From c2314b65ea0889a7c5bdb3dce6098314633abc73 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Sun, 18 Oct 2020 22:37:17 +0200
Subject: [PATCH 1/2] eolisation

---
 dicos/50_lemur.xml    | 27 +++++++++++++
 funcs/lemur.py        |  5 +++
 posttemplate/00-lemur |  0
 tmpl/lemur.conf.py    | 90 +++++++++++++++++++++++++++++++++++++++++++
 tmpl/lemur.yml        | 17 ++++++++
 tmpl/nginx-lemur      | 20 ++++++++++
 6 files changed, 159 insertions(+)
 create mode 100644 dicos/50_lemur.xml
 create mode 100644 funcs/lemur.py
 mode change 100644 => 100755 posttemplate/00-lemur
 create mode 100644 tmpl/lemur.conf.py
 create mode 100644 tmpl/lemur.yml
 create mode 100644 tmpl/nginx-lemur

diff --git a/dicos/50_lemur.xml b/dicos/50_lemur.xml
new file mode 100644
index 00000000..9ee43c1d
--- /dev/null
+++ b/dicos/50_lemur.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<creole>
+    <files>
+        <!--service>lemur</service-->
+	<file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
+	<file name='/etc/eole/eole-db.d/lemur.yml'/>
+	<file name='/etc/nginx/sites-enabled/lemur' source='nginx-lemur'/>
+    </files>
+    <variables>
+        <family name='lemur'>
+            <variable name='lemur_secret' type='password' description="Secret pour Lemur" auto_save="True"/>
+            <variable name='lemur_token_secret' type='password' description="Token secret pour Lemur" auto_save="True"/>
+            <variable name='lemur_encrypt_keys' type='password' description="Encrypt keys pour Lemur" auto_save="True"/>
+            <variable name='lemur_db_name' type='string' description="Nom de la base de donnée de Lemur" mode="expert">
+                <value>lemur</value>
+            </variable>
+            <variable name='lemur_db_user' type='string' description="Nom de l'utilisateur de la base de donnée de Lemur" mode="expert">
+                <value>lemur</value>
+            </variable>
+        </family>
+    </variables>
+    <constraints>
+        <fill name='gen_random_base64' target='lemur_secret'/>
+        <fill name='gen_random_base64' target='lemur_token_secret'/>
+        <fill name='gen_random_base64' target='lemur_encrypt_keys'/>
+    </constraints>
+</creole>
diff --git a/funcs/lemur.py b/funcs/lemur.py
new file mode 100644
index 00000000..836cf42a
--- /dev/null
+++ b/funcs/lemur.py
@@ -0,0 +1,5 @@
+from secrets import token_bytes as _token_bytes
+from base64 import urlsafe_b64encode as _urlsafe_b64encode
+
+def gen_random_base64():
+    return base64.urlsafe_b64encode(secrets.token_bytes(32)).decode()
diff --git a/posttemplate/00-lemur b/posttemplate/00-lemur
old mode 100644
new mode 100755
diff --git a/tmpl/lemur.conf.py b/tmpl/lemur.conf.py
new file mode 100644
index 00000000..fee1aa5c
--- /dev/null
+++ b/tmpl/lemur.conf.py
@@ -0,0 +1,90 @@
+
+# This is just Python which means you can inherit and tweak settings
+
+import os
+_basedir = os.path.abspath(os.path.dirname(__file__))
+
+THREADS_PER_PAGE = 8
+
+# General
+
