wireguard: bump role and add Consul ACL token

Part of effort to lock down Consul ACLs: https://github.com/status-im/infra-hq/issues/70 Signed-off-by: Jakub Sokołowski <jakub@status.im>
2025-02-23 08:08:35 +00:00 · 2022-02-08 19:38:20 +01:00 · 2022-02-08 19:38:20 +01:00 · a5afaaf4e6
commit a5afaaf4e6
parent d8b4f92ebe
3 changed files with 8 additions and 4 deletions
--- a/ansible/bootstrap.yml
+++ b/ansible/bootstrap.yml
@ -22,10 +22,12 @@
 - name: Bootstrap Python support for Ansible
  gather_facts: False
  hosts: all
+  serial: '{{ serial|default(1) }}'
  roles:
    - infra-role-bootstrap-linux/raw

 - name: Bootstrap admin users and Consul
  hosts: all
+  serial: '{{ serial|default(1) }}'
  roles:
    - infra-role-bootstrap-linux
--- a/ansible/group_vars/all.yml
+++ b/ansible/group_vars/all.yml
@ -1,11 +1,13 @@
 ---
 # Root password
 bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
-# Consul encryption key and ACL token
+# Consul
 bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}'
 bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul", field="agent-acl-token")}}'
+# Wireguard
+wireguard_consul_acl_token: '{{lookup("bitwarden", "consul", field="wireguard-acl-token")}}'

-# CloudFlare Origin certificates
+# CloudFlare
 origin_certs:
  - domain: 'status.im'
    crt: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.crt")}}'
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -16,12 +16,12 @@

 - name: infra-role-bootstrap-linux
  src: git@github.com:status-im/infra-role-bootstrap-linux.git
-  version: 3b61bca714677e6a2a44a7500659b16b78977181
+  version: 7d2646cad4046e20b02628f4efc1e2b87deef773
  scm: git

 - name: infra-role-wireguard
  src: git@github.com:status-im/infra-role-wireguard.git
-  version: 345c9dd85ff8e57bce7e492dc05d685aee1f076c
+  version: 2aa2627c9f01d5c08f43237a09dd3a7635592205
  scm: git

 - name: consul-service