P7/WDOlv9cLsgtg3VI9IBoZY6hlB8JhcJ8UhkiTgZE+WiLw==
-      type: ssh-rsa
-    micah: 
-      key: AAAAB3NzaC1yc2EAAAABIwAAAQEA1lHzO6il/4+V+KSiJZy34mxBKJNrn9Ah7VBxa3ss4AnahDgVwYqGlLk8xe45CShLRlu3nP4ccX06LUCJOBuLI2QZccR6+h2jfIEjXIaNC8lp12thIriEPUWZaKwV04fnhOnpA/VzNCRri8DOCuNvA8pfjg51DUtvhEuIV9UNxHCsLFSNg8RPngqNxrDgZJvjIMFFdTyOl0OdE1sN1zG2A6UPTlqO7Tmt6+/AByAS/C519nL0MIDix1S93sqaxaIE4kZSmVVx7Ft/albzWSIhIF/UbLxqfkc6L0HV0OpvBPMMuYUZkLC3DfAMggkxJsTTHkcR2Z1fIQ3P9am75WSwGw==
-      type: ssh-rsa
-    monitor: 
-      key: AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAFqCXlaYmqZqbefpMBaMPqzjhYNaxejlOX/x8YCXsDN2HMfeb/E/FYfpEPCuLVJ5Z0aDkp76JL9i1CX/9Rcbq4DEQEc6vkEv79MOI2jfUCVVeWRcybvRK0YAT9eQK59+FgNDbEo2NCUWBRvKd+8TjzZ7GtCLDnGd6+gkr6orkiA3uus/A==
-      type: ecdsa-sha2-nistp521
-    varac: 
-      key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8=
-      type: ssh-rsa
-  mosh: 
-    enabled: true
-    ports: "60000:61000"
-  port: 22
-stunnel: 
-  clients: 
-    couch_client: {}
-    ednp_clients: {}
-    epmd_clients: {}
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
-tags: 
-  - local
-webapp: 
-  admins: 
-    - elijah
-    - etest1
-    - kwadronaut
-    - mcnair
-    - meanderingcode
-    - micah
-    - varac
-  allow_anonymous_certs: true
-  allow_limited_certs: false
-  allow_registration: true
-  allow_unlimited_certs: true
-  api_version: 1
-  client_certificates: 
-    bit_size: 2048
-    digest: SHA256
-    life_span: 2m
-    limited_prefix: LIMITED
-    unlimited_prefix: UNLIMITED
-  client_version: 
-    max: ~
-    min: "0.5"
-  couchdb_webapp_user: 
-    password: pg9XGGdt4Dr3WcM9PYDqMmxxKHTpvsc9
-    salt: 7e8868f8c4775290fd37d2f520d13672
-    username: webapp
-  customization_dir: /etc/leap/files/webapp/
-  default_service_level: 1
-  domain: bitmask.local
-  engines: 
-    - support
-  git: 
-    revision: origin/master
-    source: "https://leap.se/git/leap_web"
-  modules: 
-    - billing
-    - help
-    - user
-  nagios_test_user: 
-    password: uI_cYvPGNDZrcXTVLH_x88QFWjJ2yCZT
-    username: nagios_test
-  secret_token: btsFN6UD9nfP4SAWDYMmuMkgRTL5WW7E
-  secure: false
-  service_levels: 
-    ? "1"
-    : 
-      description: "Please donate."
-      name: free
-x509: 
-  ca_cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIFczCCA1ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADBMMRAwDgYDVQQKDAdCaXRt
-      YXNrMR4wHAYDVQQLDBVodHRwczovL2JpdG1hc2subG9jYWwxGDAWBgNVBAMMD0Jp
-      dG1hc2sgUm9vdCBDQTAeFw0xNDA4MjcwMDAwMDBaFw0yNDA4MjcwMDAwMDBaMEwx
-      EDAOBgNVBAoMB0JpdG1hc2sxHjAcBgNVBAsMFWh0dHBzOi8vYml0bWFzay5sb2Nh
-      bDEYMBYGA1UEAwwPQml0bWFzayBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOC
-      Ag8AMIICCgKCAgEAzuIeBC8NWSTZF7j3WJTiH532vZ0Xn9zZ0+ge4Va3vKt/8H3u
-      xrWdjIdBF86D+e5FlObF9rqmN0AfGUv9K/ex2BAa09BzK+P5dmBoUhHUMNJPXUKy
-      0oCNM6KXZkSD3SsGO1jCyolvtY/RR8t95yALy0bs8dDqA+wzM5UvQIoDWBeJaoVV
-      UQkbsO42HxF6c+IBe4I8o0RM1mbNC3cKOs4QnYxSMqv17MnomWZZu7ZguNH95TxU
-      RAR0Fw+A68OSEBev+t9NJ3dly5H0pp1pNeqKzIu8F9P+0c/PWG2ZV3TePgZt+JuF
-      SiIWjTbF58wbOszfqlsKRI3qBuFXgti5eCGQjSsJQOm2oaqTUaSSa3iFmC0al75k
-      AAgVB0iS6BJoDYoUfgeQoP1jCV5glGZbVc/WZOJx/m14pB8SV5KQ5OHM1pM+kZcC
-      yJi+9QrjdwsnPoAA+erQpXERufv6ce2E7YknusHV5U/ULJ32NFnvWFs4Gy0adjYz
-      XleEl83OBN+8f4ETQK6e17oxVkgFZ1ajwaKxhI9wgYwQ4mYJ/pOp93YgDJ7o2St4
-      h7dbfABxb7Nteug1bMxotbHWz92otspafeP9+4Cu/d8Q1XbV9wlNy/OFHBcHp7AV
-      cwjV3cBMg9gABXcKITwxvED1G9zoEWFS0MNk3Gc6RfJZefA+wCLRgz1pb00CAwEA
-      AaNgMF4wHQYDVR0OBBYEFOS3wnWViCsm2V7AN9zNGeaQPtejMA4GA1UdDwEB/wQE
-      AwICBDAMBgNVHRMEBTADAQH/MB8GA1UdIwQYMBaAFOS3wnWViCsm2V7AN9zNGeaQ
-      PtejMA0GCSqGSIb3DQEBDQUAA4ICAQAo56u3499+60Q34+p4N0Xa/WP1ucLM23/7
-      ZItAQfBgKP9nCCepTpZrE1h+pHYuAbZTR7muJ5tBgLWAH6XXNXHGe+BL8V+DlUdC
-      TnDnhIemc+OSoIc+AM7efgBEX7ART2saMIedCkHqB3x596EEByuwekTsDhpG+eq4
-      4HWW6YNQIIPhjUthi+Z/fKpAqhXtkbisQ0zyDCjQc5EsdZdg1dRS6c46q5CFXnZI
-      iWaBwMdzvg1uNF+euai+2XMbtdhAZWTF2fC4zCkJ7TOJLu+w87YmaV6mhnbmZX2G
-      eUOWhlzwBUoxZWMLHQ5YjV+FEqO3Zbs08ph6l4PJkwPNnc3oUYyFUNDT+cF723Uh
-      mg9MIY/fLxNfuZIt++q1gDJgi64hL2+I9aEzMVmjZ0hCnre061cX60TU20oSJRJJ
-      z7D9JQA4Nq7XxkrSBA3/UhVCH5crF2NwTzJx3fwW4FMnDA4W3DsHOSUpgq6WBrMa
-      GGPH6sbq21EZXkzpi3XtrQokNQL50lULvJqZID0KGlBmwpcXwBaP7H/0FxVNDvCZ
