From 7ec7641eed1910e6843880a4e9f2363b381891ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Tue, 16 Aug 2022 18:01:55 +0200
Subject: [PATCH] nimbus.prater: open REST API ports to the fleet
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Allows for trusted node syncing through the VPN.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/group_vars/nimbus.prater.yml | 6 ++++++
 ansible/prater.yml                   | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/ansible/group_vars/nimbus.prater.yml b/ansible/group_vars/nimbus.prater.yml
index feeb032..a6ddd8d 100644
--- a/ansible/group_vars/nimbus.prater.yml
+++ b/ansible/group_vars/nimbus.prater.yml
@@ -43,6 +43,12 @@ beacon_node_service_user_pass: '{{lookup("bitwarden", "nimbus/windows", field="p
 beacon_node_web3_urls: '{{ beacon_node_web3_urls_all }}'
 beacon_node_web3_jwt_secret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
 
+# Open Ports
+open_ports_default_comment: 'Nimbus REST API'
+open_ports_default_chain: 'VPN'
+open_ports_list:
+  - { port: '9300:9310', ipset: '{{ env }}.{{ stage }}' }
+
 # Split by hostname for more central location
 nodes_layout:
   # WARNING: The nodes hosted on AWS are bootstrap nodes and should not be changed.
diff --git a/ansible/prater.yml b/ansible/prater.yml
index ec9d233..39b02b1 100644
--- a/ansible/prater.yml
+++ b/ansible/prater.yml
@@ -19,6 +19,7 @@
     - nimbus-prater-testing
     - nimbus-prater-unstable
   roles:
+    - { role: open-ports,        tags: open-ports        }
     - { role: get-geth-api-urls, tags: get-geth-api-urls }
   tasks:
     - include_role: name=infra-role-beacon-node-linux
@@ -33,6 +34,7 @@
   serial: '{{ serial|default(1) }}'
   hosts: nimbus-prater-metal
   roles:
+    - { role: open-ports,        tags: open-ports        }
     - { role: redirect-ports,    tags: [ redirect-ports ] }
     - { role: get-geth-api-urls, tags: [ get-geth-api-urls ] }
   tasks: