infra-nimbus/ansible/group_vars/all.yml

60 lines
5.4 KiB
YAML

---
# Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root")}}'
# Consul encryption key
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul", field="encryption-key")}}'
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
bootstrap__active_extra_users:
- { name: dustin, uid: 8001, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrxMjWZZJ7E6EQY77IbOGaj1q6YzlRnQnCbTQqZja4c user@merfeint' }
- { name: mamy, uid: 8002, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCr/O5OUmeUaSzVTotWHBUCCkD+LhzT8HxmuuZ3bUiL6Cp0/1vrUZDlduNJjjIDdHs5mcFBGAPn3vRF31CnG0aoe29RXYAwEPBL3dYQ0zZv0n4RT/XUGirnpbv3LnURvpg7+2JuO+ebrK6LSmRG45YebyipzSimE6Q80isbbDUh6PXJEhiRAslvnkPskOF5qNnKcuZtCfiJ6UdlJ8YDPidEZ5NDW+NDfAWQyo9r7ZY3EsaKJ2honUx0CkxLti1WalG83zdWFOr3xrmEyJM69h4yigut2Xc0iuFmj915rFMS+gxcXG00DOVftqQ0kAf/eOVB/LlDUfs9r9mhod0y2wlX mamy@status.im' }
- { name: stefan, uid: 8003, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw+3UpA5lT+8uAHdexl8isVhJX/I9knR34IRRkvEUaJzFF8XbTBeMsFHWTdY97zA9pl3GToKAymsw6+kBJ21yNztmRBQIpI1zmdhX6rV2u7waZUcOzyZDclOAG51TOijbzjWtDS/O0OGCEUsWDU8vvX10YGg0nHOjGI6uumUJYQp67C1Z5101Ygn3IhkBStzc7Pk2rUDErYFhom4KKD8w66vrPG9kqsR2i/pcW3EPI/5dz8FriaK+GB7OoZ7nTFhP/IlIV7hJUQZaOA69hkwwBz8LE6eTgoZwX6Q4b+ZxMXBR51xiljMYfKYg4FUGhcRdljxPr8HbObOf5YwTz5Vtaw== stefan@status.im' }
- { name: dryajov, uid: 8004, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhsSxUXSQBv6PFEwE9TYG0TeuzabRipy/IoIS33BTt dryajov@status.im' }
- { name: kim, uid: 8005, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqPvYjYJjO0rCgeYsTp2kn0oyQLKHgvcjIYVeaQzjZ3VB5V+34AadjjYh8ULhuzTPl25gbVI0KAWbsui4im/04tBv9Bn8xAEvLcWwab5t7a8GZLGKXOl3bi6S7Vmal6e94mKht1wflS9hGu0o6q/fHanu/WPKhtc1zwg50Qlrs2/9DYP9Qqo0ekHnuzip1Trdmls33DZB1WehZx7/rNKwppE0aHUv7vgh7vc+FAU/RnyeHM2bJRfq/AxiAs+Fas5MrO+9Mm8jPA2Jm6TRDGmXg5DB+0+u+qZF15eJ+ujKXhgnVPJBkSuAryTPob7FA1Eovc9HBDhOQCKC0ialiJm+5 kim.demey@status.im' }
- { name: giovanni, uid: 8006, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGn4vdHz/zGgjtdcWZjmUwerVNezDo5g0i+a0rcHvUsHCdfJ1yN2inqvib+RxPwGYAzgKoT1J5y+SIaGO740XupgQCrTqqyWeaeU+k+GjQF8JGiAyG8htKkFawR/mZBsXvosp/D9rA2zr8ms8q8vJJV73w/hMKbBoJB8CLEvBqTkY+1Gg== giova@DESKTOP-7CNNO9E' }
- { name: tanguy, uid: 8007, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC5wbFl7pJ+Vl6Csw7gh50+fYiuH/HAV+dLN0997isreWsrr+H/6uTDwvtYmbfG8Nrr1NVzFjrGXTUhF3lmSTzC7l+xdlUE9QoOumTF7OI7A79Wp0B3kzKk8YAKskyCtz4JUtvJaExJhxTy385dbXXrS/hV1lfciLiDp+rkg+EkCTedMeWVWhaJpoaS8OY/UzoYfPClFmGM5sAMF9UNPPIGjvCibTdt2uGerOki4FIcgqXARzOc1J6bEA1qTeYRh1wjv6KC3AyLRsLEooXqoviVYUm0bVLMZteTpIdY5N61FlytPcFpjAla9SCJYwPd3ud1hdurcQ5+wHuaAyKksCa6Qnhf/vX9LMFwbOkOqGLNKY5sdRhDyN5xbNdfk4jnY3E+8Z0CNmSV+dpmpwcOahNTB65t5zqcU/NXynFbALf3j3A9uklQ5Or1Y8ytnzjfSko+TQZHBr5/w810vxS3VNS470wGjyzhyVKSg1qNJXb+m2GLT9k5lBxnl7j3o8CLbOs= tavon@wheatley' }
