From 03cb86859d9f55c6f8089b56bb41da3d1d86054e Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 1 Dec 2014 12:10:25 -0800 Subject: recompile demo --- hiera/ant.yaml | 58 ++++++++++++++++++++---------- hiera/hippo.yaml | 24 ++++++++++++- hiera/leech.yaml | 99 ++++++++++++++++++++++++++++++---------------------- hiera/millipede.yaml | 16 +++++++++ hiera/thrips.yaml | 58 ++++++++++++++++++++---------- hiera/wallaby.yaml | 85 +++++++++++++++++++++++++++++--------------- 6 files changed, 231 insertions(+), 109 deletions(-) diff --git a/hiera/ant.yaml b/hiera/ant.yaml index 59e9afd..4b23333 100644 --- a/hiera/ant.yaml +++ b/hiera/ant.yaml @@ -8,6 +8,8 @@ couch: epmd_port: 4369 neighbors: - thrips.demo.bitmask.net + master: false + mode: multimaster port: 5984 users: admin: @@ -22,6 +24,10 @@ couch: password: CyhRSafC4SUGQ9F762Qfv3TPQDqTjn2G salt: e3ee9259723d0cbd8b3265dbe8b4e21e username: nickserver + replication: + password: pIUMKmtMce6XWxaNKbtdRvYaEpNufs69 + salt: 98a12f73893ac2e438f9ec18fd19c62c + username: replication soledad: password: cGqWZqTdFc_fuSZvfPtUTL_7uMA6d5YC salt: 514355e86f1d3fa4de42b677de21281d @@ -54,16 +60,19 @@ hosts: domain_internal: ant.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGDhCu92zulHOAhv63sTLnxPQrP+GxbWC4YUxonYOiWKaI/oS5soH5vfgI0/kkzZgA044F6ZyWo5S5dEwz4AEI=" ip_address: "198.252.153.82" + port: 4422 leech: domain_full: leech.demo.bitmask.net domain_internal: leech.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiT3/fejkQIAny1f71ijFYaSEcYho6gR10z20ctmLumV3pHtXcFXtHqzAFJ07txANyef5P/yiIOl+/x/uRANjo=" ip_address: "198.252.153.85" + port: 4422 thrips: domain_full: thrips.demo.bitmask.net domain_internal: thrips.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIJHNnsfeuNBkVRm7cJvgD0rTX1wztnoz9SuHK2vJ9Pcluo8VfFoQrwayoFiAPJNC0dOoSra0Ir9L/eNQtjEzW0=" ip_address: "204.13.164.162" + port: 4422 ip_address: "198.252.153.82" location: country_code: US @@ -74,6 +83,9 @@ mail: smarthost: - leech.demo.bitmask.net name: ant +platform: + major_version: "0.6" + version: "0.6" service_type: internal_service services: - couchdb @@ -114,25 +126,29 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_server: - accept: 15984 - connect: "127.0.0.1:5984" - ednp_clients: - thrips_9002: - accept_port: 4001 - connect: thrips.demo.bitmask.i - connect_port: 19002 - ednp_server: - accept: 19002 - connect: "127.0.0.1:9002" - epmd_clients: - thrips_4369: - accept_port: 4000 - connect: thrips.demo.bitmask.i - connect_port: 14369 - epmd_server: - accept: 14369 - connect: "127.0.0.1:4369" + clients: + ednp_clients: + thrips_9002: + accept_port: 4001 + connect: thrips.demo.bitmask.i + connect_port: 19002 + original_port: 9002 + epmd_clients: + thrips_4369: + accept_port: 4000 + connect: thrips.demo.bitmask.i + connect_port: 14369 + original_port: 4369 + servers: + couch_server: + accept_port: 15984 + connect_port: 5984 + ednp_server: + accept_port: 19002 + connect_port: 9002 + epmd_server: + accept_port: 14369 + connect_port: 4369 tags: - demo - seattle @@ -198,6 +214,9 @@ x509: BQxrMTmmPg9p/pQgsRd0zrMBAHVVOWIUdEvMe9d6JMsHabOsDG+nySGrDAgTuBf3 