--- # Root password bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}' bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}' # Consul bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}' bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}' bootstrap__consul_certs_ca_crt: '{{lookup("bitwarden", "consul/certs", file="ca.pem")}}' bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs", file="client.pem")}}' bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs", file="client-key.pem")}}' # SSHGuard bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}'] # Wireguard wireguard_consul_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="wireguard")}}' # Custom SSH accounts for Nimbus fleet, should start from UID 8000. bootstrap__active_extra_users: - { name: zahary, uid: 8000, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ4uk6O6e6KgiTGVOntGbUN+tUXM5XbnK4x9RPc8hsmphO0SIi/jim8TDh8SstyNA7IRx5TG3//tAzrjikA3xBfBktiZc7cIklkKwVsby7WEThbu99B+tKfXGrJEaIoXuGc7nk/t1ynMqbLSxo44Yu3+OksozDxtj1mDl2ze+ICa7XteAJgu7vIsfKUZwnpIVXglfqve0x/GJ8oQyp4vx7MFdaaBTl4yLyajwd+h+tINmf4fikUl34gVTLtM2VxXHy2VtbzjQUXb7pCISXELyXy0OnJ6HczNiWA2K0z47pohC5cAFYlErhmbZ1MRhKYysEAm/mAasTPRVKTK4agpSB zahary@status.im' } - { name: dustin, uid: 8001, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxMjWZZJ7E6EQY77IbOGaj1q6YzlRnQnCbTQqZja4c user@merfeint' } - { name: dryajov, uid: 8004, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhsSxUXSQBv6PFEwE9TYG0TeuzabRipy/IoIS33BTt dryajov@status.im' } - { name: kim, uid: 8005, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCQdvm2Hd3h3sPDVmLXAxQQXDYyuHCZne/3oIkMTn8zUjky66VRMUoIuZy7CqjCa/cKnBnq+n7FDwqSytIFln2fFIHC1yqrjG4YxHa8OyrT/H29wedOA1X4XHyU44JUXxTcAb+Mvnn7IjRQ42+orIFu4LAlUQAlJkta/weXlA+N1yPAkv168IbhsWYGd0myGqafiFbCo/IaTFKezs9TXfEBtSTzBTwLusFfnTUdyiNFZqkk3hq/7m13/HE0fI0iQ2y+Q1EXgYxT8C3a625n8n3zldaiKUBHQm7+DJdJllURstXhq35XFmhlUx4N+QbognoxqZ00pWRIOE/ooPW2rqv kim.demey@status.im' } - { name: cheatfate, uid: 8008, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkw8sQiChWeUuXUbaWunScWKuAvYTmCP2+lklQNSzzxXpkQhGzLFnlsksTB1sKtQ6op4yDpysx1lp8E2pf2VlACIjSc7t39VY1vsQaAlBfvssLc9LGFMXIIOz4RZaIbbsbplIxI7IpkdhGk9WdD/QAO8fCl8gJ2SoAWMROds2oUDCir0VfsOupFtqQ9FUC4ANf4nHWqk9TwiVXU+nndeWWj8cYNGBq/3rWgn+tQTomQooYaoQHqslLFzmLYK2dJX8qrJDx1pX99h/aLhbbyCBnBZRSOzhNfpa9bRraofcKigNvLAUIfaRDhOize8C4/6WMOcyQVGNEmReBAzHGk5yoUJeMWENZAMCeWsY7cbdiKmEyDPlRDNGuzBlXkdFlJSlNYs1xhZsKkkiAdpSNrZB9/WOpBaKWba+7VRC4ejuuBhYr04kh22UJi4cc9xX0pyYc4tZ9MyjqTMSJoKGFceUXm1ne5g7nxdo1z4/Z6sQd4vFBCvKWFPpJx1cW0n+2XvFSoehou2sEGfoQp8UvSFhuiA/kA56OuahHQANBJBTqpKSCesSc8Y/4ys27qU8tSPjADWOtwxElUQpoBRbcAfTpNLy8r0AjAQFnAcj1Tq0dh+kIe03HPabx5b05Wq8K0opqkX1yPd5yI9IAPNhmbVMuONOEHhyTYCyhHK2ASdXSy0= eugene.kabanov@status.im' } - { name: etan, uid: 8010, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOguworK7iqh7hPjC1AL3eCe+OZcK7tWRqThyBrEK6r2 