Further tweaks

Vagrantfile

@@ -41,6 +41,7 @@ Vagrant.configure("2") do |config|
     debian10.vm.network "forwarded_port", guest: 8800, host: ENV.fetch("PORT", 8802)
     debian10.vm.provision "shell", reboot: true, inline: <<~SHELL
       export DEBIAN_FRONTEND=noninteractive
+      export APT_LISTCHANGES_FRONTEND=none
 
       # Add Backports repo
       sudo bash -c 'echo "deb http://deb.debian.org/debian buster-backports main" > /etc/apt/sources.list.d/backports.list'

omnibus/cookbooks/firezone/attributes/default.rb

@@ -23,13 +23,6 @@ require 'etc'
 # These are examples of things you may want to do, depending on how you set up
 # the application to run.
 #
-# ### Chef Identity
-#
-# You will have to set this up in order to log into Firezone and upload
-# cookbooks with your Chef server keys.
-#
-# See the "Chef OAuth2 Settings" section below
-#
 # ### Using an external Postgres database
 #
 # Disable the provided Postgres instance and connect to your own:
@@ -59,11 +52,6 @@ require 'etc'
 # specified.
 default['firezone']['fqdn'] = (node['fqdn'] || node['hostname']).downcase
 
-# The URL for the Chef server. Used with the "Chef OAuth2 Settings" and
-# "Chef URL Settings" below. If this is not set, authentication and some of the
-# links in the application will not work.
-default['firezone']['chef_server_url'] = nil
-
 default['firezone']['config_directory'] = '/etc/firezone'
 default['firezone']['install_directory'] = '/opt/firezone'
 default['firezone']['app_directory'] = "#{node['firezone']['install_directory']}/embedded/service/firezone"

omnibus/cookbooks/firezone/recipes/app.rb

@@ -19,75 +19,75 @@
 
 # Common configuration for Phoenix
 
-include_recipe 'omnibus-supermarket::config'
-include_recipe 'omnibus-supermarket::phoenix'
+include_recipe 'firezone::config'
+include_recipe 'firezone::phoenix'
 
 file 'environment-variables' do
-  path "#{node['supermarket']['var_directory']}/etc/env"
-  content Supermarket::Config.environment_variables_from(node['supermarket'].merge('force_ssl' => node['supermarket']['nginx']['force_ssl']))
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+  path "#{node['firezone']['var_directory']}/etc/env"
+  content Firezone::Config.environment_variables_from(node['firezone'].merge('force_ssl' => node['firezone']['nginx']['force_ssl']))
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
 end
 
-link "#{node['supermarket']['app_directory']}/.env.production" do
-  to "#{node['supermarket']['var_directory']}/etc/env"
+link "#{node['firezone']['app_directory']}/.env.production" do
+  to "#{node['firezone']['var_directory']}/etc/env"
 end
 
-file "#{node['supermarket']['var_directory']}/etc/database.yml" do
+file "#{node['firezone']['var_directory']}/etc/database.yml" do
   content(YAML.dump({
     'production' => {
       'adapter' => 'postgresql',
-      'database' => node['supermarket']['database']['name'],
-      'username' => node['supermarket']['database']['user'],
-      'password' => node['supermarket']['database']['password'],
-      'host' => node['supermarket']['database']['host'],
-      'port' => node['supermarket']['database']['port'],
-      'pool' => node['supermarket']['database']['pool'],
+      'database' => node['firezone']['database']['name'],
+      'username' => node['firezone']['database']['user'],
+      'password' => node['firezone']['database']['password'],
+      'host' => node['firezone']['database']['host'],
+      'port' => node['firezone']['database']['port'],
+      'pool' => node['firezone']['database']['pool'],
     }
   }))
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
 end
 
-link "#{node['supermarket']['app_directory']}/config/database.yml" do
-  to "#{node['supermarket']['var_directory']}/etc/database.yml"
+link "#{node['firezone']['app_directory']}/config/database.yml" do
+  to "#{node['firezone']['var_directory']}/etc/database.yml"
 end
 