Eqk8NgcHUMUFnnESUmcKjsMsn/fSQceYG06R8nNBsq1vpH9Vv+7kvgJx4WQCjg== -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAms2pFpXAyOqZ54YccmnQBFYTXQAdqCs5mpr0xSOPwI9J25nn @@ -227,3 +246,4 @@ x509: /DVs7/l3QcdZumI+MVs1fSMQWAvad7PSC5GOr7s1KcMxi0nHkFZ1de0= -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/hippo.yaml b/hiera/hippo.yaml index 0a6adec..110fc7a 100644 --- a/hiera/hippo.yaml +++ b/hiera/hippo.yaml @@ -24,6 +24,11 @@ mail: smarthost: - leech.demo.bitmask.net name: hippo +obfsproxy: + gateway_address: "85.17.92.167" + scramblesuit: + password: KYZGWX27KJDGGYSIM5YUMZ3GMZNFCMTH + port: 19378 openvpn: adblock: false allow_limited: false @@ -31,6 +36,7 @@ openvpn: configuration: auth: SHA1 cipher: AES-128-CBC + fragment: 1500 keepalive: "10 30" tls-cipher: DHE-RSA-AES128-SHA tun-ipv6: true @@ -46,6 +52,9 @@ openvpn: second_gateway_address: ~ unlimited_prefix: UNLIMITED user_ips: false +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - openvpn @@ -86,14 +95,23 @@ ssh: enabled: true ports: "60000:61000" port: 4422 +stunnel: + clients: {} + servers: {} tags: - - demo - amsterdam + - demo tor: bandwidth_rate: 100 contacts: - sysdev@leap.se family: "deeruSaR9IekHdQGUGI,hippobagtc8Z3KPmfnT" + hidden_service: + active: ~ + address: ~ + key_type: RSA + private_key: ~ + public_key: ~ nickname: hippobagtc8Z3KPmfnT x509: ca_cert: | @@ -192,6 +210,9 @@ x509: xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF gkVBxxt/s0R2aKM= -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ dh: | -----BEGIN DH PARAMETERS----- MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb @@ -233,3 +254,4 @@ x509: Dqxr7d6Ded5Witr98xqbbXZLkwf/iUHAwT9xTnFD+2mfRIwN3ifYSA== -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/leech.yaml b/hiera/leech.yaml index a068eae..025e994 100644 --- a/hiera/leech.yaml +++ b/hiera/leech.yaml @@ -18,33 +18,40 @@ domain: enabled: true environment: demo haproxy: - servers: - ant: - backup: false - host: localhost - port: 4000 - weight: 100 - thrips: - backup: false - host: localhost - port: 4001 - weight: 100 + couch: + listen_port: 4096 + servers: + ant: + backup: false + host: localhost + port: 4000 + weight: 100 + writable: true + thrips: + backup: false + host: localhost + port: 4001 + weight: 100 + writable: true hosts: ant: domain_full: ant.demo.bitmask.net domain_internal: ant.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGDhCu92zulHOAhv63sTLnxPQrP+GxbWC4YUxonYOiWKaI/oS5soH5vfgI0/kkzZgA044F6ZyWo5S5dEwz4AEI=" ip_address: "198.252.153.82" + port: 4422 leech: domain_full: leech.demo.bitmask.net domain_internal: leech.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiT3/fejkQIAny1f71ijFYaSEcYho6gR10z20ctmLumV3pHtXcFXtHqzAFJ07txANyef5P/yiIOl+/x/uRANjo=" ip_address: "198.252.153.85" + port: 4422 thrips: domain_full: thrips.demo.bitmask.net domain_internal: thrips.