Merge branch '0.5' into develop

Conflicts:
	provider_base/services/tor.json

Change-Id: I826579945a0d93c43384f0fd12c9833762b084cf

6 files changed, 40 insertions, 13 deletions

diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index 0cb044ef..5f1b5381 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -48,6 +48,9 @@
                 "password": "= secret :couch_webapp_password",
                 "salt": "= hex_secret :couch_webapp_password_salt, 128"
             }
+        },
+    "webapp": {
+         "nagios_test_pw": "= secret :nagios_test_password"
         }
     }
 }
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index 53e6b1f1..03f6c6d1 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -1,13 +1,22 @@
 {
   "nagios": {
     "nagiosadmin_pw": "= secret :nagios_admin_password",
-    "hosts": "= nodes_like_me[:services => '!monitor'].pick_fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')"
+    "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')"
   },
-  "hosts": "= hosts_file(nodes_like_me[:services => '!monitor'])",
+  "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])",
   "ssh": {
     "monitor": {
       "username": "= Leap::Platform.monitor_username",
       "private_key": "= file(:monitor_priv_key)"
     }
+  },
+  "x509": {
+    "use": true,
+    "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+    "commercial_ca_cert": "= try_file :commercial_ca_cert"
   }
 }
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index 7e3f20ba..731dee9a 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -10,7 +10,7 @@
     "password": "= secret :couch_leap_mx_password",
     "salt": "= hex_secret :couch_leap_mx_password_salt, 128"
   },
-  "mx_nodes": "= nodes['services' => 'mx']['environment' => '!local'].field('ip_address')",
+  "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
   "x509": {
     "use": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 5d77f946..e5b97ed9 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -14,10 +14,15 @@
     "filter_dns": false,
     "adblock": false,
     "user_ips": false,
-    "allow_limited": "= global.provider.service.allow_limited_bandwidth",
-    "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth",
-    "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix",
-    "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix",
-    "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil"
+    "allow_limited": "= provider.service.allow_limited_bandwidth",
+    "allow_unlimited": "= provider.service.allow_unlimited_bandwidth",
+    "limited_prefix": "= provider.ca.client_certificates.limited_prefix",
+    "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix",
+    "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil",
+    "configuration": {
+      "tls-cipher": "TLS-DHE-RSA-WITH-AES-128-CBC-SHA",
+      "auth": "SHA1",
+      "cipher": "AES-128-CBC"
+    }
   }
 }
diff --git a/provider_base/services/static.json b/provider_base/services/static.json
new file mode 100644
index 00000000..d9155a84
--- /dev/null
+++ b/provider_base/services/static.json
@@ -0,0 +1,6 @@
+{
+  "static": {
+    "formats": "=> (self.static.domains||{}).values.collect{|d| (d.locations||{}).values.collect{|l|l['format']}}.flatten.uniq"
+  },
+  "service_type": "public_service"
+}
\ No newline at end of file
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 8974f851..29c0cbf9 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -8,10 +8,10 @@
       "salt": "= hex_secret :couch_webapp_password_salt, 128"
     },
     "customization_dir": "= file_path 'webapp'",
-    "client_certificates": "= global.provider.ca.client_certificates",
-    "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
-    "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
-    "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
+    "client_certificates": "= provider.ca.client_certificates",
+    "allow_limited_certs": "= provider.service.allow_limited_bandwidth",
+    "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth",
+    "allow_anonymous_certs": "= provider.service.allow_anonymous",
     "secret_token": "= secret :webapp_secret_token",
     "api_version": 1,
     "secure": false,
@@ -19,7 +19,11 @@
       "source": "https://leap.se/git/leap_web",
       "revision": "origin/master"
     },
-    "client_version": "= global.provider.client_version"
+    "client_version": "= provider.client_version",
+    "nagios_test_user": {
+      "username": "nagios_test",
+      "password": "= secret :nagios_test_password"
+    }
   },
   "stunnel": {
     "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"