From 4fc7419598a3baf564f063b7330b9cf9115420b5 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 1 Oct 2015 12:06:02 +0200
Subject: [feat] Create-user-db: use couchdb admin rights

- create soledad-admin user
- deploy netrc file for userdb creation
- Move soledad-server.conf from /etc/leap to /etc/soledad
- make soledad-server.conf group-accessible for the soledad group, so
  the soledad-admin user can read it

- Resolves: #7502
---
 puppet/modules/soledad/templates/soledad-server.conf.erb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'puppet/modules/soledad/templates')

diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
index 47d1f6e4..42cf44d8 100644
--- a/puppet/modules/soledad/templates/soledad-server.conf.erb
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -1,3 +1,4 @@
 [soledad-server]
-couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
-
+couch_url   = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
+create_cmd  = sudo -u soledad-admin /usr/bin/create-user-db
+admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc
-- 
cgit v1.2.3


From 171a5a9a3794224a92244078574aac4b22845266 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Mon, 26 Oct 2015 16:18:17 +0100
Subject: [bug] Add leap_mx username to soledad.conf

- Tested: [unstable.pixelated-project.org]
- Related: https://github.com/pixelated/pixelated-platform/issues/127
---
 puppet/modules/soledad/templates/soledad-server.conf.erb | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'puppet/modules/soledad/templates')

diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
index 42cf44d8..1c6a0d19 100644
--- a/puppet/modules/soledad/templates/soledad-server.conf.erb
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -2,3 +2,11 @@
 couch_url   = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
 create_cmd  = sudo -u soledad-admin /usr/bin/create-user-db
 admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc
+
+[database-security]
+members = <%= @couchdb_user %>, <%= @couchdb_leap_mx_user %>
+# not needed, but for documentation:
+# members_roles = replication
+# admins = admin
+# admins_roles = replication
+
-- 
cgit v1.2.3