From ffb88e54c5e4e30fa61ea1009f3eee62f98ab17c Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 27 Feb 2013 23:46:58 -0800 Subject: openvpn -- added support for optional "free" rate-limited service via special client certificates with the FREE prefix in the common name. --- provider_base/services/webapp.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e3055c6f..8ede0ecf 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -8,7 +8,9 @@ "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", - "img_dir": "= file_path 'branding/img'" + "img_dir": "= file_path 'branding/img'", + "client_certificates": "= global.provider.ca.client_certificates", + "allow_free": "= global.provider.service_allow_free" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 08c6032837e2f1c4c504976074c456e04202c64a Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 5 Mar 2013 13:11:10 -0800 Subject: change json comment to '//' --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 8ede0ecf..ea79d7c4 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,8 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - # NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - # before we can use user "webapp" + // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 + // before we can use user "webapp" "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", -- cgit v1.2.3 From 4ec32a1f773918b2c7a42c117fbad110c07df458 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 16 Mar 2013 23:15:14 -0700 Subject: the development tag now specifies an alternative provider domain. this requires that we use domain.full_suffix instead of provider.domain, whenever possible. --- provider_base/services/webapp.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ea79d7c4..5e7260a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,8 +29,8 @@ "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'", "client_ca_cert": "= file_path :client_ca_cert", "client_ca_key": "= file_path :client_ca_key", - "commercial_cert": "= file [:commercial_cert, global.provider.domain]", - "commercial_key": "= file [:commercial_key, global.provider.domain]", + "commercial_cert": "= file [:commercial_cert, domain.full_suffix]", + "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } } \ No newline at end of file -- cgit v1.2.3 From ad62cfdad04c8f8ed9d6454f716c92e850ac53ba Mon Sep 17 00:00:00 2001 From: elijah Date: Sun, 17 Mar 2013 13:15:51 -0700 Subject: added support for "limited" service levels (although vpn is not yet actually rate limited). --- provider_base/services/webapp.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5e7260a6..477d5f17 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -10,7 +10,9 @@ "head_scss": "= file_path 'branding/head.scss'", "img_dir": "= file_path 'branding/img'", "client_certificates": "= global.provider.ca.client_certificates", - "allow_free": "= global.provider.service_allow_free" + "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", + "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", + "allow_anonymous_certs": "= global.provider.service.allow_anonymous" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From 9c1c74c359f80cf0e61b62befee0ec5cc04ab4c3 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 17:41:37 -0400 Subject: create a separate couchdb.yml.admin that contains the couchdb admin privileges, putting the unprivileged ones in as user webapp in couchdb.yml. This allows us to migrate the couchdb design docs on deployment, but use an unprivileged user the remainder of the time --- provider_base/services/webapp.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 477d5f17..0288a0cd 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,9 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", - // NOTE: this is bad, but pending a fix to https://leap.se/code/issues/1163 - // before we can use user "webapp" - "couchdb_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 92ea0355de872a502d552d89ed88729b9b4fbaa2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 19 Mar 2013 18:20:33 -0400 Subject: add webapp secret token that pulls from hiera a 'secret' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 0288a0cd..69c015a6 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "client_certificates": "= global.provider.ca.client_certificates", "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", - "allow_anonymous_certs": "= global.provider.service.allow_anonymous" + "allow_anonymous_certs": "= global.provider.service.allow_anonymous", + "secret_token": "= secret :webapp_secret_token" }, "definition_files": { "provider": "= file :provider_json_template", -- cgit v1.2.3 From ffda76a47c7f9d5766325d8cdf13d289430456eb Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 28 Mar 2013 10:01:32 -0700 Subject: added stunnel_server --- provider_base/services/webapp.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 69c015a6..895aa6e3 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes[:services => :couchdb][:local => local]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -14,6 +13,12 @@ "allow_anonymous_certs": "= global.provider.service.allow_anonymous", "secret_token": "= secret :webapp_secret_token" }, + "stunnel": { + "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" + }, + "haproxy": { + "local_ports": "= stunnel.couch_client.field(:accept_port)" + }, "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file :eip_service_json_template" -- cgit v1.2.3 From 0d821e158b78365c59d148267a569f3ce2d82e47 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:01:43 -0400 Subject: move generic couchdb host configuration from bitmask into the provider base (#2016) --- provider_base/services/webapp.json | 1 + 1 file changed, 1 insertion(+) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 895aa6e3..29ed6110 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,6 +1,7 @@ { "webapp": { "modules": ["user", "billing", "help"], + "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", -- cgit v1.2.3 From 285236312c9e787767b742feb320ff0e7816a985 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 23 Apr 2013 12:08:56 -0400 Subject: remove no longer used json key couchdb_hosts --- provider_base/services/webapp.