From f75c94e6f5d8c9ca5eeecd8e7549892b837ce9c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Tue, 8 Nov 2022 17:51:08 +0100
Subject: [PATCH] host ERA files under mainnet.era.nimbus.team domain
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://github.com/status-im/infra-nimbus/issues/126

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/era.yml                               | 20 +++++++++++++++
 .../metal-03.he-eu-hel1.nimbus.mainnet.yml    | 25 +++++++++++++++++++
 mainnet.tf                                    |  9 +++++++
 3 files changed, 54 insertions(+)
 create mode 100644 ansible/era.yml
 create mode 100644 ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml

diff --git a/ansible/era.yml b/ansible/era.yml
new file mode 100644
index 0000000..e16e15c
--- /dev/null
+++ b/ansible/era.yml
@@ -0,0 +1,20 @@
+---
+- name: Verify Ansible versions
+  hosts: all
+  tags: always
+  become: false
+  run_once: true
+  gather_facts: false
+  tasks:
+    - local_action: command ./versioncheck.py
+      changed_when: false
+
+- name: Configure ERA files hosting
+  become: true
+  hosts:
+    - metal-03.he-eu-hel1.nimbus.mainnet
+  roles:
+    - role: origin-certs
+      tags: origin-certs
+    - role: nginx
+      tags: nginx
diff --git a/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml b/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml
new file mode 100644
index 0000000..0c5b1c1
--- /dev/null
+++ b/ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml
@@ -0,0 +1,25 @@
+---
+era_files_domain: 'mainnet.era.nimbus.team'
+era_files_path: '/data/era'
+
+# CloudFlare Origin certificates
+origin_certs:
+  - domain: 'nimbus.team'
+    crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}'
+    key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}'
+
+nginx_sites:
+  era_files:
+    - listen 80 default_server
+    - listen 443 ssl
+
+    - server_name {{ era_files_domain }}
+
+    - ssl_certificate     /certs/nimbus.team/origin.crt
+    - ssl_certificate_key /certs/nimbus.team/origin.key
+
+    - location / {
+        root {{ era_files_path }};
+        autoindex on;
+        autoindex_format html;
+      }
diff --git a/mainnet.tf b/mainnet.tf
index 8b1c69b..012ef7b 100644
--- a/mainnet.tf
+++ b/mainnet.tf
@@ -40,6 +40,15 @@ resource "cloudflare_record" "testing_mainnet_beacon_api" {
   type    = "A"
   proxied = false
 }
+ 
+/* ERA Files hosting */
+resource "cloudflare_record" "era_mainnet" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "mainnet.era"
+  value   = module.nimbus_nodes_mainnet_hetzner.public_ips[2]
+  type    = "A"
+  proxied = true
+}
 
 /* WARNING: These are bootnodes and losing their IPs and private keys would be bad. */
 module "nimbus_nodes_mainnet_stable_small" {