infra-waku/ansible/group_vars/node.yml

---

# Tag dependent on fleet: test
nim_waku_cont_tag: 'deploy-{{ env }}-{{ stage }}'
nim_waku_cont_name: 'nim-waku'
nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'
nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'
nim_waku_log_level: 'debug'
nim_waku_protocols_enabled: ['relay', 'rln-relay', 'store', 'filter', 'lightpush', 'peer-exchange']
nim_waku_disc_v5_enabled: true
nim_waku_dns4_domain_name: '{{ dns_entry }}'
nim_waku_node_key: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/nodekeys", field=hostname)}}'
nim_waku_cluster_id: 1
nim_waku_relay_shard_manager: true

# Subscribe to all shards
nim_waku_pubsub_topics:
  - '/waku/2/rs/1/0'
  - '/waku/2/rs/1/1'
  - '/waku/2/rs/1/2'
  - '/waku/2/rs/1/3'
  - '/waku/2/rs/1/4'
  - '/waku/2/rs/1/5'
  - '/waku/2/rs/1/6'
  - '/waku/2/rs/1/7'

# Ports
nim_waku_p2p_tcp_port: 30303
nim_waku_metrics_port: 8008
nim_waku_disc_v5_port: 9000
nim_waku_websock_port: 8000
nim_waku_rpc_tcp_port: 8545

# Limits
nim_waku_p2p_max_connections: 300

# Store
nim_waku_store_message_db_name: 'nim-waku'
nim_waku_store_message_db_user: 'nim-waku'
nim_waku_store_message_db_pass: '{{lookup("bitwarden", "fleets/"+env+"/"+stage+"/db/nim-waku")}}'
nim_waku_store_message_db_url: 'postgres://{{ nim_waku_store_message_db_user}}:{{ nim_waku_store_message_db_pass}}@node-db-01.{{ ansible_domain }}.wg:5432/{{nim_waku_store_message_db_name}}'
nim_waku_store_message_retention_policy: 'size:50GB'
nim_waku_store_vacuum: true

# DNS Discovery
nim_waku_dns_disc_enabled: true
nim_waku_dns_disc_url_map:
   test:    'enrtree://AOGYWMBYOUIMOENHXCHILPKY3ZRFEULMFI4DOM442QSZ73TT2A7VI@test.waku.nodes.status.im'
   sandbox: 'enrtree://AIRVQ5DDA4FFWLRBCHJWUWOO6X6S4ZTZ5B667LQ6AJU6PEYDLRD5O@sandbox.waku.nodes.status.im'
nim_waku_dns_disc_url: '{{ nim_waku_dns_disc_url_map[stage] }}'

# Enable websockets in Waku
# Could run into the issue of overflowing ENR, might have to disable this.
nim_waku_websocket_enabled: true
nim_waku_websocket_secure_enabled: true
nim_waku_websocket_domain: '{{ dns_entry }}'
nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'

# Waku rln-relay parameters
nim_waku_rln_relay_dynamic: true
nim_waku_rln_relay_eth_contract_address: '0xCB33Aa5B38d79E3D9Fa8B10afF38AA201399a7e3'
nim_waku_rln_relay_eth_client_address: 'http://linux-01.ih-eu-mda1.nimbus.sepolia.wg:8556'
nim_waku_rln_relay_tree_path: '/data/rln_relay_tree'

# Consul Service
nim_waku_consul_success_before_passing: 5
nim_waku_consul_failures_before_warning: 2
nim_waku_consul_failures_before_critical: 20

# LetsEncrypt via Certbot
certbot_docker_enabled: true
certbot_admin_email: 'devops@status.im'
certbot_services_to_stop: ['nginx']
certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
certbot_certs:
  - domains:
    - '{{ nim_waku_websocket_domain }}'
    - '{{ nim_waku_websocket_domain | replace("status.im", "statusim.net") }}' # Legacy Domain

# Connection limits
conn_limit_comment: 'WebSocket conn limit'
conn_limit_limit: 20
conn_limit_dport: '{{ nim_waku_websock_port }}'

# Open LibP2P Ports
open_ports_default_comment: '{{ nim_waku_cont_name }}'
open_ports_default_chain: 'SERVICES'
open_ports_default_protocol: 'tcp'
open_ports_list:
  - { port: '80', comment: 'Nginx and Certbot' }
  - { port: '{{ nim_waku_p2p_tcp_port }}' }
  - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_websock_port }}' }
  - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }

# Public Config file access
nginx_sites:
  nim_waku_config:
    - listen 80 default_server
    - location = / {
        return 302 /config.toml;
      }
    - location = /config.toml {
        root {{ nim_waku_node_conf_path }};
        try_files /config.toml =404;
        types { text/plain toml; }
      }