Merge tag 'refs/tags/0.10.0' into stable

Release 0.10.0

12 files changed, 58 insertions, 17 deletions

diff --git a/provider_base/services/_tor_common.json b/provider_base/services/_tor_common.json
new file mode 100644
index 00000000..461232dc
--- /dev/null
+++ b/provider_base/services/_tor_common.json
@@ -0,0 +1,8 @@
+{
+  "tor": {
+    "type": "disabled",
+    "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten",
+    "nickname": "= (self.name + secret(:tor_family)).sub('_','')[0..18]",
+    "family": "= nodes[:services => 'tor'][:environment => '!local'].field('tor.nickname').join(',')"
+  }
+}
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
index c7e99d85..480d7c6e 100644
--- a/provider_base/services/mx.json
+++ b/provider_base/services/mx.json
@@ -19,17 +19,12 @@
       "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
     }
   },
-  "haproxy": {
-    "couch": {
-      "listen_port": 4096,
-      "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
-    }
-  },
   "couchdb_leap_mx_user": {
     "username": "= global.services[:couchdb].couch.users[:leap_mx].username",
     "password": "= secret :couch_leap_mx_password",
     "salt": "= hex_secret :couch_leap_mx_password_salt, 128"
   },
+  "couchdb_port": "= couchdb_port",
   "mynetworks": "= host_ips(nodes)",
   "rbls": ["zen.spamhaus.org"],
   "clamav": {
@@ -37,7 +32,6 @@
   },
   "x509": {
     "use": true,
-    "use_commercial": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
     "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
     "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
diff --git a/provider_base/services/static.rb b/provider_base/services/static.rb
new file mode 100644
index 00000000..4c7d2e59
--- /dev/null
+++ b/provider_base/services/static.rb
@@ -0,0 +1,4 @@
+if self['static'] && self['static']['domains']
+  self['dns']['aliases'] += self['static']['domains'].keys
+  self['dns']['aliases'].uniq!
+end
\ No newline at end of file
diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json
index e80310fe..a0d44fef 100644
--- a/provider_base/services/tor.json
+++ b/provider_base/services/tor.json
@@ -9,7 +9,8 @@
       "key_type": "RSA",
       "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type) if tor.hidden_service.active",
       "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type) if tor.hidden_service.active",
-      "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)"
+      "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)",
+      "single_hop": false
     }
   }
 }
diff --git a/provider_base/services/tor_exit.json b/provider_base/services/tor_exit.json
new file mode 100644
index 00000000..dab3b76f
--- /dev/null
+++ b/provider_base/services/tor_exit.json
@@ -0,0 +1,5 @@
+{
+  "tor": {
+    "bandwidth_rate": 6550
+  }
+}
diff --git a/provider_base/services/tor_exit.rb b/provider_base/services/tor_exit.rb
new file mode 100644
index 00000000..bd801a3d
--- /dev/null
+++ b/provider_base/services/tor_exit.rb
@@ -0,0 +1,6 @@
+if self.services.include?("tor_hidden_service") || self.services.include?("tor_relay")
+  LeapCli.log :error, "service `tor_exit` is not compatible with tor_relay or tor_hidden_service (node #{self.name})."
+  exit(1)
+end
+apply_partial("_tor_common")
+self.tor['type'] = "exit"
diff --git a/provider_base/services/tor_hidden_service.json b/provider_base/services/tor_hidden_service.json
new file mode 100644
index 00000000..d7f3ec27
--- /dev/null
+++ b/provider_base/services/tor_hidden_service.json
@@ -0,0 +1,12 @@
+{
+  "tor": {
+    "hidden_service": {
+      "key_type": "RSA",
+      "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type)",
+      "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type)",
+      "address": "=> onion_address(:node_tor_pub_key)",
+      "single_hop": false,
+      "v3": false
+    }
+  }
+}
diff --git a/provider_base/services/tor_hidden_service.rb b/provider_base/services/tor_hidden_service.rb
new file mode 100644
index 00000000..8b8eb24d
--- /dev/null
+++ b/provider_base/services/tor_hidden_service.rb
@@ -0,0 +1,4 @@
+if self.services.include?("tor_exit") || self.services.include?("tor_relay")
+  LeapCli.log :error, "service `tor_hidden_service` is not compatible with tor_exit or tor_relay (node #{self.name})."
+end
+self.tor['type'] = "hidden_service"
diff --git a/provider_base/services/tor_relay.json b/provider_base/services/tor_relay.json
new file mode 100644
index 00000000..dab3b76f
--- /dev/null
+++ b/provider_base/services/tor_relay.json
@@ -0,0 +1,5 @@
+{
+  "tor": {
+    "bandwidth_rate": 6550
+  }
+}
diff --git a/provider_base/services/tor_relay.rb b/provider_base/services/tor_relay.rb
new file mode 100644
index 00000000..7fce6ae4
--- /dev/null
+++ b/provider_base/services/tor_relay.rb
@@ -0,0 +1,6 @@
+
+if self.services.include?("tor_exit") || self.services.include?("tor_hidden_service")
+  LeapCli.log :error, "service `tor_relay` is not compatible with tor_exit or tor_hidden_service (node #{self.name})."
+end
+apply_partial("_tor_common")
+self.tor['type'] = "relay"
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index feca9524..ac58ac12 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -11,6 +11,7 @@
       "tickets", "vmail", "www-data"],
     "domain": "= provider.domain",
     "modules": ["user", "billing", "help"],
+    "couchdb_port": "= couchdb_port",
     "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
     "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
     "customization_dir": "= file_path 'webapp'",
@@ -22,6 +23,7 @@
     "invite_required": "= provider.enrollment_policy == 'invite'",
     "default_service_level": "= provider.service.default_service_level",
     "service_levels": "= service_levels()",
+    "secret_key_base": "= secret :webapp_secret_key_base",
     "secret_token": "= secret :webapp_secret_token",
     "api_version": 1,
     "secure": false,
@@ -45,12 +47,6 @@
       "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
     }
   },
-  "haproxy": {
-    "couch": {
-      "listen_port": 4096,
-      "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
-    }
-  },
   "definition_files": {
     "provider": "= file :provider_json_template",
     "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]",
@@ -67,6 +63,7 @@
   },
   "nickserver": {
     "domain": "= 'nicknym.' + domain.full_suffix",
+    "couchdb_port": "= couchdb_port",
     "couchdb_nickserver_user": {
       "username": "= global.services[:couchdb].couch.users[:nickserver].username",
       "password": "= secret :couch_nickserver_password",
@@ -74,9 +71,6 @@
     },
     "port": 6425
   },
-  "dns": {
-    "aliases": "= [domain.full, webapp.domain, api.domain, nickserver.domain]"
-  },
   "x509": {
     "use": true,
     "use_commercial": true,
diff --git a/provider_base/services/webapp.rb b/provider_base/services/webapp.rb
new file mode 100644
index 00000000..a5f10a2d
--- /dev/null
+++ b/provider_base/services/webapp.rb
@@ -0,0 +1,2 @@
+self['dns']['aliases'] += [domain.full, webapp.domain, api.domain, nickserver.domain]
+self['dns']['aliases'].uniq!