-# Ensure the db schema is owned by the supermarket user, so dumping the db
+# Ensure the db schema is owned by the firezone user, so dumping the db
 # schema after migrate works
-file "#{node['supermarket']['app_directory']}/db/schema.rb" do
-  owner node['supermarket']['user']
+file "#{node['firezone']['app_directory']}/db/schema.rb" do
+  owner node['firezone']['user']
 end
 
 execute 'database schema' do
   command 'bundle exec rake db:migrate db:seed'
-  cwd node['supermarket']['app_directory']
+  cwd node['firezone']['app_directory']
   environment(
-    'RAILS_ENV' => 'production',
-    'HOME' => node['supermarket']['app_directory']
+    'MIX_ENV' => 'production',
+    'HOME' => node['firezone']['app_directory']
   )
-  user node['supermarket']['user']
+  user node['firezone']['user']
 end
 
-# tar files for cookbooks are uploaded to /opt/supermarket/embedded/service/supermarket/public/system
-directory node['supermarket']['data_directory'] do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+# tar files for cookbooks are uploaded to /opt/firezone/embedded/service/firezone/public/system
+directory node['firezone']['data_directory'] do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0755'
   action :create
 end
 
-link "#{node['supermarket']['app_directory']}/public/system" do
-  to node['supermarket']['data_directory']
+link "#{node['firezone']['app_directory']}/public/system" do
+  to node['firezone']['data_directory']
 end
 
 sitemap_files = ['sitemap.xml.gz', 'sitemap1.xml.gz']
 sitemap_files.each do |sitemap_file|
-  file "#{node['supermarket']['app_directory']}/public/#{sitemap_file}" do
-    owner node['supermarket']['user']
-    group node['supermarket']['group']
+  file "#{node['firezone']['app_directory']}/public/#{sitemap_file}" do
+    owner node['firezone']['user']
+    group node['firezone']['group']
     mode '0664'
     action :create
   end

omnibus/cookbooks/firezone/recipes/config.rb

@@ -23,69 +23,64 @@
 # This creates the config_directory if it does not exist as well as the files
 # in it.
 Firezone::Config.load_or_create!(
-  "#{node['supermarket']['config_directory']}/supermarket.rb",
+  "#{node['firezone']['config_directory']}/firezone.rb",
   node
 )
 FireZone::Config.load_from_json!(
-  "#{node['supermarket']['config_directory']}/supermarket.json",
+  "#{node['firezone']['config_directory']}/firezone.json",
   node
 )
 Firezone::Config.load_or_create_secrets!(
-  "#{node['supermarket']['config_directory']}/secrets.json",
+  "#{node['firezone']['config_directory']}/secrets.json",
   node
 )
 
-Firezone::Config.audit_config(node['supermarket'])
+Firezone::Config.audit_config(node['firezone'])
 Firezone::Config.maybe_turn_on_fips(node)
 
-# Copy things we need from the supermarket namespace to the top level. This is
+# Copy things we need from the firezone namespace to the top level. This is
 # necessary for some community cookbooks.
-node.consume_attributes('runit' => node['supermarket']['runit'])
+node.consume_attributes('runit' => node['firezone']['runit'])
 
-# set chef_oauth2_url from chef_server_url after this value has been loaded from config
-if node['supermarket']['chef_server_url'] && node['supermarket']['chef_oauth2_url'].nil?
-  node.default['supermarket']['chef_oauth2_url'] = node['supermarket']['chef_server_url']
+user node['firezone']['user']
+
+group node['firezone']['group'] do
+  members [node['firezone']['user']]
 end
 
-user node['supermarket']['user']
-
-group node['supermarket']['group'] do
-  members [node['supermarket']['user']]
+directory node['firezone']['config_directory'] do
+  owner node['firezone']['user']
+  group node['firezone']['group']
 end
 
-directory node['supermarket']['config_directory'] do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
-end
-
-directory node['supermarket']['var_directory'] do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+directory node['firezone']['var_directory'] do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0700'
   recursive true
 end
 
-directory node['supermarket']['log_directory'] do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+directory node['firezone']['log_directory'] do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0700'
   recursive true
 end
 
-directory "#{node['supermarket']['var_directory']}/etc" do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+directory "#{node['firezone']['var_directory']}/etc" do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0700'
 end
 
-file "#{node['supermarket']['config_directory']}/supermarket.rb" do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+file "#{node['firezone']['config_directory']}/firezone.rb" do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
 end
 