-      cSxp7nUenwZ6VnSKASIhveEoL7FkTuJRHlEfr1V9NzUdvFqq/51gm+g34HcdxtcW
-      r5BsKNPa4cNsGFfLV7XRMnz146pswhKJ5+QzUKGoospnyybez7lWw8K2w7wlIPHb
-      D2FUi3Y39Q==
-      -----END CERTIFICATE-----
-  cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIE4DCCAsigAwIBAgIQHOYg9efmaHPDsJiUt11PzjANBgkqhkiG9w0BAQsFADBK
-      MRgwFgYDVQQDDA9CaXRtYXNrIFJvb3QgQ0ExEDAOBgNVBAoMB0JpdG1hc2sxHDAa
-      BgNVBAsME2h0dHBzOi8vYml0bWFzay5uZXQwHhcNMTQwODI3MDAwMDAwWhcNMTUw
-      ODI3MDAwMDAwWjAfMR0wGwYDVQQDDBRzaW5nbGUuYml0bWFzay5sb2NhbDCCASIw
-      DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNd2wmCASd0w6aZlXZJv/t1HcvH
-      Jiyob8J+DZ0gyv8izRz7foigZAKWpi8H4vFf04yWI13hZNBp+DJsM7imDdcXCzI4
-      vy8NYsXVPBNqiy9uZldKblls3ui/qh+cyLwQ4y4usLmGy/hxvVspo9ECyNGdw5KK
-      AzDYfhgGgDLyTIUE3rBWCyM9w+F8qdB5tBc/6vDk2I3IJIkNhwdBmcq9BTbIvjCn
-      PWG763uNV/DC0FCGog+1RIoZBMLzb2bZUkJ1C4x/oAtL/rAOzKERL3nKLDyUcbNi
-      TICFyzbcVf+45u879qWvEjcHBUWLvEmEdqc5D3YYtZMTDFfubVQDRWthwj8CAwEA
-      AaOB7DCB6TAdBgNVHQ4EFgQUHREU/5qWnzAv37pBMmkMdBtomP8wcAYDVR0RBGkw
-      Z4IRYXBpLmJpdG1hc2subG9jYWyCDWJpdG1hc2subG9jYWyCFW5pY2tueW0uYml0
-      bWFzay5sb2NhbIIQc2luZ2xlLmJpdG1hc2suaYIUc2luZ2xlLmJpdG1hc2subG9j
-      YWyHBAoFBT4wCwYDVR0PBAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
-      BQcDAjAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFLmBgyy9rLMJ2KRx7z66LdSVPg+P
-      MA0GCSqGSIb3DQEBCwUAA4ICAQBeGvIr2k08H+jcjL8KwZeXlCdfp1mG+cHXk8j/
-      eIuWcWXW4umiCDLoDPRikjuPcuTbK2Ca+M+MoVegH6W368iRn6a/vMJvSrqLEz3e
-      AaVH9+NxAoa6+TzvcEcDJ8cotVJS3ou90hFACQserzXl8LqwIgVqVkPHWXNkz/gv
-      J1h1Cn6siYkzDHeBrq1Uqp4Ma0sFMmvu91MrxY4u1Tctw4pjQPzIVhXIRjsmSXYc
-      tIQQ3aJnt17oEQRHbMAY6YZ1kn6KXB8Cb5xSlj03nlZxfVn8eVc6MHkCIwwWuas0
-      9XicB6rKOkAJ1Kd0kzyGA+tO3qUM9vsbQL8N/FH0h10gwkakEX3RwzHeGgmhBwwT
-      CX7zYL4z5MfhBvR0DajTm1sxALJYqrWLmj0w/p7PF5wlO37WKTGud+zKtAG6BEj2
-      0/blwqiZv/6JPeYUuKJZBjoQs7AeyVa1mnmbakKRPhn1sBBXnb/ROGQKmpdYNPTF
-      mlxgWDQ2Sq+FRXCJX+ADy5UOsF/MkKZ9go7LjKTXfUndwXeEaNZ2WlR0UlPX7OXM
-      n15hPtcJ9hNufNbEDmzHvJWwU/1r7g5HmCvAg6CTzD6/67Ni3g6viKPh3b8oiQAI
-      aBV6p/F5kJcNHog3siMPKoUn/uQcSSpSQzPAE/nL4eMaBLqIAhxORQWzM3S8LwtU
-      hUwrQg==
-      -----END CERTIFICATE-----
-  client_ca_cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIFqzCCA5OgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBoMRAwDgYDVQQKDAdCaXRt
-      YXNrMR4wHAYDVQQLDBVodHRwczovL2JpdG1hc2subG9jYWwxNDAyBgNVBAMMK0Jp
-      dG1hc2sgUm9vdCBDQSAoY2xpZW50IGNlcnRpZmljYXRlcyBvbmx5ISkwHhcNMTQw
-      ODI3MDAwMDAwWhcNMjQwODI3MDAwMDAwWjBoMRAwDgYDVQQKDAdCaXRtYXNrMR4w
-      HAYDVQQLDBVodHRwczovL2JpdG1hc2subG9jYWwxNDAyBgNVBAMMK0JpdG1hc2sg
-      Um9vdCBDQSAoY2xpZW50IGNlcnRpZmljYXRlcyBvbmx5ISkwggIiMA0GCSqGSIb3
-      DQEBAQUAA4ICDwAwggIKAoICAQCs8hK5EjnDjJVOKc4ZbDYFmM9PcilYtw3lb9yt
-      DcT8EY5qzfU4SkuV+I8UGSx4s2YC3oro4nDKNPm75RTpml5BOXKAGUp7/1+wBKoO
-      +pGeS52BsuNsrQKUbP/x+6XpuhSp3IVsVKcKJmDyOaJOJRj2DfaoqcpKM55gr/ot
-      meq+gJwL2wpD8015jkVERWg3l2I0Dj92cW4Qs4dJ+7JjI5idN5ShXXVmwvPQDa8H
-      c6SHd0j0BK92FB1O3GyPr244i6e0qdPGZhK0KC9pUru1ZYCWj7Jjr8RYCmK+jw0k
-      pc8TKph5tjLl5VEuDO8ZTtG+1Z0Vx2uSyCsAjH/PhzheqdfbNPAde/D8AKyLlDwm
-      U4h3R73GKAJcVS1A0DR1kqZ2spBz4HmmmcXcoQ++KdAmLOPBsIWhwhRGuzGdwQgR
-      eslm8oNkpToU3J/pMbpiBHEUSv5MKZJF7GTKRN8c69XIK2OebEZ8+DYuvi4uBjeZ
-      9eydmT9VVN4h8R2E2572c36e/uWUhYdZrlienBBwNDe4Vuqmc+M0EwQQnQLl9XID
-      dQSN66Ao7zLQOenYrwM4/w3d7rhPXlD7DpYJHWCR4eP73jR7DOV2u3aX90B580MW
-      8NjdyJS3gnjPKTCCq8vIolkHCGPqmpDzbajwqQvVsMnCaTV77zZtyLvodc5G/7gB
-      jZnreQIDAQABo2AwXjAdBgNVHQ4EFgQUD8GCfb8mWh3JNXAnvu2ObnPo/mwwDgYD
-      VR0PAQH/BAQDAgIEMAwGA1UdEwQFMAMBAf8wHwYDVR0jBBgwFoAUD8GCfb8mWh3J
-      NXAnvu2ObnPo/mwwDQYJKoZIhvcNAQENBQADggIBAIFO6f9ZUa6221jMGRMROe8X
-      XnQLoIX9AGkLG9Rpu/9PVnN/NoK1/MWoA7+qix1Pdaj1Skpz+yUmKGSGo6Oq4XRf
-      K2DNoy+BYjRauZVreLkE1QUuxzP1DQg0ej3hRl31c/Kv+KaMJy1ptrhFEbhP1yYk
-      b9Fayu6kuc96Xd8o0ARh6NAA4HysW119awDUsMANVm1VGuPTojdV3/Yn3bywCwG8
-      B6Fqx2EfI6YptsNhzzm+o9v1VjXE+BQ4zbfmgY7uORqVY7b+5gK2+D5FAN4hsGbn
-      jiPo8G7Azv4VtmBcKROXbCf6B8tQA/Z3uFgfTHxM8iEaGsgnh8IUB1idnNmeUxqL
-      QcH5TRf8RAMr8xgYueyiWPR0NEAahrojvoNQGYPW5EdqJd4JzfqYNRnccTXAIF9F
-      VSCBPPtg4Ifc3Bfs9PObG2/2WJGkwJLevpdj00SO5otc+wWl/MG3eQlksceWtXJC
-      Laoxpno11oA6fwqxxIsqjCCCzwE+WL9xtEgaNoJ+bvB1DuzCoZ/MF0Q4nmQw5o0o
