diff options
| -rw-r--r-- | hiera/ant.yaml | 20 | ||||
| -rw-r--r-- | hiera/antelope.yaml | 5 | ||||
| -rw-r--r-- | hiera/armadillo.yaml | 16 | ||||
| -rw-r--r-- | hiera/cowbird.yaml | 155 | ||||
| -rw-r--r-- | hiera/diplocaulus.yaml | 18 | ||||
| -rw-r--r-- | hiera/goldeneye.yaml | 26 | ||||
| -rw-r--r-- | hiera/gorilla.yaml | 24 | ||||
| -rw-r--r-- | hiera/leech.yaml | 31 |
8 files changed, 196 insertions, 99 deletions
diff --git a/hiera/ant.yaml b/hiera/ant.yaml index 2783579..3eb01b0 100644 --- a/hiera/ant.yaml +++ b/hiera/ant.yaml @@ -33,10 +33,6 @@ couch: password: cGqWZqTdFc_fuSZvfPtUTL_7uMA6d5YC salt: 514355e86f1d3fa4de42b677de21281d username: soledad - tapicero: - password: 4JUh6VMj9Z9RmBLhNBGGkKqnYEYbxuba - salt: 143d18a3df3e46e505f4c061d2cc17b7 - username: tapicero webapp: password: LH5DH5rbLZs7zuCaIgWpDAetDpLvUAHg salt: c632af58769857bcdf108b46da9eaa44 @@ -55,6 +51,12 @@ domain: name: ant.demo.bitmask.i enabled: true environment: demo +firewall: + ssh: + from: sysadmin + port: 4422 + to: "198.252.153.82" + stunnel: [] hosts: ant: domain_full: ant.demo.bitmask.net @@ -85,8 +87,8 @@ mail: - leech.demo.bitmask.net name: ant platform: - major_version: "0.7" - version: "0.7.1" + major_version: "0.8" + version: "0.8" service_type: internal_service services: - couchdb @@ -107,10 +109,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -153,6 +151,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" diff --git a/hiera/antelope.yaml b/hiera/antelope.yaml index 19782ac..6eab9d7 100644 --- a/hiera/antelope.yaml +++ b/hiera/antelope.yaml @@ -212,6 +212,7 @@ mynetworks: - "199.119.112.152" - "199.119.112.153" - "199.119.112.167" + - "199.119.112.197" - "199.119.112.8" - "204.13.164.162" - "204.13.164.171" @@ -239,6 +240,8 @@ services: - soledad - webapp soledad: + couchdb_leap_mx_user: + username: leap_mx couchdb_soledad_user: password: vR8CqkNx9XeLDWMZWaQNYFsQHsPDTPve salt: efac408f3cda73ebcb02f80c9c3a0bfa @@ -357,7 +360,7 @@ webapp: password: BUHSRknNYnLEzQHuLesseraW8WZ9IMpM salt: 1d0e3f0b126a69e19a1f6109fe8e2e40 username: webapp - customization_dir: /srv/leap/files/webapp/ + customization_dir: /srv/leap/files/mail_webapp/ default_locale: en default_service_level: 1 domain: mail.bitmask.net diff --git a/hiera/armadillo.yaml b/hiera/armadillo.yaml index 63fa910..a78f145 100644 --- a/hiera/armadillo.yaml +++ b/hiera/armadillo.yaml @@ -36,10 +36,6 @@ couch: password: kC3G8VUw_EHauUW_HaqVVmURd7W_LLKm salt: 