summaryrefslogtreecommitdiff
path: root/provider_base/common.json
blob: 9cc7875a300639e5f8de3839af33a3531df92fd7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
{
  "ip_address": null,
  "environment": null,
  "services": [],
  "tags": [],
  "contacts": "= provider.contacts.default",
  "domain": {
     "full_suffix": "= provider.domain",
     "internal_suffix": "= provider.domain_internal",
     "full": "= node.name + '.' + domain.full_suffix",
     "internal": "= node.name + '.' + domain.internal_suffix",
     "name": "= node.name + '.' + (dns.public ? domain.full_suffix : domain.internal_suffix)"
  },
  "dns": {
    "public": "= service_type != 'internal_service'"
  },
  "ssh": {
    "authorized_keys": "= authorized_keys",
    "config": {
      "AllowTcpForwarding": "no"
    },
    "port": 22,
    "mosh": {
      "ports": "60000:61000",
      "enabled": false
    }
  },
  "hosts": "=> hosts_file",
  "x509": {
    "use": true,
    "use_commercial": false,
    "cert": "= x509.use ? file(:node_x509_cert, :missing => 'x509 certificate for node $node. Run `leap cert update`') : nil",
    "key": "= x509.use ? file(:node_x509_key, :missing => 'x509 key for node $node. Run `leap cert update`') : nil",
    "ca_cert": "= try_file :ca_cert",
    "commercial_cert": "= x509.use_commercial ? file([:commercial_cert, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
    "commercial_key": "= x509.use_commercial ? file([:commercial_key, try{webapp.domain}||domain.full_suffix], :missing => 'commercial x509 certificate for node $node. Add file $file, or run `leap cert csr --domain %s` to generate a temporary self-signed cert and CSR you can use to purchase a real cert.' % (try{webapp.domain}||domain.full_suffix)) : nil",
    "commercial_ca_cert": "= x509.use_commercial ? try_file(:commercial_ca_cert) : nil"
  },
  "service_type": "internal_service",
  "development": {
    "site_config": true
  },
  "name": "common",
  "location": null,
  "enabled": true,
  "mail": {
    "smarthost": "= nodes_like_me[:services => :mx].exclude(self).field('domain.full')"
  },
  "stunnel": {
    "clients": {},
    "servers": {}
  },
  "firewall": {
    "ssh": {
      "from": "sysadmin",
      "to": "= ip_address",
      "port": "= ssh.port"
    },
    "stunnel": "=> stunnel_firewall"
  },
  "platform": {
    "version": "= Leap::Platform.version.to_s",
    "major_version": "= Leap::Platform.major_version"
  },
  "sources": {
    "apt": {
      "basic": "http://httpredir.debian.org/debian/",
      "security": "http://security.debian.org/",
      "backports": "http://httpredir.debian.org/debian/"
    },
    "leap-mx": {
      "type": "apt",
      "package": "leap-mx",
      "revision": "latest"
    },
    "nickserver": {
      "type": "git",
      "source": "https://leap.se/git/nickserver",
      "revision": "origin/master"
    },
    "soledad": {
      "type": "apt",
      "package": "soledad-server",
      "revision": "latest"
    },
    "tapicero": {
      "type": "git",
      "source": "https://leap.se/git/tapicero",
      "revision": "origin/version/0.7"
    },
    "webapp": {
      "type": "git",
      "source": "https://leap.se/git/leap_web",
      "revision": "origin/version/0.7.1"
    }
  }
}