infra-status/ansible/group_vars/boot.yml

---
# Custom SSH accounts, should start from UID 8000.
bootstrap__active_extra_users:
  - { name: ivan,    uid: 8000, groups: ['docker', 'dockremap'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBdm8y1PfWjT1pioaWJSZ2ETrUySb+dS/ifDg+VIpLY ivansete@status.im' }

# Hourly rotation to avoid disk space issue
bootstrap__logrotate_frequency: 'hourly'
bootstrap__logrotate_timer_frequency: '*:0/30'

# Tag dependent on fleet
nim_waku_cont_tag: 'deploy-{{ env }}-{{ stage }}'
nim_waku_cont_name: 'nim-waku-boot'
nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'
nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'
nim_waku_log_level: 'debug'
nim_waku_protocols_enabled: ['relay', 'filter', 'lightpush', 'peer-exchange']
nim_waku_disc_v5_enabled: true
nim_waku_dns4_domain_name: '{{ dns_entry }}'
nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", field=hostname)}}'

# Topic configuration
nim_waku_cluster_id: 16
nim_waku_pubsub_topics:
  - '/waku/2/rs/16/1'
  - '/waku/2/rs/16/32'
  - '/waku/2/rs/16/64'
  - '/waku/2/rs/16/128'
  - '/waku/2/rs/16/256'
nim_waku_protected_topics:
  - '/waku/2/rs/16/1:0461747a1b31c242d5d116baec75d6c2add6335aead6092ab2fa7eeaacd8fc9af2905207ebff8eed1c52e7c67ffa31ec830448e6c91524acdde6073f7c488db7c0'
  - '/waku/2/rs/16/128:045ced3b90fabf7673c5165f9cc3a038fd2cfeb96946538089c310b5eaa3a611094b27d8216d9ec8110bd0e0e9fa7a7b5a66e86a27954c9d88ebd41d0ab6cfbb91'
  - '/waku/2/rs/16/256:049022b33f7583f34463f5b7622e5da29f99f993e6858a478465c68ee114ccf142204eff285ed922349c4b71b178a2e1a2154b99bcc2d8e91b3994626ffa9f1a6c'

# Ports
nim_waku_p2p_tcp_port: 30303
nim_waku_metrics_port: 8008
nim_waku_disc_v5_port: 9000
nim_waku_rpc_tcp_port: 8545
nim_waku_websock_port: 443

# Limits
nim_waku_max_msg_size: '1024KiB'
nim_waku_p2p_max_connections: 500
nim_waku_ip_colocation_limit: 100

# Store
nim_waku_store_message_retention_policy: 'time:2592000' # 30 days

# DNS Discovery
nim_waku_dns_disc_enabled: true
nim_waku_dns_disc_url_map:
  prod:    'enrtree://AMOJVZX4V6EXP7NTJPMAYJYST2QP6AJXYW76IU6VGJS7UVSNDYZG4@boot.prod.status.nodes.status.im'
  staging: 'enrtree://AI4W5N5IFEUIHF5LESUAOSMV6TKWF2MB6GU2YK7PU4TYUGUNOCEPW@boot.staging.status.nodes.status.im'
nim_waku_dns_disc_url: '{{ nim_waku_dns_disc_url_map[stage] }}'

# Websockets
nim_waku_websocket_enabled: true
nim_waku_websocket_secure_enabled: true
nim_waku_websocket_domain: '{{ dns_entry }}'
nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'

# Consul Service
nim_waku_consul_check_interval: '120s'
nim_waku_consul_check_timeout: '5s'
nim_waku_consul_success_before_passing: 5
nim_waku_consul_failures_before_warning: 5
nim_waku_consul_failures_before_critical: 20

# LetsEncrypt via Certbot
certbot_docker_enabled: true
certbot_admin_email: 'devops@status.im'
certbot_services_to_stop: ['nginx']
certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
certbot_certs: '{{ certbot_certs_map[stage] }}'
# FIXME: Remove once ENR records are updated without the domain.
certbot_certs_map:
  prod:
    - domains:
        - '{{ nim_waku_websocket_domain }}'
        - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.test") }}' # Legacy Fleet Name
  staging:
    - domains:
        - '{{ nim_waku_websocket_domain }}'
        - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name

