2019-03-23 09:27:22 +00:00
|
|
|
---
|
|
|
|
|
# Root password
|
2021-08-26 18:19:00 +00:00
|
|
|
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
|
2022-01-04 19:55:08 +00:00
|
|
|
bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}'
|
2022-02-08 19:51:45 +00:00
|
|
|
# Consul
|
2023-05-16 10:14:38 +00:00
|
|
|
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
|
|
|
|
|
bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
|
|
|
|
|
bootstrap__consul_certs_ca_crt: '{{lookup("bitwarden", "consul/certs", file="ca.pem")}}'
|
|
|
|
|
bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs", file="client.pem")}}'
|
|
|
|
|
bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs", file="client-key.pem")}}'
|
2022-03-11 10:45:07 +00:00
|
|
|
# SSHGuard
|
|
|
|
|
bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}']
|
2022-02-08 19:51:45 +00:00
|
|
|
# Wireguard
|
2022-02-08 23:24:07 +00:00
|
|
|
wireguard_consul_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="wireguard")}}'
|
2021-03-22 10:12:49 +00:00
|
|
|
|
|
|
|
|
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
|
|
|
|
|
bootstrap__active_extra_users:
|
2022-10-14 13:33:48 +00:00
|
|
|
- { name: zahary, uid: 8000, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ4uk6O6e6KgiTGVOntGbUN+tUXM5XbnK4x9RPc8hsmphO0SIi/jim8TDh8SstyNA7IRx5TG3//tAzrjikA3xBfBktiZc7cIklkKwVsby7WEThbu99B+tKfXGrJEaIoXuGc7nk/t1ynMqbLSxo44Yu3+OksozDxtj1mDl2ze+ICa7XteAJgu7vIsfKUZwnpIVXglfqve0x/GJ8oQyp4vx7MFdaaBTl4yLyajwd+h+tINmf4fikUl34gVTLtM2VxXHy2VtbzjQUXb7pCISXELyXy0OnJ6HczNiWA2K0z47pohC5cAFYlErhmbZ1MRhKYysEAm/mAasTPRVKTK4agpSB zahary@status.im' }
|
2023-09-29 08:52:36 +00:00
|
|
|
- { name: dustin, uid: 8001, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxMjWZZJ7E6EQY77IbOGaj1q6YzlRnQnCbTQqZja4c user@merfeint' }
|
2022-10-14 13:33:48 +00:00
|
|
|
- { name: dryajov, uid: 8004, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhsSxUXSQBv6PFEwE9TYG0TeuzabRipy/IoIS33BTt dryajov@status.im' }
|
2023-11-07 16:52:52 +00:00
|
|
|
- { name: kim, uid: 8005, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCQdvm2Hd3h3sPDVmLXAxQQXDYyuHCZne/3oIkMTn8zUjky66VRMUoIuZy7CqjCa/cKnBnq+n7FDwqSytIFln2fFIHC1yqrjG4YxHa8OyrT/H29wedOA1X4XHyU44JUXxTcAb+Mvnn7IjRQ42+orIFu4LAlUQAlJkta/weXlA+N1yPAkv168IbhsWYGd0myGqafiFbCo/IaTFKezs9TXfEBtSTzBTwLusFfnTUdyiNFZqkk3hq/7m13/HE0fI0iQ2y+Q1EXgYxT8C3a625n8n3zldaiKUBHQm7+DJdJllURstXhq35XFmhlUx4N+QbognoxqZ00pWRIOE/ooPW2rqv kim.demey@status.im' }