-      E8ODAhuMkfSz6Mwk+56iNTRV0hpKhADtVWuVsXd6Vmcyu4fX5IJ6vPzyCkal63L0
-      K7TGCQJQeQnI52RkX3zpLIWA8SYp28qC+81dBdKEXPOs0MDHn5zWpnR8xHjs5jki
-      WOtY6TTfYq8pBdwToAQu
-      -----END CERTIFICATE-----
-  client_ca_key: |
-      -----BEGIN RSA PRIVATE KEY-----
-      MIIJKAIBAAKCAgEArPISuRI5w4yVTinOGWw2BZjPT3IpWLcN5W/crQ3E/BGOas31
-      OEpLlfiPFBkseLNmAt6K6OJwyjT5u+UU6ZpeQTlygBlKe/9fsASqDvqRnkudgbLj
-      bK0ClGz/8ful6boUqdyFbFSnCiZg8jmiTiUY9g32qKnKSjOeYK/6LZnqvoCcC9sK
-      Q/NNeY5FREVoN5diNA4/dnFuELOHSfuyYyOYnTeUoV11ZsLz0A2vB3Okh3dI9ASv
-      dhQdTtxsj69uOIuntKnTxmYStCgvaVK7tWWAlo+yY6/EWApivo8NJKXPEyqYebYy
-      5eVRLgzvGU7RvtWdFcdrksgrAIx/z4c4XqnX2zTwHXvw/ACsi5Q8JlOId0e9xigC
-      XFUtQNA0dZKmdrKQc+B5ppnF3KEPvinQJizjwbCFocIURrsxncEIEXrJZvKDZKU6
-      FNyf6TG6YgRxFEr+TCmSRexkykTfHOvVyCtjnmxGfPg2Lr4uLgY3mfXsnZk/VVTe
-      IfEdhNue9nN+nv7llIWHWa5YnpwQcDQ3uFbqpnPjNBMEEJ0C5fVyA3UEjeugKO8y
-      0Dnp2K8DOP8N3e64T15Q+w6WCR1gkeHj+940ewzldrt2l/dAefNDFvDY3ciUt4J4
-      zykwgqvLyKJZBwhj6pqQ822o8KkL1bDJwmk1e+82bci76HXORv+4AY2Z63kCAwEA
-      AQKCAgAdY7G805UPXxeMRdxpQ5NWliY8qPjPw6PP5peIrPtZnp4mFkPiwfVgUfH2
-      h2SgSlQ+jpTqiHiEVEZQINjR7dKwoNONYz7eHYKkRdakXv5Z+R2WCdFOCYSTtoY0
-      GACU3HNgfkIKK8SLHASDhTnIr9MzFSJifSAMRgNXCPCpySs0HmTmOt3euDzlOEEb
-      HfRc5hPhJr6wIQyEOA34i5Y/9K+dn/FZDqnBwcVvCLRCvuspviKenSE4HqjwWtL0
-      A+rmHw1rzSRY5cWt6dpMuqt9YvdcHqVA/YCPOYyYN3UTUj4DUszAei7iFHscKUSE
-      d3l7RY/BQLdOJUfxeu7JVIBGzfQJW728puZRxmDFqGFOYGKYiCMmUMV+ZiJ0IINL
-      gCCuKFCspk/5ciwLZvoseERxKNtDhEsOKnLtWyL4055HWOTPwYKuTngsp5PDKl3c
-      XytVGmOFYZ0RAWcONKpts9V4FBQXVpGdUT3BpOc0U1/d1CelcesBh5FORSIZNVgP
-      Q+WUgHaKCNU+jjZ83sxDC8du6YpXkt8imREH034R7b9QkhS0AzEE/MrEvxWAcT+B
-      y9Fzvw18Cfol+IfQ1pLo9EL6bVAcXqZMgDwAqPOvw2T1OVYkBSfDr/UUhM2Bg4XU
-      WuzOfH0p9MpnrbrA89Ar8B7TqgAABTj8nCZkM/HQ6J2JVfU9ZQKCAQEA2y2hsEdK
-      kTmNmgxa8mG2RuGgWx5oYD7bZRQD97GML1dZj1/gtg+OWml3VLrOhueqT/ItkNPk
-      bOGjQFDYpYzUYtOSA8UTn9Crs1rRUc5tHXcVHOAR9OCGKRClpIV7+4lbCQuX1v+m
-      rO9FNzumVJSw/6rAtJsuZ2TI6Ml/2LHUNOXgPUBPlIJ9dMv+0+eN45upMUzcmaIG
-      4TtND8DeOakXb1ZanliR16PES+M9bWs1tWV2yubtO2o7+fQTwKZMqg6kGY88oSed
-      +HP6QxtMIbkGp7GYM7QHrgEwnp8nR5tCp1rL/LIvIIbWAsnfh7ZqQSRMoSMFonzv
-      lKqTm21jiavSuwKCAQEAygAUBScRklR8/zLVkdB2+Fy/E2TtC+AGDGmzhUygMpFH
-      k9DjeD0+92zM4Q+zbScLXZMZOTPiRRw8pOq8Q/VqHufAxEse5VBE3oxHpWzKH6cr
-      5eheKMCRiIpwylUakdEgxyFWNA9pRfrpBmxOAy+RuLd2tR0wNkucFEXgQFoUpLyk
-      LurDUK5cbclmaSbjpx04lUyXJFd3e1P9H1A6L7hHqh9ebBL2O5rXbtOBevzvVRX/
-      sCp/aITXolxYFVXlcexJ9Quh65amlBxcN9nO2RGyC2ZbAocqJEXFX7ARz01DEtIg
-      NCuTosszHfH5drqq6WQM6YKM1SZYeOsibemdlxlZWwKCAQEAr0Kk2SWYrdncrgMV
-      Ml4J+FHw/QuqoNOCcif4KDd0BmMNvYUIVezIgul0v28FOIDFAlqALyAQtzQSa5p6
-      Mp8TMddGGfecAp5Evg1v9b9gJ0CSxF00XqCvBuVF3vHSO0gRYIFBsG0LJZvKuCjd
-      jyK7CiXLJGA2Uf0YXnTJ40gHjSkID1J+kB1sHloE8gNlxUwylbaFa+BRKgdWTrOF
-      v4vDrobZvWbLcCiHDbuu4fDpqJxyyjqwFmOThAK1TMZt5UoB1GJiM+dO/V4YD1Mj
-      pI+kj7GGKEncHjrbWuue6DZxrQsAtJby8kp/lQlB0e5+topFMFCl79GBblqb35ww
-      DOU1gwKCAQA18sVmBuQjf5sOkSYG1nUfqa2CYX8Jn+AdqpE+dZOHTdOe/7fwofLS
-      I+Wn6giSi032xNWEuH2i1YLAzMxRHhckf+K0yhdLSR/LjA2Keb6Vq5EGywNywNNd
-      cxPihc4dyYuGgznBl6gW/4cCpyRCp460lZMHle8NYS4jH/JfXW+L+7GhsiNNxfN7
-      gsFuLeu48w3smdL36sBHWMwOc9/GZOIG5m/ST1Ih4x3MRIKdNTY6NDDgfMkgQfJR
-      M3Z25ETuIxwxbNTm1YpRni1m4S3kPVyevMxrpWu02kl3X8+x3MGgIixloonAfaJ+
-      SeTFN99zi7wDFVHFj4MrcCj2z+C9vRBnAoIBAGl/ph9U5fDnNXBJKhzdQ1/eFGaU
-      cTLQrALqklWOqAuP7Yt9Aq0zxxYWZvZ5zxkoMDDN+wBcVH/0vxRW7/ktbViDHABD
-      9Loj/a5gSQLs/1thZ8Duq66vTqBnUqbo4CK+kewHfB8VgoNVXvU9IkSqKu7Gt1iO
-      eRJZ2pF4mGBHMw34ot5jbU/kc9p8xUUoxExSq5uh7ahG+jWtqx6MVMz9R03rQnNl
-      EYU6npkpxjxNOuTu0akZl1v2bgi6fCO9KopGM/9t8kOY9P8cJmpBt7ohlUHkjiDR
-      5QOqC7UGR7G4MrbJp6B5ChfY8TrbNEeQsrnDEb8+OMjmkshmvAfoZKq2odw=
-      -----END RSA PRIVATE KEY-----
-  commercial_ca_cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIEozCCA4ugAwIBAgIQWrYdrB5NogYUx1U9Pamy3DANBgkqhkiG9w0BAQUFADCB
-      lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
-      Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
-      dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xHzAdBgNVBAMTFlVUTi1VU0VSRmlyc3Qt
-      SGFyZHdhcmUwHhcNMDgxMDIzMDAwMDAwWhcNMjAwNTMwMTA0ODM4WjBBMQswCQYD
-      VQQGEwJGUjESMBAGA1UEChMJR0FOREkgU0FTMR4wHAYDVQQDExVHYW5kaSBTdGFu
