diff options
| -rw-r--r-- | hiera/chameleon.yaml | 94 | ||||
| -rw-r--r-- | hiera/octopus.yaml | 80 | ||||
| -rw-r--r-- | hiera/panda.yaml | 41 | ||||
| -rw-r--r-- | hiera/seahorse.yaml | 18 | ||||
| -rw-r--r-- | secrets.json | 4 |
5 files changed, 169 insertions, 68 deletions
diff --git a/hiera/chameleon.yaml b/hiera/chameleon.yaml index 5d05bb7..d156f95 100644 --- a/hiera/chameleon.yaml +++ b/hiera/chameleon.yaml @@ -137,10 +137,10 @@ development: site_config: true dns: aliases: - - chameleon.unstable.bitmask.net - - unstable.bitmask.net - api.unstable.bitmask.net + - chameleon.unstable.bitmask.net - nicknym.unstable.bitmask.net + - unstable.bitmask.net public: true domain: full: chameleon.unstable.bitmask.net @@ -151,128 +151,154 @@ domain: enabled: true environment: unstable haproxy: - servers: - panda: - backup: false - host: localhost - port: 4000 - weight: 100 + couch: + listen_port: 4096 + servers: + panda: + backup: false + host: localhost + port: 4000 + weight: 100 + writable: true hosts: ant: domain_full: ant.demo.bitmask.net domain_internal: ant.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGDhCu92zulHOAhv63sTLnxPQrP+GxbWC4YUxonYOiWKaI/oS5soH5vfgI0/kkzZgA044F6ZyWo5S5dEwz4AEI=" ip_address: "198.252.153.82" + port: 4422 canvasback: domain_full: canvasback.cdev.bitmask.net domain_internal: canvasback.cdev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH5g/h43gZ3pQsU8ohme4J2mDeZgxGnd3lfR428GRqxKH4MEDGGrimpK1oPf6scey+oD8WYvSYP3ZjPFZHxyq4A=" ip_address: "192.168.5.4" + port: 22 chameleon: domain_full: chameleon.unstable.bitmask.net domain_internal: chameleon.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCbam3MYRlMunsimA/FMoS3qH03GcSTS7PPphE5es7oucWidaBp8HUKhl9SXTXe/98wYWTTMZPdWvjJvloWHxTAH1nt/TQxcCRZLPjaInt7NUo3aV5u0ADNaBKvcI8mFZMECSOol8ss+2+HHaqN3AQXcrotClz0vDb0a/9wPBKO0/oYR9PaDBR2wqq5TpOQn7lLmvygMCxvMr9PGgn02RnVsMHQ7qBH+Dk2MDM9DqT4Nr/WW61kwQKv1G/cfAD0MFN2HHMBj6Tx4pHPgTm9GhlEGmkUzykNSrqkg5V69peqeDTkNTkWy6WIwzk0Td7ohhLypa4dMUB5miSPHObrKSDJ" ip_address: "192.168.5.10" + port: 4422 chipmonk: domain_full: chipmonk.cdev.bitmask.net domain_internal: chipmonk.cdev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBDyqIb8/kigC0IUCVFlIKmhp5+C/P2W7d71jMX6ZK9XAzRzxFdMmcvn5H6ypUsLWQ7r327nD1bRupKiYdmPWrWk=" ip_address: "192.168.5.19" + port: 22 clam: domain_full: clam.dev.bitmask.net domain_internal: clam.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMYfDEXXpRdNtIaa1aGLVqG/3laVEoLi4ujKAFKtsgOJqw6qd6Sph29Jyqb5SmXNqzebuVKbWmKogXia1wKnjUc=" ip_address: "176.53.69.22" + port: 4422 deer: domain_full: deer.dev.bitmask.net domain_internal: deer.