79 lines
6.0 KiB
YAML
79 lines
6.0 KiB
YAML
---
|
|
mev_boost_enabled: false
|
|
|
|
# Root password
|
|
bootstrap__root_pass: '{{lookup("vault", "hosts", field="root-pass", stage="all", env="all")}}'
|
|
bootstrap__admin_pass: '{{lookup("vault", "hosts", field="macos-admin-pass", stage="all", env="all")}}'
|
|
# Consul
|
|
bootstrap__consul_encryption_key: '{{lookup("vault", "consul/config", field="encryption-key", stage="all", env="all")}}'
|
|
bootstarp__consul_agent_acl_token: '{{lookup("vault", "consul/acl-tokens", field="agent-default", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_ca_crt: '{{lookup("vault", "consul/certs", field="ca.pem", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_client_crt: '{{lookup("vault", "consul/certs", field="client.pem", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_client_key: '{{lookup("vault", "consul/certs", field="client-key.pem", stage="all", env="all")}}'
|
|
# SSHGuard
|
|
bootstrap__sshguard_whitelist_extra: ['{{lookup("vault", "sshguard/whitelist", field="jakubgs-home", stage="all", env="all")}}']
|
|
# Wireguard
|
|
wireguard_consul_acl_token: '{{lookup("vault", "consul/acl-tokens", field="wireguard", stage="all", env="all")}}'
|
|
|
|
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
|
|
bootstrap__active_extra_users:
|
|
- { name: dustin, uid: 8001, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxMjWZZJ7E6EQY77IbOGaj1q6YzlRnQnCbTQqZja4c user@merfeint' }
|
|
- { name: dryajov, uid: 8004, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhsSxUXSQBv6PFEwE9TYG0TeuzabRipy/IoIS33BTt dryajov@status.im' }
|
|
- { name: kim, uid: 8005, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCQdvm2Hd3h3sPDVmLXAxQQXDYyuHCZne/3oIkMTn8zUjky66VRMUoIuZy7CqjCa/cKnBnq+n7FDwqSytIFln2fFIHC1yqrjG4YxHa8OyrT/H29wedOA1X4XHyU44JUXxTcAb+Mvnn7IjRQ42+orIFu4LAlUQAlJkta/weXlA+N1yPAkv168IbhsWYGd0myGqafiFbCo/IaTFKezs9TXfEBtSTzBTwLusFfnTUdyiNFZqkk3hq/7m13/HE0fI0iQ2y+Q1EXgYxT8C3a625n8n3zldaiKUBHQm7+DJdJllURstXhq35XFmhlUx4N+QbognoxqZ00pWRIOE/ooPW2rqv kim.demey@status.im' }
|
|
- { name: cheatfate, uid: 8008, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkw8sQiChWeUuXUbaWunScWKuAvYTmCP2+lklQNSzzxXpkQhGzLFnlsksTB1sKtQ6op4yDpysx1lp8E2pf2VlACIjSc7t39VY1vsQaAlBfvssLc9LGFMXIIOz4RZaIbbsbplIxI7IpkdhGk9WdD/QAO8fCl8gJ2SoAWMROds2oUDCir0VfsOupFtqQ9FUC4ANf4nHWqk9TwiVXU+nndeWWj8cYNGBq/3rWgn+tQTomQooYaoQHqslLFzmLYK2dJX8qrJDx1pX99h/aLhbbyCBnBZRSOzhNfpa9bRraofcKigNvLAUIfaRDhOize8C4/6WMOcyQVGNEmReBAzHGk5yoUJeMWENZAMCeWsY7cbdiKmEyDPlRDNGuzBlXkdFlJSlNYs1xhZsKkkiAdpSNrZB9/WOpBaKWba+7VRC4ejuuBhYr04kh22UJi4cc9xX0pyYc4tZ9MyjqTMSJoKGFceUXm1ne5g7nxdo1z4/Z6sQd4vFBCvKWFPpJx1cW0n+2XvFSoehou2sEGfoQp8UvSFhuiA/kA56OuahHQANBJBTqpKSCesSc8Y/4ys27qU8tSPjADWOtwxElUQpoBRbcAfTpNLy8r0AjAQFnAcj1Tq0dh+kIe03HPabx5b05Wq8K0opqkX1yPd5yI9IAPNhmbVMuONOEHhyTYCyhHK2ASdXSy0= eugene.kabanov@status.im' }
|
|
- { name: etan, uid: 8010, admin: true, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOguworK7iqh7hPjC1AL3eCe+OZcK7tWRqThyBrEK6r2 etan@status.im' }
|
|
- { name: p1ge0nh8er, uid: 8011, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBFMfy5lx2dGwpv7yq9kLFVanatgfMa9M/EFcVHV00ASS533sNJGklosiQLsqeiWXcKlubjK6f2taYViajodswFUAAAAXc3NoOnN0YXR1cy1nb2VybGktbm9kZXM= aaryamann@status.im' }
|
|
- { name: crypt1d, uid: 8013, admin: false, win_groups: ['Administrators'], mac_groups: ['admin'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8A+BRe9eLtN/y+NmX0vEQ7cHNgBLszZPfPjPm385w4c9r3ErGQJBqGd3jAjVn44z7AoDDjBhwmVh/47/6MwGnQuhRR7gVyFqowE0LawZ0paQKXvHVqGgW3wD+BwN155xOM0LQfVcWeJUfFTZ3YfZLCTVk1Nnd78J1q8ar/tg3uvyPXmYLkcGcXSnGOq8UeJ6ZhQxyELCSnGOilI4rgVEuxEOi0xWJNJMVyE5CtGu9jM/RLTjtfc6VNQFyc7aU31XcXKdwg9okWnfbDJgLAJp19vfHxT+l5muVWGYPQtyaw8BIA6YIphrX8Q99eHVWoMint5klGcUsGUcJPQc3dr/b nikola@status.im' }
|
|
|
|
# TRACE needs more disk space
|
|
bootstrap__rsyslog_docker_logs_path: '/docker/log'
|
|
# Print just the message, lower size of log files and make parsing easier
|
|
bootstrap__rsyslog_docker_format: !unsafe '%msg:2:2048%\n'
|
|
# Some logs are just SPAMmed too much.
|
|
bootstrap__rsyslog_filter_rules:
|
|
- 'Attestation resolved'
|
|
- 'Attestation received'
|
|
# lower local retention to save space
|
|
bootstrap__logrotate_frequency: 'hourly'
|
|
bootstrap__logrotate_count: 48
|
|
bootstrap__logrotate_mbytes: 500
|
|
|
|
# Extra packages for debugging
|
|
bootstrap__extra_packages:
|
|
- gdb
|
|
- linux-tools-common
|
|
- linux-tools-generic
|
|
bootstrap_sysctl_config:
|
|
kernel.core_pattern: '/var/lib/systemd/coredump/core.%e.%p.%u.%t'
|
|
fs.inotify.max_user_watches: 131072
|
|
# Allow calling 'perf' without root'
|
|
kernel.perf_event_paranoid: 1
|
|
|
|
# MTR network latency metrics
|
|
bootstrap__mtr_jobs:
|
|
- { name: 'github-icmp', addr: 'github.com', flags: '-c1' }
|
|
|
|
# Consul Catalog Query URL
|
|
consul_catalog_url: 'http://localhost:8500/v1/catalog'
|
|
|
|
# Beacon nodes can be quite memory hungry
|
|
swap_file_path: '/docker/main.swap'
|
|
swap_file_size_mb: 2048
|
|
|
|
# SMART Metrics
|
|
smart_metrics_listen_port: 9633
|
|
|
|
# Nimbus ------------------------------
|
|
beacon_node_log_level: DEBUG
|
|
|
|
# Peers
|
|
beacon_node_max_peers: 320
|
|
|
|
# VC inherits Consul settings from BN
|
|
validator_client_consul_check_disabled: '{{ beacon_node_consul_check_disabled }}'
|
|
validator_client_consul_check_interval: '{{ beacon_node_consul_check_interval }}'
|
|
validator_client_consul_check_timeout: '{{ beacon_node_consul_check_timeout }}'
|
|
validator_client_consul_success_before_passing: '{{ beacon_node_consul_success_before_passing }}'
|
|
validator_client_consul_failures_before_warning: '{{ beacon_node_consul_failures_before_warning }}'
|
|
validator_client_consul_failures_before_critical: '{{ beacon_node_consul_failures_before_critical }}'
|