summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--README32
-rw-r--r--ansible.cfg7
-rw-r--r--inventories/production/hosts4
-rw-r--r--inventories/staging/hosts2
-rw-r--r--playbooks/play.yml8
-rw-r--r--roles/database/tasks/configure-postgres.yml16
-rw-r--r--roles/database/tasks/install-postgres.yml6
-rw-r--r--roles/database/tasks/main.yml8
-rw-r--r--roles/database/vars/main.yml4
-rw-r--r--roles/packages/tasks/add-taler-repo.yml10
-rw-r--r--roles/packages/tasks/base-packages.yml15
-rw-r--r--roles/packages/tasks/main.yml14
-rw-r--r--roles/packages/tasks/python-packages.yml36
-rw-r--r--roles/packages/tasks/taler-packages.yml11
-rw-r--r--roles/taler/tasks/main.yml3
-rw-r--r--roles/taler/tasks/setup-exchange.yml0
-rw-r--r--roles/taler/vars/main.yml7
-rw-r--r--roles/webserver/defaults/main.yml0
-rw-r--r--roles/webserver/handlers/main.yml5
-rw-r--r--roles/webserver/tasks/enable-virtualhosts.yml12
-rw-r--r--roles/webserver/tasks/install-nginx.yml20
-rw-r--r--roles/webserver/tasks/main.yml11
-rw-r--r--roles/webserver/tasks/request-certificates.yml19
-rw-r--r--roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j216
-rw-r--r--roles/webserver/vars/main.yml6
25 files changed, 272 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..a1dd27d
--- /dev/null
+++ b/README
@@ -0,0 +1,32 @@
+RUN THE ANSIBLE SETUP
+========================
+
+To run this ansible deployment script simply run :
+---------------------------------------------------
+
+1.For staging and tests: ansible-playbook -i inventories/staging --user root playbooks/play.yml
+2.For production: ansible-playbook -i inventories/production --user root playbooks/play.yml
+
+Roles (set of tasks):
+===========================
+
+Brief explanation about what the play.yml really executes:
+
+Roles:
+
+0.Packages (including Taler packages)
+1.Webserver
+2.Database
+3.Taler setup
+
+ROLE-> TASKS:
+---------------
+Packages: Install base packges + Add Taler repo to sources.list + Install Taler packages (exchange so far)
+Webserver: Install NGINX + Enable Virtualhost + Request CERTS
+Database: Install Postgres + Configure Postgres
+Taler: Taler specific configurations (as setup-exchange.sh from regional currency script (old Netzbon)).
+
+
+
+
+
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..5144577
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,7 @@
+[defaults]
+inventory = inventories
+roles_path = roles
+remote_user = root
+
+[ssh_connection]
+private_key_file = ~/.ssh/id_rsa
diff --git a/inventories/production/hosts b/inventories/production/hosts
new file mode 100644
index 0000000..a8dfbbb
--- /dev/null
+++ b/inventories/production/hosts
@@ -0,0 +1,4 @@
+[production]
+#taler-ops production server
+82.220.38.8
+
diff --git a/inventories/staging/hosts b/inventories/staging/hosts
new file mode 100644
index 0000000..97aeec7
--- /dev/null
+++ b/inventories/staging/hosts
@@ -0,0 +1,2 @@
+[staging]
+95.179.240.84
diff --git a/playbooks/play.yml b/playbooks/play.yml
new file mode 100644
index 0000000..65472ff
--- /dev/null
+++ b/playbooks/play.yml
@@ -0,0 +1,8 @@
+---
+- name: Deploy GNU Taler
+ hosts: all
+ roles:
+ - packages
+ - webserver
+ - database
+ #- taler
diff --git a/roles/database/tasks/configure-postgres.yml b/roles/database/tasks/configure-postgres.yml
new file mode 100644
index 0000000..d57fe57
--- /dev/null
+++ b/roles/database/tasks/configure-postgres.yml
@@ -0,0 +1,16 @@
+---
+- name: Create Taler PostgreSQL user for the new database
+ postgresql_user:
+ name: "{{ USER }}"
+ password: "{{ PASSWORD }}"
+ become: true
+ become_user: postgres
+
+- name: Create Taler database
+ postgresql_db:
+ name: "{{ DATABASE }}"
+ owner: "{{ USER }}"
+ encoding: UTF-8
+ state: present
+ become: true
+ become_user: postgres
diff --git a/roles/database/tasks/install-postgres.yml b/roles/database/tasks/install-postgres.yml
new file mode 100644
index 0000000..06de32f
--- /dev/null
+++ b/roles/database/tasks/install-postgres.yml
@@ -0,0 +1,6 @@
+---
+- name: Install PostgreSQL on Debian/Ubuntu
+ apt:
+ name: postgresql
+ state: present
+ when: ansible_os_family == 'Debian'
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
new file mode 100644
index 0000000..25af405
--- /dev/null
+++ b/roles/database/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+# Webserver role
+
+- name: Install PostgreSQL
+ include_tasks: install-postgres.yml
+
+- name: Configure PostgreSQL
+ include_tasks: configure-postgres.yml
diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml
new file mode 100644
index 0000000..b517e20
--- /dev/null
+++ b/roles/database/vars/main.yml
@@ -0,0 +1,4 @@
+---
+USER: taler
+PASSWORD: 2ccXMVRABfAx5rer
+DATABASE: taler_db
diff --git a/roles/packages/tasks/add-taler-repo.yml b/roles/packages/tasks/add-taler-repo.yml
new file mode 100644
index 0000000..c414754
--- /dev/null
+++ b/roles/packages/tasks/add-taler-repo.yml
@@ -0,0 +1,10 @@
+- name: GNU/Taler repo
+ deb822_repository:
+ name: Taler
+ types: deb
+ uris: https://deb.taler.net/apt/debian
+ suites: bookworm
+ components:
+ - main
+ architectures: amd64
+ signed_by: https://taler.net/taler-systems.gpg \ No newline at end of file
diff --git a/roles/packages/tasks/base-packages.yml b/roles/packages/tasks/base-packages.yml
new file mode 100644
index 0000000..7e62f5f
--- /dev/null
+++ b/roles/packages/tasks/base-packages.yml
@@ -0,0 +1,15 @@
+---
+- name: Install packages on Debian/Ubuntu
+ apt:
+ name:
+ - uuid-runtime
+ - make
+ - sudo
+ - curl
+ - jq
+ - wget
+ - python3-sphinx
+ - python3-pip
+ state: present
+ when: ansible_os_family == 'Debian'
+
diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml
new file mode 100644
index 0000000..05a7514
--- /dev/null
+++ b/roles/packages/tasks/main.yml
@@ -0,0 +1,14 @@
+---
+# Role: Install ALL packages and dependencies
+
+- name: Install base packages
+ include_tasks: base-packages.yml
+
+- name: Install Python and Python packages
+ include_tasks: python-packages.yml
+
+- name: Add Taler repo to sources.list
+ include_tasks: add-taler-repo.yml
+
+- name: Install Taler packages
+ include_tasks: taler-packages.yml
diff --git a/roles/packages/tasks/python-packages.yml b/roles/packages/tasks/python-packages.yml
new file mode 100644
index 0000000..bf91cc3
--- /dev/null
+++ b/roles/packages/tasks/python-packages.yml
@@ -0,0 +1,36 @@
+---
+- name: Install Python on Debian/Ubuntu
+ package:
+ name: python3
+ state: present
+ when: ansible_os_family == 'Debian'
+
+- name: Install PostgreSQL client packages
+ ansible.builtin.apt:
+ name: libpq-dev
+ state: present
+
+- name: Install psycopg2
+ ansible.builtin.apt:
+ name: python3-psycopg2
+ state: present
+
+- name: Install Python Sphinx
+ ansible.builtin.apt:
+ name: python3-sphinx
+ state: present
+
+- name: Install Argon2
+ ansible.builtin.apt:
+ name: python3-argon2
+ state: present
+
+- name: Install pycryptodome
+ ansible.builtin.apt:
+ name: python3-pycryptodome
+ state: present
+
+
+# pending packages to install: (haven't found then in debian apt)
+# sphinx-markdown-builder
+# htmlark
diff --git a/roles/packages/tasks/taler-packages.yml b/roles/packages/tasks/taler-packages.yml
new file mode 100644
index 0000000..2beb3d1
--- /dev/null
+++ b/roles/packages/tasks/taler-packages.yml
@@ -0,0 +1,11 @@
+---
+- name: Install Taler packages
+ apt:
+ name:
+ - taler-exchange
+ #- taler-terms-generator
+ #- taler-harness
+ #- libeufin-nexus
+ #- taler-exchange-offline
+ state: present
+ when: ansible_os_family == 'Debian'
diff --git a/roles/taler/tasks/main.yml b/roles/taler/tasks/main.yml
new file mode 100644
index 0000000..5bde85a
--- /dev/null
+++ b/roles/taler/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- name: Configure Taler exchange
+ # include_tasks: setup-exchange.yml (Devan)
diff --git a/roles/taler/tasks/setup-exchange.yml b/roles/taler/tasks/setup-exchange.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/taler/tasks/setup-exchange.yml
diff --git a/roles/taler/vars/main.yml b/roles/taler/vars/main.yml
new file mode 100644
index 0000000..fdf3d03
--- /dev/null
+++ b/roles/taler/vars/main.yml
@@ -0,0 +1,7 @@
+BANK_EXCHANGE_PASSWORD: xxxx