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIJHNnsfeuNBkVRm7cJvgD0rTX1wztnoz9SuHK2vJ9Pcluo8VfFoQrwayoFiAPJNC0dOoSra0Ir9L/eNQtjEzW0=" ip_address: "204.13.164.162" + port: 4422 ip_address: "198.252.153.85" location: country_code: US @@ -55,38 +62,41 @@ mail: smarthost: [] mynetworks: - "176.53.69.127" - - "199.119.112.9" - - "192.168.5.9" - - "176.53.69.23" - - "199.119.112.5" - - "192.168.5.5" + - "176.53.69.13" + - "176.53.69.14" - "176.53.69.21" - - "204.13.164.171" - - "199.119.112.10" + - "176.53.69.22" + - "176.53.69.23" - "192.168.5.10" - - "198.252.153.83" - - "199.119.112.12" - "192.168.5.12" - - "204.13.164.162" - - "198.252.153.82" - - "199.119.112.16" - "192.168.5.16" - - "204.13.164.57" - - "176.53.69.14" - - "199.119.112.19" - "192.168.5.19" - - "176.53.69.13" - - "202.85.227.195" - - "199.119.112.23" - "192.168.5.23" - - "85.17.92.143" - - "176.53.69.22" - - "199.119.112.4" - "192.168.5.4" + - "192.168.5.5" + - "192.168.5.8" + - "192.168.5.9" + - "198.252.153.82" + - "198.252.153.83" - "198.252.153.85" + - "199.119.112.10" + - "199.119.112.12" + - "199.119.112.16" + - "199.119.112.19" + - "199.119.112.23" + - "199.119.112.4" + - "199.119.112.5" - "199.119.112.8" - - "192.168.5.8" + - "199.119.112.9" + - "202.85.227.195" + - "204.13.164.162" + - "204.13.164.171" + - "204.13.164.57" + - "85.17.92.143" name: leech +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - mx @@ -127,15 +137,19 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_client: - ant_5984: - accept_port: 4000 - connect: ant.demo.bitmask.i - connect_port: 15984 - thrips_5984: - accept_port: 4001 - connect: thrips.demo.bitmask.i - connect_port: 15984 + clients: + couch_client: + ant_5984: + accept_port: 4000 + connect: ant.demo.bitmask.i + connect_port: 15984 + original_port: 5984 + thrips_5984: + accept_port: 4001 + connect: thrips.demo.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - demo - seattle @@ -562,3 +576,4 @@ x509: aqXFA4DlcGkygA40hl2lB5NJbQVSHXXjgpAb395dasMyH8cblC34Lw== -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/hiera/millipede.yaml b/hiera/millipede.yaml index 6fdbf6b..d11ee68 100644 --- a/hiera/millipede.yaml +++ b/hiera/millipede.yaml @@ -24,6 +24,11 @@ mail: smarthost: - leech.demo.bitmask.net name: millipede +obfsproxy: + gateway_address: "198.252.153.84" + scramblesuit: + password: NVGFENCOPJDGCRLZHFGFMWRSG5YVSVSF + port: 31278 openvpn: adblock: false allow_limited: false @@ -31,6 +36,7 @@ openvpn: configuration: auth: SHA1 cipher: AES-128-CBC + fragment: 1500 keepalive: "10 30" tls-cipher: DHE-RSA-AES128-SHA tun-ipv6: true @@ -46,6 +52,9 @@ openvpn: second_gateway_address: ~ unlimited_prefix: UNLIMITED user_ips: false +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - openvpn @@ -85,6 +94,9 @@ ssh: enabled: true ports: "60000:61000" port: 4422 +stunnel: + clients: {} + servers: {} tags: - demo - seattle @@ -185,6 +197,9 @@ x509: xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF gkVBxxt/s0R2aKM= -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ dh: | -----BEGIN DH PARAMETERS----- MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb @@ -226,3 +241,4 @@ x509: WVHhd08IF7vrVOiHIn3TeXsSRV+RR079ikzCTc7ueaZhHMlg/p0= -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/thrips.yaml b/hiera/thrips.yaml