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBORp1ohUpy+qSPhgklCvujSTGeIsHdY9hBDJZimfeRZFq3ZuZvLltrvla8++BBTCskgEUdGtNivK9I0oCviyDeA=" ip_address: "202.85.227.195" + port: 22 demodex: domain_full: demodex.dev.bitmask.net domain_internal: demodex.dev.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2iNuS97BTd7flA/8nho/w3+THNriQPf1IpgcI/TCaTxIG5T85FRIApNAIxayJjBAt9C/MM8LMUlpRTq1Y8vlpYmfcWAJj5V8bbP03TXNIkgK8rtStjN061bhWXo4AVfD1hFyL+wUrdGRX2laaJvOgMO+UCkYb9PPqEfyKCMhcu3Da7auznYucrNxcJwCU4TpVgmQDYE0DWpYkssTbGJ7YJOZAtwNWtOrZFVRzOvMy3WvAM/s0x/ME6CQi6k6dDHlSpafhPAl/B4koTtnPksmXc7xCpmaun1j68C0yvD1l9QBPKyFwJ1KCJgx+9++CqnSFbIbX3ebb0FGtMHrak2xL" ip_address: "204.13.164.171" + port: 22 elephant: domain_full: elephant.dev.bitmask.net domain_internal: elephant.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOktOAJ7qxG2pC+qGVJTMNLMZGdhyInsuCX7phvQSTJxo2HNTUcSR/CJuLwsV0yqBVTmbrUNBCJS/n+x6bVqUeg=" ip_address: "176.53.69.13" + port: 4422 elk: domain_full: elk.dev.bitmask.net domain_internal: elk.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJxIofc6JyVvppMKv/hZnMZp/aYeEcy5kHAW1O1/ZkHnclc/cmxEQ2HtRNhMXziOrYZG/UB9NCEBkTFG2PG6XH8=" ip_address: "176.53.69.127" + port: 22 frog: domain_full: frog.bitmask.net domain_internal: frog.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBNurBzA0Yk4smJr9x+EttnpdaZg9FNnWTl+JKwmYBMXxaoh+W0fOCkooA5DuQq/e6V/BmJC5WoerFWhV2oxSs5w=" ip_address: "199.119.112.23" + port: 22 gadwall: domain_full: gadwall.cdev.bitmask.net domain_internal: gadwall.cdev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC4ycn7GabjeeewBmzTUbH+rZjRQV9seFmqbW2o5cE4jLsbPIMcMRRwLhA7TfIRLL7bLyuRNUWXwOqKZb/Psiog=" ip_address: "192.168.5.5" + port: 22 hippo: domain_full: hippo.demo.bitmask.net domain_internal: hippo.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL4iit51nt0P5yulG9s5iNP94MVGOXZTbPeHbnIqXmiYv8u5Cq8l/R4S9T8s9oh8PdZvGfWrbxewz3CaHgIvtbc=" ip_address: "85.17.92.143" + port: 4422 ladybug: domain_full: ladybug.dev.bitmask.net domain_internal: ladybug.dev.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDB2QMVLYRTwLfZzafas9wTfh1OsHCuRFc1yfezZt/hPPYbNREkbDLW7xgvCBFAqZdRU/1EEyzTdLwUPWP7RtFRSVPrBn3Re9Y2DmVno4YR/7SklWo330tc3aNX5sVFfvgSLHqe4T/SOSmQvjPz/AxkRekIi7Rsjrew9C3SiCZ9S3PygxEQw3XnPoeh4Kju1fl7eXSzLwWVu1TtUJvRn6gbP9+qTY5/1e9MHEBD0zOXO7tAcRWwjkzMPdQ1GgMqvAqamtIXOmG2RWXApeaitix8qZQlC/eb1pJzlh2b5MNiizJPS1rCqnGSN3Jx6H5CqthKWu1JaUzxGhLacuu5AWSN" ip_address: "192.168.5.8" + port: 22 leech: domain_full: leech.demo.bitmask.net domain_internal: leech.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiT3/fejkQIAny1f71ijFYaSEcYho6gR10z20ctmLumV3pHtXcFXtHqzAFJ07txANyef5P/yiIOl+/x/uRANjo=" ip_address: "198.252.153.85" + port: 4422 millipede: domain_full: millipede.demo.bitmask.net domain_internal: millipede.