- { name: cheatfate,uid: 8008, groups: ['systemd-journal'], win_groups: ['Administrators'], key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAkw8sQiChWeUuXUbaWunScWKuAvYTmCP2+lklQNSzzxXpkQhGzLFnlsksTB1sKtQ6op4yDpysx1lp8E2pf2VlACIjSc7t39VY1vsQaAlBfvssLc9LGFMXIIOz4RZaIbbsbplIxI7IpkdhGk9WdD/QAO8fCl8gJ2SoAWMROds2oUDCir0VfsOupFtqQ9FUC4ANf4nHWqk9TwiVXU+nndeWWj8cYNGBq/3rWgn+tQTomQooYaoQHqslLFzmLYK2dJX8qrJDx1pX99h/aLhbbyCBnBZRSOzhNfpa9bRraofcKigNvLAUIfaRDhOize8C4/6WMOcyQVGNEmReBAzHGk5yoUJeMWENZAMCeWsY7cbdiKmEyDPlRDNGuzBlXkdFlJSlNYs1xhZsKkkiAdpSNrZB9/WOpBaKWba+7VRC4ejuuBhYr04kh22UJi4cc9xX0pyYc4tZ9MyjqTMSJoKGFceUXm1ne5g7nxdo1z4/Z6sQd4vFBCvKWFPpJx1cW0n+2XvFSoehou2sEGfoQp8UvSFhuiA/kA56OuahHQANBJBTqpKSCesSc8Y/4ys27qU8tSPjADWOtwxElUQpoBRbcAfTpNLy8r0AjAQFnAcj1Tq0dh+kIe03HPabx5b05Wq8K0opqkX1yPd5yI9IAPNhmbVMuONOEHhyTYCyhHK2ASdXSy0= eugene.kabanov@status.im' }
# TRACE needs more disk space
bootstrap__rsyslog_docker_logs_path: '/docker/log'
# Print just the message, lower size of log files and make parsing easier
bootstrap__rsyslog_docker_format: !unsafe '%msg:2:2048%\n'
# lower local retention to save space
bootstrap__logrotate_frequency: 'hourly'
bootstrap__logrotate_count: 72
bootstrap__logrotate_mbytes: 500
# Consul Catalog Query URL
consul_catalog_url: 'http://localhost:8500/v1/catalog'
# Beacon nodes can be quite memory hungry
swap_file_path: '/docker/main.swap'
swap_file_size_mb: 2048
# Nimbus ------------------------------
beacon_node_cont_name: 'beacon-node-{{ beacon_node_network }}-{{ beacon_node_cont_tag }}'
beacon_node_log_level: DEBUG
beacon_node_timer_rebuild: true
# ports
beacon_node_rpc_port: 11000
beacon_node_rest_port: 5052
beacon_node_metrics_port : 9300
beacon_node_listening_port: 9100
beacon_node_discovery_port: 9100
# Peers
beacon_node_max_peers: 320
# resource limits
beacon_node_mem_limit: '{{ (ansible_memtotal_mb * 0.60) | int }}'
beacon_node_mem_reserve: '{{ (ansible_memtotal_mb * 0.4) | int }}'
# Open Ports
open_ports_default_comment: 'Beacon Node'
open_ports_default_chain: 'SERVICES'
open_ports_list:
- { port: '{{ beacon_node_listening_port }}', protocol: 'tcp' }
- { port: '{{ beacon_node_discovery_port }}', protocol: 'udp' }
- { port: '{{ beacon_node_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }