infra-nimbus/ansible/group_vars/dash.nimbus.yml

62 lines
2.2 KiB
YAML

---
# ElasticSearch LB needs a bit
swap_file_path: '/main.swap'
swap_file_size_mb: 2048
# CloudFlare Origin certificates
origin_certs:
- domain: 'status.im'
crt: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.crt")}}'
key: '{{lookup("bitwarden", "Cloudflare/status.im", file="origin.key")}}'
default: true
# Kibana Dashboard
kibana_domain: 'nimbus-logs.infra.status.im'
kibana_service_name: 'kibana'
kibana_docker_network_name: '{{ kibana_service_name }}'
kibana_cont_name: '{{ kibana_service_name }}'
kibana_cont_tag: '7.17.8'
kibana_cont_port: 5601
kibana_es_lb_addr: '{{ es_lb_cont_name }}'
kibana_es_lb_port: '{{ es_lb_api_port }}'
# oauth access
oauth_service_name: '{{ kibana_service_name }}'
oauth_service_path: '{{ kibana_service_path }}/oauth'
oauth_cont_name: '{{ kibana_cont_name }}-oauth'
oauth_cont_networks: ['{{ kibana_docker_network_name }}']
oauth_domain: '{{ kibana_domain }}'
oauth_upstream_addr: '{{ kibana_cont_name }}'
oauth_upstream_port: '{{ kibana_cont_port }}'
oauth_local_port: 4180
oauth_provider: 'keycloak-oidc'
oauth_id: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="client-id") }}'
oauth_secret: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="secret") }}'
oauth_cookie_secret: '{{ lookup("bitwarden", "nimbus/kibana/oauth", field="cookie-secret") }}'
# ElasticSearch Load Balancer
es_lb_service_name: 'elasticsearch'
es_lb_docker_network_name: '{{ kibana_docker_network_name }}'
es_lb_cont_name: '{{ es_lb_service_name }}-lb'
es_lb_cont_tag: '7.17.8'
es_lb_data_center: do-ams3
es_lb_cluster_name: 'nimbus-logs-search'
es_lb_cluster_dc: 'he-eu-hel1'
es_lb_api_port: 9200
es_lb_node_port: 9300
# Cleanup to avoid running out of space
logclean_es_host: 'localhost'
logclean_es_port: '{{ es_lb_api_port }}'
logclean_keep_indices: 21
# Open Nginx Ports
open_ports_default_comment: 'ElasticSearch LB'
open_ports_default_chain: 'VPN'
open_ports_list:
- { port: 80, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana'}
- { port: 443, chain: 'SERVICES', protocol: 'tcp', comment: 'Kiban & Grafana' }
- { port: '{{ es_lb_api_port }}', ipset: 'logs.nimbus' }
- { port: '{{ es_lb_node_port }}', ipset: 'logs.nimbus' }
- { port: '{{ oauth_local_port }}', ipset: 'proxy.misc', comment: 'ElasticSearch HQ' }