add initial setup

Signed-off-by: Jakub Sokołowski <jakub@status.im>

README.md

@@ -0,0 +1,33 @@
+# Description
+
+This role provisions a [Nimbus](https://nimbus.team/) installation that can act as an ETH2 network bootstrap node.
+
+# Ports
+
+The service exposes three ports by default:
+
+* `9000` - LibP2P peering port. Must __ALWAYS__ be public.
+* `9200` - JSON RPC port. Must __NEVER__ be public.
+* `9900` - Prometheus metrics port. Should not be public.
+
+# Configuration
+
+Minimum configuration would include.
+```yaml
+beacon_node_network: 'testnet0'
+# Infura Web Sockets URLs
+beacon_node_web3_urls: ['wss://mainnet.infura.io/ws/v3/123qwe123qwe123qwe']
+```
+The order of Web Socket URLs matters. First is the default, the rest are fallbacks.
+
+It might be useful to increase the log verbosity level:
+```yaml
+beacon_node_log_level: DEBUG
+```
+
+# Management
+
+The containers are managed using [WinSW](https://github.com/winsw/winsw).
+```
+TODO
+```

defaults/main.yml

@@ -0,0 +1,42 @@
+---
+# shared testnet name: medalla, toledo, pyrmont, etc.
+beacon_node_network: 'medalla'
+beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}'
+beacon_node_service_path: 'C:\Users\{{ beacon_node_user }}\{{ beacon_node_service_name }}'
+
+beacon_node_log_level: 'INFO'
+beacon_node_data_folder: 'shared_{{ beacon_node_network }}_0'
+beacon_node_subscribe_all: false
+beacon_node_doppelganger_detection: true
+
+# For validation
+beacon_node_valid_network_names: ["toledo", "pyrmont", "prater", "mainnet", "steklo", "nocturne"]
+
+# Subfolders for separate read-only mounting
+beacon_node_secrets_path: '{{ beacon_node_service_path }}/data/{{ beacon_node_data_folder }}/secrets'
+
+# connectivity settings
+beacon_node_discovery_port: 9000
+beacon_node_listening_port: 9000
+beacon_node_public_address: '{{ ansible_host }}'
+beacon_node_max_peers: 160
+
+# metrics
+beacon_node_metrics_port: 9200
+
+# rpc / administrative
+beacon_node_rpc_port: 9900
+
+# resource limits, mem in MB
+beacon_node_mem_limit: '{{ (ansible_memtotal_mb * 0.5) | int }}'
+beacon_node_mem_reserve: '{{ (ansible_memtotal_mb * 0.4) | int }}'
+
+# Consul service definition settings
+beacon_node_consul_service_name: 'beacon-node'
+beacon_node_consul_service_file_name: '{{ beacon_node_consul_service_name | replace("-", "_") }}'
+beacon_node_consul_metrics_service_name: '{{ beacon_node_consul_service_name }}-metrics'
+
+# WebSocket RPC URLs, Goerli for testnets
+beacon_node_web3_urls: ['wss://goerli.infura.io/ws/v3/6224f3c792cc443fafb64e70a98f871e']
+
+beacon_node_slashing_db_kind: 'v2'

tasks/check.yml

@@ -0,0 +1,12 @@
+---
+- name: Verify web3 URLs are provided
+  assert:
+    that: '{{ beacon_node_web3_urls|length > 0 }}'
+    quiet: true
+    fail_msg: |
+      Providing Web3 URLs is required to sync with Eth1 chain!
+      Verify that the 'beacon_node_web3_urls' variable is set.
+
+- name: Verify network name
+  assert:
+    that: '{{ beacon_node_network in beacon_node_valid_network_names }}'

tasks/checks.yml

@@ -0,0 +1,13 @@
+---
+- name: Verify web3 URLs are provided
+  assert:
+    that: '{{ beacon_node_web3_urls|length > 0 }}'
+    quiet: true
+    fail_msg: |
+      Providing Web3 URLs is required to sync with Eth1 chain!
+      Verify that the 'beacon_node_web3_urls' variable is set.
+
+- name: Verify network name
+  assert:
+    that: '{{ beacon_node_network in beacon_node_valid_network_names }}'
+

tasks/firewall.yml

@@ -0,0 +1,18 @@
+---
+- name: 'Enable ports for: {{ beacon_node_service_name }}'
+  win_firewall_rule:
+    name: '{{ beacon_node_service_name }}-{{ rule.protocol }}'
+    description: 'Nimbus Eth2 Beacon Node ports'
+    action: 'allow'
+    direction: 'in'
+    state: 'present'
+    enabled: true
+    protocol: '{{ rule.protocol }}'
+    localport: '{{ rule.port }}'
+  with_items:
+    - { protocol: 'tcp', port: '{{ beacon_node_listening_port }}' }
+    - { protocol: 'udp', port: '{{ beacon_node_discovery_port }}' }
+  loop_control:
+    loop_var: rule
+  notify:
+    - Save iptables rules

tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- import_tasks: checks.yml
+- import_tasks: service.yml
+- import_tasks: firewall.yml

tasks/service.yml

@@ -0,0 +1,32 @@
+---
+- name: Create windows service
+  include_role: name=infra-role-winsw
+  vars:
+    winsw_service_id: 'beacon-node'
+    winsw_service_name: TODO
+    winsw_service_description: 'Service managed by WinSW'
+    winsw_service_user: TODO
+    winsw_service_exe_url: TODO
+    winsw_service_arguments: >
+      --network={{ beacon_node_network }}
+      --data-dir='/data/{{ beacon_node_data_folder }}'
+      {% for url in beacon_node_web3_urls | mandatory %}
+      --web3-url={{ url | mandatory }}
+      {% endfor %}
+      --nat=extip:{{ beacon_node_public_address }}
+      --log-level={{ beacon_node_log_level }}
+      --tcp-port={{ beacon_node_listening_port }}
+      --udp-port={{ beacon_node_discovery_port }}
+      --max-peers={{ beacon_node_max_peers }}
+      --netkey-file=/{{ beacon_node_netkey_cont_path }}
+      --slashing-db-kind={{ beacon_node_slashing_db_kind }}
+      --insecure-netkey-password=true
+      --subscribe-all-subnets={{ beacon_node_subscribe_all | to_json }}
+      --doppelganger-detection={{ beacon_node_doppelganger_detection | to_json }}
+      --rpc
+      --rpc-address=0.0.0.0
+      --rpc-port={{ beacon_node_rpc_port }}
+      --metrics
+      --metrics-address=0.0.0.0
+      --metrics-port={{ beacon_node_metrics_port }}
+