-      ZGFyZCBTU0wgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2VD2l
-      2w0ieFBqWiOJP5eh1AcaqVgIm6AVwzK2t/HouaVvrTf2bnEbtHUtSF6fxhWqge/l
-      xIiVijpsd8y1zWXkZ+VzyVBSlMEnST6ga0EWQbaUmUGuPsviBkYJ6U2+yUxVqRh+
-      pt9u/UqyzGxO2chQFZOz8unjwmqtOtX7w3lQnyV5KbJHZHwgPuIITZMpFLY0bs9x
-      Rn52EPT9bKoB0sIG3pKDzFiQLpLeHmW3Yy89sutwjEzgvhWd3sFNVvgLxo4HuV3f
-      lfB7QB8aLNecK0t29Fn1Q8EsZhCenmaWYJ0cdBtOGFwIsG5symkaAum7ynjvZi7j
-      Mv1BXJV0gU302v5LAgMBAAGjggE+MIIBOjAfBgNVHSMEGDAWgBShcl8mGyiYQ5Vd
-      BzfVhZadS9LDRTAdBgNVHQ4EFgQUtqj/oqgv0KbNS7Fo8+dQEDGneSEwDgYDVR0P
-      AQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwGAYDVR0gBBEwDzANBgsrBgEE
-      AbIxAQICGjBEBgNVHR8EPTA7MDmgN6A1hjNodHRwOi8vY3JsLnVzZXJ0cnVzdC5j
-      b20vVVROLVVTRVJGaXJzdC1IYXJkd2FyZS5jcmwwdAYIKwYBBQUHAQEEaDBmMD0G
-      CCsGAQUFBzAChjFodHRwOi8vY3J0LnVzZXJ0cnVzdC5jb20vVVROQWRkVHJ1c3RT
-      ZXJ2ZXJfQ0EuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3Qu
-      Y29tMA0GCSqGSIb3DQEBBQUAA4IBAQAZU78DPZvia1r9ukkfT+zhxoI5PNIDBA+r
-      ez6CqYUQH/TeMq9YP/9w8zAdly1MmuLsDD4ULS+YSJ2uFmqsLUKqtWSkcLvrc5R7
-      RkznehR2W0wdhKEgdB8uS1xwiNy99xk97VkN4j8m4pyspDyVHPi+jAOu8OWcTbzH
-      m1gAv6+t+jducW0YNA7B6mr4Dd9pVFYV8iiz/qRj7MUEZGC7/irw9IehsK69quQv
-      4wMLL2ZfhaQye0btJQzn8bfnGf1gul+Hd96YB5bkXupjfajeVdphXDyQg0MEBzzd
-      8/ifBlIK3se2e4/hEfcEejX/arxbx1BJCHBvlEPNnsdw8dvQbdqP
-      -----END CERTIFICATE-----
-  commercial_cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIEcDCCAligAwIBAgIRAMqxAnEi09LnUmxHz34zaygwDQYJKoZIhvcNAQELBQAw
-      TDEQMA4GA1UECgwHQml0bWFzazEeMBwGA1UECwwVaHR0cHM6Ly9iaXRtYXNrLmxv
-      Y2FsMRgwFgYDVQQDDA9CaXRtYXNrIFJvb3QgQ0EwHhcNMTQwODI3MDAwMDAwWhcN
-      MTUwODI3MDAwMDAwWjAqMRAwDgYDVQQKDAdCaXRtYXNrMRYwFAYDVQQDDA1iaXRt
-      YXNrLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2flsifSE
-      SbAZ4GZE3594alIx0Y4wH+zPlpffAyAuH0/woIfbU0niYpjCMp2IukAkcMfwsvAy
-      j3I2EKimkxWBDvmaDH5fY2SB6Mk6jun4TbYNbzZxPjN5ZG1arOl9Z+nXy8rR18jJ
-      nXwR/QT7GeEsCUbT+GN0TamFzGqaKP5QyOhVEorzcKnxuRTFoc6N1e3kB1kq2bDK
-      npX376mKTFWW7OLeXH2+Eh8A2X+w8zqQTpRta6631DyynO7MLAsihiAmDlOVpIsA
-      hYF/jDblpqCsh7es/78Rf09I4/pqwDByU+4wcuQ2CihdMqu8qZYY0iZFSelpikhp
-      mjvuVug0J91CVQIDAQABo28wbTAdBgNVHQ4EFgQU6/xkpENCcBkmnS+8pjjIKFOZ
-      ndUwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGA1UdEwQCMAAw
-      HwYDVR0jBBgwFoAU5LfCdZWIKybZXsA33M0Z5pA+16MwDQYJKoZIhvcNAQELBQAD
-      ggIBAARhtd1EdoHrHL3HCeqo5WplQnW0bd6M+KdFTlp2o84sRwDDsRhTQ64xeZC3
-      kK7h+R54cm2xzrqHs70t5UYNoYXh0DRYqCsEu9ZMfnxtye4sofGo53s5LWtkAguE
-      sTcpijbj95RodvGZnal+V7Z+B8yt0u0HcfFSrWv7956i3+Zcxdt+/9+FLYOzbOVj
-      sUnqKob3J8++PURJlPvnsgrrPPMxrRL7WfRn5njwrYNWrpOljh2G6PLcUmEHFQ/m
-      op8xbFwbb6mmkuyZqiQfcSci1Z/562kMR341Ba1plIvr3MPNShSzaIxyPNJrBATP
-      D1PUK4AORbpolhxJPjx8qfGyCKUBQKKACBRO3pBUlnHIiC21bjYJu9hev1qv9Vd0
-      VPeJRHC3Y/1Bv4ptMvwIXjh3uy16TYHA7V1cUIQmKk8HzBByHTek+xupdFERyFx3
-      0LDXPu7ry3bWHKoojsgNqWRXaTVuMZilgTGmwF24gCdjMrXgWANnxhFG2UVPa7sg
-      5OreMhK/jBLeXFrfTjXZtIDRdZmsgSkleUQuAlMG1yCZZud0cMebjBmCkcaada7e
-      4C0WFjpZHq/4PNcoO9aFTlNzzWlTm57Otvfc+kfItEt0Tx2YrOFKuHTofGptYtFm
-      OsUsS1uOeX1yFG4h3y6OT1gQJaNIep6N4/Qps8l4NK/0Wn9+
-      -----END CERTIFICATE-----
-  commercial_key: |
-      -----BEGIN RSA PRIVATE KEY-----
-      MIIEowIBAAKCAQEA2flsifSESbAZ4GZE3594alIx0Y4wH+zPlpffAyAuH0/woIfb
-      U0niYpjCMp2IukAkcMfwsvAyj3I2EKimkxWBDvmaDH5fY2SB6Mk6jun4TbYNbzZx
-      PjN5ZG1arOl9Z+nXy8rR18jJnXwR/QT7GeEsCUbT+GN0TamFzGqaKP5QyOhVEorz
-      cKnxuRTFoc6N1e3kB1kq2bDKnpX376mKTFWW7OLeXH2+Eh8A2X+w8zqQTpRta663
-      1DyynO7MLAsihiAmDlOVpIsAhYF/jDblpqCsh7es/78Rf09I4/pqwDByU+4wcuQ2
-      CihdMqu8qZYY0iZFSelpikhpmjvuVug0J91CVQIDAQABAoIBAGyn/igCwJLu+uc2
-      c6y5lNADKxxX8btoU86w5BVtzDAFrGCJeJZbJUOa/Gs4xjh50vB5ao34WGvTNgo1
-      19tIA+6QE++YazpjlrKQ5OTq0sECOE4w6GBmTmP2cxXwynerRMwszU/wojgj6d+j
-      xPwQl+AD85RFF2vDTpQoq7I1m9WZt1awszigmG8VDBwa/LFKfrz/HACH0lmQ6wQ1
-      h+dYcKjS7K68rEhZ29cjkO7k6Il44B4/6nfPSFCXCcypZD3uNXwGGDGR9QGcBzCY
-      HLCveb+v3rKnIjMpAX8xi1R6LVaxX+/wRCoaMRRhWqH3mBijVV/SKDvo+AOATECM
-      UNDYOaECgYEA9yNhwS2zL1lZhqqejG9CPL5GaxB+Rl6cFDP2U8xUVVYZjbvjnJBb
-      mU0/c+zGWFlHvqgBOCW5pCFOJx7eFvpp10zVJgqH6Nbdsz/nE0+kx2PwVT+miyBT
-      1CdtB8UQt4FDllYo3BToeqLlICBwuTe77UILWMjx4WPSQB/mJOlfHD0CgYEA4cpU