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBG02MrdDFaqZO11JbYSAAC5q/W/FCch3AQXo+dRcpErvHLmv9kWkrV1ESqfZ+s6qEfk8Aqv0vsym7YigMiGXlBo=" ip_address: "198.252.153.83" + port: 4422 octopus: domain_full: octopus.unstable.bitmask.net domain_internal: octopus.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLbvsEZGXVaC74PcXd/M4wwv7nnAhg3318EqcGbo2aX5Tt+mAYbxjLj+HAiJgG63Mp6+GEuH5KNwgrRNwaOqh84tOMOYOKFAdgha4z6WC9q9sFIkqwaE2KDfoENKyUo0ywb0aBAW0EvYMt92BL7p5T8oQr/SbFw/GW1iyEqCPFK4VcupdnjDd8wyolgLawg0Okah5IHVosuJQEZXii7I0nhAl5OUkn5DIr6NklW6gTht+m6yRl7KNS+SGfyZs5U/1NywtwqPIH5Zgwt3Cphzga+d++6HbpO3PXA1PmN/bYJGDC0zG9gDSae1mvc+pDWWELgHEfpjzigrqqeNJtO2UD" ip_address: "192.168.5.16" + port: 4422 panda: domain_full: panda.unstable.bitmask.net domain_internal: panda.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2cA8eQ4VD3tW7p+Fy0ZLXBzFbgwFOXjdau8zQd0WzJd2sifsLMHv/iGcfELsK+O7Jh7KsezwhT+seZQR6QmdX4qgFvtKB86DgUmMVc5k1Zja1+vXjhsMVB0/EY7k7CM3Clm8NRJzjiA407TFYsCMLuVRaW5hvgFiH9+4aszbmtbfWoFVT97y3o2bkP0exz5jxgKsnlJDF9HJBsVEHXnozvopZeoprrDbtJZQGQA+HcllJm678sIzwEwWn/6JtH6LmcvhnRL5ohd0Tlhf/lqFS9if+EzEt278crUMWcePSxb7a4lV6cJrxE3VaiZ+ldsvJebcYDvtJCK1T8ea4OarB" ip_address: "192.168.5.9" + port: 4422 seahorse: domain_full: seahorse.unstable.bitmask.net domain_internal: seahorse.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfIO4Zdb7Xl1xP3Nw6hCSRSU9t6D2l3HpP38V1VM+2sLHDUdGDlHYWgUlfril5wZ6DdvU1DO2xrSTPDR1LrLEk/OKuFthnNUmRfE+NQQbf/KjEfj+AFj36l9evbWwef/EwECOtydQYZTEabVvrt0yprHYnfd728UklkFjXg67962X9A8DtK2OcPovEbcpPA3vo88+SZukNXAFUQcZPbX5ux0WZ1RH0GQVLVFo0dL4dQdEHZIXVYNvI9X7FzcN4WNjYyZfibiCmo3zdv15Hybh1NMQtBC6H5ZtiykzqL7cbUmmKeYzgIycFnewUxr6P4WyWx7/kPqfR/0Dw5aQqufw1" ip_address: "192.168.5.12" + port: 4422 snail: domain_full: snail.dev.bitmask.net domain_internal: snail.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK+IgHh5d/DYKrfzc8yGSBiNxFOg8vnTTfuykuQK3wO9F7Obzxuux/qlvHV1yPV0I9id72bduDfyfngMU5jqugY=" ip_address: "176.53.69.14" + port: 4422 starfish: domain_full: starfish.dev.bitmask.net domain_internal: starfish.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH7hjD8SIQshnCrMkin4MY6ff1QAJRusnMMsitiTc3+rpn5cCVW+ZB6+nwSKUyiXbD8l6wcL0CTxEZJGhYyfKc0=" ip_address: "176.53.69.23" + port: 4422 thrips: domain_full: thrips.demo.bitmask.net domain_internal: thrips.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIJHNnsfeuNBkVRm7cJvgD0rTX1wztnoz9SuHK2vJ9Pcluo8VfFoQrwayoFiAPJNC0dOoSra0Ir9L/eNQtjEzW0=" ip_address: "204.13.164.162" + port: 4422 urchin: domain_full: urchin.dev.bitmask.net domain_internal: urchin.dev.