From 37a3c61f0c259607699d9ce09603abcd15f3cea6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Tue, 3 Dec 2024 15:41:16 +0100
Subject: [PATCH] public: add eth1-db.nimbus.team hosting for DBs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Required by Jacek to grant access for devs and users to
partially sinced databases for nimbus-eth1 nodes.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 README.md                                     |  1 +
 ansible/era.yml                               | 23 +-------------
 .../metal-01.ih-eu-mda1.nimbus.eth1.yml       | 30 +++++++++++++++++++
 ansible/public.yml                            | 23 ++++++++++++++
 era.tf => public.tf                           | 10 +++++++
 5 files changed, 65 insertions(+), 22 deletions(-)
 mode change 100644 => 120000 ansible/era.yml
 create mode 100644 ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml
 create mode 100644 ansible/public.yml
 rename era.tf => public.tf (82%)

diff --git a/README.md b/README.md
index ec2e6af..6081aac 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,7 @@ There are also archives of ERA files:
 | https://sepolia.era.nimbus.team/  | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://sepolia.era1.nimbus.team/ | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://holesky.era.nimbus.team/  | `geth-01.ih-eu-mda1.nimbus.holesky`   |
+| https://eth1-db.nimbus.team/      | `metal-01.ih-eu-mda1.nimbus.eth1`     |
 
 # Dashboards
 
diff --git a/ansible/era.yml b/ansible/era.yml
deleted file mode 100644
index 24ca0fb..0000000
--- a/ansible/era.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- name: Verify Ansible versions
-  hosts: all
-  tags: always
-  become: false
-  run_once: true
-  gather_facts: false
-  tasks:
-    - local_action: command ./roles.py --check
-      changed_when: false
-
-- name: Configure ERA & ERA1 files hosting
-  become: true
-  hosts:
-    - erigon-01.ih-eu-mda1.nimbus.mainnet
-    - nec-01.ih-eu-mda1.nimbus.mainnet
-    - linux-01.ih-eu-mda1.nimbus.sepolia
-    - geth-01.ih-eu-mda1.nimbus.holesky
-  roles:
-    - { role: infra-role-open-ports,   tags: open-ports   }
-    - { role: infra-role-origin-certs, tags: origin-certs }
-    - { role: infra-role-nginx,        tags: nginx        }
diff --git a/ansible/era.yml b/ansible/era.yml
new file mode 120000
index 0000000..0f97b9f
--- /dev/null
+++ b/ansible/era.yml
@@ -0,0 +1 @@
+public.yml
\ No newline at end of file
diff --git a/ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml b/ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml
new file mode 100644
index 0000000..51ddd45
--- /dev/null
+++ b/ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml
@@ -0,0 +1,30 @@
+---
+# Eth1 DB files hosting
+eth1_db_files_domain: 'eth1-db.nimbus.team'
+eth1_db_files_path: '/data/nimbus-eth1-db'
+
+# CloudFlare Origin certificates
+origin_certs:
+  - domain: 'nimbus.team'
+    crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}'
+    key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}'
+
+# Open Ports
+open_ports_list:
+  nginx:
+    - { port: '443', comment: 'Nginx' }
+
+nginx_sites:
+  eth1_db:
+    - listen 443 ssl
+
+    - server_name {{ eth1_db_files_domain }}
+
+    - ssl_certificate     /certs/nimbus.team/origin.crt
+    - ssl_certificate_key /certs/nimbus.team/origin.key
+
+    - location / {
+        root {{ eth1_db_files_path }};
+        autoindex on;
+        autoindex_format html;
+      }
diff --git a/ansible/public.yml b/ansible/public.yml
new file mode 100644
index 0000000..271a3c4
--- /dev/null
+++ b/ansible/public.yml
@@ -0,0 +1,23 @@
+---
+- name: Verify Ansible versions
+  hosts: all
+  tags: always
+  become: false
+  run_once: true
+  gather_facts: false
+  tasks:
+    - local_action: command ./roles.py --check
+      changed_when: false
+
+- name: Configure ERA, ERA1, and DB files hosting
+  become: true
+  hosts:
+    - erigon-01.ih-eu-mda1.nimbus.mainnet
+    - geth-01.ih-eu-mda1.nimbus.holesky
+    - linux-01.ih-eu-mda1.nimbus.sepolia
+    - metal-01.ih-eu-mda1.nimbus.eth1
+    - nec-01.ih-eu-mda1.nimbus.mainnet
+  roles:
+    - { role: infra-role-open-ports,   tags: open-ports   }
+    - { role: infra-role-origin-certs, tags: origin-certs }
+    - { role: infra-role-nginx,        tags: nginx        }
diff --git a/era.tf b/public.tf
similarity index 82%
rename from era.tf
rename to public.tf
index 4386596..61a4ffc 100644
--- a/era.tf
+++ b/public.tf
@@ -41,3 +41,13 @@ resource "cloudflare_record" "era1_mainnet" {
   type    = "A"
   proxied = true
 }
+
+/* Nimbus-eth1 DB hosting */
+
+resource "cloudflare_record" "nimbus_eth1_db" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "eth1-db"
+  value   = module.nimbus_eth1_node_innova.public_ips[0]
+  type    = "A"
+  proxied = true
+}