-file "#{node['supermarket']['config_directory']}/secrets.json" do
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+file "#{node['firezone']['config_directory']}/secrets.json" do
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
 end

omnibus/cookbooks/firezone/recipes/log_management.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: supermarket
+# Cookbook:: firezone
 # Recipe:: log_management
 #
 # Copyright:: 2015 Chef Software, Inc.
@@ -17,36 +17,36 @@
 # limitations under the License.
 #
 
-# Omnibus Supermarket log management is mostly handled by runit, svlogd
+# Firezone log management is mostly handled by runit, svlogd
 # and each component service logged to STDOUT for svlogd to handle. Some
 # components do not handle logging to STDOUT well, so logrotate is added
 # to manage the logs generated by those services.
 
-include_recipe 'omnibus-supermarket::config'
+include_recipe 'firezone::config'
 
-directory "#{node['supermarket']['var_directory']}/etc/logrotate.d" do
+directory "#{node['firezone']['var_directory']}/etc/logrotate.d" do
   owner 'root'
   group 'root'
   mode '0755'
 end
 
-template "#{node['supermarket']['var_directory']}/etc/logrotate.conf" do
+template "#{node['firezone']['var_directory']}/etc/logrotate.conf" do
   source 'logrotate.conf.erb'
   mode   '0644'
   owner  'root'
   group  'root'
   variables(
-    var_directory: node['supermarket']['var_directory']
+    var_directory: node['firezone']['var_directory']
   )
 end
 
-template '/etc/cron.hourly/supermarket_logrotate' do
+template '/etc/cron.hourly/firezone_logrotate' do
   source 'logrotate.cron.erb'
   mode   '0755'
   owner  'root'
   group  'root'
   variables(
-    install_directory: node['supermarket']['install_directory'],
-    var_directory: node['supermarket']['var_directory']
+    install_directory: node['firezone']['install_directory'],
+    var_directory: node['firezone']['var_directory']
   )
 end

omnibus/cookbooks/firezone/recipes/nginx.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: supermarket
+# Cookbook:: firezone
 # Recipe:: nginx
 #
 # Copyright:: 2014 Chef Software, Inc.
@@ -17,38 +17,38 @@
 # limitations under the License.
 #
 
-include_recipe 'omnibus-supermarket::config'
+include_recipe 'firezone::config'
 
-[node['supermarket']['nginx']['cache']['directory'],
- node['supermarket']['nginx']['log_directory'],
- node['supermarket']['nginx']['directory'],
- "#{node['supermarket']['nginx']['directory']}/conf.d",
- "#{node['supermarket']['nginx']['directory']}/sites-enabled"].each do |dir|
+[node['firezone']['nginx']['cache']['directory'],
+ node['firezone']['nginx']['log_directory'],
+ node['firezone']['nginx']['directory'],
+ "#{node['firezone']['nginx']['directory']}/conf.d",
+ "#{node['firezone']['nginx']['directory']}/sites-enabled"].each do |dir|
   directory dir do
-    owner node['supermarket']['user']
-    group node['supermarket']['group']
+    owner node['firezone']['user']
+    group node['firezone']['group']
     mode '0700'
     recursive true
   end
 end
 
 # Link the mime.types
-link "#{node['supermarket']['nginx']['directory']}/mime.types" do
-  to "#{node['supermarket']['install_directory']}/embedded/conf/mime.types"
+link "#{node['firezone']['nginx']['directory']}/mime.types" do
+  to "#{node['firezone']['install_directory']}/embedded/conf/mime.types"
 end
 
 template 'nginx.conf' do
-  path "#{node['supermarket']['nginx']['directory']}/nginx.conf"
+  path "#{node['firezone']['nginx']['directory']}/nginx.conf"
   source 'nginx.conf.erb'
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
-  variables(nginx: node['supermarket']['nginx'])
+  variables(nginx: node['firezone']['nginx'])
 end
 
-if node['supermarket']['nginx']['enable']
+if node['firezone']['nginx']['enable']
   component_runit_service 'nginx' do
-    package 'supermarket'
+    package 'firezone'
     action :enable
     subscribes :restart, 'template[nginx.conf]'
     subscribes :restart, 'template[phoenix.nginx.conf]'
@@ -61,15 +61,15 @@ end
 
 # setup log rotation with logrotate because nginx and runit's svlogd
 # differ in opinion about who does the logging
-template "#{node['supermarket']['var_directory']}/etc/logrotate.d/nginx" do
+template "#{node['firezone']['var_directory']}/etc/logrotate.d/nginx" do
   source 'logrotate-rule.erb'
   owner 'root'
   group 'root'
   mode '0644'
   variables(
-    'log_directory' => node['supermarket']['nginx']['log_directory'],
-    'log_rotation' => node['supermarket']['nginx']['log_rotation'],
-    'postrotate' => "#{node['supermarket']['install_directory']}/embedded/sbin/nginx -c #{node['supermarket']['nginx']['directory']}/nginx.conf -s reopen",
+    'log_directory' => node['firezone']['nginx']['log_directory'],
+    'log_rotation' => node['firezone']['nginx']['log_rotation'],
+    'postrotate' => "#{node['firezone']['install_directory']}/embedded/sbin/nginx -c #{node['firezone']['nginx']['directory']}/nginx.conf -s reopen",
     'owner' => 'root',
     'group' => 'root'
   )

omnibus/cookbooks/firezone/recipes/phoenix.rb

@@ -18,43 +18,43 @@
 # limitations under the License.
 #
 
-include_recipe 'omnibus-supermarket::config'
-include_recipe 'omnibus-supermarket::nginx'
+include_recipe 'firezone::config'
+include_recipe 'firezone::nginx'
 
-[node['supermarket']['phoenix']['log_directory'],
- "#{node['supermarket']['var_directory']}/rails/run"].each do |dir|
+[node['firezone']['log_directory'],
+ "#{node['firezone']['var_directory']}/phoenix/run"].each do |dir|
   directory dir do
-    owner node['supermarket']['user']
-    group node['supermarket']['group']
+    owner node['firezone']['user']
+    group node['firezone']['group']
     mode '0700'
     recursive true
   end
 end
 
 template 'unicorn.rb' do
-  path "#{node['supermarket']['var_directory']}/etc/unicorn.rb"
+  path "#{node['firezone']['var_directory']}/etc/unicorn.rb"
   source 'unicorn.rb.erb'
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
-  variables(node['supermarket']['unicorn'].to_hash)
+  variables(node['firezone']['unicorn'].to_hash)
 end
 
 template 'phoenix.nginx.conf' do
-  path "#{node['supermarket']['nginx']['directory']}/sites-enabled/rails"
-  source 'rails.nginx.conf.erb'
-  owner node['supermarket']['user']
-  group node['supermarket']['group']
+  path "#{node['firezone']['nginx']['directory']}/sites-enabled/phoenix"
+  source 'phoenix.nginx.conf.erb'
+  owner node['firezone']['user']
+  group node['firezone']['group']
   mode '0600'
-  variables(nginx: node['supermarket']['nginx'],
-            phoenix: node['supermarket']['phoenix'],
-            fqdn: node['supermarket']['fqdn'],
-            fips_enabled: node['supermarket']['fips_enabled'],
-            ssl: node['supermarket']['ssl'],
-            app_directory: node['supermarket']['app_directory'])
+  variables(nginx: node['firezone']['nginx'],
+            phoenix: node['firezone']['phoenix'],
+            fqdn: node['firezone']['fqdn'],
+            fips_enabled: node['firezone']['fips_enabled'],
+            ssl: node['firezone']['ssl'],
+            app_directory: node['firezone']['app_directory'])
 end
 
-if node['supermarket']['phoenix']['enable']
+if node['firezone']['phoenix']['enable']
   component_runit_service 'phoenix' do
     package 'firezone'
     action :enable

omnibus/cookbooks/firezone/recipes/show_config.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: supermarket
+# Cookbook:: firezone
 # Recipe:: show_config
 #
 # Copyright:: 2014 Chef Software, Inc.
@@ -17,4 +17,4 @@
 # limitations under the License.
 #
 
-puts Chef::JSONCompat.to_json_pretty(node['supermarket'])
+puts Chef::JSONCompat.to_json_pretty(node['firezone'])

omnibus/cookbooks/firezone/recipes/ssl.rb

@@ -1,5 +1,5 @@
 #
-# Cookbook:: supermarket
+# Cookbook:: firezone
 # Recipe:: ssl
 #
 # Copyright:: 2014 Chef Software, Inc.
@@ -17,22 +17,22 @@
 # limitations under the License.
 #
 