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKuJ+QA8GaXfxxERGFQSznpqJNmIk4gNFp3UvqYvL9PLeFUP4DwwsyCWg24x1R7RkFE3P75Jcck6Q8JW8d9iQWo=" ip_address: "176.53.69.21" + port: 4422 wallaby: domain_full: wallaby.demo.bitmask.net domain_internal: wallaby.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP/bJJ5OoSveoTEXAl26Gz0tqJkwzdA2fezMFeyoDDF6BCWntfzFZahoxHWg5alUfNMCJeYYOPYu/k05QzXThkQ=" ip_address: "204.13.164.57" + port: 4422 ip_address: "199.119.112.10" location: country_code: US @@ -283,6 +309,11 @@ mail: smarthost: - octopus.unstable.bitmask.net nagios: + domains_internal: + - cdev.bitmask.i + - demo.bitmask.i + - dev.bitmask.i + - unstable.bitmask.i hosts: ant: domain_full_suffix: demo.bitmask.net @@ -303,8 +334,8 @@ nagios: domain_internal: chameleon.unstable.bitmask.i ip_address: "199.119.112.10" services: - - webapp - monitor + - webapp ssh_port: 4422 chipmonk: domain_full_suffix: cdev.bitmask.net @@ -465,10 +496,13 @@ nickserver: username: nickserver domain: nicknym.unstable.bitmask.net port: 6425 +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - - webapp - monitor + - webapp ssh: authorized_keys: azul: @@ -516,26 +550,30 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_client: - panda_5984: - accept_port: 4000 - connect: panda.unstable.bitmask.i - connect_port: 15984 + clients: + couch_client: + panda_5984: + accept_port: 4000 + connect: panda.unstable.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - - unstable - dc - sandbox-braintree + - unstable webapp: admins: + - azul - elijah - - varac - - micah - kwadronaut - mcnair - meanderingcode - - azul + - micah + - varac allow_anonymous_certs: false allow_limited_certs: false + allow_registration: true allow_unlimited_certs: true api_version: 1 billing: @@ -557,16 +595,29 @@ webapp: password: enfhmsmcLc3Az3GF6TFKwRk99Iqjm2ew salt: 478bf7e8ca879a9711b279055f00153e username: webapp - customization_dir: /etc/leap/files/webapp/ + customization_dir: /srv/leap/files/webapp/ default_service_level: 1 domain: unstable.bitmask.net + engines: + - support + forbidden_usernames: + - admin + - administrator + - arin-admin + - certmaster + - contact + - info + - maildrop + - postmaster + - ssladmin + - www-data git: revision: origin/version/0.6 source: "https://leap.se/git/leap_web" modules: - - user - billing - help + - user nagios_test_user: password: SvVjM5NCe2RF6XwTtZ7dGxAZ7E7KeSNS username: nagios_test @@ -880,3 +931,4 @@ x509: MXxW/683yhX/wP2WfhDpam3gZjAOmRUXjb4OmevRF2jlwLOJssykv7A= -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/hiera/octopus.yaml b/hiera/octopus.yaml index 8512f0c..3846a72 100644 --- a/hiera/octopus.yaml +++ b/hiera/octopus.yaml @@ -18,23 +18,28 @@ domain: enabled: true environment: unstable haproxy: - servers: - panda: - backup: false - host: localhost - port: 4000 - weight: 100 + couch: + listen_port: 4096 + servers: + panda: + backup: false + host: localhost + port: 4000 + weight: 100 + writable: true hosts: octopus: domain_full: octopus.unstable.bitmask.net domain_internal: octopus.