diff --git a/dicos/50_lemur.xml b/dicos/50_lemur.xml new file mode 100644 index 00000000..86b41e61 --- /dev/null +++ b/dicos/50_lemur.xml @@ -0,0 +1,27 @@ + + + + + + + + + + + + + + + lemur + + + lemur + + + + + + + + + diff --git a/funcs/lemur.py b/funcs/lemur.py new file mode 100644 index 00000000..8cd6505e --- /dev/null +++ b/funcs/lemur.py @@ -0,0 +1,6 @@ +from secrets import token_bytes as _token_bytes +from base64 import urlsafe_b64encode as _urlsafe_b64encode + + +def gen_random_base64(): + return _urlsafe_b64encode(_token_bytes(32)).decode() diff --git a/posttemplate/00-lemur b/posttemplate/00-lemur old mode 100644 new mode 100755 diff --git a/tmpl/lemur.conf.py b/tmpl/lemur.conf.py new file mode 100644 index 00000000..fee1aa5c --- /dev/null +++ b/tmpl/lemur.conf.py @@ -0,0 +1,90 @@ + +# This is just Python which means you can inherit and tweak settings + +import os +_basedir = os.path.abspath(os.path.dirname(__file__)) + +THREADS_PER_PAGE = 8 + +# General + +# These will need to be set to `True` if you are developing locally +CORS = False +debug = False + +# this is the secret key used by flask session management +SECRET_KEY = '%%lemur_secret' + +# You should consider storing these separately from your config +LEMUR_TOKEN_SECRET = '%%lemur_token_secret' +LEMUR_ENCRYPTION_KEYS = '%%lemur_encrypt_keys' + +# List of domain regular expressions that non-admin users can issue +LEMUR_ALLOWED_DOMAINS = [] + +# Mail Server + +LEMUR_EMAIL = '' +LEMUR_SECURITY_TEAM_EMAIL = [] + +# Certificate Defaults + +LEMUR_DEFAULT_COUNTRY = '' +LEMUR_DEFAULT_STATE = '' +LEMUR_DEFAULT_LOCATION = '' +LEMUR_DEFAULT_ORGANIZATION = '' +LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = '' + +# Authentication Providers +ACTIVE_PROVIDERS = [] + +# Metrics Providers +METRIC_PROVIDERS = [] + +# Logging + +LOG_LEVEL = "DEBUG" +LOG_FILE = "lemur.log" + + +# Database + +# modify this if you are not using a local database +SQLALCHEMY_DATABASE_PASSWORD = 'replaceme' +SQLALCHEMY_DATABASE_URI = f'postgresql://%%lemur_db_user:{SQLALCHEMY_DATABASE_PASSWORD}@localhost:5432/%%lemur_db_name' + +# AWS + +#LEMUR_INSTANCE_PROFILE = 'Lemur' + +# Issuers + +# These will be dependent on which 3rd party that Lemur is +# configured to use. + +# VERISIGN_URL = '' +# VERISIGN_PEM_PATH = '' +# VERISIGN_FIRST_NAME = '' +# VERISIGN_LAST_NAME = '' +# VERSIGN_EMAIL = '' + +#FIXME +DIGICERT_CIS_API_KEY = "" +DIGICERT_CIS_URL = "" +DIGICERT_CIS_ROOTS = '' +DIGICERT_API_KEY = '' +DIGICERT_CIS_PROFILE_NAMES = '' +DIGICERT_URL = '' +DIGICERT_ORG_ID = '' +DIGICERT_ORDER_TYPE = '' +DIGICERT_ROOT = '' + +ENTRUST_API_CERT = '' +ENTRUST_API_KEY = '' +ENTRUST_API_USER = '' +ENTRUST_API_PASS = '' +ENTRUST_URL = '' +ENTRUST_ROOT = '' +ENTRUST_NAME = '' +ENTRUST_EMAIL = '' +ENTRUST_PHONE = '' diff --git a/tmpl/lemur.yml b/tmpl/lemur.yml new file mode 100644 index 00000000..fa09b2e3 --- /dev/null +++ b/tmpl/lemur.yml @@ -0,0 +1,16 @@ +%set %%dbname = %%lemur_db_name +--- +dbuser: %%lemur_db_user +dbuser_options: + - LOGIN +privileges: + %%{dbname}.public.*: 'ALL' + %%{dbname}.public: 'ALL' + %%{dbname}: 'ALL' +dbhost: %%risotto_db_address +dbport: 5432 +dbtype: postgres +dbname: %%dbname +template: 'template0' +pwd_files: + - {'file': '/etc/lemur/lemur.conf.py', 'pattern': 'SQLALCHEMY_DATABASE_PASSWORD = "'} diff --git a/tmpl/nginx-lemur.conf b/tmpl/nginx-lemur.conf new file mode 100644 index 00000000..d1eb2b18 --- /dev/null +++ b/tmpl/nginx-lemur.conf @@ -0,0 +1,15 @@ +location /lemur/api { + proxy_pass http://127.0.0.1:8002/api; + proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; + proxy_redirect off; + proxy_buffering off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +} + +location /lemur/ { + alias /usr/share/lemur/static/; + include mime.types; + index index.html; +}