From fc97ee1c63d3ee97863695564273bf92a180e099 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Sat, 14 Nov 2020 09:59:42 +0100
Subject: [PATCH] update configuration

---
 dicos/50_lemur.xml    | 18 +++++++++++++++---
 posttemplate/03-lemur |  3 +++
 tmpl/lemur.conf.py    | 17 +++++++++++------
 3 files changed, 29 insertions(+), 9 deletions(-)

diff --git a/dicos/50_lemur.xml b/dicos/50_lemur.xml
index 5934192..8a601b8 100644
--- a/dicos/50_lemur.xml
+++ b/dicos/50_lemur.xml
@@ -2,9 +2,9 @@
 <creole>
     <files>
         <service>lemur</service>
-	<file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
-	<file name='/etc/eole/eole-db.d/lemur.yml'/>
-	<file name='/etc/nginx/web.d/lemur.conf' source='nginx-lemur.conf'/>
+        <file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
+        <file name='/etc/eole/eole-db.d/lemur.yml'/>
+        <file name='/etc/nginx/web.d/lemur.conf' source='nginx-lemur.conf'/>
     </files>
     <variables>
         <family name='lemur'>
@@ -18,6 +18,18 @@
                 <value>lemur</value>
             </variable>
             <variable name='lemur_admin_password' type='password' description="Mot de passe de l'utilisateur admin de Lemur" auto_save="True"/>
+            <variable name='lemur_admin_email' type='mail' description="Adresse courriel d'administration de Lemur" mandatory="True"/>
+            <variable name='lemur_default_country' type='' description="" mandatory="True">
+                <value>FR</value>
+            </variable>
+            <variable name='lemur_default_state' type='' description="" mandatory="True">
+                <value>Bourgogne</value>
+            </variable>
+            <variable name='lemur_default_location' type='' description="" mandatory="True">
+                <value>Dijon</value>
+            </variable>
+            <variable name='lemur_default_organization' type='' description="" mandatory="True"/>
+            <variable name='lemur_default_organization_unit' type='' description="" mandatory="True"/>
         </family>
     </variables>
     <constraints>
diff --git a/posttemplate/03-lemur b/posttemplate/03-lemur
index 5e8bf61..e020a9a 100755
--- a/posttemplate/03-lemur
+++ b/posttemplate/03-lemur
@@ -12,6 +12,9 @@ chown lemur: /var/log/lemur/
 chmod 640 /etc/lemur/*
 chgrp lemur /etc/lemur/*
 systemctl start postgresql.service
+psql -Upostgres -c "grant all on all tables in schema public to lemur" lemur
+psql -Upostgres -c "grant all on all sequences in schema public to lemur" lemur
+psql -Upostgres -c "grant all on all functions in schema public to lemur" lemur
 su - lemur -s /bin/bash -c "lemur --config=/etc/lemur/lemur.conf.py init --password $(CreoleGet lemur_admin_password)"
 systemctl stop postgresql.service
 
diff --git a/tmpl/lemur.conf.py b/tmpl/lemur.conf.py
index 740ecc5..f1c8135 100644
--- a/tmpl/lemur.conf.py
+++ b/tmpl/lemur.conf.py
@@ -24,16 +24,20 @@ LEMUR_ALLOWED_DOMAINS = []
 
 # Mail Server
 
-LEMUR_EMAIL = ''
+LEMUR_EMAIL = '%%lemur_admin_email'
 LEMUR_SECURITY_TEAM_EMAIL = []
 
 # Certificate Defaults
 
-LEMUR_DEFAULT_COUNTRY = ''
-LEMUR_DEFAULT_STATE = ''
-LEMUR_DEFAULT_LOCATION = ''
-LEMUR_DEFAULT_ORGANIZATION = ''
-LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ''
+LEMUR_DEFAULT_COUNTRY = '%%lemur_default_country'
+LEMUR_DEFAULT_STATE = '%%lemur_default_state'
+LEMUR_DEFAULT_LOCATION = '%%lemur_default_location'
+LEMUR_DEFAULT_ORGANIZATION = '%%lemur_default_organization'
+LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = '%%lemur_default_organization_unit'
+
+# Default issuer
+
+LEMUR_DEFAULT_ISSUER_PLUGIN = 'cryptography-issuer'
 
 # Authentication Providers
 ACTIVE_PROVIDERS = []
@@ -45,6 +49,7 @@ METRIC_PROVIDERS = []
 
 LOG_LEVEL = "DEBUG"
 LOG_FILE = "/var/log/lemur/lemur.log"
+LOG_UPGRADE_FILE = '/var/log/lemur/db_upgrade.log'
 
 
 # Database