diff options
Diffstat (limited to 'hiera/web1.yaml')
-rw-r--r-- | hiera/web1.yaml | 176 |
1 files changed, 169 insertions, 7 deletions
diff --git a/hiera/web1.yaml b/hiera/web1.yaml index 412f6dc..80cc2da 100644 --- a/hiera/web1.yaml +++ b/hiera/web1.yaml @@ -169,11 +169,106 @@ hosts: domain_internal: mx1.bitmask.i ip_address: "10.5.5.51" port: 22 + plain1: + domain_full: plain1.bitmask.net + domain_internal: plain1.bitmask.i + ip_address: "10.5.5.53" + port: 22 + tor1: + domain_full: tor1.bitmask.net + domain_internal: tor1.bitmask.i + ip_address: "10.5.5.50" + port: 22 + vpn1: + domain_full: vpn1.bitmask.net + domain_internal: vpn1.bitmask.i + ip_address: "10.5.5.45" + port: 22 + web1: + domain_full: web1.bitmask.net + domain_internal: web1.bitmask.i + ip_address: "10.5.5.47" + port: 22 ip_address: "10.5.5.47" location: ~ mail: smarthost: - mx1.bitmask.net +nagios: + domains_internal: + - bitmask.i + environments: + local: + contact_emails: + - sysdev@leap.se + hosts: + couch1: + domain_full_suffix: bitmask.net + domain_internal: couch1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.44" + services: + - couchdb + - soledad + ssh_port: 22 + couch2: + domain_full_suffix: bitmask.net + domain_internal: couch2.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.52" + services: + - couchdb + - soledad + ssh_port: 22 + mx1: + domain_full_suffix: bitmask.net + domain_internal: mx1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.51" + services: + - mx + ssh_port: 22 + plain1: + domain_full_suffix: bitmask.net + domain_internal: plain1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.53" + services: [] + ssh_port: 22 + tor1: + domain_full_suffix: bitmask.net + domain_internal: tor1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.50" + services: + - tor + ssh_port: 22 + vpn1: + domain_full_suffix: bitmask.net + domain_internal: vpn1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.45" + openvpn_gateway_address: "10.5.5.46" + services: + - openvpn + ssh_port: 22 + web1: + domain_full_suffix: bitmask.net + domain_internal: web1.bitmask.i + domain_internal_suffix: bitmask.i + environment: local + ip_address: "10.5.5.47" + services: + - monitor + - webapp + ssh_port: 22 + nagiosadmin_pw: Y_uRtQby7LtwXxFRhIv_qVVrwWHzYrQq name: web1 nickserver: couchdb_nickserver_user: @@ -183,11 +278,37 @@ nickserver: domain: nicknym.bitmask.net port: 6425 platform: - major_version: "0.6" - version: "0.6" + major_version: "0.7" + version: "0.7" service_type: public_service services: + - monitor - webapp +sources: + apt: + backports: "http://httpredir.debian.org/debian/" + basic: "http://httpredir.debian.org/debian/" + security: "http://security.debian.org/" + leap-mx: + package: leap-mx + revision: latest + type: apt + nickserver: + revision: origin/master + source: "https://leap.se/git/nickserver" + type: git + soledad: + package: soledad-server + revision: latest + type: apt + tapicero: + revision: origin/version/0.7 + source: "https://leap.se/git/tapicero" + type: git + webapp: + revision: origin/version/0.7 + source: "https://leap.se/git/leap_web" + type: git squid_deb_proxy_client: true ssh: authorized_keys: @@ -212,6 +333,9 @@ ssh: kwadronaut: key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDbZEkLGBE/VX9B+DhqAkWZMUc4HxxjyW0x1e2KRNWhrXY0nlLfl7d4OFdCMxy1nzVrCvfmdfP3tDrpPmeMrjqotWbgzhSIG63KhnVcVH6TouZ0NbsVMrNh/LscwlHr7sGoXjCOjHmuZMIr4Wfsasj1xvsgLUwUCIeXI8AXoaggBo2CGSDLtWpGO8aYcS4rVymxAXMwDf2s3cNXLbUQRb1o2Hx8VvGEYNRnrJzyPJKOEqJ7/xfnj0Ukdv3NY4sYfP0A41afcm0yZc1dxTZwletBB59szaN+APRT/TpbCQJqkcVnhNgKpv74pPTvQ/Kcr7hrmbTcpHxBF6BRElGiE8FQW/6NQpi+9PGd9AiRlAw/ZeGvMv/youfWnsgVXshlz50/PgRJNoHGz6DxR6sPulU/gpPpyWi4yy+bo3xUoa3jm1utlpoC+aO3wtYlQbS0ccmhDQwkyqLP09Yn9rTv30ZMNaCtUYX69Ju0adczaT9fIhbdbnuUpuhwrFX92Qy1W61mGFj3KkJcEj1vrJVncN8C56X/V936qzfRFr4ug9KgcN3dNJ0ISxzj5JUU1y+KJfVuTIAVxBO+OmVWH84AW44sYXps6b+kXoTU0Em8HfpBrRhhsbLXu0xyfAbRaA/P7/WDOlv9cLsgtg3VI9IBoZY6hlB8JhcJ8UhkiTgZE+WiLw== type: ssh-rsa + meskio: + key: AAAAB3NzaC1yc2EAAAABIwAAAQEAxonQ1Z9ogZEG74osrapyc793rSkmPcReOBaA8pvxjtXi8C09Z4lYtim/aRBZzHlYPhXXIXTxYDwuA9Yd09dYUue/UuiPU1CwhJdXQKLW9g3+2agDr54dPO7dZ+NTSLKYH8End/Hm5GnQZo30sTxCRGkY4ehllUk1PMAqB3ADJyNNMehuwUbRDKx62KVruGpPZk2Ab1TYh++YChRM8sFDj+uO+CnXQSrOElVU7+DXTWgUWsCYSHTsvs0RHs/NiLggZ2/0qLTPyc6Hp69rMbHDMnz989Ib1VhY/K6MC050VR3t/1SyV7Jec4wyb7wwuIuA9UFeDhvKZtRa8fPHz3Iq+w== + type: ssh-rsa micah: key: AAAAB3NzaC1yc2EAAAADAQABAAACAQCx5Mo91TQoTMb1tTpX8sqVXkZXTHvRfvj3m9Tzq1M+W+uBInaZG8KYfws+qzyfzKrJYC9sNK1NW83TEyefdCON78dLkOyEft2DIZ8/2FAtjGYBA9DiUPlgHvRMsoYxk8E2KhGK6GAHO8rD/6aewyu9/REtmzcm059lj5qMpASv1x+fQb/9tLJbwJ/PEfw9a0UgpPqSNTrFGAoxNcRgSWOT6NfTEmAM5VS3V6nZaI+wLS649YrqaxIQOTUgLREBVermepyyteavXJJfT8gTv9diBKyHC7rjlDF5Aca4b1PYBwYnxLVUr6onPJBqrmfKvJ3G5F4RfaerizW+txcL9iSou9Mk3FIzV0E5Uj8tpVdCqp19w/w/N0eiDroez0WpBdO/pqjcRGLctrGYzjEPtrOE2KUsAgdmVqGFbcL+DBpN/oILPv4CbnJeQWySBtsOoHaawvB0ZFbMwrCffHsgGfqTEhh3XGevtObCLN2RjZQ5cq1uH5J9iXkg914XK4f/ODZVVT2IPcv5KJLiu0XFDSfIME+GRSZG0pMVdgik/FtjazxwZTCAvRjd5chbI52QSUhp/lxPI0pZKMw+U9b2e4fKB92j72C4Ynjpn7eN5UKv/deWgQohFhaGeBvK93tHQdNmnjYXGu7mCsQdXOgdopdMmeZmmW5mm5FoVUZl8Jl3tw== type: ssh-rsa @@ -221,6 +345,16 @@ ssh: varac: key: AAAAB3NzaC1yc2EAAAABIwAAAgEAnMA/JCaz/BMTZqhW+/h06ZZewhaYqMrmrgwXI1Ui6r9QkGzPy89ZB+86LV/tvZOJSWsT/CfN+zqRqDRH8ApnOuXsnmU1BF+Y/dXpLH8Z7t52yBwCVpQII4m29zZT9mfcyb5ZV6Rxh+BOChFERPkZwQJaMI9KU4nkmcKvgpOEbPfvXrv7aYy+G1YddMfmitWKpljL4VB+DVuKh7/Csxs9B8g8wy261rbVJDCvP2cblFA6nAuxk0UB/UFgA9VgjoNA/s2cXIsPDFvvHKoy6bDN0V7CQr3391eGv66KCoQIPCIkI6PY2MImA+Lx1jYQwEQUIJVm/KbuPFrm0GF/LSs5T+mNcFTyU+saSCOi1sxkCNtAikvvjzk9xg0W6RkR9ITZy3+3cKPhbHCd1qOMAxVvMCrN5s+bK2Ps5+wE1pxxz//owcRgsR0yk3kg/V5h716qL5EaWyh5XJoWbrlwzrXLW9ofceGBmqYv7dLKrXd3hwCzJqdZVtWSTePz1gB84rgCAwXhjofY3mwXSRjqQCu9RTImSpepKRCAEBujMHCK38aXR1IAXbenOWCQso05gMFdtlHY7DfvtmsT0xElbQXztKCBqtNrYoDf1+eQBOpveCK4n0gSivmo2NqDkw8R+1nW+CMo6eO3Qsfc3BXkJyufcOCsDjg1IXOP/fhWeNXqSL8= type: ssh-rsa + monitor: + private_key: | + -----BEGIN EC PRIVATE KEY----- + MIHcAgEBBEIB8oVl77M1F7vixWTiW3WkRD3wdxh+sNqwnOtvRkM8PLBtBhYh5i5o + v65G3NivSKt/x4qeG2K9is5f2WogrCNUJjOgBwYFK4EEACOhgYkDgYYABAFqCXla + YmqZqbefpMBaMPqzjhYNaxejlOX/x8YCXsDN2HMfeb/E/FYfpEPCuLVJ5Z0aDkp7 + 6JL9i1CX/9Rcbq4DEQEc6vkEv79MOI2jfUCVVeWRcybvRK0YAT9eQK59+FgNDbEo + 2NCUWBRvKd+8TjzZ7GtCLDnGd6+gkr6orkiA3uus/A== + -----END EC PRIVATE KEY----- + username: monitor mosh: enabled: true ports: "60000:61000" @@ -258,12 +392,16 @@ webapp: client_certificates: bit_size: 2048 digest: SHA256 - life_span: 2m + life_span: "2 months" limited_prefix: LIMITED unlimited_prefix: UNLIMITED client_version: max: ~ - min: "0.5" + min: "0.7" + couchdb_admin_user: + password: _Bn6AqU54shspQxbnsQTpRySjLQKTjBh + salt: 3195fb6efdbf4b4825026116d5aaabfe + username: admin couchdb_webapp_user: password: pg9XGGdt4Dr3WcM9PYDqMmxxKHTpvsc9 salt: 7e8868f8c4775290fd37d2f520d13672 @@ -276,17 +414,41 @@ webapp: forbidden_usernames: - admin - administrator + - administrators + - admins - arin-admin - certmaster - contact + - email + - help + - help-desk + - help-ticket + - help-tickets + - help_desk + - help_ticket + - help_tickets + - helpdesk + - helpticket + - helptickets - info + - mail - maildrop + - noreply + - owner + - owners - postmaster + - reply + - robot - ssladmin + - staff + - support + - tech-support + - tech_support + - techsupport + - ticket + - tickets + - vmail - www-data - git: - revision: origin/version/0.6 - source: "https://leap.se/git/leap_web" modules: - billing - help |