Jakub Sokołowski d948d3dbd9
all: remove access from diego@status.im
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-10-29 11:33:20 +01:00

79 lines
5.7 KiB
YAML

---
mev_boost_enabled: false
# Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
bootstrap__admin_pass: '{{lookup("bitwarden", "macos/admin", field="password")}}'
# Consul
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
bootstrap__consul_certs_ca_crt: '{{lookup("bitwarden", "consul/certs", file="ca.pem")}}'
bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs", file="client.pem")}}'
bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs", file="client-key.pem")}}'
# SSHGuard
bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}']
# Wireguard
wireguard_consul_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="wireguard")}}'
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
bootstrap__active_extra_users:
- { name: dustin, uid: 8001, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxMjWZZJ7E6EQY77IbOGaj1q6YzlRnQnCbTQqZja4c user@merfeint' }
- { name: dryajov, uid: 8004, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhsSxUXSQBv6PFEwE9TYG0TeuzabRipy/IoIS33BTt dryajov@status.im' }
- { name: kim, uid: 8005, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCQdvm2Hd3h3sPDVmLXAxQQXDYyuHCZne/3oIkMTn8zUjky66VRMUoIuZy7CqjCa/cKnBnq+n7FDwqSytIFln2fFIHC1yqrjG4YxHa8OyrT/H29wedOA1X4XHyU44JUXxTcAb+Mvnn7IjRQ42+orIFu4LAlUQAlJkta/weXlA+N1yPAkv168IbhsWYGd0myGqafiFbCo/IaTFKezs9TXfEBtSTzBTwLusFfnTUdyiNFZqkk3hq/7m13/HE0fI0iQ2y+Q1EXgYxT8C3a625n8n3zldaiKUBHQm7+DJdJllURstXhq35XFmhlUx4N+QbognoxqZ00pWRIOE/ooPW2rqv kim.demey@status.im' }
- { name: cheatfate, uid: 8008, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkw8sQiChWeUuXUbaWunScWKuAvYTmCP2+lklQNSzzxXpkQhGzLFnlsksTB1sKtQ6op4yDpysx1lp8E2pf2VlACIjSc7t39VY1vsQaAlBfvssLc9LGFMXIIOz4RZaIbbsbplIxI7IpkdhGk9WdD/QAO8fCl8gJ2SoAWMROds2oUDCir0VfsOupFtqQ9FUC4ANf4nHWqk9TwiVXU+nndeWWj8cYNGBq/3rWgn+tQTomQooYaoQHqslLFzmLYK2dJX8qrJDx1pX99h/aLhbbyCBnBZRSOzhNfpa9bRraofcKigNvLAUIfaRDhOize8C4/6WMOcyQVGNEmReBAzHGk5yoUJeMWENZAMCeWsY7cbdiKmEyDPlRDNGuzBlXkdFlJSlNYs1xhZsKkkiAdpSNrZB9/WOpBaKWba+7VRC4ejuuBhYr04kh22UJi4cc9xX0pyYc4tZ9MyjqTMSJoKGFceUXm1ne5g7nxdo1z4/Z6sQd4vFBCvKWFPpJx1cW0n+2XvFSoehou2sEGfoQp8UvSFhuiA/kA56OuahHQANBJBTqpKSCesSc8Y/4ys27qU8tSPjADWOtwxElUQpoBRbcAfTpNLy8r0AjAQFnAcj1Tq0dh+kIe03HPabx5b05Wq8K0opqkX1yPd5yI9IAPNhmbVMuONOEHhyTYCyhHK2ASdXSy0= eugene.kabanov@status.im' }
- { name: etan, uid: 8010, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOguworK7iqh7hPjC1AL3eCe+OZcK7tWRqThyBrEK6r2 etan@status.im' }
- { name: p1ge0nh8er, uid: 8011, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBFMfy5lx2dGwpv7yq9kLFVanatgfMa9M/EFcVHV00ASS533sNJGklosiQLsqeiWXcKlubjK6f2taYViajodswFUAAAAXc3NoOnN0YXR1cy1nb2VybGktbm9kZXM= aaryamann@status.im' }
- { name: crypt1d, uid: 8013, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8A+BRe9eLtN/y+NmX0vEQ7cHNgBLszZPfPjPm385w4c9r3ErGQJBqGd3jAjVn44z7AoDDjBhwmVh/47/6MwGnQuhRR7gVyFqowE0LawZ0paQKXvHVqGgW3wD+BwN155xOM0LQfVcWeJUfFTZ3YfZLCTVk1Nnd78J1q8ar/tg3uvyPXmYLkcGcXSnGOq8UeJ6ZhQxyELCSnGOilI4rgVEuxEOi0xWJNJMVyE5CtGu9jM/RLTjtfc6VNQFyc7aU31XcXKdwg9okWnfbDJgLAJp19vfHxT+l5muVWGYPQtyaw8BIA6YIphrX8Q99eHVWoMint5klGcUsGUcJPQc3dr/b nikola@status.im' }
# TRACE needs more disk space
bootstrap__rsyslog_docker_logs_path: '/docker/log'
# Print just the message, lower size of log files and make parsing easier
bootstrap__rsyslog_docker_format: !unsafe '%msg:2:2048%\n'
# Some logs are just SPAMmed too much.
bootstrap__rsyslog_filter_rules:
- 'Attestation resolved'
- 'Attestation received'
# lower local retention to save space
bootstrap__logrotate_frequency: 'hourly'
bootstrap__logrotate_count: 48
bootstrap__logrotate_mbytes: 500
# Extra packages for debugging
bootstrap__extra_packages:
- gdb
- linux-tools-common
- linux-tools-generic
bootstrap_sysctl_config:
kernel.core_pattern: '/var/lib/systemd/coredump/core.%e.%p.%u.%t'
fs.inotify.max_user_watches: 131072
# Allow calling 'perf' without root'
kernel.perf_event_paranoid: 1
# MTR network latency metrics
bootstrap__mtr_jobs:
- { name: 'github-icmp', addr: 'github.com', flags: '-c1' }
# Consul Catalog Query URL
consul_catalog_url: 'http://localhost:8500/v1/catalog'
# Beacon nodes can be quite memory hungry
swap_file_path: '/docker/main.swap'
swap_file_size_mb: 2048
# SMART Metrics
smart_metrics_listen_port: 9633
# Nimbus ------------------------------
beacon_node_log_level: DEBUG
# Peers
beacon_node_max_peers: 320
# VC inherits Consul settings from BN
validator_client_consul_check_disabled: '{{ beacon_node_consul_check_disabled }}'
validator_client_consul_check_interval: '{{ beacon_node_consul_check_interval }}'
validator_client_consul_check_timeout: '{{ beacon_node_consul_check_timeout }}'
validator_client_consul_success_before_passing: '{{ beacon_node_consul_success_before_passing }}'
validator_client_consul_failures_before_warning: '{{ beacon_node_consul_failures_before_warning }}'
validator_client_consul_failures_before_critical: '{{ beacon_node_consul_failures_before_critical }}'