# Open Nim-Waku Ports
open_ports_list:
  nginx:
    - { comment: 'Nginx and Certbot', port: '80' }
  nim-waku:
    - { comment: 'Nim-Waku LibP2P',       port: '{{ nim_waku_p2p_tcp_port }}' }
    - { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
    - { comment: 'Nim-Waku Metrics',      port: '{{ nim_waku_metrics_port }}', ipset: 'hq.metrics', iifname: 'wg0' }
    - { comment: 'Nim-Waku WebSocket',    port: '{{ nim_waku_websock_port }}' }

# Public Config file access
nginx_sites:
  nim_waku_config:
    - listen 80 default_server
    - location = / {
        return 302 /config.toml;
      }
    - location = /config.toml {
        root {{ nim_waku_node_conf_path }};
        try_files /config.toml =404;
        types { text/plain toml; }
      }
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`---`
bootstrap: provide SSH access to ivansete 2023-10-04 12:41:41 +02:00			`# Custom SSH accounts, should start from UID 8000.`
			`bootstrap__active_extra_users:`
			`- { name: ivan, uid: 8000, groups: ['docker', 'dockremap'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBdm8y1PfWjT1pioaWJSZ2ETrUySb+dS/ifDg+VIpLY ivansete@status.im' }`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00
boot: uncomment setting for boot node key Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-03 01:19:08 +02:00			`# Hourly rotation to avoid disk space issue`
boot: logrotate hourly due to lots of DBG logs 2024-04-24 16:01:04 +02:00			`bootstrap__logrotate_frequency: 'hourly'`
logrotate: update frequency Signed-off-by: Alexis Pentori <alexis@status.im> 2024-08-26 11:09:35 +02:00			`bootstrap__logrotate_timer_frequency: '*:0/30'`
boot: logrotate hourly due to lots of DBG logs 2024-04-24 16:01:04 +02:00
rename the shards.test fleet to status.prod https://github.com/status-im/infra-shards/issues/33 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-24 12:04:37 +02:00			`# Tag dependent on fleet`
store,boot: fix name of Docker tag name We are in the middle of renaming fleets and this will make it more robust. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-16 16:54:51 +02:00			`nim_waku_cont_tag: 'deploy-{{ env }}-{{ stage }}'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`nim_waku_cont_name: 'nim-waku-boot'`
node: expose config.toml using Nginx server This can then be linked from the new https://fleets.waku.org/. https://github.com/status-im/infra-misc/issues/229 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-07 11:09:56 +01:00			`nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'`
			`nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'`
boot: disable trace logs, switch to debug Signed-off-by: Jakub Sokołowski <jakub@status.im> 2023-11-23 11:31:50 +01:00			`nim_waku_log_level: 'debug'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`nim_waku_protocols_enabled: ['relay', 'filter', 'lightpush', 'peer-exchange']`
			`nim_waku_disc_v5_enabled: true`
			`nim_waku_dns4_domain_name: '{{ dns_entry }}'`
rename shards fleet to status fleet While also retaining the old domain names. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-03 21:47:54 +02:00			`nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", field=hostname)}}'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00
			`# Topic configuration`
boot,store: add cluster ID required for 0.25.0 16 is the value "reserved" for status fleets with static sharding https://rfc.vac.dev/spec/51/#static-sharding Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-02-29 12:34:10 +01:00			`nim_waku_cluster_id: 16`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`nim_waku_pubsub_topics:`
boot,store: add /waku/2/rs/16/1 topic Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-04 22:09:38 +01:00			`- '/waku/2/rs/16/1'`
nim-waku: add pubsub topic (32) 2023-10-13 13:44:50 -04:00			`- '/waku/2/rs/16/32'`
nim-waku: add pubsub topic 2023-10-04 11:33:24 +02:00			`- '/waku/2/rs/16/64'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`- '/waku/2/rs/16/128'`
			`- '/waku/2/rs/16/256'`
			`nim_waku_protected_topics:`
boot,store: add /waku/2/rs/16/1 topic Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-04 22:09:38 +01:00			`- '/waku/2/rs/16/1:0461747a1b31c242d5d116baec75d6c2add6335aead6092ab2fa7eeaacd8fc9af2905207ebff8eed1c52e7c67ffa31ec830448e6c91524acdde6073f7c488db7c0'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`- '/waku/2/rs/16/128:045ced3b90fabf7673c5165f9cc3a038fd2cfeb96946538089c310b5eaa3a611094b27d8216d9ec8110bd0e0e9fa7a7b5a66e86a27954c9d88ebd41d0ab6cfbb91'`
			`- '/waku/2/rs/16/256:049022b33f7583f34463f5b7622e5da29f99f993e6858a478465c68ee114ccf142204eff285ed922349c4b71b178a2e1a2154b99bcc2d8e91b3994626ffa9f1a6c'`

			`# Ports`
			`nim_waku_p2p_tcp_port: 30303`
			`nim_waku_metrics_port: 8008`
			`nim_waku_disc_v5_port: 9000`
			`nim_waku_rpc_tcp_port: 8545`
shards: enable native websocket port Signed-off-by: Alexis Pentori <alexis@status.im> 2023-12-14 10:06:00 +01:00			`nim_waku_websock_port: 443`
nim-waku: add --ip-colocation-limit flag https://github.com/status-im/infra-shards/issues/27 2024-01-24 15:25:34 +01:00
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`# Limits`
boot: set max msg size to 1024KiB to fit store nodes Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-05-30 09:35:09 +02:00			`nim_waku_max_msg_size: '1024KiB'`
store,boot: bump max connections from 300 to 500 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-09-05 18:16:31 +02:00			`nim_waku_p2p_max_connections: 500`
nim-waku: add --ip-colocation-limit flag https://github.com/status-im/infra-shards/issues/27 2024-01-24 15:25:34 +01:00			`nim_waku_ip_colocation_limit: 100`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00
			`# Store`
			`nim_waku_store_message_retention_policy: 'time:2592000' # 30 days`

			`# DNS Discovery`
nim_waku: enable dns discovery 2023-09-21 13:01:05 +02:00			`nim_waku_dns_disc_enabled: true`
nim-waku: same mappings for dns discovery URL as other fleets 2023-09-28 17:01:36 +02:00			`nim_waku_dns_disc_url_map:`
boot,store: fix ENRTree DNS entry for status.prod Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-25 09:14:24 +02:00			`prod: 'enrtree://AMOJVZX4V6EXP7NTJPMAYJYST2QP6AJXYW76IU6VGJS7UVSNDYZG4@boot.prod.status.nodes.status.im'`
rename shards fleet to status fleet While also retaining the old domain names. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-03 21:47:54 +02:00			`staging: 'enrtree://AI4W5N5IFEUIHF5LESUAOSMV6TKWF2MB6GU2YK7PU4TYUGUNOCEPW@boot.staging.status.nodes.status.im'`
nim-waku: same mappings for dns discovery URL as other fleets 2023-09-28 17:01:36 +02:00			`nim_waku_dns_disc_url: '{{ nim_waku_dns_disc_url_map[stage] }}'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00
shards: enable native websocket port Signed-off-by: Alexis Pentori <alexis@status.im> 2023-12-14 10:06:00 +01:00			`# Websockets`
			`nim_waku_websocket_enabled: true`
			`nim_waku_websocket_secure_enabled: true`
			`nim_waku_websocket_domain: '{{ dns_entry }}'`
			`nim_waku_websocket_ssl_dir: '/etc/letsencrypt'`
			`nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'`
			`nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00
			`# Consul Service`
boot: increase consul check interval, warning threshold To match settings for `store` nodes. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-08-06 20:02:46 +02:00			`nim_waku_consul_check_interval: '120s'`
			`nim_waku_consul_check_timeout: '5s'`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`nim_waku_consul_success_before_passing: 5`
boot: increase consul check interval, warning threshold To match settings for `store` nodes. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-08-06 20:02:46 +02:00			`nim_waku_consul_failures_before_warning: 5`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`nim_waku_consul_failures_before_critical: 20`

