status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

eth1: migrate to nftables 

Referenced issue: https://github.com/status-im/infra-misc/issues/301

Signed-off-by: markoburcul <marko@status.im>
This commit is contained in:
markoburcul 2024-10-10 15:09:01 +02:00 committed by Marko Burčul
parent daa4469823
commit c07788fa76
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ansible/eth1.yml
View File

@ -14,5 +14,6 @@
hosts: hosts:
- nimbus-eth1-metal - nimbus-eth1-metal
roles: roles:
- { role: infra-role-open-ports, tags: open-ports }
- { role: infra-role-nimbus-eth1, tags: nimbus-eth1 } - { role: infra-role-nimbus-eth1, tags: nimbus-eth1 }
- { role: infra-role-rocketpool, tags: rocketpool } - { role: infra-role-rocketpool, tags: rocketpool }

18
ansible/group_vars/nimbus.eth1.yml
View File

@ -31,7 +31,25 @@ nimbus_eth1_network: 'holesky'
nimbus_eth1_max_peers: 160 nimbus_eth1_max_peers: 160
nimbus_eth1_log_level: 'DEBUG' nimbus_eth1_log_level: 'DEBUG'
# Ports # Ports
nimbus_eth1_listening_port: 30303
nimbus_eth1_discovery_port: 30303
nimbus_eth1_metrics_port: 9093 nimbus_eth1_metrics_port: 9093
nimbus_eth1_metrics_address: '0.0.0.0' nimbus_eth1_metrics_address: '0.0.0.0'
# API secert # API secert
nimbus_eth1_jwt_secret: '{{lookup("bitwarden", "nimbus/jwt-token")}}' nimbus_eth1_jwt_secret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Open Ports -------------------------------------------------------------------
open_ports_list:
el-node:
- { comment: 'Nimbus node listening port', port: '{{ nimbus_eth1_listening_port }}', protocol: 'tcp' }
- { comment: 'Nimbus node discovery port', port: '{{ nimbus_eth1_discovery_port }}', protocol: 'udp' }
- { comment: 'Nimbus node metrics port', port: '{{ nimbus_eth1_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' }
beacon-node:
- { comment: 'Rocketpool node libp2p port', port: '{{ rocketpool_eth2_libp2p_port }}', protocol: 'tcp' }
- { comment: 'Rocketpool node discovery port', port: '{{ rocketpool_eth2_discovery_port }}', protocol: 'udp' }
- { comment: 'Rocketpool node REST port', port: '{{ rocketpool_eth2_rest_port }}', ipset: 'nimbus.eth1', iifname: 'wg0' }
- { comment: 'Rocketpool node metrics port', port: '{{ rocketpool_eth2_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' }