---
# ElasticSearch LB needs a bit
swap_file_path: '/main.swap'
swap_file_size_mb: 2048

# CloudFlare Origin certificates
origin_certs:
  - domain: 'status.im'
    crt: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.crt", stage="all", env="all")}}'
    key: '{{lookup("vault", "certs/cloudflare/nimbus.team", field="origin.key", stage="all", env="all")}}'
    default: true

# Kibana Dashboard
kibana_domain: 'nimbus-logs.infra.status.im'
kibana_service_name: 'kibana'
kibana_docker_network_name: '{{ kibana_service_name }}'
kibana_cont_name: '{{ kibana_service_name }}'
kibana_cont_tag: '7.17.8'
kibana_cont_port: 5601
kibana_es_lb_addr: '{{ es_lb_cont_name }}'
kibana_es_lb_port: '{{ es_lb_api_port }}'

# oauth access
oauth_service_name: '{{ kibana_service_name }}'
oauth_service_path: '{{ kibana_service_path }}/oauth'
oauth_cont_name: '{{ kibana_cont_name }}-oauth'
oauth_cont_networks: ['{{ kibana_docker_network_name }}']
oauth_domain: '{{ kibana_domain }}'
oauth_upstream_addr: '{{ kibana_cont_name }}'
oauth_upstream_port: '{{ kibana_cont_port }}'
oauth_local_port: 4180
oauth_provider: 'keycloak-oidc'
oauth_id:            '{{lookup("vault", "kibana/oauth", field="client-id")}}'
oauth_secret:        '{{lookup("vault", "kibana/oauth", field="secret")}}'
oauth_cookie_secret: '{{lookup("vault", "kibana/oauth", field="cookie-secret")}}'

# ElasticSearch Load Balancer
es_lb_service_name: 'elasticsearch'
es_lb_docker_network_name: '{{ kibana_docker_network_name }}'
es_lb_cont_name: '{{ es_lb_service_name }}-lb'
es_lb_cont_tag: '7.17.8'
es_lb_data_center: do-ams3
es_lb_cluster_name: 'nimbus-logs-search'
es_lb_cluster_dc: 'he-eu-hel1'
es_lb_api_port: 9200
es_lb_node_port: 9300

# Cleanup to avoid running out of space
logclean_es_host: 'localhost'
logclean_es_port: '{{ es_lb_api_port }}'
logclean_keep_indices: 21

# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true

# Open Nginx Ports
open_ports_default_comment: 'ElasticSearch LB'
open_ports_list:
  elasticsearch_lb:
    - { port: '{{ es_lb_api_port }}',   ipset: 'logs.nimbus', iifname: 'wg0', comment: 'Elasticsearch LB' }
    - { port: '{{ es_lb_node_port }}',  ipset: 'logs.nimbus', iifname: 'wg0', comment: 'Elasticsearch LB' }
  kibana:
    - { port: '{{ oauth_local_port }}', ipset: 'sites.proxy', iifname: 'wg0', comment: 'Kibana' }