+# These will need to be set to `True` if you are developing locally
+CORS = False
+debug = False
+
+# this is the secret key used by flask session management
+SECRET_KEY = '%%lemur_secret'
+
+# You should consider storing these separately from your config
+LEMUR_TOKEN_SECRET = '%%lemur_token_secret'
+LEMUR_ENCRYPTION_KEYS = '%%lemur_encrypt_keys'
+
+# List of domain regular expressions that non-admin users can issue
+LEMUR_ALLOWED_DOMAINS = []
+
+# Mail Server
+
+LEMUR_EMAIL = ''
+LEMUR_SECURITY_TEAM_EMAIL = []
+
+# Certificate Defaults
+
+LEMUR_DEFAULT_COUNTRY = ''
+LEMUR_DEFAULT_STATE = ''
+LEMUR_DEFAULT_LOCATION = ''
+LEMUR_DEFAULT_ORGANIZATION = ''
+LEMUR_DEFAULT_ORGANIZATIONAL_UNIT = ''
+
+# Authentication Providers
+ACTIVE_PROVIDERS = []
+
+# Metrics Providers
+METRIC_PROVIDERS = []
+
+# Logging
+
+LOG_LEVEL = "DEBUG"
+LOG_FILE = "lemur.log"
+
+
+# Database
+
+# modify this if you are not using a local database
+SQLALCHEMY_DATABASE_PASSWORD = 'replaceme'
+SQLALCHEMY_DATABASE_URI = f'postgresql://%%lemur_db_user:{SQLALCHEMY_DATABASE_PASSWORD}@localhost:5432/%%lemur_db_name'
+
+# AWS
+
+#LEMUR_INSTANCE_PROFILE = 'Lemur'
+
+# Issuers
+
+# These will be dependent on which 3rd party that Lemur is
+# configured to use.
+
+# VERISIGN_URL = ''
+# VERISIGN_PEM_PATH = ''
+# VERISIGN_FIRST_NAME = ''
+# VERISIGN_LAST_NAME = ''
+# VERSIGN_EMAIL = ''
+
+#FIXME
+DIGICERT_CIS_API_KEY = ""
+DIGICERT_CIS_URL = ""
+DIGICERT_CIS_ROOTS = ''
+DIGICERT_API_KEY = ''
+DIGICERT_CIS_PROFILE_NAMES = ''
+DIGICERT_URL = ''
+DIGICERT_ORG_ID = ''
+DIGICERT_ORDER_TYPE = ''
+DIGICERT_ROOT = ''
+
+ENTRUST_API_CERT = ''
+ENTRUST_API_KEY = ''
+ENTRUST_API_USER = ''
+ENTRUST_API_PASS = ''
+ENTRUST_URL = ''
+ENTRUST_ROOT = ''
+ENTRUST_NAME = ''
+ENTRUST_EMAIL = ''
+ENTRUST_PHONE = ''
diff --git a/tmpl/lemur.yml b/tmpl/lemur.yml
new file mode 100644
index 00000000..0218cf08
--- /dev/null
+++ b/tmpl/lemur.yml
@@ -0,0 +1,17 @@
+%from os import listdir
+%set %%dbname = %lemur_db_name
+---
+dbuser: %%lemur_db_user
+dbuser_options:
+  - LOGIN
+privileges:
+  %%{dbname}.public.*: 'ALL'
+  %%{dbname}.public: 'ALL'
+  %%{dbname}: 'ALL'
+dbhost: %%risotto_db_address
+dbport: 5432
+dbtype: postgres
+dbname: %%dbname
+template: 'template0'
+pwd_files:
+  - {'file': '/etc/lemur/lemur.conf.py', 'pattern': 'SQLALCHEMY_DATABASE_PASSWORD = "'}
diff --git a/tmpl/nginx-lemur b/tmpl/nginx-lemur
new file mode 100644
index 00000000..c623766a
--- /dev/null
+++ b/tmpl/nginx-lemur
@@ -0,0 +1,20 @@
+server {
+	listen 80 default_server;
+	listen [::]:80 default_server;
+
+	location /lemur/api {
+	     proxy_pass  http://127.0.0.1:8002/api;
+	     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+	     proxy_redirect off;
+	     proxy_buffering off;
+	     proxy_set_header        Host            $host;
+	     proxy_set_header        X-Real-IP       $remote_addr;
+	     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+	 }
+
+	 location /lemur {
+	     root /usr/share/lemur/static;
+	     include mime.types;
+	     index index.html;
+	 }
+}

From 730845c8616a6522ec22e6c452d9586f00285cdf Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@cadoles.com>
Date: Mon, 19 Oct 2020 15:15:13 +0200
Subject: [PATCH 2/2] correction eolisation

---
 dicos/50_lemur.xml    |  2 +-
 funcs/lemur.py        |  3 ++-
 tmpl/lemur.yml        |  3 +--
 tmpl/nginx-lemur      | 20 --------------------
 tmpl/nginx-lemur.conf | 15 +++++++++++++++
 5 files changed, 19 insertions(+), 24 deletions(-)
 delete mode 100644 tmpl/nginx-lemur
 create mode 100644 tmpl/nginx-lemur.conf

diff --git a/dicos/50_lemur.xml b/dicos/50_lemur.xml
index 9ee43c1d..86b41e61 100644
--- a/dicos/50_lemur.xml
+++ b/dicos/50_lemur.xml
@@ -4,7 +4,7 @@
         <!--service>lemur</service-->
 	<file name='/etc/lemur/lemur.conf.py' mkdir='True'/>
 	<file name='/etc/eole/eole-db.d/lemur.yml'/>
-	<file name='/etc/nginx/sites-enabled/lemur' source='nginx-lemur'/>
+	<file name='/etc/nginx/web.d/lemur.conf' source='nginx-lemur.conf'/>
     </files>
     <variables>
         <family name='lemur'>
diff --git a/funcs/lemur.py b/funcs/lemur.py
index 836cf42a..8cd6505e 100644
--- a/funcs/lemur.py
+++ b/funcs/lemur.py
@@ -1,5 +1,6 @@
 from secrets import token_bytes as _token_bytes
 from base64 import urlsafe_b64encode as _urlsafe_b64encode
 
+
 def gen_random_base64():
-    return base64.urlsafe_b64encode(secrets.token_bytes(32)).decode()
+    return _urlsafe_b64encode(_token_bytes(32)).decode()
diff --git a/tmpl/lemur.yml b/tmpl/lemur.yml
index 0218cf08..fa09b2e3 100644
--- a/tmpl/lemur.yml
+++ b/tmpl/lemur.yml
@@ -1,5 +1,4 @@
-%from os import listdir
-%set %%dbname = %lemur_db_name
+%set %%dbname = %%lemur_db_name
 ---
 dbuser: %%lemur_db_user
 dbuser_options:
diff --git a/tmpl/nginx-lemur b/tmpl/nginx-lemur
deleted file mode 100644
index c623766a..00000000
--- a/tmpl/nginx-lemur
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
-	listen 80 default_server;
-	listen [::]:80 default_server;
-
-	location /lemur/api {
-	     proxy_pass  http://127.0.0.1:8002/api;
-	     proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
-	     proxy_redirect off;
-	     proxy_buffering off;
-	     proxy_set_header        Host            $host;
-	     proxy_set_header        X-Real-IP       $remote_addr;
-	     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
-	 }
-
-	 location /lemur {
-	     root /usr/share/lemur/static;
-	     include mime.types;
-	     index index.html;
-	 }
-}
diff --git a/tmpl/nginx-lemur.conf b/tmpl/nginx-lemur.conf
new file mode 100644
index 00000000..d1eb2b18
--- /dev/null
+++ b/tmpl/nginx-lemur.conf
@@ -0,0 +1,15 @@
+location /lemur/api {
+    proxy_pass  http://127.0.0.1:8002/api;
+    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
+    proxy_redirect off;
+    proxy_buffering off;
+    proxy_set_header        Host            $host;
+    proxy_set_header        X-Real-IP       $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+}
+
+location /lemur/ {
+    alias /usr/share/lemur/static/;
+    include mime.types;
+    index index.html;
+}