public: add eth1-db.nimbus.team hosting for DBs

Required by Jacek to grant access for devs and users to
partially sinced databases for nimbus-eth1 nodes.

Signed-off-by: Jakub Sokołowski <jakub@status.im>

README.md

@@ -25,6 +25,7 @@ There are also archives of ERA files:
 | https://sepolia.era.nimbus.team/  | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://sepolia.era1.nimbus.team/ | `linux-01.ih-eu-mda1.nimbus.sepolia`  |
 | https://holesky.era.nimbus.team/  | `geth-01.ih-eu-mda1.nimbus.holesky`   |
+| https://eth1-db.nimbus.team/      | `metal-01.ih-eu-mda1.nimbus.eth1`     |
 
 # Dashboards
 

ansible/era.yml

@@ -1,22 +0,0 @@
----
-- name: Verify Ansible versions
-  hosts: all
-  tags: always
-  become: false
-  run_once: true
-  gather_facts: false
-  tasks:
-    - local_action: command ./roles.py --check
-      changed_when: false
-
-- name: Configure ERA & ERA1 files hosting
-  become: true
-  hosts:
-    - erigon-01.ih-eu-mda1.nimbus.mainnet
-    - nec-01.ih-eu-mda1.nimbus.mainnet
-    - linux-01.ih-eu-mda1.nimbus.sepolia
-    - geth-01.ih-eu-mda1.nimbus.holesky
-  roles:
-    - { role: infra-role-open-ports,   tags: open-ports   }
-    - { role: infra-role-origin-certs, tags: origin-certs }
-    - { role: infra-role-nginx,        tags: nginx        }

ansible/era.yml

@@ -0,0 +1 @@
+public.yml

ansible/host_vars/metal-01.ih-eu-mda1.nimbus.eth1.yml

@@ -0,0 +1,30 @@
+---
+# Eth1 DB files hosting
+eth1_db_files_domain: 'eth1-db.nimbus.team'
+eth1_db_files_path: '/data/nimbus-eth1-db'
+
+# CloudFlare Origin certificates
+origin_certs:
+  - domain: 'nimbus.team'
+    crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}'
+    key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}'
+
+# Open Ports
+open_ports_list:
+  nginx:
+    - { port: '443', comment: 'Nginx' }
+
+nginx_sites:
+  eth1_db:
+    - listen 443 ssl
+
+    - server_name {{ eth1_db_files_domain }}
+
+    - ssl_certificate     /certs/nimbus.team/origin.crt
+    - ssl_certificate_key /certs/nimbus.team/origin.key
+
+    - location / {
+        root {{ eth1_db_files_path }};
+        autoindex on;
+        autoindex_format html;
+      }

ansible/public.yml

@@ -0,0 +1,23 @@
+---
+- name: Verify Ansible versions
+  hosts: all
+  tags: always
+  become: false
+  run_once: true
+  gather_facts: false
+  tasks:
+    - local_action: command ./roles.py --check
+      changed_when: false
+
+- name: Configure ERA, ERA1, and DB files hosting
+  become: true
+  hosts:
+    - erigon-01.ih-eu-mda1.nimbus.mainnet
+    - geth-01.ih-eu-mda1.nimbus.holesky
+    - linux-01.ih-eu-mda1.nimbus.sepolia
+    - metal-01.ih-eu-mda1.nimbus.eth1
+    - nec-01.ih-eu-mda1.nimbus.mainnet
+  roles:
+    - { role: infra-role-open-ports,   tags: open-ports   }
+    - { role: infra-role-origin-certs, tags: origin-certs }
+    - { role: infra-role-nginx,        tags: nginx        }

public.tf

@@ -41,3 +41,13 @@ resource "cloudflare_record" "era1_mainnet" {
   type    = "A"
   proxied = true
 }
+
+/* Nimbus-eth1 DB hosting */
+
+resource "cloudflare_record" "nimbus_eth1_db" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "eth1-db"
+  value   = module.nimbus_eth1_node_innova.public_ips[0]
+  type    = "A"
+  proxied = true
+}