---
# Custom SSH accounts, should start from UID 8000.
bootstrap__active_extra_users:
  - { name: ivan,    uid: 8000, groups: ['docker', 'dockremap'], key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBdm8y1PfWjT1pioaWJSZ2ETrUySb+dS/ifDg+VIpLY ivansete@status.im' }

# Hourly rotation to avoid disk space issue
bootstrap__logrotate_frequency: 'hourly'
bootstrap__logrotate_timer_frequency: '*:0/30'

# Tag dependent on fleet
nim_waku_cont_tag: 'deploy-{{ env }}-{{ stage }}'
nim_waku_cont_name: 'nim-waku-store'
nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'
nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'
nim_waku_log_level: 'debug'
nim_waku_protocols_enabled: ['relay', 'store', 'store-sync']
nim_waku_disc_v5_enabled: true
nim_waku_dns4_domain_name: '{{ dns_entry }}'
nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", field=hostname)}}'

# Topic configuration
nim_waku_cluster_id: 16
nim_waku_pubsub_topics:
  - '/waku/2/rs/16/1'
  - '/waku/2/rs/16/32'
  - '/waku/2/rs/16/64'
  - '/waku/2/rs/16/128'
  - '/waku/2/rs/16/256'
nim_waku_protected_topics:
  - '/waku/2/rs/16/1:0461747a1b31c242d5d116baec75d6c2add6335aead6092ab2fa7eeaacd8fc9af2905207ebff8eed1c52e7c67ffa31ec830448e6c91524acdde6073f7c488db7c0'
  - '/waku/2/rs/16/128:045ced3b90fabf7673c5165f9cc3a038fd2cfeb96946538089c310b5eaa3a611094b27d8216d9ec8110bd0e0e9fa7a7b5a66e86a27954c9d88ebd41d0ab6cfbb91'
  - '/waku/2/rs/16/256:049022b33f7583f34463f5b7622e5da29f99f993e6858a478465c68ee114ccf142204eff285ed922349c4b71b178a2e1a2154b99bcc2d8e91b3994626ffa9f1a6c'

# Ports
nim_waku_p2p_tcp_port: 30303
nim_waku_metrics_port: 8008
nim_waku_disc_v5_port: 9000
nim_waku_rpc_tcp_port: 8545
nim_waku_websock_port: 443

# Limits
nim_waku_max_msg_size: '1024KiB'
nim_waku_p2p_max_connections: 300
nim_waku_ip_colocation_limit: 100

# Store
nim_waku_store_message_db_name: 'nim-waku'
nim_waku_store_message_db_user: 'nim-waku'
nim_waku_store_message_db_pass: '{{lookup("bitwarden", "fleets/status/"+stage+"/db/nim-waku")}}'
nim_waku_store_message_db_url: 'postgres://{{ nim_waku_store_message_db_user}}:{{ nim_waku_store_message_db_pass }}@store-db-01.{{ ansible_domain }}.wg:5432/{{nim_waku_store_message_db_name}}'
nim_waku_store_message_retention_policy_map:
  prod:    'size:250GB'
  staging: 'size:75GB'
nim_waku_store_message_retention_policy: '{{ nim_waku_store_message_retention_policy_map[stage] }}'

# DNS Discovery
nim_waku_dns_disc_enabled: true
nim_waku_dns_disc_url_map:
  prod:    'enrtree://AMOJVZX4V6EXP7NTJPMAYJYST2QP6AJXYW76IU6VGJS7UVSNDYZG4@boot.prod.status.nodes.status.im'
  staging: 'enrtree://AI4W5N5IFEUIHF5LESUAOSMV6TKWF2MB6GU2YK7PU4TYUGUNOCEPW@boot.staging.status.nodes.status.im'
nim_waku_dns_disc_url: '{{ nim_waku_dns_disc_url_map[stage] }}'

# Websockets
nim_waku_websocket_enabled: true
nim_waku_websocket_secure_enabled: true
nim_waku_websocket_domain: '{{ dns_entry }}'
nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'

# Consul Service
nim_waku_consul_check_interval: '120s'
nim_waku_consul_check_timeout: '5s'
nim_waku_consul_success_before_passing: 5
nim_waku_consul_failures_before_warning: 10
nim_waku_consul_failures_before_critical: 40

# LetsEncrypt via Certbot
certbot_docker_enabled: true
certbot_admin_email: 'devops@status.im'
certbot_services_to_stop: ['nginx']
certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
certbot_certs: '{{ certbot_certs_map[stage] }}'
# FIXME: Remove once ENR records are updated without the domain.
certbot_certs_map:
  prod:
    - domains:
        - '{{ nim_waku_websocket_domain }}'
        - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.test") }}' # Legacy Fleet Name
  staging:
    - domains:
        - '{{ nim_waku_websocket_domain }}'
        - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name

# Open LibP2P Ports
open_ports_default_comment: '{{ nim_waku_cont_name }}'
open_ports_default_chain: 'SERVICES'
open_ports_default_protocol: 'tcp'
open_ports_list:
  - { port: '80', comment: 'Nginx and Certbot' }
  - { port: '{{ nim_waku_p2p_tcp_port }}' }
  - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
  - { port: '{{ nim_waku_websock_port }}' }

# Public Config file access
nginx_sites:
  nim_waku_config:
    - listen 80 default_server
    - location = / {
        return 302 /config.toml;
      }
    - location = /config.toml {
        root {{ nim_waku_node_conf_path }};
        try_files /config.toml =404;
        types { text/plain toml; }
      }