status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

geth: switch to nftables

This commit is contained in:
Vedran Mendelski 2024-10-10 10:53:01 +02:00 committed by Vedran
parent b4414336ab
commit 27b10bd710
2 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ansible/group_vars/nimbus-geth-holesky.yml
View File

@ -31,10 +31,14 @@ geth_expo_source_cont_name: '{{ geth_cont_name }}'
geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
geth_expo_cont_port: '{{ 9400 + (idx|int) + 1 }}'
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Open Ports
open_ports_default_comment: 'Geth API'
open_ports_default_chain: 'VPN'
open_ports_list:
- { port: '9400:9404', ipset: 'metrics.hq', comment: 'Geth Metrics' }
- { port: '8551:8554', ipset: 'nimbus.holesky', comment: Geth }
- { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', comment: 'SMART Metrics' }
geth-node:
- { port: '9401-9404', comment: 'Geth Exporter', ipset: 'metrics.hq', iifname: 'wg0' }
- { port: '8552-8555', comment: 'Geth', ipset: 'nimbus.holesky', iifname: 'wg0' }
smart-metrics:
- { port: '{{ smart_metrics_listen_port }}', comment: 'SMART Metrics', ipset: 'metrics.hq', iifname: 'wg0' }

24
ansible/group_vars/nimbus-geth-mainnet.yml
View File

@ -31,15 +31,19 @@ geth_websocket_addr: '0.0.0.0'
geth_websocket_port: 8546
geth_expo_cont_port: 9200
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Open Ports
open_ports_default_comment: 'Geth API'
open_ports_default_chain: 'VPN'
open_ports_list:
- { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' }
- { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', comment: 'SMART Metrics' }
- { port: '{{ geth_rpc_port }}', ipset: 'nimbus.mainnet' }
- { port: '{{ geth_rpc_port }}', ipset: 'eth2.prod' }
- { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.mainnet' }
- { port: '{{ geth_authrpc_port }}', ipset: 'eth2.prod' }
- { port: '{{ geth_websocket_port }}', ipset: 'nimbus.mainnet' }
- { port: '{{ geth_websocket_port }}', ipset: 'eth2.prod' }
geth-node:
- { port: '{{ geth_port }}', comment: 'Geth LibP2P', protocol: 'tcp' }
- { port: '{{ geth_port }}', comment: 'Geth Discovery', protocol: 'udp' }
- { port: '{{ geth_expo_cont_port }}', comment: 'Geth Exporter', ipset: 'metrics.hq', iifname: 'wg0' }
- { port: '{{ geth_rpc_port }}', comment: 'Geth RPC', ipset: 'nimbus.mainnet', iifname: 'wg0' }
- { port: '{{ geth_authrpc_port }}', comment: 'Geth API', ipset: 'nimbus.mainnet', iifname: 'wg0' }
- { port: '{{ geth_websocket_port }}', comment: 'Geth Websocket', ipset: 'nimbus.mainnet', iifname: 'wg0' }
smart-metrics:
- { port: '{{ smart_metrics_listen_port }}', comment: 'SMART Metrics', ipset: 'metrics.hq', iifname: 'wg0' }