-include_recipe 'omnibus-supermarket::config'
+include_recipe 'firezone::config'
 
-[node['supermarket']['ssl']['directory'],
- "#{node['supermarket']['ssl']['directory']}/ca"].each do |dir|
+[node['firezone']['ssl']['directory'],
+ "#{node['firezone']['ssl']['directory']}/ca"].each do |dir|
   directory dir do
-    owner node['supermarket']['user']
-    group node['supermarket']['group']
+    owner node['firezone']['user']
+    group node['firezone']['group']
     mode '0700'
   end
 end
 
 # Unless SSL is disabled, sets up SSL certificates.
 # Creates a self-signed cert if none is provided.
-if node['supermarket']['ssl']['enabled']
-  supermarket_ca_dir = File.join(node['supermarket']['ssl']['directory'], 'ca')
-  ssl_dhparam = File.join(supermarket_ca_dir, 'dhparams.pem')
+if node['firezone']['ssl']['enabled']
+  firezone_ca_dir = File.join(node['firezone']['ssl']['directory'], 'ca')
+  ssl_dhparam = File.join(firezone_ca_dir, 'dhparams.pem')
 
   # Generate dhparams.pem for perfect forward secrecy
   openssl_dhparam ssl_dhparam do
@@ -43,25 +43,25 @@ if node['supermarket']['ssl']['enabled']
     mode '0644'
   end
 
-  node.default['supermarket']['ssl']['ssl_dhparam'] ||= ssl_dhparam
+  node.default['firezone']['ssl']['ssl_dhparam'] ||= ssl_dhparam
 
   # A certificate has been supplied
-  if node['supermarket']['ssl']['certificate']
+  if node['firezone']['ssl']['certificate']
     # Link the standard CA cert into our certs directory
-    link "#{node['supermarket']['ssl']['directory']}/cacert.pem" do
-      to "#{node['supermarket']['install_directory']}/embedded/ssl/certs/cacert.pem"
+    link "#{node['firezone']['ssl']['directory']}/cacert.pem" do
+      to "#{node['firezone']['install_directory']}/embedded/ssl/certs/cacert.pem"
     end
 
   # No certificate has been supplied; generate one
   else
-    ssl_keyfile = File.join(supermarket_ca_dir, "#{node['supermarket']['fqdn']}.key")
-    ssl_crtfile = File.join(supermarket_ca_dir, "#{node['supermarket']['fqdn']}.crt")
+    ssl_keyfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.key")
+    ssl_crtfile = File.join(firezone_ca_dir, "#{node['firezone']['fqdn']}.crt")
 
     openssl_x509_certificate ssl_crtfile do
-      common_name node['supermarket']['fqdn']
-      org node['supermarket']['ssl']['company_name']
-      org_unit node['supermarket']['ssl']['organizational_unit_name']
-      country node['supermarket']['ssl']['country_name']
+      common_name node['firezone']['fqdn']
+      org node['firezone']['ssl']['company_name']
+      org_unit node['firezone']['ssl']['organizational_unit_name']
+      country node['firezone']['ssl']['country_name']
       key_length 2048
       expire 3650
       owner 'root'
@@ -69,10 +69,10 @@ if node['supermarket']['ssl']['enabled']
       mode '0644'
     end
 
-    node.default['supermarket']['ssl']['certificate'] ||= ssl_crtfile
-    node.default['supermarket']['ssl']['certificate_key'] ||= ssl_keyfile
+    node.default['firezone']['ssl']['certificate'] ||= ssl_crtfile
+    node.default['firezone']['ssl']['certificate_key'] ||= ssl_keyfile
 