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 29ed6110..f87b0833 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -1,7 +1,6 @@ { "webapp": { "modules": ["user", "billing", "help"], - "couchdb_hosts": "= hostnames nodes_like_me[:services => :couchdb]", "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", "favicon": "= file_path 'branding/favicon.ico'", @@ -41,4 +40,4 @@ "commercial_key": "= file [:commercial_key, domain.full_suffix]", "commercial_ca_cert": "= try_file :commercial_ca_cert" } -} \ No newline at end of file +} -- cgit v1.2.3 From 4ed2bb37ea8283f79aecca8b78e80b141e9eff50 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 24 Apr 2013 18:04:48 -0700 Subject: provider base - service definitions are now versioned (requires new leap_cli) --- provider_base/services/webapp.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index f87b0833..e4926ba7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -11,7 +11,8 @@ "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth", "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth", "allow_anonymous_certs": "= global.provider.service.allow_anonymous", - "secret_token": "= secret :webapp_secret_token" + "secret_token": "= secret :webapp_secret_token", + "api_version": 1 }, "stunnel": { "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)" @@ -21,7 +22,7 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file :eip_service_json_template" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From c8e427c39285a0ac8750c1b9bbf247533bbce519 Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 30 Apr 2013 14:25:45 -0700 Subject: added soledad-service.json --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index e4926ba7..4b2f7c26 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -22,7 +22,8 @@ }, "definition_files": { "provider": "= file :provider_json_template", - "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]" + "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From b3d1c6c58838b0c4f368bc42493ac3bae280b5af Mon Sep 17 00:00:00 2001 From: elijah Date: Tue, 14 May 2013 12:23:20 -0700 Subject: added smtp-service.json, requires latest leap_cli --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 4b2f7c26..1fe5cf7b 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -23,7 +23,8 @@ "definition_files": { "provider": "= file :provider_json_template", "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]", - "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]" + "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]", + "smtp_service": "= file [:smtp_service_json_template, 'v'+webapp.api_version.to_s]" }, "service_type": "public_service", "api": { -- cgit v1.2.3 From f82d5b5c7004b01565bbeace598d1716f72c1b2f Mon Sep 17 00:00:00 2001 From: elijah Date: Fri, 17 May 2013 11:53:10 -0700 Subject: minor - webapp api port should be integer, not string. --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 1fe5cf7b..5f0bdc9e 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -29,7 +29,7 @@ "service_type": "public_service", "api": { "domain": "= 'api.' + domain.full_suffix", - "port": "4430" + "port": 4430 }, "dns": { "aliases": "= [domain.full, api.domain]" -- cgit v1.2.3 From 450fb19a4df8f4740dcf077b585dbd77c096d133 Mon Sep 17 00:00:00 2001 From: elijah Date: Sat, 18 May 2013 17:13:05 -0700 Subject: added module site_nickserver --- provider_base/services/webapp.json | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 5f0bdc9e..3dd9bebe 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -31,8 +31,13 @@ "domain": "= 'api.' + domain.full_suffix", "port": 4430 }, + "nickserver": { + "domain": "= 'nicknym.' + domain.full_suffix", + "port": 6425, + "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" + }, "dns": { - "aliases": "= [domain.full, api.domain]" + "aliases": "= [domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3 From 8c038fea91adc87adf9e408c16e2f0ec9838e3d2 Mon Sep 17 00:00:00 2001 From: elijah Date: Wed, 12 Jun 2013 11:34:43 -0700 Subject: temp hack: deploy the webapp as couch user 'admin' --- provider_base/services/webapp.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index 3dd9bebe..ad32bb61 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -2,7 +2,8 @@ "webapp": { "modules": ["user", "billing", "help"], "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]", - "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", +// "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]", + "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:admin]", "favicon": "= file_path 'branding/favicon.ico'", "tail_scss": "= file_path 'branding/tail.scss'", "head_scss": "= file_path 'branding/head.scss'", -- cgit v1.2.3 From 47dd8cde0316256e0d2d1037787fdf539a3f8975 Mon Sep 17 00:00:00 2001 From: elijah Date: Thu, 4 Jul 2013 12:36:22 -0700 Subject: make sure webapps have the full domain suffix as an alias (fixes problems generating zone file). --- provider_base/services/webapp.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'provider_base/services/webapp.json') diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json index ad32bb61..93396ec7 100644 --- a/provider_base/services/webapp.json +++ b/provider_base/services/webapp.json @@ -38,7 +38,7 @@ "couchdb_user": "= global.services[:couchdb].couch.users[:admin]" }, "dns": { - "aliases": "= [domain.full, api.domain, nickserver.domain]" + "aliases": "= [domain.full_suffix, domain.full, api.domain, nickserver.domain]" }, "x509": { "use": true, -- cgit v1.2.3