status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

wireguard: bump role and add Consul ACL token 

Part of effort to lock down Consul ACLs:
https://github.com/status-im/infra-hq/issues/70

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2022-02-08 20:51:45 +01:00
parent cdf63cba43
commit d74ff169ef
No known key found for this signature in database
GPG Key ID: 09AA5403E54D9931
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/bootstrap.yml
View File

@ -22,6 +22,7 @@
- name: Bootstrap Python support for Ansible - name: Bootstrap Python support for Ansible
become: true become: true
hosts: all hosts: all
serial: '{{ serial|default(1) }}'
roles: roles:
- role: infra-role-bootstrap-linux/raw - role: infra-role-bootstrap-linux/raw
when: ansible_system == 'Linux' when: ansible_system == 'Linux'
@ -29,6 +30,7 @@
- name: Bootstrap admin users and Consul - name: Bootstrap admin users and Consul
become: true become: true
hosts: all hosts: all
serial: '{{ serial|default(1) }}'
roles: roles:
- role: infra-role-bootstrap-linux - role: infra-role-bootstrap-linux
when: ansible_system == 'Linux' when: ansible_system == 'Linux'

4
ansible/group_vars/all.yml
View File

@ -2,9 +2,11 @@
# Root password # Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}' bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}' bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}'
# Consul encryption key and ACL token # Consul
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}' bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}'
bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul", field="agent-acl-token")}}' bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul", field="agent-acl-token")}}'
# Wireguard
wireguard_consul_acl_token: '{{lookup("bitwarden", "consul", field="wireguard-acl-token")}}'
# Custom SSH accounts for Nimbus fleet, should start from UID 8000. # Custom SSH accounts for Nimbus fleet, should start from UID 8000.
bootstrap__active_extra_users: bootstrap__active_extra_users:

8
ansible/requirements.yml
View File

@ -16,22 +16,22 @@
- name: infra-role-bootstrap-linux - name: infra-role-bootstrap-linux
src: git@github.com:status-im/infra-role-bootstrap-linux.git src: git@github.com:status-im/infra-role-bootstrap-linux.git
version: 3b61bca714677e6a2a44a7500659b16b78977181 version: 7d2646cad4046e20b02628f4efc1e2b87deef773
scm: git scm: git
- name: infra-role-bootstrap-windows - name: infra-role-bootstrap-windows
src: git@github.com:status-im/infra-role-bootstrap-windows.git src: git@github.com:status-im/infra-role-bootstrap-windows.git
version: 6b883f69072e26e1efc8c43b52de3af64d41c9e4 version: 9cd9c24cec4c4a9eb8b0c080ad352d83486d1c58
scm: git scm: git
- name: infra-role-bootstrap-macos - name: infra-role-bootstrap-macos
src: git@github.com:status-im/infra-role-bootstrap-macos.git src: git@github.com:status-im/infra-role-bootstrap-macos.git
version: f91aae959976703a638a007245970e936da7b781 version: 3c46cb38d6ba9d6d79ce31fdb3877b9dfd1fb621
scm: git scm: git
- name: infra-role-wireguard - name: infra-role-wireguard
src: git@github.com:status-im/infra-role-wireguard.git src: git@github.com:status-im/infra-role-wireguard.git
version: 345c9dd85ff8e57bce7e492dc05d685aee1f076c version: 2aa2627c9f01d5c08f43237a09dd3a7635592205
scm: git scm: git
- name: oauth-proxy - name: oauth-proxy