-      ogjCG4dU6W66RL4y+eP63VDBtz6kUmMHiX5xXEjn6UdYYp4TBL3VxonkMbOzHtAX
-      B95klqs2vl1arQf3glrv9PfVWyexWy+U/0YkibS8OGDJJUVLLRS7gZrEMGPbeKY5
-      SSeEDOtkmrUW6EmrCAmwaVW24uObAtzJJH6bp/kCgYEAs3bfGvA7yauBppgp8GMu
-      33txGXhtql4zyzv8qdeceie/ALyrSdtOmSGObXlIg4m53sqTsBk9GOISpbf1oQwR
-      ZgZmVmyZS00Uy4EhJVXVm/GH6fAB2dAM7+f9dgH15Lwav4Yrv73zIHNAHbdRBD9j
-      2aP3J28srvbVDDnd33oU1iUCgYBNrD3bE+o6cB68wtOfLFL69ftpwQsyz4DVuq1w
-      FihHF+l3rYxxOHHQcsGkr/DpTCk1U15o3Y966WFGsXStC42QsVnUyqEB37C6bq7x
-      9h5BpQQO3PS1NpY65uPuHOCayO9KHNyeFtLtYtjUA7HirN0CQdsHEW59tNCxdmRX
-      gppneQKBgAS27C022cGm0Qa0/X1a55G8D8MTXWe+fV6kNWJmfNca2YnWGIPJb+Ec
-      ISk5wkWOga3Cs9UcaJKnIbAiqaUU0VdyL0aZRaXyO6SlzgQLwpYUQ6zNzEhdgEhi
-      vd4rafhTMnvMUaDLjO5AVRnZ1eG+/5Gm/Y5XAvCPDqBEUlgvIRVn
-      -----END RSA PRIVATE KEY-----
-  key: |
-      -----BEGIN RSA PRIVATE KEY-----
-      MIIEowIBAAKCAQEAs13bCYIBJ3TDppmVdkm/+3Udy8cmLKhvwn4NnSDK/yLNHPt+
-      iKBkApamLwfi8V/TjJYjXeFk0Gn4MmwzuKYN1xcLMji/Lw1ixdU8E2qLL25mV0pu
-      WWze6L+qH5zIvBDjLi6wuYbL+HG9Wymj0QLI0Z3DkooDMNh+GAaAMvJMhQTesFYL
-      Iz3D4Xyp0Hm0Fz/q8OTYjcgkiQ2HB0GZyr0FNsi+MKc9Ybvre41X8MLQUIaiD7VE
-      ihkEwvNvZtlSQnULjH+gC0v+sA7MoREvecosPJRxs2JMgIXLNtxV/7jm7zv2pa8S
-      NwcFRYu8SYR2pzkPdhi1kxMMV+5tVANFa2HCPwIDAQABAoIBAEYza7ES8sSwjIq9
-      /aNoRf1y3xCMh0JfQi6LC2T+GrU0t7aqL+HldH8W2z/5BDeYW8HgWUM7Hiv77ao+
-      cxfH1g7i8/zZ/Om7gXcQeAzZXFRaDzAG752MYMoTidAJmv8QVPoUSBK00UwRqBzv
-      9S+uuU5hQtQttAYAFYntsWs/Lfe5QkDklfZ4EhVRm6R9dDbBNuraeOVkkSCJxL/Y
-      ei5+MLpdysKUbKb5NkVI1Olh23w0D1qJcWVv3WtO+V4i184ewT8Vb8GFK0bOGRxd
-      pLpVDpojH44av+HJGGbWFruBlcXzic6JJU5JWf0tu8xFpyURPAFcIW0M7T9UXwWV
-      LJ5c1rECgYEA4a0XAYfeyCNlVOzub5CR9DHhwt5FCPHxmdGA+pw8a2FpRq6iU7pN
-      r9yM2hrVmTOsM+/Zq28BAngtP0PXn9rancFx7/1FsHgp3xiz7LYAFNJoKImH6ipd
-      xdCkwA9yoO/owBWBc+dHK77Z1uvLgpnlfct/9DL0SfcrZr3Ngmbkzh0CgYEAy3fK
-      TAbSIgirJzyt0CvXub6ecZt/IV4w+P2mVTdmuCD1yC/EmyIm+shj2wLzdFUgvL6z
-      GQwSDVGd63/sTJ0nLii5Q6MQdS636qdWFXk3m7RUtb044TQSuIe08fZ/yc335NeR
-      uXbTlqGqPbvDqIMsJ79Qm8HTZ0sWhOaH+qxn0wsCgYEAyRfRrj2CGNjhjKFrfeJX
-      DD/+qgQhg+0DmksDIU1i0VSF2MP4RZ93ZkOjBx5uQwu2YLlTPt21CpxHxV4Qn5MG
-      xxf/DRikprEMro12lnE+9U7gHW8fu1txH7nhdHrPa/Ubcz42ki7+Tk7MEiUevQuh
-      YUyageF9qQMkm3J5078YF0kCgYBYrW3SsspUoPiPUkfiyajswGJn20CON3Iaotoi
-      m9G+AEd+pysF/d2FQV8b7e5TTmLFQEvoZ7Vabq7oG8nOHlQcLw2HqAMdP25S6/l9
-      xGXzC6Y7yyuGI17hY+v95NQPDSC0cSuG7H4NUYpT+4ir4feVnzEvoUtU4on/BEZR
-      f2CEvwKBgD/I0U24VHkD2vHrkcrrSXbBRIm630xXT3Wx7Al9D/f9N5z5OJ4pmCn8
-      f8nYmHwasWYUA2cMWODCQgIiblfYkewltw2K2qXByRZR98Y/OjScOWS2bwc+rMnb
-      cwCgFA2WXzfcw4WzZoYotzPvOWkYARur/VdJvry9UMX0ljkt64d0
-      -----END RSA PRIVATE KEY-----
-  use: true
-  use_commercial: true
diff --git a/hiera/snail.yaml b/hiera/snail.yaml
index 2413ec0..fcfac89 100644
--- a/hiera/snail.yaml
+++ b/hiera/snail.yaml
@@ -27,8 +27,8 @@ name: snail
 obfsproxy: 
   gateway_address: "176.53.69.19"
   scramblesuit: 
-    password: OY3FIR2JIJ3WEWRYPJRVS5SGOJLEG3SU
-    port: 24218
+    password: OZ3FOSKQKR3EUTCZPJWTEZKWMVGVCNZZ
+    port: 27889
 openvpn: 
   adblock: false
   allow_free: false
@@ -37,6 +37,7 @@ openvpn:
   configuration: 
     auth: SHA1
     cipher: AES-128-CBC
+    fragment: 1500
     keepalive: "10 30"
     tls-cipher: DHE-RSA-AES128-SHA
     tun-ipv6: true
diff --git a/hiera/starfish.yaml b/hiera/starfish.yaml
index 7b894c2..7a086a2 100644
--- a/hiera/starfish.yaml
+++ b/hiera/starfish.yaml
@@ -43,22 +43,22 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
 ip_address: "176.53.69.23"
 location: 
diff --git a/hiera/thrips.yaml b/hiera/thrips.yaml
index ca86ee5..6d916bc 100644
--- a/hiera/thrips.yaml
+++ b/hiera/thrips.yaml
@@ -9,8 +9,6 @@ couch:
     epmd_port: 4369
     neighbors: 
       - ant.demo.bitmask.net
-  master: false
-  mode: multimaster
   port: 5984
   users: 
     admin: 
@@ -25,10 +23,6 @@ couch:
       password: CyhRSafC4SUGQ9F762Qfv3TPQDqTjn2G
       salt: e3ee9259723d0cbd8b3265dbe8b4e21e
       username: nickserver
-    replication: 
-      password: gPFMMKdZaTHF24nQGYQTDHkAduQcarBm
-      salt: 215a1f508e2b564978f98e43231e1506
-      username: replication
     soledad: 
       password: cGqWZqTdFc_fuSZvfPtUTL_7uMA6d5YC
       salt: 514355e86f1d3fa4de42b677de21281d
@@ -81,9 +75,6 @@ mail:
   smarthost: 
     - leech.demo.bitmask.net
 name: thrips
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - couchdb
@@ -132,29 +123,25 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    ednp_clients: 
-      ant_9002: 
-        accept_port: 4001
-        connect: ant.demo.bitmask.i
-        connect_port: 19002
-        original_port: 9002
-    epmd_clients: 
-      ant_4369: 
-        accept_port: 4000
-        connect: ant.demo.bitmask.i
-        connect_port: 14369
-        original_port: 4369
-  servers: 
-    couch_server: 
-      accept_port: 15984
-      connect_port: 5984
-    ednp_server: 
-      accept_port: 19002
-      connect_port: 9002
-    epmd_server: 
-      accept_port: 14369
-      connect_port: 4369
+  couch_server: 
+    accept: 15984
+    connect: "127.0.0.1:5984"
+  ednp_clients: 
+    ant_9002: 
+      accept_port: 4001
+      connect: ant.demo.bitmask.i
+      connect_port: 19002
+  ednp_server: 
+    accept: 19002
+    connect: "127.0.0.1:9002"
+  epmd_clients: 
+    ant_4369: 
+      accept_port: 4000
+      connect: ant.demo.bitmask.i
+      connect_port: 14369
+  epmd_server: 
+    accept: 14369
+    connect: "127.0.0.1:4369"
 tags: 
   - demo
   - seattle
@@ -221,9 +208,6 @@ x509:
       bbeVsHat97eo2210j/wOQUxoGYzUq4WVKoCbQFfAhf/ksXhNn6mBBCuhCDp/Mu09
       s0n2njL9
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEogIBAAKCAQEA9TdRRiX7Ia4yRKvGpRuV7Ff/iS29eFdddwSYg+uPSRm4Hn4f
@@ -253,4 +237,3 @@ x509:
       GaBuHcOkEMwibPgxyoBZLPlS4/Au7MZLRTRqGoo8N1vl0x71mhA=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/tor1.yaml b/hiera/tor1.yaml
index 7363ed3..e29a87b 100644
--- a/hiera/tor1.yaml
+++ b/hiera/tor1.yaml
@@ -20,9 +20,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 name: tor1
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: internal_service
 services: 
   - tor
@@ -63,9 +60,6 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 22
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - local
 tor: 
@@ -73,12 +67,6 @@ tor:
   contacts: 
     - sysdev@leap.se
   family: "deeruSaR9IekHdQGUGI,hippobagtc8Z3KPmfnT"
-  hidden_service: 
-    active: ~
-    address: ~
-    key_type: RSA
-    private_key: ~
-    public_key: ~
   nickname: tor1pPXtPbHH5BVHVE2
 x509: 
   ca_cert: |
@@ -142,9 +130,6 @@ x509:
       KyFwoPZJ/prUbN7soJcaXfMRwKjKBtAZcfiEIuF/Kj0q0ej3SlIRQn9qQ3kB8gCm
       rq5L0rF43W9j+Nk6UsuShrFnpNco1oeVupR64lMe/NeS
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIEpQIBAAKCAQEA22A15S8yonSXCU8U/5UHkTMMgsWpnEwk28+xGzwbRCX5g4dF
@@ -174,4 +159,3 @@ x509:
       FPbeaUQIPPQfHUADhENClQ9eGyeOEj4BUwGbGxyKVBQEeJUO0VsD4eM=
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/urchin.yaml b/hiera/urchin.yaml
index c4b6076..236061f 100644
--- a/hiera/urchin.yaml
+++ b/hiera/urchin.yaml
@@ -27,8 +27,8 @@ couch:
       salt: 70bcff5aeb5a7ed22a96a4b43790965f
       username: nickserver
     replication: 
-      password: _mVfcIyFV_vfRFUvpNmAWYn_9KUxJ7Pv
-      salt: b53363c123da0677255bd93ec1627db7
+      password: B7LFWg7x7AQRIXdxGmsd4MjfQISB_EZj
+      salt: 868afc4ca18138cc256f57ff2a3c99a5
       username: replication
     soledad: 
       password: PgrbUREhqBGY4r4XIXQEgkk3jTH4sEJA
@@ -60,22 +60,22 @@ hosts:
   clam: 
     domain_full: clam.dev.bitmask.net
     domain_internal: clam.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDR+ZrQQ4ggDM5ZpNyoVmZJ3cQwzlfrTorWohEY0BAhLDuxpKR5U95Dam8xckh4tM2o0ZFkayVYLoW2s1hrD8Rt6AYVM6l7z5tSf/lIbWO++PAoIKSPJmSmg7kZs+P3Tafs0VjJh3Ypc2nmqvih+oRPSSdDUP7Dqumham5GGWVG/Y7UzukY7r1SeWdFW3fEvR+74/rCpWbSPgG5Fckp9FTy82JV7z+E+S+UHD1Dcgpimve4GGAbHVySNPI1khNHeTFuPJCgehwLOInCexXJO5gIcqyj4d3xABt84BGEHbzaSYDiUNZJep/dOddGt+xTZCzmmFtYcSjUZLR+wQCMFOeH"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc="
     ip_address: "176.53.69.22"
   elk: 
     domain_full: elk.dev.bitmask.net
     domain_internal: elk.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDu95UcykhjBiamMLHpGqB1UrPScpihrfOvlX0yO4zTa3PoJy+tx06UNfZ5JZD5llsezZ5HifUANSQ0XFPeYr3Vf4wrbD59oilUQtNXyB8avXatipRljURp6Yb5w1/pputbuZSe8aqn1HMDrSkTILbaCSdF0y5vWvssU2eDmpaZMtNEgPvA39PHHgxLXno7aktMJ8Vc3Wvqm6aUiBURZILGPchnVHgiMZUNiwm/nx7eRkIv1OTOJwPRBAOzqZuKf3c6jemtAMpihlwq4hBl99f+mWe/Fpzy0pq+BkfCPCnOE9iXk9ELd7hl0MoLHMdjCoQeWdVVEm5gJTjx0iZCDdyF"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8="
