From 8f62939e54d60927f1d9a3d39e25c8994150cde5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Thu, 20 Jun 2024 16:17:16 +0200
Subject: [PATCH] mainnet,sepolia,holesky: open Nginx ports for ERA files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It appears the rules were lost at some point:
https://github.com/status-im/infra-nimbus/issues/187

And yes, not all hosts need this port open, but will in the future and
there's currently no harm in it, it's just dev fleets.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/group_vars/nimbus.holesky.yml | 2 ++
 ansible/group_vars/nimbus.mainnet.yml | 2 ++
 ansible/group_vars/nimbus.sepolia.yml | 4 +++-
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/ansible/group_vars/nimbus.holesky.yml b/ansible/group_vars/nimbus.holesky.yml
index 9486da7..cc5b6d3 100644
--- a/ansible/group_vars/nimbus.holesky.yml
+++ b/ansible/group_vars/nimbus.holesky.yml
@@ -158,6 +158,8 @@ nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-unsta
 # Open Ports -------------------------------------------------------------------
 open_ports_default_chain: 'VPN'
 open_ports_list:
+  - { port: '80',          chain: 'SERVICES',    comment: 'Nginx' }
+  - { port: '443',         chain: 'SERVICES',    comment: 'Nginx' }
   - { port: '6060:6070',   ipset: 'metrics.hq',  comment: 'EL Metrics' }
   - { port: '9400:9404',   ipset: 'metrics.hq',  comment: 'Geth Exporter' }
   - { port: '9300:9310',   ipset: '{{ env }}.{{ stage }}', comment: 'Nimbus REST API' }
diff --git a/ansible/group_vars/nimbus.mainnet.yml b/ansible/group_vars/nimbus.mainnet.yml
index 4b1bb98..6f4cde9 100644
--- a/ansible/group_vars/nimbus.mainnet.yml
+++ b/ansible/group_vars/nimbus.mainnet.yml
@@ -118,6 +118,8 @@ nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-stabl
 open_ports_default_comment: 'Nimbus REST API'
 open_ports_default_chain: 'VPN'
 open_ports_list:
+  - { port: '80',                              chain: 'SERVICES',       comment: 'Nginx' }
+  - { port: '443',                             chain: 'SERVICES',       comment: 'Nginx' }
   - { port: '9300:9310',                       ipset: '{{ env }}.{{ stage }}' }
   - { port: '9400',                            ipset: 'metrics.hq',     comment: 'Geth Exporter' }
   - { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq',     comment: 'SMART Metrics' }
diff --git a/ansible/group_vars/nimbus.sepolia.yml b/ansible/group_vars/nimbus.sepolia.yml
index c1671e6..f4e3d5f 100644
--- a/ansible/group_vars/nimbus.sepolia.yml
+++ b/ansible/group_vars/nimbus.sepolia.yml
@@ -100,7 +100,9 @@ nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-unsta
 # Open Ports
 open_ports_default_chain: 'VPN'
 open_ports_list:
-  - { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq',  comment: 'SMART Metrics' }
+  - { port: '80',                              chain: 'SERVICES',      comment: 'Nginx' }
+  - { port: '443',                             chain: 'SERVICES',      comment: 'Nginx' }
+  - { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq',    comment: 'SMART Metrics' }
   # https://github.com/status-im/infra-nim-waku/issues/59
   - { port: '8556:8559',                       ipset: 'waku-nmon.misc', comment: 'HTTP RCP for WakuNetwork Monitor' }
   - { port: '8556:8559',                       ipset: 'waku.test',      comment: 'HTTP RCP for Waku' }