-    link "#{node['supermarket']['ssl']['directory']}/cacert.pem" do
+    link "#{node['firezone']['ssl']['directory']}/cacert.pem" do
       to ssl_crtfile
     end
   end

omnibus/cookbooks/firezone/templates/nginx.conf.erb

@@ -22,9 +22,9 @@ events {
 
 http {
   <% if @nginx['log_x_forwarded_for'] -%>
-  log_format supermarket '$http_x_forwarded_for - $remote_user [$time_iso8601]  '
+  log_format firezone '$http_x_forwarded_for - $remote_user [$time_iso8601]  '
   <% else -%>
-  log_format supermarket '$remote_addr - $remote_user [$time_iso8601]  '
+  log_format firezone '$remote_addr - $remote_user [$time_iso8601]  '
   <% end -%>
                      '"$request" $status $request_length "$request_time" $body_bytes_sent '
                      '"$http_referer" "$http_user_agent"';
@@ -33,7 +33,7 @@ http {
   default_type  application/octet-stream;
 
   <% unless @nginx['disable_access_log'] -%>
-  access_log	<%= @nginx['log_dir'] %>/access.log supermarket;
+  access_log	<%= @nginx['log_dir'] %>/access.log firezone;
   <% end %>
 
   server_tokens off;

omnibus/cookbooks/firezone/templates/pg_hba.conf.erb

@@ -63,11 +63,11 @@
 # TYPE  DATABASE    USER        CIDR-ADDRESS          METHOD
 
 # "local" is for Unix domain socket connections only
-local all <%= node['supermarket']['postgresql']['username'] %> peer
+local all <%= node['firezone']['postgresql']['username'] %> peer
 
-host all <%= node['supermarket']['postgresql']['username'] %> 127.0.0.1/32 trust
-host all <%= node['supermarket']['postgresql']['username'] %> ::1/128 trust
+host all <%= node['firezone']['postgresql']['username'] %> 127.0.0.1/32 trust
+host all <%= node['firezone']['postgresql']['username'] %> ::1/128 trust
 
-<% node['supermarket']['postgresql']['md5_auth_cidr_addresses'].each do |cidr| %>
+<% node['firezone']['postgresql']['md5_auth_cidr_addresses'].each do |cidr| %>
 host all all <%= cidr %> md5
 <% end %>

omnibus/cookbooks/firezone/templates/phoenix.nginx.conf.erb

@@ -7,7 +7,7 @@ upstream phoenix {
 }
 
 <% if @nginx['cache']['enable'] -%>
-proxy_cache_path <%= @nginx['cache']['directory'] %>/supermarket levels=1:2 keys_zone=supermarket-cache:512m max_size=1000m inactive=600m;
+proxy_cache_path <%= @nginx['cache']['directory'] %>/firezone levels=1:2 keys_zone=firezone-cache:512m max_size=1000m inactive=600m;
 proxy_temp_path  <%= @nginx['cache']['directory'] %>/tmp;
 
 log_format cache '$remote_addr - [$time_local] "$request" $upstream_cache_status $upstream_response_time $upstream_status';
@@ -89,7 +89,7 @@ server {
     proxy_ignore_headers Set-Cookie Cache-Control;
     proxy_buffering on;
 
-    proxy_cache   supermarket-cache;
+    proxy_cache   firezone-cache;
     proxy_cache_valid   200 302 240m;
     proxy_cache_valid   any     5m;
     expires   240m;

omnibus/cookbooks/firezone/templates/postgresql.conf.erb

@@ -56,12 +56,12 @@
 
 # - Connection Settings -
 
-listen_addresses = '<%= node['supermarket']['postgresql']['listen_address'] %>'		# what IP address(es) to listen on;
+listen_addresses = '<%= node['firezone']['postgresql']['listen_address'] %>'		# what IP address(es) to listen on;
 					# comma-separated list of addresses;
 					# defaults to 'localhost', '*' = all
 					# (change requires restart)
-port = <%= node['supermarket']['postgresql']['port'] %>				# (change requires restart)
-max_connections = <%= node['supermarket']['postgresql']['max_connections'] %>			# (change requires restart)
+port = <%= node['firezone']['postgresql']['port'] %>				# (change requires restart)
+max_connections = <%= node['firezone']['postgresql']['max_connections'] %>			# (change requires restart)
 # Note:  Increasing max_connections costs ~400 bytes of shared memory per
 # connection slot, plus lock space (see max_locks_per_transaction).
 #superuser_reserved_connections = 3	# (change requires restart)
@@ -106,7 +106,7 @@ max_connections = <%= node['supermarket']['postgresql']['max_connections'] %>
 
