8 files changed, 152 insertions, 62 deletions
diff --git a/provider_base/services/couchdb.json b/provider_base/services/couchdb.json
index a26579c8..5f1b5381 100644
--- a/provider_base/services/couchdb.json
+++ b/provider_base/services/couchdb.json
@@ -1,38 +1,56 @@
 {
-  "x509": {
-    "use": true
-  },
-  "stunnel": {
-    "couch_server": "= stunnel_server(couch.port)",
-    "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)",
-    "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)",
-    "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)",
-    "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)"
-  },
-  "couch": {
-    "port": 5984,
-    "bigcouch": {
-      "epmd_port": 4369,
-      "ednp_port": 9002,
-      "cookie": "= secret :bigcouch_cookie",
-      "neighbors": "= nodes_like_me[:services => :couchdb].exclude(self).field('domain.full')"
+    "x509": {
+        "use": true
     },
-    "users": {
-      "admin": {
-        "username": "admin",
-        "password": "= secret :couch_admin_password",
-        "salt": "= hex_secret :couch_admin_password_salt, 128"
-      },
-      "webapp": {
-        "username": "webapp",
-        "password": "= secret :couch_webapp_password",
-        "salt": "= hex_secret :couch_webapp_password_salt, 128"
-      },
-      "soledad": {
-        "username": "soledad",
-        "password": "= secret :couch_soledad_password",
-        "salt": "= hex_secret :couch_soledad_password_salt, 128"
-      }
+    "stunnel": {
+        "couch_server": "= stunnel_server(couch.port)",
+        "epmd_server": "= stunnel_server(couch.bigcouch.epmd_port)",
+        "epmd_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.epmd_port)",
+        "ednp_server": "= stunnel_server(couch.bigcouch.ednp_port)",
+        "ednp_clients": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.bigcouch.ednp_port)"
+    },
+    "couch": {
+        "port": 5984,
+        "bigcouch": {
+            "epmd_port": 4369,
+            "ednp_port": 9002,
+            "cookie": "= secret :bigcouch_cookie",
+            "neighbors": "= nodes_like_me[:services => :couchdb].exclude(self).field('domain.full')"
+        },
+        "users": {
+            "admin": {
+                "username": "admin",
+                "password": "= secret :couch_admin_password",
+                "salt": "= hex_secret :couch_admin_password_salt, 128"
+            },
+            "leap_mx": {
+                "username": "leap_mx",
+                "password": "= secret :couch_leap_mx_password",
+                "salt": "= hex_secret :couch_leap_mx_password_salt, 128"
+            },
+            "nickserver": {
+                "username": "nickserver",
+                "password": "= secret :couch_nickserver_password",
+                "salt": "= hex_secret :couch_nickserver_password_salt, 128"
+            },
+            "soledad": {
+                "username": "soledad",
+                "password": "= secret :couch_soledad_password",
+                "salt": "= hex_secret :couch_soledad_password_salt, 128"
+            },
+            "tapicero": {
+                "username": "tapicero",
+                "password": "= secret :couch_tapicero_password",
+                "salt": "= hex_secret :couch_tapicero_password_salt, 128"
+            },
+            "webapp": {
+                "username": "webapp",
+                "password": "= secret :couch_webapp_password",
+                "salt": "= hex_secret :couch_webapp_password_salt, 128"
+            }
+        },
+    "webapp": {
+         "nagios_test_pw": "= secret :nagios_test_password"
+        }
     }
-  }
 }
diff --git a/provider_base/services/monitor.json b/provider_base/services/monitor.json
index f5e4d922..03f6c6d1 100644
--- a/provider_base/services/monitor.json
+++ b/provider_base/services/monitor.json
@@ -1,6 +1,22 @@
 {
   "nagios": {
     "nagiosadmin_pw": "= secret :nagios_admin_password",
