Networks changes to regions

[DaMandal0rian]

PR Type

Enhancement

---

Description

• Expose aws_region, azs, private_key_path variables

• Update default region and AZ values

• Use latest Loki Docker plugin

• move Nginx and Traefik RPC configs

  • Rate limiting and 429 error handling
  • Traefik docker-compose template for RPC service
  • Global nginx.conf and uptime-kuma configs

---

Changes walkthrough 📝

	Relevant files
Configuration changes	7 files main.tf Expose aws_region, azs, private_key_path variables              +3/-0      variables.tf Reorder and expose devnet azs, private_key_path vars          +5/-7      main.tf Add aws_region, azs, private_key_path to mainnet                  +3/-0      variables.tf Update aws_region defaults and expose azs                                +9/-9      main.tf Add aws_region, azs, private_key_path to taurus                    +3/-0      variables.tf Update aws_region defaults and expose azs                                +8/-8      variables.tf Expose azs and private_key_path in primitives                        +6/-9
Enhancement	5 files installer.sh Use latest loki-docker-driver plugin                                          +1/-1      backend.conf Add rate limiting and 429 error handling                                  [link]    docker-compose.yml.taurus Introduce traefik-based RPC docker-compose template            [link]    nginx.conf Add comprehensive global nginx HTTP settings                          [link]    uptime-kuma.conf Add uptime-kuma status server configurations                          [link]

---

Need help?

Type /help how to ... in the comments thread for any questions about PR-Agent usage.

Check out the documentation for more information.

[github-actions]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪

🧪 No relevant tests

🔒 Security concerns BasicAuth Static Credentials: The traefik.http.middlewares.test-auth.basicauth.users line includes a static hashed password. Exposing credentials in code can lead to unauthorized access or brute force attacks. Consider moving to environment variables or a secure store.

⚡ Recommended focus areas for review Missing Defaults Variable defaults for aws_region and azs were removed, which may break Terraform plans by requiring manual input. Ensure defaults or overrides are provided in all environments. variable "aws_region" { description = "aws region" type = list(string) } variable "azs" { type = string description = "Availability Zones" } Version Pinning Using the latest tag for the Loki Docker plugin reduces reproducibility and may introduce breaking changes. Pin to a specific version to ensure stability. sudo docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions Typo in Zone Name The rate limiting zone is named rpc-limt instead of rpc-limit, which could cause confusion or misconfiguration. Verify and correct the spelling. limit_req_zone $binary_remote_addr zone=rpc-limt:10m rate=200r/s;

[github-actions]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Pin docker plugin version Pin the Docker plugin to a specific, known-good version rather than using latest to avoid unexpected breaking changes or incompatibilities. This ensures reproducible installs and limits security exposure from unvetted updates. templates/scripts/installer.sh [27] -sudo docker plugin install grafana/loki-docker-driver:latest --alias loki --grant-all-permissions +sudo docker plugin install grafana/loki-docker-driver:2.9.1 --alias loki --grant-all-permissions Suggestion importance[1-10]: 7 __ Why: Pinning the Docker plugin avoids unexpected breaking changes and improves reproducible installs by replacing :latest with a known-good version (2.9.1).	Medium
	Add JSON content header Explicitly set the response Content-Type to JSON for the custom 429 error page to ensure clients interpret the payload correctly. Without it, browsers or tools may default to text/html and mis-handle the JSON. templates/misc/private-rpcs/backend.conf [20-23] location = /rate_limit.html { internal; + add_header Content-Type application/json; return 429 '{"error": "Too Many Requests", "message": "Rate limit exceeded. Please slow down."}'; } Suggestion importance[1-10]: 6 __ Why: Explicitly setting Content-Type: application/json ensures clients correctly interpret the custom 429 error payload as JSON rather than defaulting to HTML.	Low
Possible issue	Restore private key default Restore a default value for private_key_path to maintain backward compatibility and prevent module failures when the variable is not explicitly set. templates/terraform/network-primitives/variables.tf [80-82] variable "private_key_path" { - type = string + type = string + default = "~/.ssh/deployer.pem" } Suggestion importance[1-10]: 6 __ Why: Re-adding default = "~/.ssh/deployer.pem" maintains backward compatibility and prevents failures in environments where the variable isn’t explicitly set.	Low

[DaMandal0rian]

@vedhavyas can i get a review please?