index 6d916bc..62ab355 100644 --- a/hiera/thrips.yaml +++ b/hiera/thrips.yaml @@ -9,6 +9,8 @@ couch: epmd_port: 4369 neighbors: - ant.demo.bitmask.net + master: false + mode: multimaster port: 5984 users: admin: @@ -23,6 +25,10 @@ couch: password: CyhRSafC4SUGQ9F762Qfv3TPQDqTjn2G salt: e3ee9259723d0cbd8b3265dbe8b4e21e username: nickserver + replication: + password: pIUMKmtMce6XWxaNKbtdRvYaEpNufs69 + salt: 98a12f73893ac2e438f9ec18fd19c62c + username: replication soledad: password: cGqWZqTdFc_fuSZvfPtUTL_7uMA6d5YC salt: 514355e86f1d3fa4de42b677de21281d @@ -55,16 +61,19 @@ hosts: domain_internal: ant.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGDhCu92zulHOAhv63sTLnxPQrP+GxbWC4YUxonYOiWKaI/oS5soH5vfgI0/kkzZgA044F6ZyWo5S5dEwz4AEI=" ip_address: "198.252.153.82" + port: 4422 leech: domain_full: leech.demo.bitmask.net domain_internal: leech.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiT3/fejkQIAny1f71ijFYaSEcYho6gR10z20ctmLumV3pHtXcFXtHqzAFJ07txANyef5P/yiIOl+/x/uRANjo=" ip_address: "198.252.153.85" + port: 4422 thrips: domain_full: thrips.demo.bitmask.net domain_internal: thrips.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIJHNnsfeuNBkVRm7cJvgD0rTX1wztnoz9SuHK2vJ9Pcluo8VfFoQrwayoFiAPJNC0dOoSra0Ir9L/eNQtjEzW0=" ip_address: "204.13.164.162" + port: 4422 ip_address: "204.13.164.162" location: country_code: US @@ -75,6 +84,9 @@ mail: smarthost: - leech.demo.bitmask.net name: thrips +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - couchdb @@ -123,25 +135,29 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_server: - accept: 15984 - connect: "127.0.0.1:5984" - ednp_clients: - ant_9002: - accept_port: 4001 - connect: ant.demo.bitmask.i - connect_port: 19002 - ednp_server: - accept: 19002 - connect: "127.0.0.1:9002" - epmd_clients: - ant_4369: - accept_port: 4000 - connect: ant.demo.bitmask.i - connect_port: 14369 - epmd_server: - accept: 14369 - connect: "127.0.0.1:4369" + clients: + ednp_clients: + ant_9002: + accept_port: 4001 + connect: ant.demo.bitmask.i + connect_port: 19002 + original_port: 9002 + epmd_clients: + ant_4369: + accept_port: 4000 + connect: ant.demo.bitmask.i + connect_port: 14369 + original_port: 4369 + servers: + couch_server: + accept_port: 15984 + connect_port: 5984 + ednp_server: + accept_port: 19002 + connect_port: 9002 + epmd_server: + accept_port: 14369 + connect_port: 4369 tags: - demo - seattle @@ -208,6 +224,9 @@ x509: bbeVsHat97eo2210j/wOQUxoGYzUq4WVKoCbQFfAhf/ksXhNn6mBBCuhCDp/Mu09 s0n2njL9 -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEA9TdRRiX7Ia4yRKvGpRuV7Ff/iS29eFdddwSYg+uPSRm4Hn4f @@ -237,3 +256,4 @@ x509: GaBuHcOkEMwibPgxyoBZLPlS4/Au7MZLRTRqGoo8N1vl0x71mhA= -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/wallaby.yaml b/hiera/wallaby.yaml index d240647..6a55c6d 100644 --- a/hiera/wallaby.yaml +++ b/hiera/wallaby.yaml @@ -161,10 +161,10 @@ development: site_config: true dns: aliases: - - wallaby.demo.bitmask.net - - demo.bitmask.net - api.demo.bitmask.net + - demo.bitmask.net - nicknym.demo.bitmask.net + - wallaby.demo.bitmask.net public: true domain: full: wallaby.demo.bitmask.net @@ -175,33 +175,40 @@ domain: enabled: true environment: demo haproxy: - servers: - ant: - backup: false - host: localhost - port: 4000 - weight: 100 - thrips: - backup: false - host: localhost - port: 4001 - weight: 100 + couch: + listen_port: 4096 + servers: + ant: + backup: false + host: localhost + port: 4000 + weight: 100 + writable: true + thrips: + backup: false + host: localhost + port: 4001 + weight: 100 + writable: true hosts: ant: domain_full: ant.demo.bitmask.net domain_internal: ant.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBGDhCu92zulHOAhv63sTLnxPQrP+GxbWC4YUxonYOiWKaI/oS5soH5vfgI0/kkzZgA044F6ZyWo5S5dEwz4AEI=" ip_address: "198.252.153.82" + port: 4422 leech: domain_full: leech.demo.bitmask.net domain_internal: leech.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCiT3/fejkQIAny1f71ijFYaSEcYho6gR10z20ctmLumV3pHtXcFXtHqzAFJ07txANyef5P/yiIOl+/x/uRANjo=" ip_address: "198.252.153.85" + port: 4422 thrips: domain_full: thrips.demo.bitmask.net domain_internal: thrips.demo.bitmask.i host_pub_key: "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIJHNnsfeuNBkVRm7cJvgD0rTX1wztnoz9SuHK2vJ9Pcluo8VfFoQrwayoFiAPJNC0dOoSra0Ir9L/eNQtjEzW0=" ip_address: "204.13.164.162" + port: 4422 ip_address: "204.13.164.57" location: country_code: US @@ -219,6 +226,9 @@ nickserver: username: nickserver domain: nicknym.demo.bitmask.net port: 6425 +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - webapp @@ -259,29 +269,34 @@ ssh: ports: "60000:61000" port: 4422 stunnel: - couch_client: - ant_5984: - accept_port: 4000 - connect: ant.demo.bitmask.i - connect_port: 15984 - thrips_5984: - accept_port: 4001 - connect: thrips.demo.bitmask.i - connect_port: 15984 + clients: + couch_client: + ant_5984: + accept_port: 4000 + connect: ant.demo.bitmask.i + connect_port: 15984 + original_port: 5984 + thrips_5984: + accept_port: 4001 + connect: thrips.demo.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - demo - seattle webapp: admins: + - azul - elijah - - varac - - micah - kwadronaut - mcnair - meanderingcode - - azul + - micah + - varac allow_anonymous_certs: true allow_limited_certs: false + allow_registration: true allow_unlimited_certs: true api_version: 1 client_certificates: @@ -297,16 +312,29 @@ webapp: password: LH5DH5rbLZs7zuCaIgWpDAetDpLvUAHg salt: c632af58769857bcdf108b46da9eaa44 username: webapp - customization_dir: /etc/leap/files/webapp/ + customization_dir: /srv/leap/files/webapp/ default_service_level: 1 domain: demo.bitmask.net + engines: + - support + forbidden_usernames: + - admin + - administrator + - arin-admin + - certmaster + - contact + - info + - maildrop + - postmaster + - ssladmin + - www-data git: - revision: origin/master + revision: origin/version/0.6 source: "https://leap.se/git/leap_web" modules: - - user - billing - help + - user nagios_test_user: password: CsdFzBeYX6bepZdbzvaN6Dbu5NPz6Ycv username: nagios_test @@ -741,3 +769,4 @@ x509: /76btyS2OfJe1Jcz43JX5/RD90q3Uo6Yi0j4NZwQb6TvFRyXnW5p2g== -----END RSA PRIVATE KEY----- use: true + use_commercial: true -- cgit v1.2.3