9d8f48690250981009ee2429aabdc78d username: soledad - tapicero: - password: GzSQ2dc4j6fwTRXPSSjLWMM4uh2e42eG - salt: 221102bb1eda20211d6408fbcd9feef6 - username: tapicero webapp: password: SFHnQkZjz8SFNFpS4p355wmmh4vP9VXH salt: 657e9462c07b5f3086a06c744e76f10d @@ -59,6 +55,12 @@ domain: name: armadillo.bleeding.bitmask.i enabled: true environment: bleeding +firewall: + ssh: + from: sysadmin + port: 22 + to: "1.209.122.24" + stunnel: [] hosts: armadillo: domain_full: armadillo.bleeding.bitmask.net @@ -104,10 +106,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -150,6 +148,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" diff --git a/hiera/cowbird.yaml b/hiera/cowbird.yaml index 98b29fd..08683c4 100644 --- a/hiera/cowbird.yaml +++ b/hiera/cowbird.yaml @@ -1,4 +1,6 @@ --- +clamav: + whitelisted_addresses: [] contacts: - drebs@leap.se - sysdev@leap.se @@ -18,6 +20,18 @@ domain: name: cowbird.cdev.bitmask.net enabled: true environment: clientdev +firewall: + mx: + from: "*" + port: + - 25 + - 465 + to: "199.119.112.152" + ssh: + from: sysadmin + port: 22 + to: "199.119.112.152" + stunnel: [] haproxy: couch: listen_port: 4096 @@ -49,6 +63,9 @@ location: timezone: "-5" mail: smarthost: [] +mx: + aliases: {} + key_lookup_domain: bitmask.net mynetworks: - "1.209.122.24" - "1.209.122.26" @@ -69,11 +86,13 @@ mynetworks: - "199.119.112.151" - "199.119.112.152" - "199.119.112.153" + - "199.119.112.167" + - "199.119.112.197" - "199.119.112.8" - - "202.85.233.34" - "204.13.164.162" - "204.13.164.171" - "204.13.164.57" + - "37.218.240.101" - "46.165.242.166" - "85.17.92.143" name: cowbird @@ -102,10 +121,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -148,6 +163,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" @@ -388,58 +405,88 @@ x509: -----END CERTIFICATE----- commercial_cert: | -----BEGIN CERTIFICATE----- - MIIEcDCCAligAwIBAgIQZapGmb3M2eXlfyXvmTnKwDANBgkqhkiG9w0BAQsFADBK - MRgwFgYDVQQDDA9CaXRtYXNrIFJvb3QgQ0ExEDAOBgNVBAoMB0JpdG1hc2sxHDAa - BgNVBAsME2h0dHBzOi8vYml0bWFzay5uZXQwHhcNMTQxMDAyMDAwMDAwWhcNMTUx - MDAyMDAwMDAwWjAtMRAwDgYDVQQKDAdCaXRtYXNrMRkwFwYDVQQDDBBjZGV2LmJp - dG1hc2submV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvtDUNqCS - W8Gd3rdxG4fG+LGABxrD+A2CbwNJNZ1kte6t4h8h6bVAjIoVUzwt3fHbtoDGJAwi - IACZ5NQSBfAL0mZPu9EPhgBZNd5G/uzsYPAEOFlHuKRhlFsVJqApvlChkJpGFNoH - oDUGVWs4bmGq9e+Dc/6eouFGz8sqQfHWfKhnuX1T84oJGAzEm5pKIKkdUDMk9xIM - 4SV+fKC5qrcmVDxpIgnJHI42sINSKS0xj9bhioGw5wFkstnxtpGNB3VDpaZ4pK/o - kw7NI9tHeguIxiMf1S9O4JeTyquShT6OXZrf1wR9nRS882cFnwruM9jsXbMILCeO - Y3Y7ZJ8c3jhtCQIDAQABo28wbTAdBgNVHQ4EFgQUkMbMHgml/FP5noJVRJ9C+oVs - lBEwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAkGA1UdEwQCMAAw - HwYDVR0jBBgwFoAUuYGDLL2sswnYpHHvProt1JU+D48wDQYJKoZIhvcNAQELBQAD - ggIBAKNKgOnxYYiRSTNUYbAzfr5g6RmBndpc8vsFtcKcVtbIAm2HseiQLGqTbmIa - jbtbqd3138WG8wLDuiEVHeE8rzF1FMyncvJXFpee0X7BLWW+pm3qG4o+q49gxmZi - qN3+nUxMJWgw0ooK2nyzgp/AJ2iX8+b0oZTLCaG1SUAC8zoxbBlEmKldkpJSTVqE - gNBycX4+KQ9MrwsIqrDKCiKn2+IqmDThuaVmtkzXggLp6CsqJoedOiV3IAtxbl64 - 6GFAgT7OZVrnlSpylk53u8fthLCoM+0vuF0+9wWkxERxwywsgxRI5U5JibIzOuy3 - Jce4Bs/n9h0ZWrZQBjyIptaGPpAJFpxFhhZm2yNGt6So2HctR5B9mSSedZg9a8XQ - bdV6ZNQEgBEY7tPPpmAMBGTEzynD3ivN/MFgB2BadT2V04dGQy5f2RzoT56iwRly - wPSHllPxt8gm8d9VswSZKD9IaUi6exM2x4yiu9qZWD8+PDR9OP9QmEio7TVuxXJ5 - /vYkq1++ig5GxJDDdfuV2BY5vTOm9qkpIAw/usu9ZIETyQkzy1mc4Yt7hxjPq+Xr - 7CENhUxhDJt45cs8kSk4OEtlivDHabt5wEDtcxXkDFdudseVf6iT4TfkcHyQDsRj - hgknwqmkAIwfmJjWWLNkQoTuxXRKm0ZmtWXIYlpk/d323Dau + MIIFcTCCA1mgAwIBAgIRAMO8F8ZMG55dSjVovmxN4eYwDQYJKoZIhvcNAQELBQAw + SjEYMBYGA1UEAwwPQml0bWFzayBSb290IENBMRAwDgYDVQQKDAdCaXRtYXNrMRww + GgYDVQQLDBNodHRwczovL2JpdG1hc2submV0MB4XDTE1MTAwMjAwMDAwMFoXDTE2 + MTAwMjAwMDAwMFowLTEQMA4GA1UECgwHQml0bWFzazEZMBcGA1UEAwwQY2Rldi5i + aXRtYXNrLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAM5JAdYY + K5ecLP8zKQEC6C08lQ27znlI8sSYqQqODuYiwA8paH2FddcGLw+wTwZNBwWyN2/z + qfMud8NivR/v49XwWzhbET6E3xPx16utgz3QVt6uz2CbMhA5FgT6LJee49KIaTlc + E1O6AO+v59gx+89/lvT3ZIRkMZdM3ER2dreiJqfRqPaxSV/BPiIqKBLPhhdV3FN8 + RVpOEpR2d1gs+U1AHTQ12RIb8466oiUkINP+fifIWbpjbntfR83TIVreuvpsTBx4 + RtNcJezPJnjGxYDybVXoHiei65YQldoEA/tEQlEM33mbgCrv+PsJZ6eAccH4xwYc + URsKWtbcbjRa167GFLwQc2sfbfJ2oDUIFk8ICoRHoe2IXmk2PY+u2qDj8nn/ycAC + woFGRDcnjrrcXHNogVwg49kgAqZ7502TBC3xPnmYQncpLTIC7/C7jXGjPz0U372l + mUQXp0qz83Joa6r0NH33WoaCkJ5A4BJgo7s4Cm0U1st1LRBE4lIri25CZswuAYMd + Xr2Jcd2e6lbNoJJhVksc4sHIyctTPthQec417kXwCcgQNKUMX1apdIglJj3NmwBk + ojS9V1BPA2TogMHN1AYeS4nZ/UlIPslVxUa2PLLEPz7IcH8GQGqy50VLK3iFW1lV + sRyf2ygqwdiO5Vfci1onVmdZh9mSv7kvY7RtAgMBAAGjbzBtMB0GA1UdDgQWBBS0 + 4pvDNSzeeFpBBjvRTQC/4Sl2CjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYB + BQUHAwEwCQYDVR0TBAIwADAfBgNVHSMEGDAWgBS5gYMsvayzCdikce8+ui3UlT4P + jzANBgkqhkiG9w0BAQsFAAOCAgEAU81WNNlZkvHZzmIfBosqFP7J5+Q85GkLpdvV + qomu+/CkDrT7bdKuRMdJJcoQ6fe8FdRvIss8ko+QFe7kBeV/OX8wIn2A5176HmYC + PgDLrpnOV/LZPrlqAOxorVMiGiVYz0ZnbzYndpcWAmhqLNJjaMkoIwozRjVn+n6y + DABfNf/C9IloZtR/eOP39xDaHUH82uQLhLimIvlyLEcUKaDGs707ZUkJGi7TZoZu + TJGCoD0sohISmIazsexsenPyQwMap4etNrOVIBnd2r8I2Ga9/vNh7myaI30NvpYJ + IIB0Gw+BmSuOmOPBJc/W21sPcTo2aJTSKFBeLHx6GP6UXK8t4cVcNejsIfaDh0si + 7bDhTpt1rcIrenz+PJ4ITFAX92UX783tj6YZW2mUCUKzZ5S+DnAMCo3VzWEaB6aF + q0FTmKxT5ULGfQN6zh/jwIW3Gk931yLbyZ0FLTjxkjMf/PQFv3V9C5Os+QKYpK9u + Hrj1D1aIV91yg0KET+a9yp0fvqGPzkiKssvc8HhQp4NoGZHAY4QQjAAaHeLC4Ys4 + OIuNwCphenh0nzIyKsdtwzc87KwxdJNs/vDJjmUGIHiwQQnMy4Lb/OWwN2nI4Dew + 6UwoXVtsJ43nUwBt0x6gfLhqx2oYC4xNtt0T37Gl3Py6HhK1i7w4YwPy4qhpztqG + unY/ciI= -----END CERTIFICATE----- commercial_key: | -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEAvtDUNqCSW8Gd3rdxG4fG+LGABxrD+A2CbwNJNZ1kte6t4h8h - 6bVAjIoVUzwt3fHbtoDGJAwiIACZ5NQSBfAL0mZPu9EPhgBZNd5G/uzsYPAEOFlH - uKRhlFsVJqApvlChkJpGFNoHoDUGVWs4bmGq9e+Dc/6eouFGz8sqQfHWfKhnuX1T - 84oJGAzEm5pKIKkdUDMk9xIM4SV+fKC5qrcmVDxpIgnJHI42sINSKS0xj9bhioGw - 5wFkstnxtpGNB3VDpaZ4pK/okw7NI9tHeguIxiMf1S9O4JeTyquShT6OXZrf1wR9 - nRS882cFnwruM9jsXbMILCeOY3Y7ZJ8c3jhtCQIDAQABAoIBAGnVL26g/qwvph0K - B4zqcNwsrsLCAKFK9OYXn3pCMsKJgB3jgI68PfH1AEDrJtFrvJ3rrHn/1MmFK9X0 - HY73hccLgfu8x2xeMxyijSQFSlG1rdGHCzWIzqpXHlMPEDgDRqkKOAaGqyYbYsjr - sB/gwc6oKnOibGAQrJLBr01mEb2PQNCEauPDvgJT6MwGMpbgDtXCquOe+ccJagT4 - 8eow5IMVMCtVTJO/JJjZCxMz9IZIuO5UKhGJG7FfK5PJ/HfUGhg33VOv6sl1aE38 - 42LmitzKTo/5jbl78/+wmpi1aLEP8pajN4Mre0JWRiJjQO9VFhIvZH8yzfuW40GT - cRt7sIECgYEA34suo2k171X8+PVnJumFBNM6iP7WXDdGhx7LQ2Lcy0GtJZAsxJN0 - eSnhX8SwRZFYf+7jIOi4Q7/ZwTKJDc86naYaXWyBDPo56QuQASDvIKVkyje7DsHD - Y/Y1ArjS3Z8AQVJ7VN1R9+CNkF049yc7TWRkBBH8icw5e1hEQ9gUZBkCgYEA2oUx - dX+9GpTh6ufhmvpw+GGT+DjCtJm00IP6Y27fIgTHZo4Okl0kIhVktb6026OTc7GL - BdmnlenKKEE6WfNEyJq+VPzqdiRu7S81xwWszPU0GF5bRYsLVfvFoS2Tl6Bg8NvB - b/pCNsRzr42TxHpD9LC3A0RaPSYk9eiZvEaR7nECgYB2qCdaYAdcAjWkZIabdgrA - c+q3OyXHjyOlp2fXXgu67CKfNLc+pNKHWf6iWgIC+1KRndj75+ufMp/AWDW9mckQ - U1HdUzHxFIVWuWd34eZsWr50RD7LZ3hygAbFahurvbFh+wkyE8RlodEi1wjcz/s/ - alFYg7+b2UaNvV2G8ZRpSQKBgAodxG5mHYEPh23ykjU0hupYyhrhtdHak85bbcoQ - pe/TPM/4n6ATA8s4JlNror/QUNE4VPFOZD3CdwNqEaN8aaDH2SviEZCqmyAL4Xd3 - QcqzR1ghdiRADaRLZZjSnVSVric4ZToj4dDbQ2fLLB4acu7vB2n1TiAqled0fzmC - ItthAoGAXhzwHwlawpUWgoSkIlv9IL1o+8MTg0q08SfbWIOqp5pD08F5/QmQcLqZ - 1fW3K9rtFiH70VAK0M6st0LW9uEKo9CnU7fGrU5ounfwNxL8RLnyjO6rSGyU+TS7 - 4sPoIK7HNSgJTZuvaEMb4WjIwVaON51cXGxmuqeo34cvnMeyj9k= + MIIJKQIBAAKCAgEAzkkB1hgrl5ws/zMpAQLoLTyVDbvOeUjyxJipCo4O5iLADylo + fYV11wYvD7BPBk0HBbI3b/Op8y53w2K9H+/j1fBbOFsRPoTfE/HXq62DPdBW3q7P + YJsyEDkWBPosl57j0ohpOVwTU7oA76/n2DH7z3+W9PdkhGQxl0zcRHZ2t6Imp9Go + 9rFJX8E+IiooEs+GF1XcU3xFWk4SlHZ3WCz5TUAdNDXZEhvzjrqiJSQg0/5+J8hZ + umNue19HzdMhWt66+mxMHHhG01wl7M8meMbFgPJtVegeJ6LrlhCV2gQD+0RCUQzf + eZuAKu/4+wlnp4BxwfjHBhxRGwpa1txuNFrXrsYUvBBzax9t8nagNQgWTwgKhEeh + 7YheaTY9j67aoOPyef/JwALCgUZENyeOutxcc2iBXCDj2SACpnvnTZMELfE+eZhC + dyktMgLv8LuNcaM/PRTfvaWZRBenSrPzcmhrqvQ0ffdahoKQnkDgEmCjuzgKbRTW + y3UtEETiUiuLbkJmzC4Bgx1evYlx3Z7qVs2gkmFWSxziwcjJy1M+2FB5zjXuRfAJ + yBA0pQxfVql0iCUmPc2bAGSiNL1XUE8DZOiAwc3UBh5Lidn9SUg+yVXFRrY8ssQ/ + PshwfwZAarLnRUsreIVbWVWxHJ/bKCrB2I7lV9yLWidWZ1mH2ZK/uS9jtG0CAwEA + AQKCAgEAq/RDqZnATMMM5zZYSdWIgJztiuMwu/1JEQRIdNnyJXh2LK1RwsBLeJBZ + DnTjitcOsXrbp2CwHFxxzNcz27l2bFHNWG7hMwJDijaglyUuL4rJvxptF5SG6OsN + Jdz86u6x7j9zpzLPkY2NVj+Fvbv8sf0jctP+YDW8+OhC/HbbgzuRiXbFp84k4cMN + 7iDCAtwmZLFX1efTT/Ggn00ZMtFah0CYl3sDlYrjPejpXJh/HPgZZUQnN63G3OSR + 0ErclQjxR+qaj2jbcThxDLOo2CipXlG3PlMdP+EZDKCKqY+LWhqORU27w30SG7iq + DWjLlN8G9LBSBw/3s9iv3EcnPlEzU6f/jgDJWrKErgZBkKvfqR2EBXOMjOWPn6zR + gxOEv5t2pVBDGtpgZWopysTJpnHp/4S4MukGamvM97h8Vd1EkAHGio+SqMK4RDFT + 6EHX1QngXnt9GWLLFzR+QQx/NFBFJjjI3q1hZq560PqBSbsJFHGhdt2tU2mzIFW8 + T+Tfmcufs0LbyjJHD06MmLu+v/VZhyoD8SajgbYQkpLstuqYpm2/U2dvK/BfCw85 + KltkZUS5FBbdyBBS/JFjEEdhHVLx9GH1ZhduDRyykqg+NljSYpCzj0gx9AHP7W+k + 1k9u7+aqLE629cxLQsKPVVhOMGtW0iBEewOvkiPWNroQpiT5gwECggEBAOYyKeAq + yZZZMR9le/emoykvRPKljSsO9Liex1KIlKREVh8Dqk2wN2OgVLYGMpBPQGb+usVE + 2PKppHh6OJWgxNgWbhqnZGLK93zN0LNhGTl0sRw5FLeJ1+k4d5LwKovKMxklK4ti + c5vdXsFIl/H+ZE9igiQUu1fP+hvvMtfgN/1gFQtXO133p0VoZhA7PH9OzXRh9CL8 + HLKyE0xB7mQ4Ie4GPfFxs93XDSdbIjbNzzFQFmgnqkQ7R1/x+/Rbio7WP5DE4pca + YZYsFlcrQCMOUmZO4BNWVq4h0IBB+Iho2h2/op3xk2z3KuCo9IF8gsnOI0JxH2B0 + wVOyISzwGGexO2ECggEBAOVor7WRY6uqzPeZFi3VxrTywe9MUZWICcltCSxrmbOT + LqbXtWRrFzK6lFojdR1F7A4xLcP7qADG0s74UBelpZgGRoZ06vSjyE6+VSBTJrk5 + DU63o1qf+BczsExuyOP7I3W7hza+ibjCo775aBlKPEBJLou07W7XrIqRHqCzZm1k + 94KQuhP9XwYFoLfbtMbukA87iNCCsHm3mF7dTWIc/FEtM5vf5omuZKpMhbOiV7Ox + JhzRKnrimQhWBFn5byH4hozTkbjJ6UfW3N+fDmPePGD+vWOrDxeK+eo341VT+bEq + QQ+Tg6H/zJ/pVXfc9EFGalr/O1kJhx3CoGnAEb6GAI0CggEAEQyqGVZR8/bLMp4b + nm4TK5u6qZYlbIkBCyOHc8914uzEzCtDU9m3YIOhgpHW8OVNydMYFkBRKTfzXJEA + 2+Q6cB7JLOQ1BTQvPGkqCf8pFR5Vd9eqdyWYfkeWY6WyIQRq4HPmU76I/YRZ3kr4 + Jg5Hc7HCHdYDQi+/QI5o36BVxUh2ho6BcSZEl1lyJcWdZ3h4syQGJwkxPvL9hupj + M70MlkqUD+vx/H5PFRkk4ZZAwFBEOJanf8I8ORj9Jk4ZZxbrQleyyKpFjA/b37zu + VSpcZAN3iTcd2Gvcu4MnW0MY1Jc6/iPEXY+490bMRULplPTVm7gxML21C/PnjSKD + TDrOQQKCAQBAnWLYNjInmP0QRBseH9dPAg0jtJBKGL4A8Ogjjc8F6E+8iIc72Hn5 + PNoqJVCIRTh+qtVkHQ6t4VJhH0mXz307u5DDsEy5SSRTIYLijukaRHp+EHU/Qk1j + Y5ilfpKwu/y53W7xOWubEZ+DW8Y5UVJ1HOeyS+yQSsj7YnKI+t6/sy+Po+n1VWkd + Thp9jrF1Up5a2/7mE9lW/yI4ngZ8uwNKbfvaTI8nemo6GUGTXgdrwlqkxTk80XQf + B/ND0GC/5bsoETM7JAvDwz4E8kzgTikdfMKlPvoKPIe1s7YhQ3zRrMAUfg0WZPEi + nVsIXsChXg74wGjb5DYdaMM75fBZhG7FAoIBAQCvJV5UtBQRQTgC8jtiQHYACclY + pHIpoFIk1lSUsixru5O9s1peVUPDMIamUFksgiphUhEfxp1u2dyEHPr+wvBCR7LR + v/++wFFUMEG1EAW86639FMWzDXYmfIHM9kukitYR5Ahitdp7xsMpEpxS5bBMlfsw + whPMLKehDp7Yusk3CUVKLz0Swqz+uYKx09AREPg1VLPvE9prm43X4D9BaRP+/ska + rThfMNc4sWllusohKd2MUe1gX+l9tVXAhScf9pG4d2LNCsLNnfuQD3DEbdnMPMYy + k37LR67g94uR7lgISj1XPj5QhiSJEoCHRwqFDedr7zjeSigYjSeQOw40gMII -----END RSA PRIVATE KEY----- key: | -----BEGIN RSA PRIVATE KEY----- diff --git a/hiera/diplocaulus.yaml b/hiera/diplocaulus.yaml index 3a3ce01..8a80383 100644 --- a/hiera/diplocaulus.yaml +++ b/hiera/diplocaulus.yaml @@ -13,6 +13,18 @@ domain: name: diplocaulus.bitmask.net enabled: true environment: production +firewall: + ssh: + from: sysadmin + port: 22 + to: "199.119.112.150" + static: + from: "*" + port: + - 443 + - 80 + to: "199.119.112.150" + stunnel: [] hosts: {} ip_address: "199.119.112.150" location: @@ -46,10 +58,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -92,6 +100,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" diff --git a/hiera/goldeneye.yaml b/hiera/goldeneye.yaml index 0fdbc06..151793b 100644 --- a/hiera/goldeneye.yaml +++ b/hiera/goldeneye.yaml @@ -32,10 +32,6 @@ couch: password: MrUyYGnT_44NUyBAm46L3GCLPHKVZ_De salt: ac15331e0c098126e04ecf7a21045079 username: soledad - tapicero: - password: Gds68vK4JyZzPkUcEzBVEXdEFXq3jaFp - salt: 5b1b31b42c4cdce91ee8ccdb408d66ee - username: tapicero webapp: password: _CatyL3Ienc4wRrfPubrhyfYCFmCyt9t salt: 1c1dd6eb78f027414f1638bd6c902a5a @@ -54,6 +50,20 @@ domain: name: goldeneye.cdev.bitmask.net enabled: true environment: clientdev +firewall: + soledad: + from: "*" + port: 2323 + to: "199.119.112.153" + ssh: + from: sysadmin + port: 22 + to: "199.119.112.153" + stunnel: + - + from: "199.119.112.152" + port: 15984 + to: "199.119.112.153" hosts: cowbird: domain_full: cowbird.cdev.bitmask.net @@ -85,6 +95,8 @@ services: - couchdb - soledad soledad: + couchdb_leap_mx_user: + username: leap_mx couchdb_soledad_user: password: MrUyYGnT_44NUyBAm46L3GCLPHKVZ_De salt: ac15331e0c098126e04ecf7a21045079 @@ -108,10 +120,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -154,6 +162,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" diff --git a/hiera/gorilla.yaml b/hiera/gorilla.yaml index 31accc9..d444faa 100644 --- a/hiera/gorilla.yaml +++ b/hiera/gorilla.yaml @@ -36,10 +36,6 @@ couch: password: kC3G8VUw_EHauUW_HaqVVmURd7W_LLKm salt: 9d8f48690250981009ee2429aabdc78d username: soledad - tapicero: - password: GzSQ2dc4j6fwTRXPSSjLWMM4uh2e42eG - salt: 221102bb1eda20211d6408fbcd9feef6 - username: tapicero webapp: password: SFHnQkZjz8SFNFpS4p355wmmh4vP9VXH salt: 657e9462c07b5f3086a06c744e76f10d @@ -59,6 +55,20 @@ domain: name: gorilla.bleeding.bitmask.i enabled: true environment: bleeding +firewall: + ssh: + from: sysadmin + port: 22 + to: "1.209.122.26" + stunnel: + - + from: "1.209.122.24" + port: 14369 + to: "1.209.122.26" + - + from: "1.209.122.24" + port: 19002 + to: "1.209.122.26" hosts: armadillo: domain_full: armadillo.bleeding.bitmask.net @@ -104,10 +114,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -150,6 +156,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" diff --git a/hiera/leech.yaml b/hiera/leech.yaml index 392c48f..4eef99e 100644 --- a/hiera/leech.yaml +++ b/hiera/leech.yaml @@ -1,4 +1,6 @@ --- +clamav: + whitelisted_addresses: [] contacts: - elijah@leap.se - sysdev@leap.se @@ -18,6 +20,18 @@ domain: name: leech.demo.bitmask.net enabled: true environment: demo +firewall: + mx: + from: "*" + port: + - 25 + - 465 + to: "198.252.153.85" + ssh: + from: sysadmin + port: 4422 + to: "198.252.153.85" + stunnel: [] haproxy: couch: listen_port: 4096 @@ -61,6 +75,9 @@ location: timezone: "-7" mail: smarthost: [] +mx: + aliases: {} + key_lookup_domain: bitmask.net mynetworks: - "1.209.122.24" - "1.209.122.26" @@ -81,6 +98,8 @@ mynetworks: - "199.119.112.151" - "199.119.112.152" - "199.119.112.153" + - "199.119.112.167" + - "199.119.112.197" - "199.119.112.8" - "204.13.164.162" - "204.13.164.171" @@ -90,8 +109,10 @@ mynetworks: - "85.17.92.143" name: leech platform: - major_version: "0.7" - version: "0.7.1" + major_version: "0.8" + version: "0.8" +rbls: + - zen.spamhaus.org service_type: user_service services: - mx @@ -112,10 +133,6 @@ sources: package: soledad-server revision: latest type: apt - tapicero: - revision: origin/version/0.7 - source: "https://leap.se/git/tapicero" - type: git webapp: revision: origin/version/0.7.1 source: "https://leap.se/git/leap_web" @@ -158,6 +175,8 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + config: + AllowTcpForwarding: "no" mosh: enabled: true ports: "60000:61000" |