status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

vault: migrate consul and host secrets

This commit is contained in:
Siddarth Kumar 2024-11-04 13:15:14 +05:30
parent 5019c50a78
commit 87df0834d8
No known key found for this signature in database
GPG Key ID: 599D10112BF518DB
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
ansible/group_vars/all.yml
View File

@ -2,18 +2,18 @@
mev_boost_enabled: false
# Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}'
bootstrap__root_pass: '{{lookup("vault", "hosts", field="root-pass", stage="all", env="all")}}'
bootstrap__admin_pass: '{{lookup("vault", "hosts", field="macos-admin-pass", stage="all", env="all")}}'
# Consul
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
bootstrap__consul_certs_ca_crt: '{{lookup("bitwarden", "consul/certs", file="ca.pem")}}'
bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs", file="client.pem")}}'
bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs", file="client-key.pem")}}'
bootstrap__consul_encryption_key: '{{lookup("vault", "consul/config", field="encryption-key", stage="all", env="all")}}'
bootstarp__consul_agent_acl_token: '{{lookup("vault", "consul/acl-tokens", field="agent-default", stage="all", env="all")}}'
bootstrap__consul_certs_ca_crt: '{{lookup("vault", "consul/certs", field="ca.pem", stage="all", env="all")}}'
bootstrap__consul_certs_client_crt: '{{lookup("vault", "consul/certs", field="client.pem", stage="all", env="all")}}'
bootstrap__consul_certs_client_key: '{{lookup("vault", "consul/certs", field="client-key.pem", stage="all", env="all")}}'
# SSHGuard
bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}']
bootstrap__sshguard_whitelist_extra: ['{{lookup("vault", "sshguard/whitelist", field="jakubgs-home", stage="all", env="all")}}']
# Wireguard
wireguard_consul_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="wireguard")}}'
wireguard_consul_acl_token: '{{lookup("vault", "consul/acl-tokens", field="wireguard", stage="all", env="all")}}'
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
bootstrap__active_extra_users: