1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
{
"ip_address": null,
"environment": null,
"services": [],
"tags": [],
"contacts": "= provider.contacts.default",
"domain": {
"full_suffix": "= provider.domain",
"internal_suffix": "= provider.domain_internal",
"full": "= node.name + '.' + domain.full_suffix",
"internal": "= node.name + '.' + domain.internal_suffix",
"name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
},
"dns": {
"public": "= service_type != 'internal_service'"
},
"ssh": {
"authorized_keys": "= authorized_keys",
"config": {
"AllowTcpForwarding": "no"
},
"port": 22,
"mosh": {
"ports": "60000:61000",
"enabled": false
}
},
"hosts": "=> hosts_file",
"x509": {
"use": true,
"use_commercial": false,
"cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
"key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
"ca_cert": "= try_file :ca_cert",
"commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
"commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
"commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
},
"service_type": "internal_service",
"development": {
"site_config": true
},
"name": "common",
"location": null,
"enabled": true,
"mail": {
"smarthost": "= nodes_like_me[:services => :mx].exclude(self).field('domain.full')"
},
"stunnel": {
"clients": {},
"servers": {}
},
"firewall": {
"ssh": {
"from": "sysadmin",
"to": "= ip_address",
"port": "= ssh.port"
},
"stunnel": "=> stunnel_firewall"
},
"platform": {
"version": "= Leap::Platform.version.to_s",
"major_version": "= Leap::Platform.major_version"
},
"sources": {
"apt": {
"basic": "http://httpredir.debian.org/debian/",
"security": "http://security.debian.org/",
"backports": "http://httpredir.debian.org/debian/"
},
"leap-mx": {
"type": "apt",
"package": "leap-mx",
"revision": "latest"
},
"nickserver": {
"type": "git",
"source": "https://leap.se/git/nickserver",
"revision": "origin/master"
},
"soledad": {
"type": "apt",
"package": "soledad-server",
"revision": "latest"
},
"tapicero": {
"type": "git",
"source": "https://leap.se/git/tapicero",
"revision": "origin/version/0.7"
},
"webapp": {
"type": "git",
"source": "https://leap.se/git/leap_web",
"revision": "origin/version/0.7.1"
}
}
}
|