status-im
/
infra-the-hive
mirror of https://github.com/status-im/infra-the-hive.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
infra-the-hive/ansible/group_vars/thehive-master.yml

134 lines
4.6 KiB
YAML
Raw Blame History

---
# ElasticSearch Cluster
es_cluster_name: 'cortex'
# Cortex -----------------------------------------------------------------------
cortex_domain: 'cortex.status.im'
cortex_port: 9001
# Super Admin
cortex_admin_user: '{{ lookup("bitwarden", "the-hive/cortex/admin", field="username") }}'
cortex_admin_pass: '{{ lookup("bitwarden", "the-hive/cortex/admin", field="password") }}'
# TheHive API Access
cortex_the_hive_user: '{{ lookup("bitwarden", "the-hive/cortex/api", field="username") }}'
cortex_the_hive_pass: '{{ lookup("bitwarden", "the-hive/cortex/api", field="password") }}'
# Paths
cortex_conf_path: '/data/cortex/conf'
cortex_logs_path: '/data/cortex/logs'
# Cortex application secret
cortex_http_secret: '{{ lookup("bitwarden", "the-hive/cortex/app", field="http-secret") }}'
# ElasticSearch cluster
cortex_search_cluster_name: 'cortex'
# Fetched in pre_tasks
cortex_search_nodes: |
{{ elasticsearch_services.json
| json_query('[].{ name: Node, addr: ServiceAddress, port: ServicePort }')
| list }}
# GitHub OAuth details
cortex_oauth_client_id: '{{ lookup("bitwarden", "the-hive/cortex/oauth", field="id") }}'
cortex_oauth_client_secret: '{{ lookup("bitwarden", "the-hive/cortex/oauth", field="secret") }}'
# The Hive ---------------------------------------------------------------------
the_hive_domain: 'hive.status.im'
the_hive_port: 9000
# TheHive application secret
the_hive_app_http_secret: '{{ lookup("bitwarden", "the-hive/app", field="http-secret") }}'
# Paths
the_hive_conf_path: '/data/thehive/conf'
the_hive_data_path: '/data/thehive/data'
the_hive_logs_path: '/data/thehive/logs'
# Cortex connection
the_hive_cortex_host: 'localhost'
the_hive_cortex_port: '{{ cortex_port }}'
the_hive_cortex_user: '{{ cortex_the_hive_user }}'
the_hive_cortex_pass: '{{ cortex_the_hive_pass }}'
# GitHub OAuth
the_hive_oauth_client_id: '{{ lookup("bitwarden", "the-hive/oauth", field="id") }}'
the_hive_oauth_client_secret: '{{ lookup("bitwarden", "the-hive/oauth", field="secret") }}'
the_hive_oauth_org_name: 'status-im'
# Cassandra auth
the_hive_db_user: '{{ lookup("bitwarden", "the-hive/cassandra", field="username") }}'
the_hive_db_pass: '{{ lookup("bitwarden", "the-hive/cassandra", field="password") }}'
# Fetched in pre_tasks
the_hive_db_hosts: |
{{ cassandra_services.json
| json_query('[].{ name: Node, addr: ServiceAddress, port: ServicePort }')
| list }}
# Open Ports -------------------------------------------------------------------
# Open Nginx Ports
open_ports_default_comment: 'The Hive & Cortex'
open_ports_default_chain: 'SERVICES'
open_ports_list:
- { port: 80, protocol: 'tcp' }
- { port: 443, protocol: 'tcp' }
# Nginx Proxy ------------------------------------------------------------------
# Proxy for The Hive UI
nginx_sites:
the_hive_http:
- listen 80
- server_name {{ the_hive_domain }}
- return 302 https://$server_name$request_uri
the_hive_https:
- listen 443 ssl
- server_name {{ the_hive_domain }}
- ssl_certificate /certs/status.im/origin.crt
- ssl_certificate_key /certs/status.im/origin.key
- location / {
proxy_pass http://127.0.0.1:{{ the_hive_port }}/;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
cortex_http:
- listen 80
- server_name {{ cortex_domain }}
- return 302 https://$server_name$request_uri
cortex_https:
- listen 443 ssl
- server_name {{ cortex_domain }}
- ssl_certificate /certs/status.im/origin.crt
- ssl_certificate_key /certs/status.im/origin.key
- location / {
proxy_pass http://127.0.0.1:{{ cortex_port }}/;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 3600;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
Reference in New Issue View Git Blame Copy Permalink