     ip_address: "176.53.69.127"
   starfish: 
     domain_full: starfish.dev.bitmask.net
     domain_internal: starfish.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYdKG2P28qWIzj497n8DaC50wPUUHDGg6qvSf64+qtfKGG6n1NNL4vrtO/mvOwLVCE7EqeQGzKD3V6/RyDECvKQK3bspMLE6E5MuH5cMKzlSKDZETtCMI/23UTRe8HXoQSZbwxtSFEA+p38M0yqqwysk5tna+Fo9ZatDgwRqOln1m9ny6ckxXMhpuc0s/7nbqLtHvhm22i70ghU5Hrjgz+/xI5IoL5e3vkDbAih1Jub+TdpmxnTKw53oWL2vzDxKstsmNm7GOeujPr5SDdVpxhzxfg/9JBtT59yiGm4C3sNC7LsceME2V77qSx9RIqVeWv/hvHjRqEFErIAMCl6UoB"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0="
     ip_address: "176.53.69.23"
   urchin: 
     domain_full: urchin.dev.bitmask.net
     domain_internal: urchin.dev.bitmask.i
-    host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfU1/BwcAUPRHNffdxePpL15ME0shqsINsbyTbE3pcxwB+oUk0BO8Hk2rVU9WAvUXBRzKjjTNVbXz3lFv1cDsIIRmSewN5G2qR3KO2MAlEaOPZa9oy6vzoJ3i8r8SlESDFUZLkzWfTDtnvb7DlkYAZwaJ1LMhO7Ou3PDdxyWixmpE5cblCExoO55fmJMP9FmD6viqc2rfRKiNkb9W8uqiEBXEGG96QBnAwXGPD3THlfe7SWJeGGuvWsH9kUJIDAABb8GHdzquOYr2xvwyBnQNgWCbyI60umlNLFNlOuX3Q8s8bGcEcKtwb5mJIztBgITsyuzm7H+z/e+EGOU1G2I0r"
+    host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo="
     ip_address: "176.53.69.21"
 ip_address: "176.53.69.21"
 location: 
diff --git a/hiera/vpn1.yaml b/hiera/vpn1.yaml
index b3005e7..ec7818b 100644
--- a/hiera/vpn1.yaml
+++ b/hiera/vpn1.yaml
@@ -20,11 +20,6 @@ mail:
   smarthost: 
     - mx1.bitmask.net
 name: vpn1
-obfsproxy: 
-  gateway_address: "10.5.5.46"
-  scramblesuit: 
-    password: K5HEYZTLIVIDIUDZKF2EE2BZKNTGCSSF
-    port: 22735
 openvpn: 
   adblock: false
   allow_free: true
@@ -49,9 +44,6 @@ openvpn:
   second_gateway_address: ~
   unlimited_prefix: UNLIMITED
   user_ips: false
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: user_service
 services: 
   - openvpn
@@ -92,9 +84,6 @@ ssh:
     enabled: true
     ports: "60000:61000"
   port: 22
-stunnel: 
-  clients: {}
-  servers: {}
 tags: 
   - local
 x509: 
@@ -193,9 +182,6 @@ x509:
       xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF
       gkVBxxt/s0R2aKM=
       -----END CERTIFICATE-----
-  commercial_ca_cert: ~
-  commercial_cert: ~
-  commercial_key: ~
   dh: |
       -----BEGIN DH PARAMETERS-----
       MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb
@@ -237,4 +223,3 @@ x509:
       8hacajGZ/d17cG5lIC269f9SeCqCBkg4IjJJA8aPX65M4J1UdF+h
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: false
diff --git a/hiera/wallaby.yaml b/hiera/wallaby.yaml
index e9a07e1..d240647 100644
--- a/hiera/wallaby.yaml
+++ b/hiera/wallaby.yaml
@@ -161,10 +161,10 @@ development:
   site_config: true
 dns: 
   aliases: 
-    - api.demo.bitmask.net
+    - wallaby.demo.bitmask.net
     - demo.bitmask.net
+    - api.demo.bitmask.net
     - nicknym.demo.bitmask.net
-    - wallaby.demo.bitmask.net
   public: true
 domain: 
   full: wallaby.demo.bitmask.net
@@ -175,21 +175,17 @@ domain:
 enabled: true
 environment: demo
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      ant: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 100
-        writable: true
-      thrips: 
-        backup: false
-        host: localhost
-        port: 4001
-        weight: 100
-        writable: true
+  servers: 
+    ant: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 100
+    thrips: 
+      backup: false
+      host: localhost
+      port: 4001
+      weight: 100
 hosts: 
   ant: 
     domain_full: ant.demo.bitmask.net
@@ -223,9 +219,6 @@ nickserver:
     username: nickserver
   domain: nicknym.demo.bitmask.net
   port: 6425
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - webapp
@@ -266,34 +259,29 @@ ssh:
     ports: "60000:61000"
   port: 4422
 stunnel: 
-  clients: 
-    couch_client: 
-      ant_5984: 
-        accept_port: 4000
-        connect: ant.demo.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-      thrips_5984: 
-        accept_port: 4001
-        connect: thrips.demo.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    ant_5984: 
+      accept_port: 4000
+      connect: ant.demo.bitmask.i
+      connect_port: 15984
+    thrips_5984: 
+      accept_port: 4001
+      connect: thrips.demo.bitmask.i
+      connect_port: 15984
 tags: 
   - demo
   - seattle
 webapp: 
   admins: 
-    - azul
     - elijah