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLbvsEZGXVaC74PcXd/M4wwv7nnAhg3318EqcGbo2aX5Tt+mAYbxjLj+HAiJgG63Mp6+GEuH5KNwgrRNwaOqh84tOMOYOKFAdgha4z6WC9q9sFIkqwaE2KDfoENKyUo0ywb0aBAW0EvYMt92BL7p5T8oQr/SbFw/GW1iyEqCPFK4VcupdnjDd8wyolgLawg0Okah5IHVosuJQEZXii7I0nhAl5OUkn5DIr6NklW6gTht+m6yRl7KNS+SGfyZs5U/1NywtwqPIH5Zgwt3Cphzga+d++6HbpO3PXA1PmN/bYJGDC0zG9gDSae1mvc+pDWWELgHEfpjzigrqqeNJtO2UD" ip_address: "192.168.5.16" + port: 4422 panda: domain_full: panda.unstable.bitmask.net domain_internal: panda.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2cA8eQ4VD3tW7p+Fy0ZLXBzFbgwFOXjdau8zQd0WzJd2sifsLMHv/iGcfELsK+O7Jh7KsezwhT+seZQR6QmdX4qgFvtKB86DgUmMVc5k1Zja1+vXjhsMVB0/EY7k7CM3Clm8NRJzjiA407TFYsCMLuVRaW5hvgFiH9+4aszbmtbfWoFVT97y3o2bkP0exz5jxgKsnlJDF9HJBsVEHXnozvopZeoprrDbtJZQGQA+HcllJm678sIzwEwWn/6JtH6LmcvhnRL5ohd0Tlhf/lqFS9if+EzEt278crUMWcePSxb7a4lV6cJrxE3VaiZ+ldsvJebcYDvtJCK1T8ea4OarB" ip_address: "192.168.5.9" + port: 4422 ip_address: "199.119.112.16" location: country_code: US @@ -45,38 +50,41 @@ mail: smarthost: [] mynetworks: - "176.53.69.127" - - "199.119.112.9" - - "192.168.5.9" - - "176.53.69.23" - - "199.119.112.5" - - "192.168.5.5" + - "176.53.69.13" + - "176.53.69.14" - "176.53.69.21" - - "204.13.164.171" - - "199.119.112.10" + - "176.53.69.22" + - "176.53.69.23" - "192.168.5.10" - - "198.252.153.83" - - "199.119.112.12" - "192.168.5.12" - - "204.13.164.162" - - "198.252.153.82" - - "199.119.112.16" - "192.168.5.16" - - "204.13.164.57" - - "176.53.69.14" - - "199.119.112.19" - "192.168.5.19" - - "176.53.69.13" - - "202.85.227.195" - - "199.119.112.23" - "192.168.5.23" - - "85.17.92.143" - - "176.53.69.22" - - "199.119.112.4" - "192.168.5.4" + - "192.168.5.5" + - "192.168.5.8" + - "192.168.5.9" + - "198.252.153.82" + - "198.252.153.83" - "198.252.153.85" + - "199.119.112.10" + - "199.119.112.12" + - "199.119.112.16" + - "199.119.112.19" + - "199.119.112.23" + - "199.119.112.4" + - "199.119.112.5" - "199.119.112.8" - - "192.168.5.8" + - "199.119.112.9" + - "202.85.227.195" + - "204.13.164.162" + - "204.13.164.171" + - "204.13.164.57" + - "85.17.92.143" name: octopus +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - mx @@ -117,14 +125,17 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_client: - panda_5984: - accept_port: 4000 - connect: panda.unstable.bitmask.i - connect_port: 15984 + clients: + couch_client: + panda_5984: + accept_port: 4000 + connect: panda.unstable.