shards: enable native websocket port Signed-off-by: Alexis Pentori <alexis@status.im> 2023-12-14 10:06:00 +01:00			`# LetsEncrypt via Certbot`
			`certbot_docker_enabled: true`
			`certbot_admin_email: 'devops@status.im'`
node: expose config.toml using Nginx server This can then be linked from the new https://fleets.waku.org/. https://github.com/status-im/infra-misc/issues/229 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-07 11:09:56 +01:00			`certbot_services_to_stop: ['nginx']`
boot,store: drop stopping non-existent websockify It causes certbot timer to fail at startup. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-01-08 13:35:03 +01:00			`certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']`
deploy new shards.staging fleet https://github.com/status-im/infra-shards/issues/29 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-18 20:48:58 +01:00			`certbot_certs: '{{ certbot_certs_map[stage] }}'`
			`# FIXME: Remove once ENR records are updated without the domain.`
			`certbot_certs_map:`
rename the shards.test fleet to status.prod https://github.com/status-im/infra-shards/issues/33 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-24 12:04:37 +02:00			`prod:`
deploy new shards.staging fleet https://github.com/status-im/infra-shards/issues/29 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-18 20:48:58 +01:00			`- domains:`
			`- '{{ nim_waku_websocket_domain }}'`
rename the shards.test fleet to status.prod https://github.com/status-im/infra-shards/issues/33 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-24 12:04:37 +02:00			`- '{{ nim_waku_websocket_domain \| replace("status."+stage, "shards.test") }}' # Legacy Fleet Name`
deploy new shards.staging fleet https://github.com/status-im/infra-shards/issues/29 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-18 20:48:58 +01:00			`staging:`
			`- domains:`
			`- '{{ nim_waku_websocket_domain }}'`
rename the shards.test fleet to status.prod https://github.com/status-im/infra-shards/issues/33 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-07-24 12:04:37 +02:00			`- '{{ nim_waku_websocket_domain \| replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name`
shards: enable native websocket port Signed-off-by: Alexis Pentori <alexis@status.im> 2023-12-14 10:06:00 +01:00
boot,store,store-db: switch to nftables https://github.com/status-im/infra-misc/issues/301 2024-09-12 16:40:48 +02:00			`# Open Nim-Waku Ports`
ansible: add nim-waku to boot nodes 2023-09-18 12:23:13 +02:00			`open_ports_list:`
boot,store,store-db: switch to nftables https://github.com/status-im/infra-misc/issues/301 2024-09-12 16:40:48 +02:00			`nginx:`
			`- { comment: 'Nginx and Certbot', port: '80' }`
			`nim-waku:`
			`- { comment: 'Nim-Waku LibP2P', port: '{{ nim_waku_p2p_tcp_port }}' }`
			`- { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }`
all: replace old naming of hq.metrics fleet https://github.com/status-im/infra-hq/issues/158 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-10-18 12:49:25 +02:00			`- { comment: 'Nim-Waku Metrics', port: '{{ nim_waku_metrics_port }}', ipset: 'hq.metrics', iifname: 'wg0' }`
boot,store,store-db: switch to nftables https://github.com/status-im/infra-misc/issues/301 2024-09-12 16:40:48 +02:00			`- { comment: 'Nim-Waku WebSocket', port: '{{ nim_waku_websock_port }}' }`
node: expose config.toml using Nginx server This can then be linked from the new https://fleets.waku.org/. https://github.com/status-im/infra-misc/issues/229 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2024-03-07 11:09:56 +01:00
			`# Public Config file access`
			`nginx_sites:`
			`nim_waku_config:`
			`- listen 80 default_server`
			`- location = / {`
			`return 302 /config.toml;`
			`}`
			`- location = /config.toml {`
			`root {{ nim_waku_node_conf_path }};`
			`try_files /config.toml =404;`
			`types { text/plain toml; }`
			`}`