+BANK_ADMIN_PASSWORD: xxxx
+BANK_PORT: xxxx
+CURRENCY_NAME: xxxx
+IBAN: xxx
+HOSTNAME: XXXX
+TOS: yes/no
diff --git a/roles/webserver/defaults/main.yml b/roles/webserver/defaults/main.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/roles/webserver/defaults/main.yml
diff --git a/roles/webserver/handlers/main.yml b/roles/webserver/handlers/main.yml
new file mode 100644
index 0000000..20f3947
--- /dev/null
+++ b/roles/webserver/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: Reload Nginx
+ service:
+ name: nginx
+ state: reloaded
diff --git a/roles/webserver/tasks/enable-virtualhosts.yml b/roles/webserver/tasks/enable-virtualhosts.yml
new file mode 100644
index 0000000..3734900
--- /dev/null
+++ b/roles/webserver/tasks/enable-virtualhosts.yml
@@ -0,0 +1,12 @@
+---
+- name: Ensure virtualhost configuration file exists
+ template:
+ src: virtualhosts/exchange-nginx.conf.j2
+ dest: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}"
+ notify: Reload Nginx
+
+- name: Enable virtual host by creating symlink
+ file:
+ src: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}"
+ dest: "{{ NGINX_SITES_ENABLED }}/{{ VIRTUALHOST }}"
+ state: link
diff --git a/roles/webserver/tasks/install-nginx.yml b/roles/webserver/tasks/install-nginx.yml
new file mode 100644
index 0000000..78ed231
--- /dev/null
+++ b/roles/webserver/tasks/install-nginx.yml
@@ -0,0 +1,20 @@
+---
+- name: Update apt package index (for Debian/Ubuntu)
+ apt:
+ update_cache: yes
+ when: ansible_os_family == 'Debian'
+
+- name: Install Nginx
+ package:
+ name: nginx
+ state: present
+ tags:
+ - nginx_installation
+
+- name: Ensure Nginx service is enabled and started
+ service:
+ name: nginx
+ state: started
+ enabled: yes
+ tags:
+ - nginx_service
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
new file mode 100644
index 0000000..a4ca00d
--- /dev/null
+++ b/roles/webserver/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+# Webserver role
+
+- name: Install NGINX
+ include_tasks: install-nginx.yml
+
+- name: Enable Virtualhosts
+ include_tasks: enable-virtualhosts.yml
+
+- name: Request certificates
+ include_tasks: request-certificates.yml
diff --git a/roles/webserver/tasks/request-certificates.yml b/roles/webserver/tasks/request-certificates.yml
new file mode 100644
index 0000000..48d1ca9
--- /dev/null
+++ b/roles/webserver/tasks/request-certificates.yml
@@ -0,0 +1,19 @@
+---
+- name: Install Certbot and Certbot Nginx plugin
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - certbot
+ - python3-certbot-nginx # Certbot plugin for Nginx
+
+- name: Obtain or renew SSL certificate using Certbot with Nginx
+ command: certbot --nginx --domain {{ SUBDOMAIN }}.{{ DOMAIN_NAME }} --redirect --non-interactive --agree-tos --email sysadmin@taler.net
+ register: certbot_result
+ changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout"
+
+- name: Reload Nginx configuration if certificates were obtained or renewed
+ service:
+ name: nginx
+ state: reloaded
+ when: certbot_result.changed
diff --git a/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2 b/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2
new file mode 100644
index 0000000..47376c3
--- /dev/null
+++ b/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2
@@ -0,0 +1,16 @@
+server {
+
+ listen 80;
+ listen [::]:80;
+
+ server_name exchange.{{ DOMAIN_NAME }};
+
+ # Bigger than default timeout to support long polling
+ proxy_read_timeout 6500s;
+ keepalive_requests 1000000;
+ keepalive_timeout 6500s;
+
+ location / {
+ proxy_pass http://unix:/var/run/taler/exchange-httpd/exchange-http.sock;
+ }
+}
diff --git a/roles/webserver/vars/main.yml b/roles/webserver/vars/main.yml
new file mode 100644
index 0000000..683f1fb
--- /dev/null
+++ b/roles/webserver/vars/main.yml
@@ -0,0 +1,6 @@
+---
+DOMAIN_NAME: valenciatech.cloud
+SUBDOMAIN: exchange
+NGINX_SITES_AVAILABLE: /etc/nginx/sites-available
+NGINX_SITES_ENABLED: /etc/nginx/sites-enabled
+VIRTUALHOST: exchange-nginx.conf
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-09 19:01:09 +0000