68 lines
2.0 KiB
YAML
Raw Normal View History

---
# CloudFlare Origin certificates
origin_certs:
- domain: 'status.im'
crt: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.crt")}}'
key: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.key")}}'
default: true
# Kibana Dashboard
kibana_domain: 'nimbus-logs.infra.status.im'
kibana_version: '7.14.2'
kibana_cont_name: kibana
kibana_cont_port: 5601
# oauth access
oauth_domain: '{{ kibana_domain }}'
oauth_cont_name: '{{ kibana_cont_name }}-oauth'
oauth_upstream_cont: '{{ kibana_cont_name }}'
oauth_upstream_port: '{{ kibana_cont_port }}'
oauth_public_port: 443
oauth_local_port: 8090
oauth_cookie_secret: '{{ lookup("bitwarden", "cookie-secret", field="secret") }}'
oauth_id: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="client-id") }}'
oauth_secret: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="secret") }}'
# ElasticSearch Load Balancer
es_lb_image: 'elasticsearch:7.14.2'
es_lb_cont_name: elasticsearch-lb
es_lb_data_center: do-ams3
es_lb_cluster_name: 'nimbus-logs-search'
es_lb_api_port: 9200
es_lb_node_port: 9300
logclean_es_host: 'localhost'
logclean_es_port: '{{ es_lb_api_port }}'
# JVM Memory settings
es_lb_jvm_min_heap: 2g
es_lb_jvm_max_heap: 2g
# Nginx Proxy config
nginx_sites:
kibana_http:
- listen 80
- server_name {{ oauth_domain }}
- return 302 https://$server_name$request_uri
kibana_ssl:
- listen 443 ssl
- server_name {{ oauth_domain }}
- ssl_certificate /certs/origin.crt
- ssl_certificate_key /certs/origin.key
- location / {
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:{{ oauth_local_port }}/;
}
# Open Nginx Ports
open_ports_default_comment: 'ElasticSearch LB'
open_ports_default_chain: 'VPN'
open_ports_list:
- { port: 80, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana'}
- { port: 443, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana' }
- { port: '{{ es_lb_api_port }}', ipset: 'log-store.nimbus' }
- { port: '{{ es_lb_node_port }}', ipset: 'log-store.nimbus' }