mirror of
https://github.com/status-im/infra-waku.git
synced 2025-01-24 20:00:26 +00:00
0251f37dbf
Signed-off-by: Alexis Pentori <alexis@status.im>
113 lines
4.1 KiB
YAML
113 lines
4.1 KiB
YAML
---
|
|
|
|
# Tag dependent on fleet: test
|
|
nim_waku_cont_tag: 'deploy-{{ env }}-{{ stage }}'
|
|
nim_waku_cont_name: 'nim-waku'
|
|
nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'
|
|
nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'
|
|
nim_waku_log_level: 'debug'
|
|
nim_waku_protocols_enabled: ['relay', 'rln-relay', 'store', 'filter', 'lightpush', 'peer-exchange']
|
|
nim_waku_disc_v5_enabled: true
|
|
nim_waku_dns4_domain_name: '{{ dns_entry }}'
|
|
nim_waku_node_key: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/nodekeys", field=hostname)}}'
|
|
nim_waku_cluster_id: 1
|
|
nim_waku_relay_shard_manager: true
|
|
|
|
# Subscribe to all shards
|
|
nim_waku_pubsub_topics:
|
|
- '/waku/2/rs/1/0'
|
|
- '/waku/2/rs/1/1'
|
|
- '/waku/2/rs/1/2'
|
|
- '/waku/2/rs/1/3'
|
|
- '/waku/2/rs/1/4'
|
|
- '/waku/2/rs/1/5'
|
|
- '/waku/2/rs/1/6'
|
|
- '/waku/2/rs/1/7'
|
|
|
|
# Ports
|
|
nim_waku_p2p_tcp_port: 30303
|
|
nim_waku_metrics_port: 8008
|
|
nim_waku_disc_v5_port: 9000
|
|
nim_waku_websock_port: 8000
|
|
nim_waku_rpc_tcp_port: 8545
|
|
|
|
# Limits
|
|
nim_waku_p2p_max_connections: 300
|
|
|
|
# Store
|
|
nim_waku_store_message_db_name: 'nim-waku'
|
|
nim_waku_store_message_db_user: 'nim-waku'
|
|
nim_waku_store_message_db_pass: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/db/nim-waku")}}'
|
|
nim_waku_store_message_db_url: 'postgres://{{ nim_waku_store_message_db_user}}:{{ nim_waku_store_message_db_pass}}@node-db-01.{{ ansible_domain }}.wg:5432/{{nim_waku_store_message_db_name}}'
|
|
nim_waku_store_message_retention_policy: 'size:50GB'
|
|
nim_waku_store_vacuum: true
|
|
|
|
# DNS Discovery
|
|
nim_waku_dns_disc_enabled: true
|
|
nim_waku_dns_disc_url_map:
|
|
test: 'enrtree://AOGYWMBYOUIMOENHXCHILPKY3ZRFEULMFI4DOM442QSZ73TT2A7VI@test.waku.nodes.status.im'
|
|
sandbox: 'enrtree://AIRVQ5DDA4FFWLRBCHJWUWOO6X6S4ZTZ5B667LQ6AJU6PEYDLRD5O@sandbox.waku.nodes.status.im'
|
|
nim_waku_dns_disc_url: '{{ nim_waku_dns_disc_url_map[stage] }}'
|
|
|
|
# Enable websockets in Waku
|
|
# Could run into the issue of overflowing ENR, might have to disable this.
|
|
nim_waku_websocket_enabled: true
|
|
nim_waku_websocket_secure_enabled: true
|
|
nim_waku_websocket_domain: '{{ dns_entry }}'
|
|
nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
|
|
nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
|
|
nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'
|
|
|
|
# Waku rln-relay parameters
|
|
nim_waku_rln_relay_dynamic: true
|
|
nim_waku_rln_relay_eth_contract_address: '0xCB33Aa5B38d79E3D9Fa8B10afF38AA201399a7e3'
|
|
nim_waku_rln_relay_eth_client_address: 'http://linux-01.ih-eu-mda1.nimbus.sepolia.wg:8556'
|
|
nim_waku_rln_relay_tree_path: '/data/rln_relay_tree'
|
|
nim_waku_rln_keystore_active: true
|
|
nim_waku_rln_cred_password: '{{ lookup("bitwarden", "fleets/" + env + "/" + stage + "/waku-rln", field="keystore-password")}}'
|
|
nim_waku_rln_account_key: '{{ lookup("bitwarden", "fleets/" + env + "/" + stage + "/waku-rln", field="account-private-key")}}'
|
|
|
|
# Consul Service
|
|
nim_waku_consul_success_before_passing: 5
|
|
nim_waku_consul_failures_before_warning: 2
|
|
nim_waku_consul_failures_before_critical: 20
|
|
|
|
# LetsEncrypt via Certbot
|
|
certbot_docker_enabled: true
|
|
certbot_admin_email: 'devops@status.im'
|
|
certbot_services_to_stop: ['nginx']
|
|
certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
|
|
certbot_certs:
|
|
- domains:
|
|
- '{{ nim_waku_websocket_domain }}'
|
|
- '{{ nim_waku_websocket_domain | replace("status.im", "statusim.net") }}' # Legacy Domain
|
|
|
|
# Connection limits
|
|
conn_limit_comment: 'WebSocket conn limit'
|
|
conn_limit_limit: 20
|
|
conn_limit_dport: '{{ nim_waku_websock_port }}'
|
|
|
|
# Open LibP2P Ports
|
|
open_ports_default_comment: '{{ nim_waku_cont_name }}'
|
|
open_ports_default_chain: 'SERVICES'
|
|
open_ports_default_protocol: 'tcp'
|
|
open_ports_list:
|
|
- { port: '80', comment: 'Nginx and Certbot' }
|
|
- { port: '{{ nim_waku_p2p_tcp_port }}' }
|
|
- { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
|
|
- { port: '{{ nim_waku_websock_port }}' }
|
|
- { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
|
|
|
|
# Public Config file access
|
|
nginx_sites:
|
|
nim_waku_config:
|
|
- listen 80 default_server
|
|
- location = / {
|
|
return 302 /config.toml;
|
|
}
|
|
- location = /config.toml {
|
|
root {{ nim_waku_node_conf_path }};
|
|
try_files /config.toml =404;
|
|
types { text/plain toml; }
|
|
}
|