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - - unstable - dc + - unstable x509: ca_cert: | -----BEGIN CERTIFICATE----- @@ -426,3 +437,4 @@ x509: O1j7UCNyBJ70TpZ4F7RR3rcmlFbR8Moys/GrEMuUG1CJmOHRxGju2g== -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/hiera/panda.yaml b/hiera/panda.yaml index d7a4509..a074bce 100644 --- a/hiera/panda.yaml +++ b/hiera/panda.yaml @@ -7,6 +7,8 @@ couch: ednp_port: 9002 epmd_port: 4369 neighbors: [] + master: false + mode: multimaster port: 5984 users: admin: @@ -21,6 +23,10 @@ couch: password: PzzQwxCvQLZUxRdS2jshMPN37Ps4qtbH salt: b54d7b0f595d7318d961c636fb8f5530 username: nickserver + replication: + password: QgnmZaGgDWkb5ptprsbj9xvfYVWLFUj5 + salt: 01a82aa87990d967cfb81f3ff32f8095 + username: replication soledad: password: 35MzsnEEAeHTVNhI_FaCFNS5bhd7RGEf salt: 7f725f3cc60c388e9af8140555e09dfa @@ -53,11 +59,13 @@ hosts: domain_internal: octopus.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLbvsEZGXVaC74PcXd/M4wwv7nnAhg3318EqcGbo2aX5Tt+mAYbxjLj+HAiJgG63Mp6+GEuH5KNwgrRNwaOqh84tOMOYOKFAdgha4z6WC9q9sFIkqwaE2KDfoENKyUo0ywb0aBAW0EvYMt92BL7p5T8oQr/SbFw/GW1iyEqCPFK4VcupdnjDd8wyolgLawg0Okah5IHVosuJQEZXii7I0nhAl5OUkn5DIr6NklW6gTht+m6yRl7KNS+SGfyZs5U/1NywtwqPIH5Zgwt3Cphzga+d++6HbpO3PXA1PmN/bYJGDC0zG9gDSae1mvc+pDWWELgHEfpjzigrqqeNJtO2UD" ip_address: "192.168.5.16" + port: 4422 panda: domain_full: panda.unstable.bitmask.net domain_internal: panda.unstable.bitmask.i host_pub_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2cA8eQ4VD3tW7p+Fy0ZLXBzFbgwFOXjdau8zQd0WzJd2sifsLMHv/iGcfELsK+O7Jh7KsezwhT+seZQR6QmdX4qgFvtKB86DgUmMVc5k1Zja1+vXjhsMVB0/EY7k7CM3Clm8NRJzjiA407TFYsCMLuVRaW5hvgFiH9+4aszbmtbfWoFVT97y3o2bkP0exz5jxgKsnlJDF9HJBsVEHXnozvopZeoprrDbtJZQGQA+HcllJm678sIzwEwWn/6JtH6LmcvhnRL5ohd0Tlhf/lqFS9if+EzEt278crUMWcePSxb7a4lV6cJrxE3VaiZ+ldsvJebcYDvtJCK1T8ea4OarB" ip_address: "192.168.5.9" + port: 4422 ip_address: "199.119.112.9" location: country_code: US @@ -68,6 +76,9 @@ mail: smarthost: - octopus.unstable.bitmask.net name: panda +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - couchdb @@ -116,20 +127,22 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_server: - accept: 15984 - connect: "127.0.0.1:5984" - ednp_clients: {} - ednp_server: - accept: 19002 - connect: "127.0.0.1:9002" - epmd_clients: {} - epmd_server: - accept: 14369 - connect: "127.0.0.1:4369" + clients: + ednp_clients: {} + epmd_clients: {} + servers: + couch_server: + accept_port: 15984 + connect_port: 5984 + ednp_server: + accept_port: 19002 + connect_port: 9002 + epmd_server: + accept_port: 14369 + connect_port: 4369 tags: - - unstable - dc + - unstable x509: ca_cert: | -----BEGIN CERTIFICATE----- @@ -193,6 +206,9 @@ x509: on5r5VCjv69sw/yJCqGWUaDfPb8ui+kv+JfIsQ8BoXSaSA81OZ5HeQ11vo5Hh7TZ jUjUzNF+926ph4U2SgvNjQ== -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA0iB5rq3smyrvJRHApK3NapMbIZFzWfVIReFjqSt1jX6ZGWsM @@ -222,3 +238,4 @@ x509: gXDYMT8LiHhMP5GD5vauBqcJwmH6kiGpqoWWirotjVaXbLcCBnyIDw== -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/seahorse.yaml b/hiera/seahorse.yaml index 567f63a..d05f88c 100644 --- a/hiera/seahorse.yaml +++ b/hiera/seahorse.yaml @@ -24,6 +24,11 @@ mail: smarthost: - octopus.unstable.bitmask.net name: seahorse +obfsproxy: + gateway_address: "199.119.112.13" + scramblesuit: + password: G5AVGZTEL5LTGVLKMV4TS6KVGVSV6X2Q + port: 26098 openvpn: adblock: false allow_limited: false @@ -31,6 +36,7 @@ openvpn: configuration: auth: SHA1 cipher: AES-128-CBC + fragment: 1500 keepalive: "10 30" tls-cipher: DHE-RSA-AES128-SHA tun-ipv6: true @@ -46,6 +52,9 @@ openvpn: second_gateway_address: ~ unlimited_prefix: UNLIMITED user_ips: false +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - openvpn @@ -85,9 +94,12 @@ ssh: enabled: true ports: "60000:61000" port: 4422 +stunnel: + clients: {} + servers: {} tags: - - unstable - dc + - unstable x509: ca_cert: | -----BEGIN CERTIFICATE----- @@ -185,6 +197,9 @@ x509: xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF gkVBxxt/s0R2aKM= -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ dh: | -----BEGIN DH PARAMETERS----- MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb @@ -226,3 +241,4 @@ x509: /D+dY+CRU62HFTIwHXNviqCP0Izmq1Wh/I/LAWpc9uzmOfOcxF63+g== -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/secrets.json b/secrets.json index 6952b95..5036cd5 100644 --- a/secrets.json +++ b/secrets.json @@ -87,6 +87,8 @@ "couch_leap_mx_password_salt": "b4ac83520fa38b3acb722984fe5e3343", "couch_nickserver_password": "PzzQwxCvQLZUxRdS2jshMPN37Ps4qtbH", "couch_nickserver_password_salt": "b54d7b0f595d7318d961c636fb8f5530", + "couch_replication_password": "QgnmZaGgDWkb5ptprsbj9xvfYVWLFUj5", + "couch_replication_password_salt": "01a82aa87990d967cfb81f3ff32f8095", "couch_soledad_password": "35MzsnEEAeHTVNhI_FaCFNS5bhd7RGEf", "couch_soledad_password_salt": "7f725f3cc60c388e9af8140555e09dfa", "couch_tapicero_password": "VwgddQnXRJrbYpZaU3eIcxUHyXJPMIxI", @@ -95,6 +97,8 @@ "couch_webapp_password_salt": "478bf7e8ca879a9711b279055f00153e", "nagios_admin_password": "r35FbwIuktJZXFfbnrVxCh8StDnIzhXj", "nagios_test_password": "SvVjM5NCe2RF6XwTtZ7dGxAZ7E7KeSNS", + "scramblesuit_password_seahorse": "G5AVGZTEL5LTGVLKMV4TS6KVGVSV6X2Q", + "scramblesuit_port_seahorse": 26098, "webapp_secret_token": "aC9zAs6X5YE_9EC_RQckGCFkKfJ4vTAJ" } } |