public: add eth1-db.nimbus.team hosting for DBs

Required by Jacek to grant access for devs and users to partially sinced databases for nimbus-eth1 nodes. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-12-03 15:41:16 +01:00 · 2024-12-03 15:41:16 +01:00 · 37a3c61f0c
parent 4b940ed263
commit 37a3c61f0c
5 changed files with 65 additions and 22 deletions
--- a/README.md
+++ b/README.md
@ -25,6 +25,7 @@ There are also archives of ERA files:
 | https://sepolia.era.nimbus.team/  | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://sepolia.era1.nimbus.team/ | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://holesky.era.nimbus.team/  | `geth-01.ih-eu-mda1.nimbus.holesky`   |
+| https://eth1-db.nimbus.team/      | `metal-01.ih-eu-mda1.nimbus.eth1`     |

 # Dashboards

--- a/ansible/era.yml
+++ b/ansible/era.yml
@ -1,22 +0,0 @@
---
- name: Verify Ansible versions
-  hosts: all
-  tags: always
-  become: false
-  run_once: true
-  gather_facts: false
-  tasks:
-    - local_action: command ./roles.py --check
-      changed_when: false
-
- name: Configure ERA & ERA1 files hosting
-  become: true
-  hosts:
-    - erigon-01.ih-eu-mda1.nimbus.mainnet
-    - nec-01.ih-eu-mda1.nimbus.mainnet
-    - linux-01.ih-eu-mda1.nimbus.sepolia
-    - geth-01.ih-eu-mda1.nimbus.holesky
-  roles:
-    - { role: infra-role-open-ports,   tags: open-ports   }
-    - { role: infra-role-origin-certs, tags: origin-certs }
-    - { role: infra-role-nginx,        tags: nginx        }
--- a/ansible/era.yml
+++ b/ansible/era.yml
@ -0,0 +1 @@
+public.yml
--- a/ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml
+++ b/ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml
@ -0,0 +1,30 @@
+---
+# Eth1 DB files hosting
+eth1_db_files_domain: 'eth1-db.nimbus.team'
+eth1_db_files_path: '/data/nimbus-eth1-db'
+
+# CloudFlare Origin certificates
+origin_certs:
+  - domain: 'nimbus.team'
+    crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}'
+    key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}'
+
+# Open Ports
+open_ports_list:
+  nginx:
+    - { port: '443', comment: 'Nginx' }
+
+nginx_sites:
+  eth1_db:
+    - listen 443 ssl
+
+    - server_name {{ eth1_db_files_domain }}
+
+    - ssl_certificate     /certs/nimbus.team/origin.crt
+    - ssl_certificate_key /certs/nimbus.team/origin.key
+
+    - location / {
+        root {{ eth1_db_files_path }};
+        autoindex on;
+        autoindex_format html;
+      }
--- a/ansible/public.yml
+++ b/ansible/public.yml
@ -0,0 +1,23 @@
+---
+- name: Verify Ansible versions
+  hosts: all
+  tags: always
+  become: false
+  run_once: true
+  gather_facts: false
+  tasks:
+    - local_action: command ./roles.py --check
+      changed_when: false
+
+- name: Configure ERA, ERA1, and DB files hosting
+  become: true
+  hosts:
+    - erigon-01.ih-eu-mda1.nimbus.mainnet
+    - geth-01.ih-eu-mda1.nimbus.holesky
+    - linux-01.ih-eu-mda1.nimbus.sepolia
+    - metal-01.ih-eu-mda1.nimbus.eth1
+    - nec-01.ih-eu-mda1.nimbus.mainnet
+  roles:
+    - { role: infra-role-open-ports,   tags: open-ports   }
+    - { role: infra-role-origin-certs, tags: origin-certs }
+    - { role: infra-role-nginx,        tags: nginx        }
--- a/public.tf
+++ b/public.tf
@ -41,3 +41,13 @@ resource "cloudflare_record" "era1_mainnet" {
  type    = "A"
  proxied = true
 }
+
+/* Nimbus-eth1 DB hosting */
+
+resource "cloudflare_record" "nimbus_eth1_db" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "eth1-db"
+  value   = module.nimbus_eth1_node_innova.public_ips[0]
+  type    = "A"
+  proxied = true
+}