-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinventory-prod.yml
152 lines (130 loc) · 6.24 KB
/
inventory-prod.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
# Secret files in group_vars/all/inventory_secret.yml
all:
vars:
# Sensible defaults
ansible_user: sysadmin
ansible_python_interpreter: /usr/bin/python3
# Prevent debian from using predictable network - reboot required
common_predictable_network: false
# Personal git hub token for starling bot to download private github repos
github_token: "{{ secret_github_token }}" # Starling
# Lets Encrypt email address
letsencrypt_email: [email protected]
# Path to shared nfs integrity_store
nfs_shared_path: integrity_store
# Server that monitoring configs will be updated on
monitor_server: "monitor.prod.starlinglab.org"
# Loki Data
loki_url: "{{monitor_server}}:443/loki/api/v1/push"
loki_username: loki
loki_password: "{{secret_loki_password}}"
# E-mail credentials
outbound_email_login: [email protected]
outbound_email_password: "{{ secret_outbound_email_password }}"
outbound_email_hostname: smtp.gmail.com
outbound_email_port: 587
outbound_email_address: "{{ outbound_email_login }}"
# Set root and sysadmin passwords on all servers
root_password: "{{ secret_root_password }}"
sysadmin_password: "{{ secret_sysadmin_password }}"
# Keys to add to all servers
ssh_user_keys:
- name: yurko
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtv4I2W8TlVsWKKHwASF78cGrn06BJi9dGQQQksW0Ke9ED/KJG2pvG4GXnh57/AOuJtUaS3gXBEj/knE3t/qtvO2cUg1EufnkItzNLdY1B0Hwm98I8O7JdhE+3c/SUIU4Miioj/IlKl8fRxDqx03FTVBdd6Q7kKF79LcobTqo7Pd6i7vnp46U6bBm01tDdRB+g+lok9x+B8umRqqjAGcboucwZ5NrzmLjz/p1wg+5Gva2zcyzBp1aQk7JPhsbElTLfhUP7hJbJ6rFWnebgK8z/vbyofeZljXb6LttttMGoWKg6QAdn61mRwEGff1FUPVLiEVnQ5IY+f97NlQ36c81b yurko@starling"
- name: ben
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLiPavTvnbFRc6JvkGVinFoAk93k88KTg1u3zZQxMyW benedict@starling"
- name: cole
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDa7CV1MuEEWiO21CcrakO5h/2W8SgXGqN9xUj7tmT/9i4+IYoCFw4eARe9ZMUUuAa/jBThKK9oAylMEc5u6faWUVUNY5z46KeNEH482z+kcprSEYEY0w9lWyA5c93BIRcvH3KYZkfwCe4U5i6cxD3RAHJNTuHKdeUfT4hCWEyJMKNPsW5ggILJe/9Iq7XVy1ukXmV+ta0u9AKH/fWW4OA6RADzD7eFNZtooZoU1VAcRgpaLhzVFp+0kyhBIciiajZ4r217TMA+DEQ9QGVIxrQJJGm6v0UYLOPuv3NAnGrjHFE7+gGXKVQljx2N/eoyKmF7lWaqDBg3uvic3FCSBeunC5rggeFTtfZ37/J9Lk+rwWwk3HgfzLc7eefYG2lPoX3ftjeD41E4EcobH8A2J1dOgcD7SiOwCZc8dGtWMjC02SaSufWnl8swphd+PNdO/JeWLbGmnVW3AfiaDrVHLXviP2NRfwEKtbH4oB9d/aaryREgi3fLm6MsRm8c+GSWUOc= cole@hypha"
- name: basilesimon
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiERM3s7o882wuqwgMALsRgmZlvtjq4KFjK7AqAqWQP basile@starling"
ipfs_swarm_key: "{{ secret_ipfs_swarm_key }}"
children:
integrity:
hosts:
integrity.prod.starlinglab.org:
integrity_preprocessor_repo_branch: main
# Signal Bot
integrity_preprocessor_chatbot: True
signal_bot:
"main":
signal_phone_number: "12899990286"
signal_account_file: "prod_signal_account.zip"
# Browsertrix
integrity_preprocessor_browsertrix: True
browsertrix_username: "[email protected]"
browsertrix_password: "{{ secret_integrity_browsertrix_password }}"
# http
integrity_preprocessor_http: True
integrity_preprocessor_http_secret: "{{secret_preprocessor_http_secret}}"
# folder
integrity_preprocessor_folder: True
integrity_preprocessor_folder_config: "prod_preprocessor-folder.json"
dropbox_loki: true
# Common
monitor_job: "production"
firewall_ports:
- "ssh":
port: 22
- "ssl":
port: 443
- "http":
port: 80
- "nodeexporter":
port: 9100
source: "{{ monitor_server }}"
sourceIPv6: "{{ monitor_server }}"
- "nfs":
port: 2049
source: "10.55.1.0/24"
sourceIPv6: "2607:5300:203:9c8c:ffff::/64"
nginx_sites:
"integrity.prod.starlinglab.org":
ssl_provider: letsencrypt
web_hostname: "integrity.prod.starlinglab.org"
locations:
"/":
proxy_location: "http://127.0.0.1:8080"
"api.integrity.prod.starlinglab.org":
web_hostname: "api.integrity.prod.starlinglab.org"
ssl_provider: letsencrypt
locations:
"/":
proxy_location: "http://127.0.0.1:8079"
"/authsign/":
proxy_location: http://127.0.0.1:8881/
"authsign.starlinglab.org":
web_hostname: "authsign.starlinglab.org"
ssl_redirect: False
ssl_provider: False
locations:
"/":
proxy_location: http://127.0.0.1:81
auth_sign:
"authsign.starlinglab.org":
port: 81
apiport: 8881
token: "{{ authsign_token }}"
# Backend
integrity_backend_repo_branch: main
integrity_jwt_secret: "{{ secret_integrity_jwt }}"
integrity_clain_tool_path: "/home/starling/c2patool"
integrity_data_path: "/mnt/{{ nfs_shared_path }}/starling"
nfs_server_exports:
- "/mnt/{{ nfs_shared_path }} 10.55.1.0/24(rw,all_squash,anonuid=1001,anongid=1001)"
numbers_api_network: "mainnet"
iscn_mnemonic: "{{ secret_iscn_mnemonic_stg }}"
numbers_api_secret: "{{secret_numbers_api_stg}}"
authsign_token: "{{ secret_authsign_token }}"
ssh_additional_user_keys:
- name: katelynsills
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTtuJzovYtSjmICh6LqhnLwKUyJAUjdSmOO+BRayEdL [email protected]"
- name: tripledoublev
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP//M97cGGSi9zIL32XjjydmhDAaemHPbL3UI2WS+3h+ [email protected]"
mount_rclone_output:
src: /mnt/integrity_store/starling/shared/
target: /mnt/integrity_store/store/rclone/sync/shared-output/
rclone_remote_path: /integrity-prod-starling-org
ipfs:
hosts:
integrity.prod.starlinglab.org:
ipfs_ip: "198.50.135.54"