1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
{
"mx": {
// provider should define their own custom aliases.
// these are in *addition* to the standard reserved aliases for root and postmaster, etc.
"aliases": {},
// this is the domain that is used for the OpenPGP header
"key_lookup_domain": "= global.services[:webapp].webapp.domain",
"dkim": {
// bit sizes larger than 2048 are not necessarily supported
"bit_size": 2048,
"public_key": "= remote_file_path(:dkim_pub_key) { generate_dkim_key(mx.dkim.bit_size) }",
"private_key": "= remote_file_path(:dkim_priv_key) { generate_dkim_key(mx.dkim.bit_size) }",
// generate selector based on first ten digits of pub key fingerprint:
"selector": "= fingerprint(local_file_path(:dkim_pub_key) { generate_dkim_key(mx.dkim.bit_size) }, :mode => :rsa).slice(0,10)"
}
},
"stunnel": {
"clients": {
"couch_client": "= stunnel_client(nodes_like_me[:services => :couchdb], global.services[:couchdb].couch.port)"
}
},
"haproxy": {
"couch": {
"listen_port": 4096,
"servers": "= haproxy_servers(nodes_like_me[:services => :couchdb], stunnel.clients.couch_client, global.services[:couchdb].couch.port)"
}
},
"couchdb_leap_mx_user": {
"username": "= global.services[:couchdb].couch.users[:leap_mx].username",
"password": "= secret :couch_leap_mx_password",
"salt": "= hex_secret :couch_leap_mx_password_salt, 128"
},
"mynetworks": "= host_ips(nodes)",
"rbls": ["zen.spamhaus.org"],
"clamav": {
"whitelisted_addresses": []
},
"x509": {
"use": true,
"use_commercial": true,
"ca_cert": "= file :ca_cert, :missing => 'provider CA. Run `leap cert ca`'",
"client_ca_cert": "= file :client_ca_cert, :missing => 'Certificate Authority. Run `leap cert ca`'",
"client_ca_key": "= file :client_ca_key, :missing => 'Certificate Authority. Run `leap cert ca`'"
},
"service_type": "user_service",
"firewall": {
"mx": {
"from": "*",
"to": "= ip_address",
"port": [25, 465]
}
}
}
|