infra-waku/ansible/group_vars/all.yml

---
# Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Consul
bootstrap__consul_encryption_key:   '{{lookup("bitwarden", "consul/cluster",    field="encryption-key")}}'
bootstarp__consul_agent_acl_token:  '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'
bootstrap__consul_certs_ca_crt:     '{{lookup("bitwarden", "consul/certs",      file="ca.pem")}}'
bootstrap__consul_certs_client_crt: '{{lookup("bitwarden", "consul/certs",      file="client.pem")}}'
bootstrap__consul_certs_client_key: '{{lookup("bitwarden", "consul/certs",      file="client-key.pem")}}'
# SSHGuard
bootstrap__sshguard_whitelist_extra: ['{{lookup("bitwarden", "sshguard/whitelist", field="jakubgs-home")}}']
# Wireguard
wireguard_consul_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="wireguard")}}'

# Volume of Trace level logs is too high and fills up ES cluster.
bootstrap__rsyslog_filter_rules: ['TRC']

# Docker registry
bootstrap__docker_registries:
  - url:      'https://harbor.status.im'
    username: 'robot$wakuorg+infra-waku'
    password: '{{ lookup("bitwarden", "harbor-robot", field="robot$wakuorg+infra-waku") }}'

# Custom SSH accounts for Nimbus fleet, should start from UID 8000.
bootstrap__active_extra_users:
  - { name: hanno,  uid: 8003, admin: true, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDlvmNGKxoddAmOuXvjm0II0M82aLjczb8F1ZTSV7zyvKaw6DNuaN6c6ZCdUvdjfF4hdEwMXNB37Cr5oysPo41rIuii+RVPd+c2WLZnC/MCg8d6b0/mREIfpuEMlz+u4lyr8/DST7zO4Ke95w5kVGtlh2kR88F9mlJlkyq2NCiqBU/blKObOjqS8OMRuMJ0GpwzF9+/dfXVahzdgHgKS0Q1ATvLHL0DvZSAGwHfHcIV5nF0ddRCofX4L2shIImZk5dAsATQTkT2gNWObhF6KuWbVyuhsLfRletzdnf8jUYm9Uatf7Woa9CxbPjdGxVxniZblmOumcaCNgaioKs0qeZzwNQmgJ/PXXw9uVWhDUYvNh7Cz+SNTVm4WG1tEk3WO9EU5dcCTgfEa94LUl5G+yXYX8H00spubpiWXv/0RjEQX4CZeu0pff209GLDWdpIaV8p9QVFBr8X8t8jw5zw5j/PxkprcT5P2A1t+WOUn9LrBzOJ1iAU3oJV3ZMYQhUS78= hanno@status.im' }
  - { name: ivan,   uid: 8004, admin: true, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJBdm8y1PfWjT1pioaWJSZ2ETrUySb+dS/ifDg+VIpLY ivansete@status.im' }
  - { name: zoltan, uid: 8005, admin: true, key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNYe8dLIGTTrTYgKfaXhai6uQmJfewJPi3MXwIeM2Zk zoltan@status.im' }
  - { name: gabriel,uid: 8006, admin: true, key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2/Z8eRjB+uYwC8OTYwMI5HYaZvpD68fKLvo2f6/2abzs5MTskXVlDFB7XDsFw+s1oloKKKNl+VYA7WR4qO8c0usMHll2Io1XuRdMJQsUaERpxKOeddIpsOaAmHea7Dh/JVdC07aQm0QDYnfSXD66k//LD2EfjSp/9L6ObPbtWSYnMtlIxmNq8hdP33R59HAcpZtXnubElQhxAMtY4pnBNI/jJS44uan2asNT4vftUMUAmSGjwTVgbRHiE1nyvwcisvy8kDQILXxchetRcWZw/aztmvWUYOTebgdvlMirZRLw6gLjjKMoGgRIpI/vDHZyYezEdzjOLf//4qcD4ez5H gabriel@status.im' }