+    - varac
+    - micah
     - kwadronaut
     - mcnair
     - meanderingcode
-    - micah
-    - varac
+    - azul
   allow_anonymous_certs: true
   allow_limited_certs: false
-  allow_registration: true
   allow_unlimited_certs: true
   api_version: 1
   client_certificates: 
@@ -309,29 +297,16 @@ webapp:
     password: LH5DH5rbLZs7zuCaIgWpDAetDpLvUAHg
     salt: c632af58769857bcdf108b46da9eaa44
     username: webapp
-  customization_dir: /srv/leap/files/webapp/
+  customization_dir: /etc/leap/files/webapp/
   default_service_level: 1
   domain: demo.bitmask.net
-  engines: 
-    - support
-  forbidden_usernames: 
-    - admin
-    - administrator
-    - arin-admin
-    - certmaster
-    - contact
-    - info
-    - maildrop
-    - postmaster
-    - ssladmin
-    - www-data
   git: 
     revision: origin/master
     source: "https://leap.se/git/leap_web"
   modules: 
+    - user
     - billing
     - help
-    - user
   nagios_test_user: 
     password: CsdFzBeYX6bepZdbzvaN6Dbu5NPz6Ycv
     username: nagios_test
@@ -766,4 +741,3 @@ x509:
       /76btyS2OfJe1Jcz43JX5/RD90q3Uo6Yi0j4NZwQb6TvFRyXnW5p2g==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true
diff --git a/hiera/web1.yaml b/hiera/web1.yaml
index 8fed05a..cd0130b 100644
--- a/hiera/web1.yaml
+++ b/hiera/web1.yaml
@@ -124,10 +124,10 @@ development:
   site_config: true
 dns: 
   aliases: 
-    - api.bitmask.net
+    - web1.bitmask.net
     - bitmask.net
+    - api.bitmask.net
     - nicknym.bitmask.net
-    - web1.bitmask.net
   public: true
 domain: 
   full: web1.bitmask.net
@@ -138,21 +138,17 @@ domain:
 enabled: true
 environment: local
 haproxy: 
-  couch: 
-    listen_port: 4096
-    servers: 
-      couch1: 
-        backup: false
-        host: localhost
-        port: 4000
-        weight: 10
-        writable: true
-      couch2: 
-        backup: false
-        host: localhost
-        port: 4001
-        weight: 10
-        writable: true
+  servers: 
+    couch1: 
+      backup: false
+      host: localhost
+      port: 4000
+      weight: 10
+    couch2: 
+      backup: false
+      host: localhost
+      port: 4001
+      weight: 10
 hosts: 
   couch1: 
     domain_full: couch1.bitmask.net
@@ -179,9 +175,6 @@ nickserver:
     username: nickserver
   domain: nicknym.bitmask.net
   port: 6425
-platform: 
-  major_version: "0.6"
-  version: "0.6"
 service_type: public_service
 services: 
   - webapp
@@ -223,33 +216,28 @@ ssh:
     ports: "60000:61000"
   port: 22
 stunnel: 
-  clients: 
-    couch_client: 
-      couch1_5984: 
-        accept_port: 4000
-        connect: couch1.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-      couch2_5984: 
-        accept_port: 4001
-        connect: couch2.bitmask.i
-        connect_port: 15984
-        original_port: 5984
-  servers: {}
+  couch_client: 
+    couch1_5984: 
+      accept_port: 4000
+      connect: couch1.bitmask.i
+      connect_port: 15984
+    couch2_5984: 
+      accept_port: 4001
+      connect: couch2.bitmask.i
+      connect_port: 15984
 tags: 
   - local
 webapp: 
   admins: 
-    - azul
     - elijah
+    - varac
+    - micah
     - kwadronaut
     - mcnair
     - meanderingcode
-    - micah
-    - varac
+    - azul
   allow_anonymous_certs: false
   allow_limited_certs: false
-  allow_registration: true
   allow_unlimited_certs: true
   api_version: 1
   client_certificates: 
@@ -265,29 +253,16 @@ webapp:
     password: pg9XGGdt4Dr3WcM9PYDqMmxxKHTpvsc9
     salt: 7e8868f8c4775290fd37d2f520d13672
     username: webapp
-  customization_dir: /srv/leap/files/webapp/
+  customization_dir: /etc/leap/files/webapp/
   default_service_level: 1
   domain: bitmask.net
-  engines: 
-    - support
-  forbidden_usernames: 
-    - admin
-    - administrator
-    - arin-admin
-    - certmaster
-    - contact
-    - info
-    - maildrop
-    - postmaster
-    - ssladmin
-    - www-data
   git: 
     revision: origin/master
     source: "https://leap.se/git/leap_web"
   modules: 
+    - user
     - billing
     - help
-    - user
   nagios_test_user: 
     password: uI_cYvPGNDZrcXTVLH_x88QFWjJ2yCZT
     username: nagios_test
@@ -721,4 +696,3 @@ x509:
       E4LfGgOC9CfxpTJOZIJM/4jTiozg/fVedFIuAqdDpgKAUiWNBbhheQ==
       -----END RSA PRIVATE KEY-----
   use: true
-  use_commercial: true