summaryrefslogtreecommitdiff
path: root/config/defaults.yml
blob: bcb8daceac533fb1d566aa544ed6866779750f98 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
dev_ca: &dev_ca
  client_ca_key: "./test/files/ca.key"
  client_ca_cert: "./test/files/ca.crt"
  ca_key_password: nil

cert_options: &cert_options
  client_cert_lifespan: "2 months"
  client_cert_bit_size: 2024
  client_cert_hash: "SHA256"
  allow_limited_certs: false
  allow_unlimited_certs: true
  allow_anonymous_certs: false
  limited_cert_prefix: "LIMITED"
  unlimited_cert_prefix: "UNLIMITED"

downloads: &downloads
  client_download_domain: https://dl.bitmask.net
  available_clients:
    - linux
    - osx
    - windows
    - android
  download_paths:
    android: /android/
    linux:   /linux/
    osx:     /mac/
    windows: /windows/
    other:   /

common: &common
  force_ssl: false
  pagination_size: 30
  auth:
    token_expires_after: 60

  # handles that will be blocked from being used as logins or email aliases
  # in addition to the ones in /etc/passwd and http://tools.ietf.org/html/rfc2142
  handle_blacklist:
    - certmaster
    - ssladmin
    - arin-admin
    - administrator
    - www-data
    - maildrop
    - postmaster
    - admin
    - contact
    - info
    - noreply
    - robot
    - helpdesk
    - help
    - tickets
    - owner
  # handles that will be allowed despite being in /etc/passwd or rfc2142
  handle_whitelist: []
  # actions enabled in the account settings
  # see /users/app/views/users/_edit.html.haml for a list.
  user_actions: ['contact_email', 'destroy_account']
  admin_actions: ['contact_email', 'change_pgp_key', 'change_service_level', 'destroy_account']
  billing: ~
  default_locale: :en
  available_locales:
    - :cs
    - :de
    - :el
    - :en
    - :es
    - :fi
    - :fr
    - :hu
    - :it
    - :lt
    - :nb
    - :nl
    - :pl
    - :pt
    - :ru
    - :tr
    - :zh
  minimum_client_version: "0.5"
  engines:
    - support
    - billing
  allow_registration: true
  invite_required: false
  config_file_paths:
    soledad-service: 'public/1/config/soledad-service.json'
    eip-service: 'public/1/config/eip-service.json'
    smtp-service: 'public/1/config/smtp-service.json'
    provider: 'config/provider/provider.json'
  mailer:
    from_address: 'noreply'

service_levels: &service_levels
  service_levels:
    1:
      name: free
      description: "free account, with rate limited VPN"
      eip_rate_limit: true
      storage: 100
      services:
        - eip
    2:
      name: premium
      description: "premium account, with unlimited vpn"
      rate:
        USD: 10
        EUR: 10
      services:
        - eip
        - email
  default_service_level: 1

development:
  <<: *downloads
  <<: *dev_ca
  <<: *cert_options
  <<: *common
  <<: *service_levels
  admins: [blue, red, staff]
  api_tokens:
    monitor: nil
    admin: nil
  domain: example.org
  secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  reraise_errors: true

test:
  <<: *downloads
  <<: *dev_ca
  <<: *cert_options
  <<: *common
  <<: *service_levels
  admins: [admin, admin2]
  api_tokens:
    monitor: "212da28a59dcaca487365309dc93aa09"
    admin: nil
    allowed_ips:
      - 0.0.0.0
  domain: test.me
  secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  reraise_errors: true
  billing: {}
  default_locale: :en
  available_locales:
    - :en
    - :de

production:
  <<: *downloads
  <<: *cert_options
  <<: *common
  admins: []
  api_tokens:
    monitor: nil
    admin: nil
  domain: example.net
  engines:
    - support
  # logfile: /path/to/your/logs