add dotters and ibp nginx configs

bkk03

@@ -6,6 +6,7 @@ proxmox_hosts
 proxmox_nodes
 routers
 referrence_nodes
+services
 
 [proxmox_nodes:children]
 cumulus
@@ -32,6 +33,9 @@ wnd23
 [proxmox_hosts]
 bkk03
 
+[services]
+ibp
+
 [unmanaged]
 
 [hardware]

host_vars/dot23.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "polkadot.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: "polkadot"
 default_node_type: "endpoint"
 default_pruning: "archive"

host_vars/dot24.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "polkadot.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: "polkadot"
 default_node_type: "endpoint"
 default_pruning: "archive"

host_vars/ibp.yaml

@@ -2,7 +2,7 @@
 ansible_host: "27.131.160.106"
 container_ip: "192.168.69.97"
 ansible_port: "2997"
-host_name: "ibp-monitor.rotko.net"
+host_name: "ibp.rotko.net"
 host_timezone: "Asia/Bangkok"
 netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/24,bridge={{ default_nat_device }}"}'
 role: "monitor"

host_vars/ksm23.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "kusama.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: kusama
 default_node_type: "endpoint"
 default_pruning: "archive"

host_vars/ksm24.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "kusama.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: kusama
 default_node_type: "endpoint"
 default_pruning: "archive"

host_vars/wnd23.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "westend.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: "westend"
 default_node_type: "endpoint"
 default_pruning: "archive"

host_vars/wnd24.yaml

@@ -11,6 +11,8 @@ pinned_service: True
 default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}"
 default_public_dns: "{{ host_name }}"
 default_public_dns_lb: "westend.rotko.net"
+default_public_dns_ibp: "rpc.ibp.network"
+default_public_dns_dotters: "rpc.dotters.network"
 default_network: "westend"
 default_node_type: "endpoint"
 default_pruning: "archive"

roles/setup_install_nginx/templates/https-endpoint-dotters.j2

@@ -0,0 +1,35 @@
+server {
+    listen {{ default_secure_rpc_port }} ssl http2;
+    listen [::]:{{ default_secure_rpc_port }} ssl http2;
+    server_name {{ default_public_dns_dotters }};
+
+    # SSL/TLS settings
+    ssl_certificate /etc/letsencrypt/live/{{ default_public_dns_dotters }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ default_public_dns_dotters }}/privkey.pem;
+
+    # Strong SSL settings
+    ssl_protocols TLSv1.3;
+    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+
+    # OCSP Stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 1.1.1.1 1.0.0.1 valid=300s;
+    resolver_timeout 5s;
+
+    location / {
+        proxy_buffers 16 4k;
+        proxy_buffer_size 2k;
+        proxy_pass http://127.0.0.1:{{ default_rpc_port }};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

roles/setup_install_nginx/templates/https-endpoint-ibp.j2

@@ -0,0 +1,35 @@
+server {
+    listen {{ default_secure_rpc_port }} ssl http2;
+    listen [::]:{{ default_secure_rpc_port }} ssl http2;
+    server_name {{ default_public_dns_ibp }};
+
+    # SSL/TLS settings
+    ssl_certificate /etc/letsencrypt/live/{{ default_public_dns_ibp }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ default_public_dns_ibp }}/privkey.pem;
+
+    # Strong SSL settings
+    ssl_protocols TLSv1.3;
+    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
+    ssl_prefer_server_ciphers off;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_session_tickets off;
+
+    # OCSP Stapling
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    resolver 1.1.1.1 1.0.0.1 valid=300s;
+    resolver_timeout 5s;
+
+    location / {
+        proxy_buffers 16 4k;
+        proxy_buffer_size 2k;
+        proxy_pass http://127.0.0.1:{{ default_rpc_port }};
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}