infra-template/ansible/group_vars/all.yml

---
# Root password
bootstrap__root_pass:               '{{lookup("vault", "config",            field="root-pass",             stage="all", env="all")}}'
# Consul
bootstrap__consul_encryption_key:   '{{lookup("vault", "config",            field="consul-encryption-key", stage="all", env="all")}}'
bootstarp__consul_agent_acl_token:  '{{lookup("vault", "consul/acl-tokens", field="agent-default",         stage="all", env="all")}}'
bootstrap__consul_certs_ca_crt:     '{{lookup("vault", "consul/certs",      field="ca.pem",                stage="all", env="all")}}'
bootstrap__consul_certs_client_crt: '{{lookup("vault", "consul/certs",      field="client.pem",            stage="all", env="all")}}'
bootstrap__consul_certs_client_key: '{{lookup("vault", "consul/certs",      field="client-key.pem",        stage="all", env="all")}}'
# SSHGuard
bootstrap__sshguard_whitelist_extra: ['{{lookup("vault", "sshguard/whitelist",    field="jakubgs-home",    stage="all", env="all")}}']
# Wireguard
wireguard_consul_acl_token:         '{{lookup("vault", "consul/acl-tokens", field="wireguard",             stage="all", env="all")}}'

# Wazuh Agent
wazuh_agent_enrollment_key:         '{{ lookup("vault", "manager/config", field="enrollment-password", env="hq", stage="wazuh")}}'
wazuh_root_ca:                      '{{ lookup("vault", "root-ca",        field="certificate",         env="hq", stage="wazuh")}}'
add Ansible boilerplate Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-05-11 12:46:01 +00:00			`---`
			`# Root password`
all: fix secret path Signed-off-by: Alexis Pentori <alexis@status.im> 2024-10-17 10:53:40 +00:00			`bootstrap__root_pass: '{{lookup("vault", "config", field="root-pass", stage="all", env="all")}}'`
add Ansible boilerplate Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-05-11 12:46:01 +00:00			`# Consul`
all: fix secret path Signed-off-by: Alexis Pentori <alexis@status.im> 2024-10-17 10:53:40 +00:00			`bootstrap__consul_encryption_key: '{{lookup("vault", "config", field="consul-encryption-key", stage="all", env="all")}}'`
			`bootstarp__consul_agent_acl_token: '{{lookup("vault", "consul/acl-tokens", field="agent-default", stage="all", env="all")}}'`
			`bootstrap__consul_certs_ca_crt: '{{lookup("vault", "consul/certs", field="ca.pem", stage="all", env="all")}}'`
			`bootstrap__consul_certs_client_crt: '{{lookup("vault", "consul/certs", field="client.pem", stage="all", env="all")}}'`
			`bootstrap__consul_certs_client_key: '{{lookup("vault", "consul/certs", field="client-key.pem", stage="all", env="all")}}'`
add Ansible boilerplate Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-05-11 12:46:01 +00:00			`# SSHGuard`
all: fix secret path Signed-off-by: Alexis Pentori <alexis@status.im> 2024-10-17 10:53:40 +00:00			`bootstrap__sshguard_whitelist_extra: ['{{lookup("vault", "sshguard/whitelist", field="jakubgs-home", stage="all", env="all")}}']`
add Ansible boilerplate Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-05-11 12:46:01 +00:00			`# Wireguard`
all: fix secret path Signed-off-by: Alexis Pentori <alexis@status.im> 2024-10-17 10:53:40 +00:00			`wireguard_consul_acl_token: '{{lookup("vault", "consul/acl-tokens", field="wireguard", stage="all", env="all")}}'`
wazuh: add default config Signed-off-by: Alexis Pentori <alexis@status.im> 2024-10-30 15:46:57 +00:00
			`# Wazuh Agent`
			`wazuh_agent_enrollment_key: '{{ lookup("vault", "manager/config", field="enrollment-password", env="hq", stage="wazuh")}}'`
			`wazuh_root_ca: '{{ lookup("vault", "root-ca", field="certificate", env="hq", stage="wazuh")}}'`