diff --git a/ansible/era.yml b/ansible/era.yml new file mode 100644 index 0000000..e16e15c --- /dev/null +++ b/ansible/era.yml @@ -0,0 +1,20 @@ +--- +- name: Verify Ansible versions + hosts: all + tags: always + become: false + run_once: true + gather_facts: false + tasks: + - local_action: command ./versioncheck.py + changed_when: false + +- name: Configure ERA files hosting + become: true + hosts: + - metal-03.he-eu-hel1.nimbus.mainnet + roles: + - role: origin-certs + tags: origin-certs + - role: nginx + tags: nginx diff --git a/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml b/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml new file mode 100644 index 0000000..0c5b1c1 --- /dev/null +++ b/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml @@ -0,0 +1,25 @@ +--- +era_files_domain: 'mainnet.era.nimbus.team' +era_files_path: '/data/era' + +# CloudFlare Origin certificates +origin_certs: + - domain: 'nimbus.team' + crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}' + key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}' + +nginx_sites: + era_files: + - listen 80 default_server + - listen 443 ssl + + - server_name {{ era_files_domain }} + + - ssl_certificate /certs/nimbus.team/origin.crt + - ssl_certificate_key /certs/nimbus.team/origin.key + + - location / { + root {{ era_files_path }}; + autoindex on; + autoindex_format html; + } diff --git a/mainnet.tf b/mainnet.tf index 8b1c69b..012ef7b 100644 --- a/mainnet.tf +++ b/mainnet.tf @@ -40,6 +40,15 @@ resource "cloudflare_record" "testing_mainnet_beacon_api" { type = "A" proxied = false } + +/* ERA Files hosting */ +resource "cloudflare_record" "era_mainnet" { + zone_id = local.zones["nimbus.team"] + name = "mainnet.era" + value = module.nimbus_nodes_mainnet_hetzner.public_ips[2] + type = "A" + proxied = true +} /* WARNING: These are bootnodes and losing their IPs and private keys would be bad. */ module "nimbus_nodes_mainnet_stable_small" {