--- # ElasticSearch Cluster es_cluster_name: 'cortex' # Cortex ----------------------------------------------------------------------- cortex_domain: 'cortex.status.im' cortex_port: 9001 # Super Admin cortex_admin_user: '{{ lookup("bitwarden", "the-hive/cortex/admin", field="username") }}' cortex_admin_pass: '{{ lookup("bitwarden", "the-hive/cortex/admin", field="password") }}' # TheHive API Access cortex_the_hive_user: '{{ lookup("bitwarden", "the-hive/cortex/api", field="username") }}' cortex_the_hive_pass: '{{ lookup("bitwarden", "the-hive/cortex/api", field="password") }}' # Paths cortex_conf_path: '/data/cortex/conf' cortex_logs_path: '/data/cortex/logs' # Cortex application secret cortex_http_secret: '{{ lookup("bitwarden", "the-hive/cortex/app", field="http-secret") }}' # ElasticSearch cluster cortex_search_cluster_name: 'cortex' # Fetched in pre_tasks cortex_search_nodes: | {{ elasticsearch_services.json | json_query('[].{ name: Node, addr: ServiceAddress, port: ServicePort }') | list }} # GitHub OAuth details cortex_oauth_client_id: '{{ lookup("bitwarden", "the-hive/cortex/oauth", field="id") }}' cortex_oauth_client_secret: '{{ lookup("bitwarden", "the-hive/cortex/oauth", field="secret") }}' # The Hive --------------------------------------------------------------------- the_hive_domain: 'hive.status.im' the_hive_port: 9000 # TheHive application secret the_hive_app_http_secret: '{{ lookup("bitwarden", "the-hive/app", field="http-secret") }}' # Paths the_hive_conf_path: '/data/thehive/conf' the_hive_data_path: '/data/thehive/data' the_hive_logs_path: '/data/thehive/logs' # Cortex connection the_hive_cortex_host: 'localhost' the_hive_cortex_port: '{{ cortex_port }}' the_hive_cortex_user: '{{ cortex_the_hive_user }}' the_hive_cortex_pass: '{{ cortex_the_hive_pass }}' # GitHub OAuth the_hive_oauth_client_id: '{{ lookup("bitwarden", "the-hive/oauth", field="id") }}' the_hive_oauth_client_secret: '{{ lookup("bitwarden", "the-hive/oauth", field="secret") }}' the_hive_oauth_org_name: 'status-im' # Cassandra auth the_hive_db_user: '{{ lookup("bitwarden", "the-hive/cassandra", field="username") }}' the_hive_db_pass: '{{ lookup("bitwarden", "the-hive/cassandra", field="password") }}' # Fetched in pre_tasks the_hive_db_hosts: | {{ cassandra_services.json | json_query('[].{ name: Node, addr: ServiceAddress, port: ServicePort }') | list }} # Open Ports ------------------------------------------------------------------- # Open Nginx Ports open_ports_default_comment: 'The Hive & Cortex' open_ports_default_chain: 'SERVICES' open_ports_list: - { port: 80, protocol: 'tcp' } - { port: 443, protocol: 'tcp' } # Nginx Proxy ------------------------------------------------------------------ # Proxy for The Hive UI nginx_sites: the_hive_http: - listen 80 - server_name {{ the_hive_domain }} - return 302 https://$server_name$request_uri the_hive_https: - listen 443 ssl - server_name {{ the_hive_domain }} - ssl_certificate /certs/status.im/origin.crt - ssl_certificate_key /certs/status.im/origin.key - location / { proxy_pass http://127.0.0.1:{{ the_hive_port }}/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_read_timeout 3600; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } cortex_http: - listen 80 - server_name {{ cortex_domain }} - return 302 https://$server_name$request_uri cortex_https: - listen 443 ssl - server_name {{ cortex_domain }} - ssl_certificate /certs/status.im/origin.crt - ssl_certificate_key /certs/status.im/origin.key - location / { proxy_pass http://127.0.0.1:{{ cortex_port }}/; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_read_timeout 3600; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; }