1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
{
"mx": {
// provider should define their own custom aliases.
// these are in *addition* to the standard reserved aliases for root and postmaster, etc.
"aliases": {},
// this is the domain that is used for the OpenPGP header
"key_lookup_domain": "= global.services[:webapp].webapp.domain"
},
"stunnel": {
"clients": {
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
}
},
"haproxy": {
"couch": {
"listen_port": 4096,
"servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
}
},
"couchdb_leap_mx_user": {
"username": "= global.services[:couchdb].couch.users[:leap_mx].username",
"password": "= secret :couch_leap_mx_password",
"salt": "= hex_secret :couch_leap_mx_password_salt, 128"
},
"mynetworks": "= nodes['environment' => '!local'].map{|name, n| [n.ip_address, (global.facts[name]||{})['ec2_public_ipv4']]}.flatten.compact.uniq",
"rbls": ["zen.spamhaus.org"],
"clamav": {
"whitelisted_addresses": []
},
"x509": {
"use": true,
"use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
"client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
},
"service_type": "user_service",
"firewall": {
"mx": {
"from": "*",
"to": "= ip_address",
"port": [25, 465]
}
}
}
|