-    "hosts": "= nodes_like_me.fields('domain.internal', 'ip_address', 'services', 'openvpn.gateway_address')"
+    "hosts": "= (self.environment == 'local' ? nodes_like_me : nodes[:environment => '!local']).pick_fields('domain.internal', 'domain.full_suffix', 'ip_address', 'services', 'openvpn.gateway_address', 'ssh.port')"
+  },
+  "hosts": "= self.environment == 'local' ? hosts_file(nodes_like_me) : hosts_file(nodes[:environment => '!local'])",
+  "ssh": {
+    "monitor": {
+      "username": "= Leap::Platform.monitor_username",
+      "private_key": "= file(:monitor_priv_key)"
+    }
+  },
+  "x509": {
+    "use": true,
+    "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+    "commercial_ca_cert": "= try_file :commercial_ca_cert"
   }
 }
diff --git a/provider_base/services/mx.json b/provider_base/services/mx.json
new file mode 100644
index 00000000..731dee9a
--- /dev/null
+++ b/provider_base/services/mx.json
@@ -0,0 +1,24 @@
+{
+  "stunnel": {
+    "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
+  },
+  "haproxy": {
+    "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client)"
+  },
+  "couchdb_leap_mx_user": {
+    "username": "= global.services[:couchdb].couch.users[:leap_mx].username",
+    "password": "= secret :couch_leap_mx_password",
+    "salt": "= hex_secret :couch_leap_mx_password_salt, 128"
+  },
+  "mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
+  "x509": {
+    "use": true,
+    "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
+    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
+    "commercial_key": "= file [:commercial_key, domain.full_suffix]",
+    "commercial_ca_cert": "= try_file :commercial_ca_cert"
+  },
+  "service_type": "user_service"
+}
diff --git a/provider_base/services/openvpn.json b/provider_base/services/openvpn.json
index 5d77f946..04e19aa2 100644
--- a/provider_base/services/openvpn.json
+++ b/provider_base/services/openvpn.json
@@ -14,10 +14,16 @@
     "filter_dns": false,
     "adblock": false,
     "user_ips": false,
-    "allow_limited": "= global.provider.service.allow_limited_bandwidth",
-    "allow_unlimited": "= global.provider.service.allow_unlimited_bandwidth",
-    "limited_prefix": "= global.provider.ca.client_certificates.limited_prefix",
-    "unlimited_prefix": "= global.provider.ca.client_certificates.unlimited_prefix",
-    "rate_limit": "= openvpn.allow_limited ? global.provider.service.bandwidth_limit : nil"
+    "allow_limited": "= provider.service.allow_limited_bandwidth",
+    "allow_unlimited": "= provider.service.allow_unlimited_bandwidth",
+    "limited_prefix": "= provider.ca.client_certificates.limited_prefix",
+    "unlimited_prefix": "= provider.ca.client_certificates.unlimited_prefix",
+    "rate_limit": "= openvpn.allow_limited ? provider.service.bandwidth_limit : nil",
+    "configuration": {
+      "tls-cipher": "DHE-RSA-AES128-SHA",
+      "auth": "SHA1",
+      "cipher": "AES-128-CBC",
+      "keepalive": "10 30"
+    }
   }
 }
diff --git a/provider_base/services/soledad.json b/provider_base/services/soledad.json
index 10657563..ed6fbc9f 100644
--- a/provider_base/services/soledad.json
+++ b/provider_base/services/soledad.json
@@ -1,6 +1,12 @@
 {
-  "service_type": "public_service",
   "soledad": {
-    "port": 1111
-  }
-}
-\ No newline at end of file
+    "port": 2323,
+    "require_couchdb": "=> assert %(services.include? 'couchdb')",
+    "couchdb_soledad_user": {
+      "username": "= global.services[:couchdb].couch.users[:soledad].username",
+      "password": "= secret :couch_soledad_password",
+      "salt": "= hex_secret :couch_soledad_password_salt, 128"
+    }
+  },
+  "service_type": "public_service"
+}
diff --git a/provider_base/services/static.json b/provider_base/services/static.json
new file mode 100644
index 00000000..d9155a84
--- /dev/null
+++ b/provider_base/services/static.json
@@ -0,0 +1,6 @@
+{
