summaryrefslogtreecommitdiff
path: root/provider_base/services
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2017-11-28 11:35:01 -0500
committerMicah Anderson <micah@riseup.net>2017-11-28 11:35:01 -0500
commit0d251e2ceddd3e02ed8bba8725830689dbdd1397 (patch)
tree37d7096d9e458ca1e6431dff8a2f571553011c44 /provider_base/services
parent93a181d44e2d8163ae44945aac1b6477e268170d (diff)
parentbf6c56d86c7ba45e7ca766d990a9e9162025e5ac (diff)
Merge tag 'refs/tags/0.10.0' into stable
Release 0.10.0
Diffstat (limited to 'provider_base/services')
-rw-r--r--provider_base/services/_tor_common.json8
-rw-r--r--provider_base/services/mx.json8
-rw-r--r--provider_base/services/static.rb4
-rw-r--r--provider_base/services/tor.json3
-rw-r--r--provider_base/services/tor_exit.json5
-rw-r--r--provider_base/services/tor_exit.rb6
-rw-r--r--provider_base/services/tor_hidden_service.json12
-rw-r--r--provider_base/services/tor_hidden_service.rb4
-rw-r--r--provider_base/services/tor_relay.json5
-rw-r--r--provider_base/services/tor_relay.rb6
-rw-r--r--provider_base/services/webapp.json12
-rw-r--r--provider_base/services/webapp.rb2
12 files changed, 58 insertions, 17 deletions
diff --git a/provider_base/services/_tor_common.json b/provider_base/services/_tor_common.json
new file mode 100644
index 00000000..461232dc
--- /dev/null
+++ b/provider_base/services/_tor_common.json
@@ -0,0 +1,8 @@
+{
+ "tor": {
+ "type": "disabled",
+ "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten",
+ "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]",
+ "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')"
+ }
+}
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index c7e99d85..480d7c6e 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -19,17 +19,12 @@
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
}
},
- "haproxy": {
- "couch": {
- "listen_port": 4096,
- "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
- }
- },
"couchdb_leap_mx_user": {
"username": "= global.services[:couchdb].couch.users[:leap_mx].username",
"password": "= secret :couch_leap_mx_password",
"salt": "= hex_secret :couch_leap_mx_password_salt, 128"
},
+ "couchdb_port": "= couchdb_port",
"mynetworks": "= host_ips(nodes)",
"rbls": ["zen.spamhaus.org"],
"clamav": {
@@ -37,7 +32,6 @@
},
"x509": {
"use": true,
- "use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
"client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
diff --git a/provider_base/services/static.rb b/provider_base/services/static.rb
new file mode 100644
index 00000000..4c7d2e59
--- /dev/null
+++ b/provider_base/services/static.rb
@@ -0,0 +1,4 @@
+if self['static'] && self['static']['domains']
+ self['dns']['aliases'] += self['static']['domains'].keys
+ self['dns']['aliases'].uniq!
+end \ No newline at end of file
diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json
index e80310fe..a0d44fef 100644
--- a/provider_base/services/tor.json
+++ b/provider_base/services/tor.json
@@ -9,7 +9,8 @@
"key_type": "RSA",
"public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type) if tor.hidden_service.active",
"private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type) if tor.hidden_service.active",
- "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)"
+ "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)",
+ "single_hop": false
}
}
}
diff --git a/provider_base/services/tor_exit.json b/provider_base/services/tor_exit.json
new file mode 100644
index 00000000..dab3b76f
--- /dev/null
+++ b/provider_base/services/tor_exit.json
@@ -0,0 +1,5 @@
+{
+ "tor": {
+ "bandwidth_rate": 6550
+ }
+}
diff --git a/provider_base/services/tor_exit.rb b/provider_base/services/tor_exit.rb
new file mode 100644
index 00000000..bd801a3d
--- /dev/null
+++ b/provider_base/services/tor_exit.rb
@@ -0,0 +1,6 @@
+if self.services.include?("tor_hidden_service") || self.services.include?("tor_relay")
+ LeapCli.log :error, "service `tor_exit` is not compatible with tor_relay or tor_hidden_service (node #{self.name})."
