summaryrefslogtreecommitdiff
path: root/provider_base
diff options
context:
space:
mode:
Diffstat (limited to 'provider_base')
-rw-r--r--provider_base/common.json36
-rw-r--r--provider_base/files/service-definitions/provider.json.erb2
-rw-r--r--provider_base/lib/macros/nodes.rb4
-rw-r--r--provider_base/lib/macros/secrets.rb8
-rw-r--r--provider_base/provider.json8
-rw-r--r--provider_base/services/webapp.json20
6 files changed, 55 insertions, 23 deletions
diff --git a/provider_base/common.json b/provider_base/common.json
index 649db0d9..c7be5cf4 100644
--- a/provider_base/common.json
+++ b/provider_base/common.json
@@ -29,8 +29,8 @@
"cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
"key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
"ca_cert": "= try_file :ca_cert",
- "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
- "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.') : nil",
+ "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
+ "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
"commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
},
"service_type": "internal_service",
@@ -50,5 +50,37 @@
"platform": {
"version": "= Leap::Platform.version.to_s",
"major_version": "= Leap::Platform.major_version"
+ },
+ "sources": {
+ "apt": {
+ "basic": "http://httpredir.debian.org/debian/",
+ "security": "http://security.debian.org/",
+ "backports": "http://httpredir.debian.org/debian/"
+ },
+ "leap-mx": {
+ "type": "apt",
+ "package": "leap-mx",
+ "revision": "latest"
+ },
+ "nickserver": {
+ "type": "git",
+ "source": "https://leap.se/git/nickserver",
+ "revision": "origin/master"
+ },
+ "soledad": {
+ "type": "apt",
+ "package": "soledad-server",
+ "revision": "latest"
+ },
+ "tapicero": {
+ "type": "git",
+ "source": "https://leap.se/git/tapicero",
+ "revision": "origin/version/0.7"
+ },
+ "webapp": {
+ "type": "git",
+ "source": "https://leap.se/git/leap_web",
+ "revision": "origin/version/0.7"
+ }
}
}
diff --git a/provider_base/files/service-definitions/provider.json.erb b/provider_base/files/service-definitions/provider.json.erb
index 2d0a5886..be8ae484 100644
--- a/provider_base/files/service-definitions/provider.json.erb
+++ b/provider_base/files/service-definitions/provider.json.erb
@@ -7,7 +7,7 @@
hsh['domain'] = domain.full_suffix
# advertise services that are 'user services' and for which there are actually nodes
- hsh['services'] ||= global.env(environment).services[:service_type => :user_service].field(:name).select do |service|
+ hsh['services'] ||= global.services[:service_type => :user_service].field(:name).select do |service|
nodes_like_me[:services => service].any?
end
diff --git a/provider_base/lib/macros/nodes.rb b/provider_base/lib/macros/nodes.rb
index 0c6668a0..8b961cbc 100644
--- a/provider_base/lib/macros/nodes.rb
+++ b/provider_base/lib/macros/nodes.rb
@@ -15,10 +15,10 @@ module LeapCli
end
#
- # grab an environment appropriate provider
+ # simple alias for global.provider
#
def provider
- global.env(@node.environment).provider
+ global.provider
end
#
diff --git a/provider_base/lib/macros/secrets.rb b/provider_base/lib/macros/secrets.rb
index 51bf3971..8d1feb55 100644
--- a/provider_base/lib/macros/secrets.rb
+++ b/provider_base/lib/macros/secrets.rb
@@ -13,17 +13,17 @@ module LeapCli
# +length+ is the character length of the generated password.
#
def secret(name, length=32)
- @manager.secrets.set(name, Util::Secret.generate(length), @node[:environment])
+ manager.secrets.set(name, @node.environment) { Util::Secret.generate(length) }
end
# inserts a base32 encoded secret
def base32_secret(name, length=20)
- @manager.secrets.set(name, Base32.encode(Util::Secret.generate(length)), @node[:environment])
+ manager.secrets.set(name, @node.environment) { Base32.encode(Util::Secret.generate(length)) }
end
# Picks a random obfsproxy port from given range
def rand_range(name, range)
- @manager.secrets.set(name, rand(range), @node[:environment])
+ manager.secrets.set(name, @node.environment) { rand(range) }
end
#
@@ -32,7 +32,7 @@ module LeapCli
# +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4)
#
def hex_secret(name, bit_length=128)
- @manager.secrets.set(name, Util::Secret.generate_hex(bit_length), @node[:environment])
+ manager.secrets.set(name, @node.environment) { Util::Secret.generate_hex(bit_length) }
end
end
diff --git a/provider_base/provider.json b/provider_base/provider.json
index 77437935..60ad2a9e 100644
--- a/provider_base/provider.json
+++ b/provider_base/provider.json
@@ -42,22 +42,22 @@
"organizational_unit": "= 'https://' + provider.domain",
"bit_size": 4096,
"digest": "SHA256",
- "life_span": "10y",
+ "life_span": "10 years",
"server_certificates": {
"bit_size": 4096,
"digest": "SHA256",
- "life_span": "1y"
+ "life_span": "1 years"
},
"client_certificates": {
"bit_size": 2048,
"digest": "SHA256",
- "life_span": "2m",
+ "life_span": "2 months",
"limited_prefix": "LIMITED",
"unlimited_prefix": "UNLIMITED"
}
},
"client_version": {
- "min": "0.5",
+ "min": "0.7",
"max": null
}
}
diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 67744f99..941f4f61 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -1,14 +1,18 @@
{
"webapp": {
"admins": [],
- "forbidden_usernames": ["admin", "administrator", "arin-admin", "certmaster", "contact", "info", "maildrop", "postmaster", "ssladmin", "www-data"],
+ "forbidden_usernames": [
+ "admin", "admins", "administrator", "administrators", "arin-admin",
+ "certmaster", "contact", "email", "help", "help-desk", "help-ticket",
+ "help-tickets", "help_desk", "help_ticket", "help_tickets", "helpdesk",
+ "helpticket", "helptickets", "info", "mail", "maildrop", "noreply",
+ "owner", "owners", "postmaster", "reply", "robot", "ssladmin", "staff",
+ "support", "tech-support", "tech_support", "techsupport", "ticket",
+ "tickets", "vmail", "www-data"],
"domain": "= domain.full_suffix",
"modules": ["user", "billing", "help"],
- "couchdb_webapp_user": {
- "username": "= global.services[:couchdb].couch.users[:webapp].username",
- "password": "= secret :couch_webapp_password",
- "salt": "= hex_secret :couch_webapp_password_salt, 128"
- },
+ "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
+ "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
"customization_dir": "= file_path 'webapp'",
"client_certificates": "= provider.ca.client_certificates",
"allow_limited_certs": "= provider.service.allow_limited_bandwidth",
@@ -20,10 +24,6 @@
"secret_token": "= secret :webapp_secret_token",
"api_version": 1,
"secure": false,
- "git": {
- "source": "https://leap.se/git/leap_web",
- "revision": "origin/version/0.6"
- },
"client_version": "= provider.client_version",
"nagios_test_user": {
"username": "nagios_test",
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 20:26:18 +0000