{
  "webapp": {
    "admins": [],
    "forbidden_usernames": [
      "admin", "admins", "administrator", "administrators", "arin-admin",
      "certmaster", "contact", "email", "help", "help-desk", "help-ticket",
      "help-tickets", "help_desk", "help_ticket", "help_tickets", "helpdesk",
      "helpticket", "helptickets", "info", "mail", "maildrop", "noreply",
      "owner", "owners", "postmaster", "reply", "robot", "ssladmin", "staff",
      "support", "tech-support", "tech_support", "techsupport", "ticket",
      "tickets", "vmail", "www-data"],
    "domain": "= provider.domain",
    "modules": ["user", "billing", "help"],
    "couchdb_port": "= couchdb_port",
    "couchdb_webapp_user": "= global.services[:couchdb].couch.users[:webapp]",
    "couchdb_admin_user": "= global.services[:couchdb].couch.users[:admin]",
    "customization_dir": "= file_path 'webapp'",
    "client_certificates": "= provider.ca.client_certificates",
    "allow_limited_certs": "= provider.service.allow_limited_bandwidth",
    "allow_unlimited_certs": "= provider.service.allow_unlimited_bandwidth",
    "allow_anonymous_certs": "= provider.service.allow_anonymous",
    "allow_registration": "= provider.service.allow_registration",
    "invite_required": "= provider.enrollment_policy == 'invite'",
    "default_service_level": "= provider.service.default_service_level",
    "service_levels": "= service_levels()",
    "secret_key_base": "= secret :webapp_secret_key_base",
    "secret_token": "= secret :webapp_secret_token",
    "api_version": 1,
    "secure": false,
    "client_version": "= provider.client_version",
    "nagios_test_user": {
      "username": "nagios_test",
      "password": "= secret :nagios_test_password"
    },
    "engines": [
      "support"
    ],
    "locales": "= provider.languages",
    "default_locale": "= provider.default_language",
    "api_tokens": {
      "monitor": "= secret :api_monitor_auth_token",
      "allowed_ips": "= host_ips(nodes_like_me)"
    }
  },
  "stunnel": {
    "clients": {
      "couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
    }
  },
  "definition_files": {
    "provider": "= file :provider_json_template",
    "eip_service": "= file [:eip_service_json_template, 'v'+webapp.api_version.to_s]",
    "soledad_service": "= file [:soledad_service_json_template, 'v'+webapp.api_version.to_s]",
    "smtp_service": "= file [:smtp_service_json_template, 'v'+webapp.api_version.to_s]"
  },
  "service_type": "public_service",
  "api": {
    "domain": "= 'api.' + webapp.domain",
    "version": 1,
    "port": 4430,
    "ca_cert_uri": "= 'https://' + webapp.domain + '/ca.crt'",
    "uri": "= %(https://#{api.domain}:#{api.port}/#{api.version})"
  },
  "nickserver": {
    "domain": "= 'nicknym.' + domain.full_suffix",
    "couchdb_port": "= couchdb_port",
    "couchdb_nickserver_user": {
      "username": "= global.services[:couchdb].couch.users[:nickserver].username",
      "password": "= secret :couch_nickserver_password",
      "salt": "= hex_secret :couch_nickserver_password_salt, 128"
    },
    "port": 6425
  },
  "x509": {
    "use": true,
    "use_commercial": true,
    "ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
    "client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`.'",
    "client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`.'"
  },
  "firewall": {
    "webapp": {
      "from": "*",
      "to": "= ip_address",
      "port": "= [api.port, 443, 80, nickserver.port]"
    }
  }
}