host ERA files under mainnet.era.nimbus.team domain

https://github.com/status-im/infra-nimbus/issues/126

Signed-off-by: Jakub Sokołowski <jakub@status.im>

ansible/era.yml

@@ -0,0 +1,20 @@
+---
+- name: Verify Ansible versions
+  hosts: all
+  tags: always
+  become: false
+  run_once: true
+  gather_facts: false
+  tasks:
+    - local_action: command ./versioncheck.py
+      changed_when: false
+
+- name: Configure ERA files hosting
+  become: true
+  hosts:
+    - metal-03.he-eu-hel1.nimbus.mainnet
+  roles:
+    - role: origin-certs
+      tags: origin-certs
+    - role: nginx
+      tags: nginx

ansible/host_vars/metal-03.he-eu-hel1.nimbus.mainnet.yml

@@ -0,0 +1,25 @@
+---
+era_files_domain: 'mainnet.era.nimbus.team'
+era_files_path: '/data/era'
+
+# CloudFlare Origin certificates
+origin_certs:
+  - domain: 'nimbus.team'
+    crt: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.crt")}}'
+    key: '{{lookup("bitwarden", "CloudFlare/nimbus.team", file="origin.key")}}'
+
+nginx_sites:
+  era_files:
+    - listen 80 default_server
+    - listen 443 ssl
+
+    - server_name {{ era_files_domain }}
+
+    - ssl_certificate     /certs/nimbus.team/origin.crt
+    - ssl_certificate_key /certs/nimbus.team/origin.key
+
+    - location / {
+        root {{ era_files_path }};
+        autoindex on;
+        autoindex_format html;
+      }

mainnet.tf

@@ -41,6 +41,15 @@ resource "cloudflare_record" "testing_mainnet_beacon_api" {
   proxied = false
 }
  
+/* ERA Files hosting */
+resource "cloudflare_record" "era_mainnet" {
+  zone_id = local.zones["nimbus.team"]
+  name    = "mainnet.era"
+  value   = module.nimbus_nodes_mainnet_hetzner.public_ips[2]
+  type    = "A"
+  proxied = true
+}
+
 /* WARNING: These are bootnodes and losing their IPs and private keys would be bad. */
 module "nimbus_nodes_mainnet_stable_small" {
   source = "github.com/status-im/infra-tf-amazon-web-services"