From 567f414166822c9413df6585617593eec29577ce Mon Sep 17 00:00:00 2001 From: elijah Date: Mon, 24 Nov 2014 14:39:58 -0800 Subject: recompile local nodes using leap_platform:develop --- hiera/couch1.yaml | 55 +++++++++++++++++++----------- hiera/couch2.yaml | 55 +++++++++++++++++++----------- hiera/monitor1.yaml | 12 +++++++ hiera/mx1.yaml | 96 ++++++++++++++++++++++++++++++----------------------- hiera/plain1.yaml | 10 ++++++ hiera/tor1.yaml | 16 +++++++++ hiera/vpn1.yaml | 16 +++++++++ hiera/web1.yaml | 82 +++++++++++++++++++++++++++++---------------- secrets.json | 4 +++ 9 files changed, 238 insertions(+), 108 deletions(-) diff --git a/hiera/couch1.yaml b/hiera/couch1.yaml index 0aef52d..9ab700b 100644 --- a/hiera/couch1.yaml +++ b/hiera/couch1.yaml @@ -8,6 +8,8 @@ couch: epmd_port: 4369 neighbors: - couch2.bitmask.net + master: false + mode: multimaster port: 5984 users: admin: @@ -22,6 +24,10 @@ couch: password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR salt: 73567fc12c27a79152620084e97b4fba username: nickserver + replication: + password: 4DnBJUEXhTgg_BSkIh6KAjyg5cTPp9cG + salt: bba73d9c1682814cb44fab45c4d0edb0 + username: replication soledad: password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7 @@ -67,6 +73,9 @@ mail: smarthost: - mx1.bitmask.net name: couch1 +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - couchdb @@ -116,25 +125,29 @@ ssh: ports: "60000:61000" port: 22 stunnel: - couch_server: - accept: 15984 - connect: "127.0.0.1:5984" - ednp_clients: - couch2_9002: - accept_port: 4001 - connect: couch2.bitmask.i - connect_port: 19002 - ednp_server: - accept: 19002 - connect: "127.0.0.1:9002" - epmd_clients: - couch2_4369: - accept_port: 4000 - connect: couch2.bitmask.i - connect_port: 14369 - epmd_server: - accept: 14369 - connect: "127.0.0.1:4369" + clients: + ednp_clients: + couch2_9002: + accept_port: 4001 + connect: couch2.bitmask.i + connect_port: 19002 + original_port: 9002 + epmd_clients: + couch2_4369: + accept_port: 4000 + connect: couch2.bitmask.i + connect_port: 14369 + original_port: 4369 + servers: + couch_server: + accept_port: 15984 + connect_port: 5984 + ednp_server: + accept_port: 19002 + connect_port: 9002 + epmd_server: + accept_port: 14369 + connect_port: 4369 tags: - local x509: @@ -199,6 +212,9 @@ x509: 7AQ/LsmCL5K6F5OqPAUMwc7w1Jp2CSq0sqBSuyjq5Xaom2eQcRD02c1pcLfJwWRS iEbJwlSbPVGpScfRfoaOlyiH96btwnWvaIBgf3Ii7dLTSc2EIO5s -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAzGNOpJbUz6hQrWmBUgfJPzYfVZhDeEJAalXuuXxlVU1wlsSG @@ -228,3 +244,4 @@ x509: SeSdWAYGKZZAMSQInihge20dMu1TgS7R0ijeAf4LaoMEq3AOkXMf -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/couch2.yaml b/hiera/couch2.yaml index 5b84310..80c365c 100644 --- a/hiera/couch2.yaml +++ b/hiera/couch2.yaml @@ -8,6 +8,8 @@ couch: epmd_port: 4369 neighbors: - couch1.bitmask.net + master: false + mode: multimaster port: 5984 users: admin: @@ -22,6 +24,10 @@ couch: password: bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR salt: 73567fc12c27a79152620084e97b4fba username: nickserver + replication: + password: 4DnBJUEXhTgg_BSkIh6KAjyg5cTPp9cG + salt: bba73d9c1682814cb44fab45c4d0edb0 + username: replication soledad: password: E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp salt: e2b6fa1a29b1afbe1ea4a3f7ec5bacc7 @@ -67,6 +73,9 @@ mail: smarthost: - mx1.bitmask.net name: couch2 +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - couchdb @@ -116,25 +125,29 @@ ssh: ports: "60000:61000" port: 22 stunnel: - couch_server: - accept: 15984 - connect: "127.0.0.1:5984" - ednp_clients: - couch1_9002: - accept_port: 4001 - connect: couch1.bitmask.i - connect_port: 19002 - ednp_server: - accept: 19002 - connect: "127.0.0.1:9002" - epmd_clients: - couch1_4369: - accept_port: 4000 - connect: couch1.bitmask.i - connect_port: 14369 - epmd_server: - accept: 14369 - connect: "127.0.0.1:4369" + clients: + ednp_clients: + couch1_9002: + accept_port: 4001 + connect: couch1.bitmask.i + connect_port: 19002 + original_port: 9002 + epmd_clients: + couch1_4369: + accept_port: 4000 + connect: couch1.bitmask.i + connect_port: 14369 + original_port: 4369 + servers: + couch_server: + accept_port: 15984 + connect_port: 5984 + ednp_server: + accept_port: 19002 + connect_port: 9002 + epmd_server: + accept_port: 14369 + connect_port: 4369 tags: - local x509: @@ -199,6 +212,9 @@ x509: zXhBGqCxzoUZSCaxmCIeRBe18GoWRM0JZnpBbi4K3r3ZOIjzoEUK3L6e0tRkJCNc GXE33HbYQAtwidqDCHrb0LLWJjLeI/10avzPtGr/rqVKYufTRq1b -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAse0pV7xCoGB/dvqmIlc8nY+9/TaKtp/2qfCWAE4fa49vP3NU @@ -228,3 +244,4 @@ x509: balQCbIbD77nO3413Tdg3G0mj6826wrJI4j0jvHk1HU53C7bkaL1dxo= -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/monitor1.yaml b/hiera/monitor1.yaml index 3893d12..9071644 100644 --- a/hiera/monitor1.yaml +++ b/hiera/monitor1.yaml @@ -52,6 +52,11 @@ mail: smarthost: - mx1.bitmask.net nagios: + domains_internal: + - cdev.bitmask.i + - demo.bitmask.i + - dev.bitmask.i + - unstable.bitmask.i hosts: couch1: domain_full_suffix: bitmask.net @@ -113,6 +118,9 @@ nagios: ssh_port: 22 nagiosadmin_pw: Y_uRtQby7LtwXxFRhIv_qVVrwWHzYrQq name: monitor1 +platform: + major_version: "0.6" + version: "0.6" service_type: internal_service services: - monitor @@ -163,6 +171,9 @@ ssh: enabled: true ports: "60000:61000" port: 22 +stunnel: + clients: {} + servers: {} tags: - local x509: @@ -587,3 +598,4 @@ x509: exVX87n7WqrJ9tG9aM0KVRNONhucBKICpzmPCCeFWsehWImIlsfn4nda -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/hiera/mx1.yaml b/hiera/mx1.yaml index 37d5ce6..9bf16bc 100644 --- a/hiera/mx1.yaml +++ b/hiera/mx1.yaml @@ -18,17 +18,21 @@ domain: enabled: true environment: local haproxy: - servers: - couch1: - backup: false - host: localhost - port: 4000 - weight: 10 - couch2: - backup: false - host: localhost - port: 4001 - weight: 10 + couch: + listen_port: 4096 + servers: + couch1: + backup: false + host: localhost + port: 4000 + weight: 10 + writable: true + couch2: + backup: false + host: localhost + port: 4001 + weight: 10 + writable: true hosts: couch1: domain_full: couch1.bitmask.net @@ -48,38 +52,41 @@ mail: smarthost: [] mynetworks: - "176.53.69.127" - - "199.119.112.9" - - "192.168.5.9" - - "176.53.69.23" - - "199.119.112.5" - - "192.168.5.5" + - "176.53.69.13" + - "176.53.69.14" - "176.53.69.21" - - "204.13.164.171" - - "199.119.112.10" + - "176.53.69.22" + - "176.53.69.23" - "192.168.5.10" - - "198.252.153.83" - - "199.119.112.12" - "192.168.5.12" - - "204.13.164.162" - - "198.252.153.82" - - "199.119.112.16" - "192.168.5.16" - - "204.13.164.57" - - "176.53.69.14" - - "199.119.112.19" - "192.168.5.19" - - "176.53.69.13" - - "202.85.227.195" - - "199.119.112.23" - "192.168.5.23" - - "85.17.92.143" - - "176.53.69.22" - - "199.119.112.4" - "192.168.5.4" + - "192.168.5.5" + - "192.168.5.8" + - "192.168.5.9" + - "198.252.153.82" + - "198.252.153.83" - "198.252.153.85" + - "199.119.112.10" + - "199.119.112.12" + - "199.119.112.16" + - "199.119.112.19" + - "199.119.112.23" + - "199.119.112.4" + - "199.119.112.5" - "199.119.112.8" - - "192.168.5.8" + - "199.119.112.9" + - "202.85.227.195" + - "204.13.164.162" + - "204.13.164.171" + - "204.13.164.57" + - "85.17.92.143" name: mx1 +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - mx @@ -121,15 +128,19 @@ ssh: ports: "60000:61000" port: 22 stunnel: - couch_client: - couch1_5984: - accept_port: 4000 - connect: couch1.bitmask.i - connect_port: 15984 - couch2_5984: - accept_port: 4001 - connect: couch2.bitmask.i - connect_port: 15984 + clients: + couch_client: + couch1_5984: + accept_port: 4000 + connect: couch1.bitmask.i + connect_port: 15984 + original_port: 5984 + couch2_5984: + accept_port: 4001 + connect: couch2.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - local x509: @@ -554,3 +565,4 @@ x509: ZxgCM4SPY7CPwZOXfXvV3suBehvJ1FJIWGz45wJAeBvH+sHIlTi4cw== -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/hiera/plain1.yaml b/hiera/plain1.yaml index c9f70c4..0803790 100644 --- a/hiera/plain1.yaml +++ b/hiera/plain1.yaml @@ -20,6 +20,9 @@ mail: smarthost: - mx1.bitmask.net name: plain1 +platform: + major_version: "0.6" + version: "0.6" service_type: internal_service services: [] squid_deb_proxy_client: true @@ -59,6 +62,9 @@ ssh: enabled: true ports: "60000:61000" port: 22 +stunnel: + clients: {} + servers: {} tags: - local x509: @@ -123,6 +129,9 @@ x509: eETeBOj/+0v63CmHRfJ6Z98xO/MJSZFFjGS2//qTIK5xzgv/KGsCc6kAG1hraxQD Kr4RCrkqLyEJCJE59qGTrFnOgSL5Eg/RoCH/VEWLi/ExnlcAjaOlqA== -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA1ziNA/5axlzBHy237cP9U1Fw9flwUp1cxQ5e5lfYHY3qKAvZ @@ -152,3 +161,4 @@ x509: HOV/+qIAtUvR2IkgKg1W26N61zzagmn0aBP+c7EBxEtSOh2+2VHm -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/tor1.yaml b/hiera/tor1.yaml index e29a87b..7363ed3 100644 --- a/hiera/tor1.yaml +++ b/hiera/tor1.yaml @@ -20,6 +20,9 @@ mail: smarthost: - mx1.bitmask.net name: tor1 +platform: + major_version: "0.6" + version: "0.6" service_type: internal_service services: - tor @@ -60,6 +63,9 @@ ssh: enabled: true ports: "60000:61000" port: 22 +stunnel: + clients: {} + servers: {} tags: - local tor: @@ -67,6 +73,12 @@ tor: contacts: - sysdev@leap.se family: "deeruSaR9IekHdQGUGI,hippobagtc8Z3KPmfnT" + hidden_service: + active: ~ + address: ~ + key_type: RSA + private_key: ~ + public_key: ~ nickname: tor1pPXtPbHH5BVHVE2 x509: ca_cert: | @@ -130,6 +142,9 @@ x509: KyFwoPZJ/prUbN7soJcaXfMRwKjKBtAZcfiEIuF/Kj0q0ej3SlIRQn9qQ3kB8gCm rq5L0rF43W9j+Nk6UsuShrFnpNco1oeVupR64lMe/NeS -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ key: | -----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEA22A15S8yonSXCU8U/5UHkTMMgsWpnEwk28+xGzwbRCX5g4dF @@ -159,3 +174,4 @@ x509: FPbeaUQIPPQfHUADhENClQ9eGyeOEj4BUwGbGxyKVBQEeJUO0VsD4eM= -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/vpn1.yaml b/hiera/vpn1.yaml index ec7818b..5d24276 100644 --- a/hiera/vpn1.yaml +++ b/hiera/vpn1.yaml @@ -20,6 +20,11 @@ mail: smarthost: - mx1.bitmask.net name: vpn1 +obfsproxy: + gateway_address: "10.5.5.46" + scramblesuit: + password: I5QUYVTNNJ3XUWKULJBXQ6STIRYHQWTO + port: 18787 openvpn: adblock: false allow_free: true @@ -28,6 +33,7 @@ openvpn: configuration: auth: SHA1 cipher: AES-128-CBC + fragment: 1500 keepalive: "10 30" tls-cipher: DHE-RSA-AES128-SHA tun-ipv6: true @@ -44,6 +50,9 @@ openvpn: second_gateway_address: ~ unlimited_prefix: UNLIMITED user_ips: false +platform: + major_version: "0.6" + version: "0.6" service_type: user_service services: - openvpn @@ -84,6 +93,9 @@ ssh: enabled: true ports: "60000:61000" port: 22 +stunnel: + clients: {} + servers: {} tags: - local x509: @@ -182,6 +194,9 @@ x509: xIAokTRYLx/6lq8bwelCPGVjy7EsGXt9aN+gMb4R3L9vA/NQrXu+dmCJKPE1vUHF gkVBxxt/s0R2aKM= -----END CERTIFICATE----- + commercial_ca_cert: ~ + commercial_cert: ~ + commercial_key: ~ dh: | -----BEGIN DH PARAMETERS----- MIIBngKCAZcAsTaQV6TwbN9PpD6dYdXz0lA0drrXLRvS8rNoMTaDnIv134RwKwsb @@ -223,3 +238,4 @@ x509: 8hacajGZ/d17cG5lIC269f9SeCqCBkg4IjJJA8aPX65M4J1UdF+h -----END RSA PRIVATE KEY----- use: true + use_commercial: false diff --git a/hiera/web1.yaml b/hiera/web1.yaml index cd0130b..62f15c1 100644 --- a/hiera/web1.yaml +++ b/hiera/web1.yaml @@ -124,10 +124,10 @@ development: site_config: true dns: aliases: - - web1.bitmask.net - - bitmask.net - api.bitmask.net + - bitmask.net - nicknym.bitmask.net + - web1.bitmask.net public: true domain: full: web1.bitmask.net @@ -138,17 +138,21 @@ domain: enabled: true environment: local haproxy: - servers: - couch1: - backup: false - host: localhost - port: 4000 - weight: 10 - couch2: - backup: false - host: localhost - port: 4001 - weight: 10 + couch: + listen_port: 4096 + servers: + couch1: + backup: false + host: localhost + port: 4000 + weight: 10 + writable: true + couch2: + backup: false + host: localhost + port: 4001 + weight: 10 + writable: true hosts: couch1: domain_full: couch1.bitmask.net @@ -175,6 +179,9 @@ nickserver: username: nickserver domain: nicknym.bitmask.net port: 6425 +platform: + major_version: "0.6" + version: "0.6" service_type: public_service services: - webapp @@ -216,28 +223,33 @@ ssh: ports: "60000:61000" port: 22 stunnel: - couch_client: - couch1_5984: - accept_port: 4000 - connect: couch1.bitmask.i - connect_port: 15984 - couch2_5984: - accept_port: 4001 - connect: couch2.bitmask.i - connect_port: 15984 + clients: + couch_client: + couch1_5984: + accept_port: 4000 + connect: couch1.bitmask.i + connect_port: 15984 + original_port: 5984 + couch2_5984: + accept_port: 4001 + connect: couch2.bitmask.i + connect_port: 15984 + original_port: 5984 + servers: {} tags: - local webapp: admins: + - azul - elijah - - varac - - micah - kwadronaut - mcnair - meanderingcode - - azul + - micah + - varac allow_anonymous_certs: false allow_limited_certs: false + allow_registration: true allow_unlimited_certs: true api_version: 1 client_certificates: @@ -253,16 +265,29 @@ webapp: password: pg9XGGdt4Dr3WcM9PYDqMmxxKHTpvsc9 salt: 7e8868f8c4775290fd37d2f520d13672 username: webapp - customization_dir: /etc/leap/files/webapp/ + customization_dir: /srv/leap/files/webapp/ default_service_level: 1 domain: bitmask.net + engines: + - support + forbidden_usernames: + - admin + - administrator + - arin-admin + - certmaster + - contact + - info + - maildrop + - postmaster + - ssladmin + - www-data git: - revision: origin/master + revision: origin/version/0.6 source: "https://leap.se/git/leap_web" modules: - - user - billing - help + - user nagios_test_user: password: uI_cYvPGNDZrcXTVLH_x88QFWjJ2yCZT username: nagios_test @@ -696,3 +721,4 @@ x509: E4LfGgOC9CfxpTJOZIJM/4jTiozg/fVedFIuAqdDpgKAUiWNBbhheQ== -----END RSA PRIVATE KEY----- use: true + use_commercial: true diff --git a/secrets.json b/secrets.json index 6030ef7..6952b95 100644 --- a/secrets.json +++ b/secrets.json @@ -64,6 +64,8 @@ "couch_leap_mx_password_salt": "071d214afa9e7cfb9cba66575817f6fe", "couch_nickserver_password": "bJFrsP5dXGuegQIT5jZXMYMITpT5w5YR", "couch_nickserver_password_salt": "73567fc12c27a79152620084e97b4fba", + "couch_replication_password": "4DnBJUEXhTgg_BSkIh6KAjyg5cTPp9cG", + "couch_replication_password_salt": "bba73d9c1682814cb44fab45c4d0edb0", "couch_soledad_password": "E9at8FUjuxTEJEPEvACk9DWjWnR5rbKp", "couch_soledad_password_salt": "e2b6fa1a29b1afbe1ea4a3f7ec5bacc7", "couch_tapicero_password": "fCffkJygcPHSRmTePxXeAMSP6uQSQKnR", @@ -72,6 +74,8 @@ "couch_webapp_password_salt": "7e8868f8c4775290fd37d2f520d13672", "nagios_admin_password": "Y_uRtQby7LtwXxFRhIv_qVVrwWHzYrQq", "nagios_test_password": "uI_cYvPGNDZrcXTVLH_x88QFWjJ2yCZT", + "scramblesuit_password_vpn1": "I5QUYVTNNJ3XUWKULJBXQ6STIRYHQWTO", + "scramblesuit_port_vpn1": 18787, "tor_family": "p_PXtPbHH5BVHVE2GamSuwjaKVYQjJKS", "webapp_secret_token": "btsFN6UD9nfP4SAWDYMmuMkgRTL5WW7E" }, -- cgit v1.2.3