+  "static": {
+    "formats": "=> (self.static.domains||{}).values.collect{|d| (d.locations||{}).values.collect{|l|l['format']}}.flatten.uniq"
+  },
+  "service_type": "public_service"
+}
+\ No newline at end of file
diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json
index 9173b8d4..ae4da46d 100644
--- a/provider_base/services/tor.json
+++ b/provider_base/services/tor.json
@@ -1,6 +1,6 @@
 {
   "tor": {
     "bandwidth_rate": 6550,
-    "contacts": "= global.provider.contacts['tor'] || global.provider.contacts.default"
+    "contacts": "= [provider.contacts['tor'] || provider.contacts.default].flatten"
   }
 }
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 93396ec7..29c0cbf9 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -1,25 +1,35 @@
 {
   "webapp": {
+    "admins": [],
     "modules": ["user", "billing", "help"],
-    "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
-//    "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
-    "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:admin]",
-    "favicon": "= file_path 'branding/favicon.ico'",
-    "tail_scss": "= file_path 'branding/tail.scss'",
-    "head_scss": "= file_path 'branding/head.scss'",
-    "img_dir": "= file_path 'branding/img'",
-    "client_certificates": "= global.provider.ca.client_certificates",
-    "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
-    "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
-    "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
+    "couchdb_webapp_user": {
+      "username": "= global.services[:couchdb].couch.users[:webapp].username",
+      "password": "= secret :couch_webapp_password",
+      "salt": "= hex_secret :couch_webapp_password_salt, 128"
+    },
+    "customization_dir": "= file_path 'webapp'",
+    "client_certificates": "= provider.ca.client_certificates",
+    "allow_limited_certs": "= provider.service.allow_limited_bandwidth",
+    "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth",
+    "allow_anonymous_certs": "= provider.service.allow_anonymous",
     "secret_token": "= secret :webapp_secret_token",
-    "api_version": 1
+    "api_version": 1,
+    "secure": false,
+    "git": {
+      "source": "https://leap.se/git/leap_web",
+      "revision": "origin/master"
+    },
+    "client_version": "= provider.client_version",
+    "nagios_test_user": {
+      "username": "nagios_test",
+      "password": "= secret :nagios_test_password"
+    }
   },
   "stunnel": {
     "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
   },
   "haproxy": {
-    "local_ports": "= stunnel.couch_client.field(:accept_port)"
+    "servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.couch_client, global.services[:couchdb].couch.port)"
   },
   "definition_files": {
     "provider": "= file :provider_json_template",
@@ -34,8 +44,12 @@
   },
   "nickserver": {
     "domain": "= 'nicknym.' + domain.full_suffix",
-    "port": 6425,
-    "couchdb_user": "= global.services[:couchdb].couch.users[:admin]"
+    "couchdb_nickserver_user": {
+      "username": "= global.services[:couchdb].couch.users[:nickserver].username",
+      "password": "= secret :couch_nickserver_password",
+      "salt": "= hex_secret :couch_nickserver_password_salt, 128"
+    },
+    "port": 6425
   },
   "dns": {
     "aliases": "= [domain.full_suffix, domain.full, api.domain, nickserver.domain]"
@@ -43,8 +57,8 @@
   "x509": {
     "use": true,
     "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
-    "client_ca_cert": "= file_path :client_ca_cert",
-    "client_ca_key": "= file_path :client_ca_key",
+    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
+    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'",
     "commercial_cert": "= file [:commercial_cert, domain.full_suffix]",
     "commercial_key": "= file [:commercial_key, domain.full_suffix]",
     "commercial_ca_cert": "= try_file :commercial_ca_cert"