2021-01-20 14:16:57 +00:00
|
|
|
---
|
2021-03-22 10:12:49 +00:00
|
|
|
# CloudFlare Origin certificates
|
|
|
|
origin_certs:
|
|
|
|
- domain: 'status.im'
|
2021-08-13 20:05:12 +00:00
|
|
|
crt: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.crt")}}'
|
|
|
|
key: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.key")}}'
|
2021-03-22 10:12:49 +00:00
|
|
|
default: true
|
|
|
|
|
2022-07-04 13:07:55 +00:00
|
|
|
# Syncing can use a lot of memory
|
2021-01-20 19:35:33 +00:00
|
|
|
swap_file_path: '/main.swap'
|
|
|
|
swap_file_size_mb: 2048
|
|
|
|
|
2021-01-20 14:16:57 +00:00
|
|
|
# ElasticSearch Cluster
|
2022-02-10 20:33:17 +00:00
|
|
|
es_service_name: 'elasticsearch'
|
2022-04-11 09:26:38 +00:00
|
|
|
es_service_path: '/docker/{{ es_service_name }}'
|
2022-02-10 20:33:17 +00:00
|
|
|
es_cluster_name: 'nimbus-logs-search'
|
|
|
|
es_docker_network_name: '{{ es_service_name }}'
|
2022-06-01 09:39:20 +00:00
|
|
|
es_api_port: 9200
|
|
|
|
es_node_port: 9300
|
2023-01-19 11:55:38 +00:00
|
|
|
es_node_cont_tag: '7.17.8'
|
2022-06-01 09:39:20 +00:00
|
|
|
es_exp_cont_port: 9114
|
2021-01-20 14:16:57 +00:00
|
|
|
es_master_nodes: |
|
|
|
|
{{ ansible_play_hosts
|
|
|
|
| map('extract', hostvars)
|
|
|
|
| list
|
|
|
|
| json_query(
|
|
|
|
'[].{
|
|
|
|
name: hostname,
|
2021-05-19 12:11:45 +00:00
|
|
|
addr: ansible_local.wireguard.vpn_ip,
|
2021-01-20 14:16:57 +00:00
|
|
|
port: to_string(es_node_port)
|
|
|
|
}') }}
|
|
|
|
|
2022-02-09 17:43:23 +00:00
|
|
|
# Since Logstash stores 1 index per day this is fine.
|
2021-01-20 14:16:57 +00:00
|
|
|
# See: https://www.elastic.co/blog/how-many-shards-should-i-have-in-my-elasticsearch-cluster
|
|
|
|
es_number_of_shards: 3
|
2022-02-09 17:43:23 +00:00
|
|
|
# Since Nimbus logs are low-value we don't need replicas.
|
|
|
|
es_number_of_replicas: 0
|
2021-01-20 14:16:57 +00:00
|
|
|
|
2023-01-28 13:17:04 +00:00
|
|
|
# JVM Memory settings
|
2023-03-01 17:44:02 +00:00
|
|
|
es_jvm_g1gc_enabled: true
|
2023-01-28 13:17:04 +00:00
|
|
|
es_jvm_heap_auto: false
|
2023-02-20 23:11:33 +00:00
|
|
|
es_jvm_min_heap: 40g
|
|
|
|
es_jvm_max_heap: 40g
|
2023-01-28 13:17:04 +00:00
|
|
|
|
2021-08-11 17:54:36 +00:00
|
|
|
# Open Ports
|
|
|
|
open_ports_default_comment: 'ElasticSearch'
|
|
|
|
open_ports_default_chain: 'VPN'
|
|
|
|
open_ports_list:
|
2022-04-11 09:26:38 +00:00
|
|
|
- { port: 80, chain: 'SERVICES' }
|
|
|
|
- { port: 443, chain: 'SERVICES' }
|
2022-07-14 18:30:31 +00:00
|
|
|
- { port: '{{ es_api_port }}', ipset: 'dash.hq' }
|
2022-10-27 14:33:37 +00:00
|
|
|
- { port: '{{ es_api_port }}', ipset: 'logs.hq' }
|
2022-03-03 10:15:04 +00:00
|
|
|
- { port: '{{ es_api_port }}', ipset: 'logs.nimbus' }
|
|
|
|
- { port: '{{ es_api_port }}', ipset: 'dash.nimbus' }
|
|
|
|
- { port: '{{ es_node_port }}', ipset: 'logs.nimbus' }
|
|
|
|
- { port: '{{ es_node_port }}', ipset: 'dash.nimbus' }
|
|
|
|
- { port: '{{ es_exp_cont_port }}', ipset: 'metrics.hq' }
|