etan@status.im' } - { name: p1ge0nh8er, uid: 8011, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBFMfy5lx2dGwpv7yq9kLFVanatgfMa9M/EFcVHV00ASS533sNJGklosiQLsqeiWXcKlubjK6f2taYViajodswFUAAAAXc3NoOnN0YXR1cy1nb2VybGktbm9kZXM= aaryamann@status.im' } - { name: crypt1d, uid: 8013, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8A+BRe9eLtN/y+NmX0vEQ7cHNgBLszZPfPjPm385w4c9r3ErGQJBqGd3jAjVn44z7AoDDjBhwmVh/47/6MwGnQuhRR7gVyFqowE0LawZ0paQKXvHVqGgW3wD+BwN155xOM0LQfVcWeJUfFTZ3YfZLCTVk1Nnd78J1q8ar/tg3uvyPXmYLkcGcXSnGOq8UeJ6ZhQxyELCSnGOilI4rgVEuxEOi0xWJNJMVyE5CtGu9jM/RLTjtfc6VNQFyc7aU31XcXKdwg9okWnfbDJgLAJp19vfHxT+l5muVWGYPQtyaw8BIA6YIphrX8Q99eHVWoMint5klGcUsGUcJPQc3dr/b nikola@status.im' } - { name: santosdimarin, uid: 8016, admin: false, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYZVWSpnga+OB4qs53OhsUwmbRicJrdPw0SBJR4eipn diego@status.im' } # TRACE needs more disk space bootstrap__rsyslog_docker_logs_path: '/docker/log' # Print just the message, lower size of log files and make parsing easier bootstrap__rsyslog_docker_format: !unsafe '%msg:2:2048%\n' # Some logs are just SPAMmed too much. bootstrap__rsyslog_filter_rules: - 'Attestation resolved' - 'Attestation received' # lower local retention to save space bootstrap__logrotate_frequency: 'hourly' bootstrap__logrotate_count: 48 bootstrap__logrotate_mbytes: 500 # Extra packages for debugging bootstrap__extra_packages: - gdb - linux-tools-common - linux-tools-generic bootstrap_sysctl_config: kernel.core_pattern: '/var/lib/systemd/coredump/core.%e.%p.%u.%t' fs.inotify.max_user_watches: 131072 # Allow calling 'perf' without root' kernel.perf_event_paranoid: 1 # MTR network latency metrics bootstrap__mtr_jobs: - { name: 'github-icmp', addr: 'github.com', flags: '-c1' } # Consul Catalog Query URL consul_catalog_url: 'http://localhost:8500/v1/catalog' # Beacon nodes can be quite memory hungry swap_file_path: '/docker/main.swap' swap_file_size_mb: 2048 # SMART Metrics smart_metrics_listen_port: 9633 # Nimbus ------------------------------ beacon_node_log_level: DEBUG # Builds beacon_node_build_nim_flags: >- -d:testnet_servers_image -d:noSignalHandler -d:libp2p_protobuf_metrics -d:libp2p_network_protocols_metrics # Peers beacon_node_max_peers: 320 # VC inherits Consul settings from BN validator_client_consul_check_disabled: '{{ beacon_node_consul_check_disabled }}' validator_client_consul_check_interval: '{{ beacon_node_consul_check_interval }}' validator_client_consul_check_timeout: '{{ beacon_node_consul_check_timeout }}' validator_client_consul_success_before_passing: '{{ beacon_node_consul_success_before_passing }}' validator_client_consul_failures_before_warning: '{{ beacon_node_consul_failures_before_warning }}' validator_client_consul_failures_before_critical: '{{ beacon_node_consul_failures_before_critical }}'