|
2023-06-21 14:50:17 +00:00
|
|
|
- { name: cheatfate, uid: 8008, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkw8sQiChWeUuXUbaWunScWKuAvYTmCP2+lklQNSzzxXpkQhGzLFnlsksTB1sKtQ6op4yDpysx1lp8E2pf2VlACIjSc7t39VY1vsQaAlBfvssLc9LGFMXIIOz4RZaIbbsbplIxI7IpkdhGk9WdD/QAO8fCl8gJ2SoAWMROds2oUDCir0VfsOupFtqQ9FUC4ANf4nHWqk9TwiVXU+nndeWWj8cYNGBq/3rWgn+tQTomQooYaoQHqslLFzmLYK2dJX8qrJDx1pX99h/aLhbbyCBnBZRSOzhNfpa9bRraofcKigNvLAUIfaRDhOize8C4/6WMOcyQVGNEmReBAzHGk5yoUJeMWENZAMCeWsY7cbdiKmEyDPlRDNGuzBlXkdFlJSlNYs1xhZsKkkiAdpSNrZB9/WOpBaKWba+7VRC4ejuuBhYr04kh22UJi4cc9xX0pyYc4tZ9MyjqTMSJoKGFceUXm1ne5g7nxdo1z4/Z6sQd4vFBCvKWFPpJx1cW0n+2XvFSoehou2sEGfoQp8UvSFhuiA/kA56OuahHQANBJBTqpKSCesSc8Y/4ys27qU8tSPjADWOtwxElUQpoBRbcAfTpNLy8r0AjAQFnAcj1Tq0dh+kIe03HPabx5b05Wq8K0opqkX1yPd5yI9IAPNhmbVMuONOEHhyTYCyhHK2ASdXSy0= eugene.kabanov@status.im' }
|
2022-10-14 13:33:48 +00:00
|
|
|
- { name: etan, uid: 8010, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOguworK7iqh7hPjC1AL3eCe+OZcK7tWRqThyBrEK6r2 etan@status.im' }
|
|
|
|
|
- { name: p1ge0nh8er, uid: 8011, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBFMfy5lx2dGwpv7yq9kLFVanatgfMa9M/EFcVHV00ASS533sNJGklosiQLsqeiWXcKlubjK6f2taYViajodswFUAAAAXc3NoOnN0YXR1cy1nb2VybGktbm9kZXM= aaryamann@status.im' }
|
2023-01-12 16:25:31 +00:00
|
|
|
- { name: crypt1d, uid: 8013, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8A+BRe9eLtN/y+NmX0vEQ7cHNgBLszZPfPjPm385w4c9r3ErGQJBqGd3jAjVn44z7AoDDjBhwmVh/47/6MwGnQuhRR7gVyFqowE0LawZ0paQKXvHVqGgW3wD+BwN155xOM0LQfVcWeJUfFTZ3YfZLCTVk1Nnd78J1q8ar/tg3uvyPXmYLkcGcXSnGOq8UeJ6ZhQxyELCSnGOilI4rgVEuxEOi0xWJNJMVyE5CtGu9jM/RLTjtfc6VNQFyc7aU31XcXKdwg9okWnfbDJgLAJp19vfHxT+l5muVWGYPQtyaw8BIA6YIphrX8Q99eHVWoMint5klGcUsGUcJPQc3dr/b nikola@status.im' }
|
2023-09-09 01:01:26 +00:00
|
|
|
- { name: dan, uid: 8014, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuvophIgGxNOgH9pExQ2BhfQ8kGTxs4QHj7whU8GESU daniil@status.im' }
|
2023-10-31 13:04:26 +00:00
|
|
|
- { name: ujscale, uid: 8015, admin: false, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2Vzzmx81xKmNy96rz5vPAQ23j7eeV5f0Y4QK1kkrPK mumar@status.im' }
|
2021-03-22 10:12:49 +00:00
|
|
|
|
2020-11-20 13:48:24 +00:00
|
|
|
# TRACE needs more disk space
|
|
|
|
|
bootstrap__rsyslog_docker_logs_path: '/docker/log'
|
2020-11-26 18:06:08 +00:00
|
|
|
# Print just the message, lower size of log files and make parsing easier
|
|
|
|
|
bootstrap__rsyslog_docker_format: !unsafe '%msg:2:2048%\n'
|
2023-10-24 14:13:01 +00:00
|
|
|
# Some logs are just SPAMmed too much.
|
|
|
|
|
bootstrap__rsyslog_filter_rules:
|
|
|
|
|
- 'Attestation resolved'
|
|
|
|
|
- 'Attestation received'
|
2020-11-20 13:48:24 +00:00
|
|
|
# lower local retention to save space
|
|
|
|
|
bootstrap__logrotate_frequency: 'hourly'
|
2022-01-31 15:12:15 +00:00
|
|
|
bootstrap__logrotate_count: 48
|
2020-11-20 13:48:24 +00:00
|
|
|
bootstrap__logrotate_mbytes: 500
|
2019-03-23 09:27:22 +00:00
|
|
|
|
2023-11-07 11:48:05 +00:00
|
|
|
# Extra packages for debugging
|
|
|
|
|
bootstrap__extra_packages:
|
|
|
|
|
- gdb
|
|
|
|
|
- linux-tools-common
|
|
|
|
|
- linux-tools-generic
|
|
|
|
|
bootstrap_sysctl_config:
|
|
|
|
|
kernel.core_pattern: '/var/lib/systemd/coredump/core.%e.%p.%u.%t'
|
|
|
|
|
fs.inotify.max_user_watches: 131072
|
|
|
|
|
# Allow calling 'perf' without root'
|
|
|
|
|
kernel.perf_event_paranoid: 1
|
|
|
|
|
|
all: reduce MTR report cycle from 10 to 1
We have received a complaint from InnovaHosting about them being hit by
about 150 ICMP `ttl1` packets/s on their routers, causing excess CPU usage.
https://client.innovahosting.net/viewticket.php?tid=532874&c=8gALx9vm
By using `tcpdump` I have identified that `mtr` by default pings the
target 10 times, which means that the default value of `-c`/`--report-cycles`
is 10, although this is not documented in the manual.
We can see this when calling `mtr github.com` and watching with `tcpdump`:
```
> sudo tcpdump -v -i eno1 icmp and src 185.181.230.78 and dst github.com | grep 'ttl 1,'
tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
19:54:53.981243 IP (tos 0x0, ttl 1, id 37119, offset 0, flags [none], proto ICMP (1), length 64)
...(8 packets omitted)...
19:55:03.025460 IP (tos 0x0, ttl 1, id 38226, offset 0, flags [none], proto ICMP (1), length 64)
```
We don't need to run the test 10 times to get a result for our metric.
Related to:
https://github.com/status-im/infra-role-bootstrap-linux/commit/ea22bdfe
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2023-11-20 20:04:59 +00:00
|
|
|
# MTR network latency metrics
|
|
|
|
|
bootstrap__mtr_jobs:
|
|
|
|
|
- { name: 'github-icmp', addr: 'github.com', flags: '-c1' }
|
|
|
|
|
|
2021-03-22 10:12:49 +00:00
|
|
|
# Consul Catalog Query URL
|
|
|
|
|
consul_catalog_url: 'http://localhost:8500/v1/catalog'
|
2019-06-12 19:38:30 +00:00
|
|
|
|
2020-03-26 18:04:59 +00:00
|
|
|
# Beacon nodes can be quite memory hungry
|
|
|
|
|
swap_file_path: '/docker/main.swap'
|
|
|
|
|
swap_file_size_mb: 2048
|
|
|
|
|
|
2023-03-18 17:02:58 +00:00
|
|
|
# SMART Metrics
|
|
|
|
|
smart_metrics_listen_port: 9633
|
|
|
|
|
|
2020-11-20 13:48:24 +00:00
|
|
|
# Nimbus ------------------------------
|
|
|
|
|
beacon_node_log_level: DEBUG
|
2022-01-05 18:28:05 +00:00
|
|
|
# Builds
|
|
|
|
|
beacon_node_build_nim_flags: >-
|
|
|
|
|
-d:testnet_servers_image
|
|
|
|
|
-d:noSignalHandler
|
|
|
|
|
-d:libp2p_protobuf_metrics
|
|
|
|
|
-d:libp2p_network_protocols_metrics
|
2020-11-20 13:48:24 +00:00
|
|
|
|
2021-03-23 09:00:17 +00:00
|
|
|
# Peers
|
|
|
|
|
beacon_node_max_peers: 320
|
