node: expose config.toml using Nginx server

This can then be linked from the new https://fleets.waku.org/. https://github.com/status-im/infra-misc/issues/229 Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-03-07 12:04:22 +01:00 · 2024-03-07 12:04:22 +01:00 · 2c2e2e56f7
parent 3d01924c13
commit 2c2e2e56f7
3 changed files with 24 additions and 2 deletions
--- a/ansible/group_vars/status-node.yml
+++ b/ansible/group_vars/status-node.yml
@ -4,6 +4,8 @@ swap_file_size_mb: 2048
 # Nim-Waku
 nim_waku_cont_tag: 'deploy-status-{{ stage }}'
 nim_waku_cont_name: 'nim-waku'
+nim_waku_cont_vol: '/docker/{{ nim_waku_cont_name }}'
+nim_waku_node_conf_path: '{{ nim_waku_cont_vol }}/conf'
 nim_waku_log_level: 'debug'
 nim_waku_dns4_domain_name: '{{ dns_entry }}'
 # Protocols
@ -58,6 +60,7 @@ nim_waku_consul_failures_before_critical: '{{ (stage == "prod") | ternary(4, 8)
 # LetsEncrypt via Certbot
 certbot_docker_enabled: true
 certbot_admin_email: 'devops@status.im'
+certbot_services_to_stop: ['nginx']
 certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
 certbot_certs:
  - domains: [ '{{ nim_waku_websocket_domain }}' ]
@ -67,10 +70,23 @@ open_ports_default_comment: '{{ nim_waku_cont_name }}'
 open_ports_default_protocol: 'tcp'
 open_ports_default_chain: 'SERVICES'
 open_ports_list:
-  - { port: '80', comment: 'Certbot verification' }
+  - { port: '80', comment: 'Nginx and Certbot' }
  - { port: '{{ nim_waku_p2p_tcp_port }}' }
  - { port: '{{ nim_waku_p2p_udp_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_websock_port }}' }
  - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
  - { port: '{{ nim_waku_rpc_tcp_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' }
+
+# Public Config file access
+nginx_sites:
+  nim_waku_config:
+    - listen 80 default_server
+    - location = / {
+        return 302 /config.toml;
+      }
+    - location = /config.toml {
+        root {{ nim_waku_node_conf_path }};
+        try_files /config.toml =404;
+        types { text/plain toml; }
+      }
--- a/ansible/main.yml
+++ b/ansible/main.yml
@ -25,3 +25,4 @@
    - { role: infra-role-swap-file,   tags: swap-file   }
    - { role: infra-role-certbot,     tags: certbot     }
    - { role: infra-role-nim-waku,    tags: nim-waku    }
+    - { role: infra-role-nginx,       tags: nginx       }
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -26,7 +26,7 @@

 - name: infra-role-nim-waku
  src: git@github.com:status-im/infra-role-nim-waku.git
-  version: 6c7837b1f857379e7b66c8ce776ac050c7946705
+  version: 468ee1af0e0bb6b0c9167f1696e3a6cb73eeed79
  scm: git

 - name: infra-role-certbot
@ -38,3 +38,8 @@
  src: git@github.com:status-im/infra-role-postgres-ha.git
  version: 9fbe3851b902f9873441c2b26a6d3a7e9d1525c7
  scm: git
+
+- name: infra-role-nginx
+  src: git@github.com:status-im/infra-role-nginx.git
+  version: 3043c998cbc92a634a71dc48363b3e2525696d26
+  scm: git