35 lines
3.1 KiB
YAML
35 lines
3.1 KiB
YAML
---
|
|
# Root password
|
|
bootstrap__root_pass: '{{lookup("vault", "hosts", field="root-pass", stage="all", env="all")}}'
|
|
# Consul
|
|
bootstrap__consul_encryption_key: '{{lookup("vault", "consul/config", field="encryption-key", stage="all", env="all")}}'
|
|
bootstarp__consul_agent_acl_token: '{{lookup("vault", "consul/acl-tokens", field="agent-default", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_ca_crt: '{{lookup("vault", "consul/certs", field="ca.pem", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_client_crt: '{{lookup("vault", "consul/certs", field="client.pem", stage="all", env="all")}}'
|
|
bootstrap__consul_certs_client_key: '{{lookup("vault", "consul/certs", field="client-key.pem", stage="all", env="all")}}'
|
|
# SSHGuard
|
|
bootstrap__sshguard_whitelist_extra: ['{{lookup("vault", "sshguard/whitelist", field="jakubgs-home", stage="all", env="all")}}']
|
|
# Wireguard
|
|
wireguard_consul_acl_token: '{{lookup("vault", "consul/acl-tokens", field="wireguard", stage="all", env="all")}}'
|
|
|
|
# Volume of Trace level logs is too high and fills up ES cluster.
|
|
bootstrap__rsyslog_filter_rules: ['TRC']
|
|
|
|
# Docker registry
|
|
bootstrap__docker_registries:
|
|
- url: 'https://harbor.status.im'
|
|
username: 'robot$wakuorg+infra-waku'
|
|
password: '{{ lookup("vault", "robot", field="robot$wakuorg+infra-waku", env="ci", stage="harbor")}}'
|
|
|
|
# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
|
|
bootstrap__active_extra_users:
|
|
- { name: hanno, uid: 8003, admin: true, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDlvmNGKxoddAmOuXvjm0II0M82aLjczb8F1ZTSV7zyvKaw6DNuaN6c6ZCdUvdjfF4hdEwMXNB37Cr5oysPo41rIuii+RVPd+c2WLZnC/MCg8d6b0/mREIfpuEMlz+u4lyr8/DST7zO4Ke95w5kVGtlh2kR88F9mlJlkyq2NCiqBU/blKObOjqS8OMRuMJ0GpwzF9+/dfXVahzdgHgKS0Q1ATvLHL0DvZSAGwHfHcIV5nF0ddRCofX4L2shIImZk5dAsATQTkT2gNWObhF6KuWbVyuhsLfRletzdnf8jUYm9Uatf7Woa9CxbPjdGxVxniZblmOumcaCNgaioKs0qeZzwNQmgJ/PXXw9uVWhDUYvNh7Cz+SNTVm4WG1tEk3WO9EU5dcCTgfEa94LUl5G+yXYX8H00spubpiWXv/0RjEQX4CZeu0pff209GLDWdpIaV8p9QVFBr8X8t8jw5zw5j/PxkprcT5P2A1t+WOUn9LrBzOJ1iAU3oJV3ZMYQhUS78= hanno@status.im' }
|
|
- { name: ivan, uid: 8004, admin: true, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBdm8y1PfWjT1pioaWJSZ2ETrUySb+dS/ifDg+VIpLY ivansete@status.im' }
|
|
- { name: zoltan, uid: 8005, admin: true, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNYe8dLIGTTrTYgKfaXhai6uQmJfewJPi3MXwIeM2Zk zoltan@status.im' }
|
|
- { name: gabriel,uid: 8006, admin: true, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/Z8eRjB+uYwC8OTYwMI5HYaZvpD68fKLvo2f6/2abzs5MTskXVlDFB7XDsFw+s1oloKKKNl+VYA7WR4qO8c0usMHll2Io1XuRdMJQsUaERpxKOeddIpsOaAmHea7Dh/JVdC07aQm0QDYnfSXD66k//LD2EfjSp/9L6ObPbtWSYnMtlIxmNq8hdP33R59HAcpZtXnubElQhxAMtY4pnBNI/jJS44uan2asNT4vftUMUAmSGjwTVgbRHiE1nyvwcisvy8kDQILXxchetRcWZw/aztmvWUYOTebgdvlMirZRLw6gLjjKMoGgRIpI/vDHZyYezEdzjOLf//4qcD4ez5H gabriel@status.im' }
|
|
|
|
# Wazuh Agent
|
|
wazuh_agent_enrollment_key: '{{ lookup("vault", "manager/config", field="enrollment-password", env="hq", stage="wazuh")}}'
|
|
wazuh_root_ca: '{{ lookup("vault", "root-ca", field="certificate", env="hq", stage="wazuh")}}'
|
|
|