+ exit(1)
+end
+apply_partial("_tor_common")
+self.tor['type'] = "exit"
diff --git a/provider_base/services/tor_hidden_service.json b/provider_base/services/tor_hidden_service.json
new file mode 100644
index 00000000..d7f3ec27
--- /dev/null
+++ b/provider_base/services/tor_hidden_service.json
@@ -0,0 +1,12 @@
+{
+ "tor": {
+ "hidden_service": {
+ "key_type": "RSA",
+ "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type)",
+ "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type)",
+ "address": "=> onion_address(:node_tor_pub_key)",
+ "single_hop": false,
+ "v3": false
+ }
+ }
+}
diff --git a/provider_base/services/tor_hidden_service.rb b/provider_base/services/tor_hidden_service.rb
new file mode 100644
index 00000000..8b8eb24d
--- /dev/null
+++ b/provider_base/services/tor_hidden_service.rb
@@ -0,0 +1,4 @@
+if self.services.include?("tor_exit") || self.services.include?("tor_relay")
+ LeapCli.log :error, "service `tor_hidden_service` is not compatible with tor_exit or tor_relay (node #{self.name})."
+end
+self.tor['type'] = "hidden_service"
diff --git a/provider_base/services/tor_relay.json b/provider_base/services/tor_relay.json
new file mode 100644
index 00000000..dab3b76f
--- /dev/null
+++ b/provider_base/services/tor_relay.json
@@ -0,0 +1,5 @@
+{
+ "tor": {
+ "bandwidth_rate": 6550
+ }
+}
diff --git a/provider_base/services/tor_relay.rb b/provider_base/services/tor_relay.rb
new file mode 100644
index 00000000..7fce6ae4
--- /dev/null
+++ b/provider_base/services/tor_relay.rb
@@ -0,0 +1,6 @@
+
+if self.services.include?("tor_exit") || self.services.include?("tor_hidden_service")
+ LeapCli.log :error, "service `tor_relay` is not compatible with tor_exit or tor_hidden_service (node #{self.name})."
+end
+apply_partial("_tor_common")
+self.tor['type'] = "relay"
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index feca9524..ac58ac12 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -11,6 +11,7 @@
"tickets", "vmail", "www-data"],
"domain": "= provider.domain",
"modules": ["user", "billing", "help"],
+ "couchdb_port": "= couchdb_port",
"couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
"couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
"customization_dir": "= file_path 'webapp'",
@@ -22,6 +23,7 @@
"invite_required": "= provider.enrollment_policy == 'invite'",
"default_service_level": "= provider.service.default_service_level",
"service_levels": "= service_levels()",
+ "secret_key_base": "= secret :webapp_secret_key_base",
"secret_token": "= secret :webapp_secret_token",
"api_version": 1,
"secure": false,
@@ -45,12 +47,6 @@
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
}
},
- "haproxy": {
- "couch": {
- "listen_port": 4096,
- "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
- }
- },
"definition_files": {
"provider": "= file :provider_json_template",
"eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]",
@@ -67,6 +63,7 @@
},
"nickserver": {
"domain": "= 'nicknym.' + domain.full_suffix",
+ "couchdb_port": "= couchdb_port",
"couchdb_nickserver_user": {
"username": "= global.services[:couchdb].couch.users[:nickserver].username",
"password": "= secret :couch_nickserver_password",
@@ -74,9 +71,6 @@
},
"port": 6425
},
- "dns": {
- "aliases": "= [domain.full, webapp.domain, api.domain, nickserver.domain]"
- },
"x509": {
"use": true,
"use_commercial": true,
diff --git a/provider_base/services/webapp.rb b/provider_base/services/webapp.rb
new file mode 100644
index 00000000..a5f10a2d
--- /dev/null
+++ b/provider_base/services/webapp.rb
@@ -0,0 +1,2 @@
+self['dns']['aliases'] += [domain.full, webapp.domain, api.domain, nickserver.domain]
+self['dns']['aliases'].uniq!