 # - Memory -
 
-shared_buffers = <%= node['supermarket']['postgresql']['shared_buffers'] %> # min 128kB
+shared_buffers = <%= node['firezone']['postgresql']['shared_buffers'] %> # min 128kB
 					# (change requires restart)
 #temp_buffers = 8MB			# min 800kB
 #max_prepared_transactions = 0		# zero disables the feature
@@ -115,7 +115,7 @@ shared_buffers = <%= node['supermarket']['postgresql']['shared_buffers'] %> # mi
 # per transaction slot, plus lock space (see max_locks_per_transaction).
 # It is not advisable to set max_prepared_transactions nonzero unless you
 # actively intend to use prepared transactions.
-work_mem = <%= node['supermarket']['postgresql']['work_mem'] %>				# min 64kB
+work_mem = <%= node['firezone']['postgresql']['work_mem'] %>				# min 64kB
 #maintenance_work_mem = 16MB		# min 1MB
 #max_stack_depth = 2MB			# min 100kB
 
@@ -171,10 +171,10 @@ work_mem = <%= node['supermarket']['postgresql']['work_mem'] %>				# min 64kB
 
 # - Checkpoints -
 
-checkpoint_segments =  <%= node['supermarket']['postgresql']['checkpoint_segments'] %>		# in logfile segments, min 1, 16MB each, default 3
-checkpoint_timeout = <%= node['supermarket']['postgresql']['checkpoint_timeout'] %>		# range 30s-1h, default 5min
-checkpoint_completion_target = <%= node['supermarket']['postgresql']['checkpoint_completion_target'] %>	# checkpoint target duration, 0.0 - 1.0, default 0.5
-checkpoint_warning = <%= node['supermarket']['postgresql']['checkpoint_warning'] %>		# 0 disables, default 30s
+checkpoint_segments =  <%= node['firezone']['postgresql']['checkpoint_segments'] %>		# in logfile segments, min 1, 16MB each, default 3
+checkpoint_timeout = <%= node['firezone']['postgresql']['checkpoint_timeout'] %>		# range 30s-1h, default 5min
+checkpoint_completion_target = <%= node['firezone']['postgresql']['checkpoint_completion_target'] %>	# checkpoint target duration, 0.0 - 1.0, default 0.5
+checkpoint_warning = <%= node['firezone']['postgresql']['checkpoint_warning'] %>		# 0 disables, default 30s
 
 # - Archiving -
 
@@ -245,7 +245,7 @@ checkpoint_warning = <%= node['supermarket']['postgresql']['checkpoint_warning']
 #cpu_tuple_cost = 0.01			# same scale as above
 #cpu_index_tuple_cost = 0.005		# same scale as above
 #cpu_operator_cost = 0.0025		# same scale as above
-effective_cache_size = <%= node['supermarket']['postgresql']['effective_cache_size'] %> # Default 128MB
+effective_cache_size = <%= node['firezone']['postgresql']['effective_cache_size'] %> # Default 128MB
 
 # - Genetic Query Optimizer -
 

omnibus/cookbooks/firezone/templates/ssl-signing.conf.erb

@@ -3,10 +3,10 @@ distinguished_name = req_distinguished_name
 prompt = no
 
 [ req_distinguished_name ]
-C                      = <%= node['supermarket']['ssl']['country_name'] %>
-ST                     = <%= node['supermarket']['ssl']['state_name'] %>
-L                      = <%= node['supermarket']['ssl']['locality_name'] %>
-O                      = <%= node['supermarket']['ssl']['company_name'] %>
-OU                     = <%= node['supermarket']['ssl']['organizational_unit_name'] %>
-CN                     = <%= node['supermarket']['fqdn'] %>
-emailAddress           = <%= node['supermarket']['ssl']['email_address'] %>
+C                      = <%= node['firezone']['ssl']['country_name'] %>
+ST                     = <%= node['firezone']['ssl']['state_name'] %>
+L                      = <%= node['firezone']['ssl']['locality_name'] %>
+O                      = <%= node['firezone']['ssl']['company_name'] %>
+OU                     = <%= node['firezone']['ssl']['organizational_unit_name'] %>
+CN                     = <%= node['firezone']['fqdn'] %>
+emailAddress           = <%= node['firezone']['ssl']['email_address'] %>

omnibus/cookbooks/firezone/templates/sv-nginx-log-run.erb

@@ -1,3 +1,3 @@
 #!/bin/sh
 exec <%= node['runit']['svlogd_bin'] %> \
-       -tt <%= node['supermarket']['nginx']['log_directory'] %>
+       -tt <%= node['firezone']['nginx']['log_directory'] %>

omnibus/cookbooks/firezone/templates/sv-nginx-run.erb

@@ -1,8 +1,8 @@
 #!/bin/sh
 exec 2>&1
-<%= "export OPENSSL_FIPS=1" if node['supermarket']['fips_enabled'] == true %>
+<%= "export OPENSSL_FIPS=1" if node['firezone']['fips_enabled'] == true %>
 
 exec <%= node['runit']['chpst_bin'] %> \
        -P \
-     <%= node['supermarket']['install_directory'] %>/embedded/sbin/nginx \
-       -c <%= node['supermarket']['nginx']['directory'] %>/nginx.conf
+     <%= node['firezone']['install_directory'] %>/embedded/sbin/nginx \
+       -c <%= node['firezone']['nginx']['directory'] %>/nginx.conf

omnibus/cookbooks/firezone/templates/sv-phoenix-log-run.erb

@@ -1,3 +1,3 @@
 #!/bin/sh
 exec <%= node['runit']['svlogd_bin'] %> \
-       -tt <%= node['supermarket']['phoenix']['log_directory'] %>
+       -tt <%= node['firezone']['phoenix']['log_directory'] %>

omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb

@@ -1,18 +1,18 @@
 #!/bin/sh
 exec 2>&1
 
-export PATH=<%= node['supermarket']['install_directory'] %>/embedded/bin:$PATH
-export LD_LIBRARY_PATH=<%= node['supermarket']['install_directory'] %>/embedded/lib
-export DIR=<%= node['supermarket']['app_directory'] %>
+export PATH=<%= node['firezone']['install_directory'] %>/embedded/bin:$PATH
+export LD_LIBRARY_PATH=<%= node['firezone']['install_directory'] %>/embedded/lib
+export DIR=<%= node['firezone']['app_directory'] %>
 export HOME=$DIR
-<%= "export OPENSSL_FIPS=1" if node['supermarket']['fips_enabled'] == true %>
+<%= "export OPENSSL_FIPS=1" if node['firezone']['fips_enabled'] == true %>
 
 cd $DIR
 
 exec <%= node['runit']['chpst_bin'] %> \
   -P \
-  -U <%= node['supermarket']['unicorn']['forked_user'] %> \
-  -u <%= node['supermarket']['unicorn']['forked_user'] %> \
+  -U <%= node['firezone']['unicorn']['forked_user'] %> \
+  -u <%= node['firezone']['unicorn']['forked_user'] %> \
     bundle exec unicorn -E production \
-      -c <%= node['supermarket']['var_directory'] %>/etc/unicorn.rb
-      <%= node['supermarket']['install_directory'] %>/embedded/service/supermarket/config.ru
+      -c <%= node['firezone']['var_directory'] %>/etc/unicorn.rb
+      <%= node['firezone']['install_directory'] %>/embedded/service/firezone/config.ru

omnibus/cookbooks/firezone/templates/sv-postgresql-log-run.erb

@@ -1,3 +1,3 @@
 #!/bin/sh
 exec <%= node['runit']['svlogd_bin'] %> \
-       -tt <%= node['supermarket']['postgresql']['log_directory'] %>
+       -tt <%= node['firezone']['postgresql']['log_directory'] %>

omnibus/cookbooks/firezone/templates/sv-postgresql-run.erb

@@ -2,7 +2,7 @@
 exec 2>&1
 exec chpst \
        -P \
-       -U <%= node['supermarket']['postgresql']['username'] %> \
-       -u <%= node['supermarket']['postgresql']['username'] %> \
-     <%= node['supermarket']['install_directory']%>/embedded/bin/postgres \
-       -D <%= node['supermarket']['postgresql']['data_directory'] %>
+       -U <%= node['firezone']['postgresql']['username'] %> \
+       -u <%= node['firezone']['postgresql']['username'] %> \
+     <%= node['firezone']['install_directory']%>/embedded/bin/postgres \
+       -D <%= node['firezone']['postgresql']['data_directory'] %>