commit e456e9f999b835efbd95733f58cf537f5858a2fa parent 5c37e95f38484d98a1bb3d263c2ca47d4a88d04b Author: Devan Carpenter <devan@taler.net> Date: Thu, 27 Jun 2024 11:40:51 -0400 consolidate and reorganize Diffstat:
28 files changed, 152 insertions(+), 190 deletions(-)
diff --git a/.gitignore b/.gitignore @@ -0,0 +1,2 @@ +./inventories/production/hosts +./inventories/staging/hosts diff --git a/ansible.cfg b/ansible.cfg @@ -2,6 +2,3 @@ inventory = inventories roles_path = roles remote_user = root - -[ssh_connection] -private_key_file = ~/.ssh/id_rsa diff --git a/inventories/production/hosts b/inventories/production/hosts.example diff --git a/inventories/staging/hosts b/inventories/staging/hosts @@ -1,2 +0,0 @@ -[staging] -95.179.240.84 diff --git a/inventories/staging/hosts.example b/inventories/staging/hosts.example @@ -0,0 +1,2 @@ +[staging] +172.18.103.122 ansible_port=22 ansible_user=root ansible_ssh_private_key_file=~/.ssh/taler_ansible_id_ed25519 diff --git a/playbooks/play.yml b/playbooks/play.yml @@ -2,7 +2,7 @@ - name: Deploy GNU Taler hosts: all roles: - - packages + - common_packages - webserver - database - #- taler + - taler diff --git a/roles/common_packages/tasks/main.yml b/roles/common_packages/tasks/main.yml @@ -0,0 +1,35 @@ +--- +# Role: Install dependencies + +- name: Install packages required by Ansible + apt: + name: + - python3-debian + - python3-psycopg2 + state: present + update_cache: true + when: ansible_os_family == 'Debian' + +- name: Install Taler dependencies on Debian/Ubuntu + apt: + name: + - curl + - jq + - sudo + - uuid-runtime + - wget + state: present + update_cache: true + when: ansible_os_family == 'Debian' + +# Add Taler public APT package repo +- name: GNU/Taler repo + deb822_repository: + name: Taler + types: deb + uris: https://deb.taler.net/apt/debian + suites: bookworm + components: + - main + architectures: amd64 + signed_by: https://taler.net/taler-systems.gpg diff --git a/roles/database/example.taler_postgres.fact b/roles/database/example.taler_postgres.fact @@ -0,0 +1,4 @@ +{ + "password": "" + "db_uri": "unix://..." or "tls://" +} diff --git a/roles/database/tasks/configure-postgres.yml b/roles/database/tasks/configure-postgres.yml @@ -1,16 +0,0 @@ ---- -- name: Create Taler PostgreSQL user for the new database - postgresql_user: - name: "{{ USER }}" - password: "{{ PASSWORD }}" - become: true - become_user: postgres - -- name: Create Taler database - postgresql_db: - name: "{{ DATABASE }}" - owner: "{{ USER }}" - encoding: UTF-8 - state: present - become: true - become_user: postgres diff --git a/roles/database/tasks/install-postgres.yml b/roles/database/tasks/install-postgres.yml @@ -1,6 +0,0 @@ ---- -- name: Install PostgreSQL on Debian/Ubuntu - apt: - name: postgresql - state: present - when: ansible_os_family == 'Debian' diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml @@ -1,8 +1,17 @@ --- -# Webserver role +# Database role -- name: Install PostgreSQL - include_tasks: install-postgres.yml +- name: Install PostgreSQL on Debian/Ubuntu + apt: + name: postgresql + state: present + update_cache: true + notify: + - restart postgresql + when: ansible_os_family == 'Debian' -- name: Configure PostgreSQL - include_tasks: configure-postgres.yml +- name: Make sure PostgreSQL is started and enabled + systemd: + name: postgresql + state: started + enabled: true diff --git a/roles/database/vars/main.yml b/roles/database/vars/main.yml @@ -1,4 +0,0 @@ ---- -USER: taler -PASSWORD: 2ccXMVRABfAx5rer -DATABASE: taler_db diff --git a/roles/packages/tasks/add-taler-repo.yml b/roles/packages/tasks/add-taler-repo.yml @@ -1,10 +0,0 @@ -- name: GNU/Taler repo - deb822_repository: - name: Taler - types: deb - uris: https://deb.taler.net/apt/debian - suites: bookworm - components: - - main - architectures: amd64 - signed_by: https://taler.net/taler-systems.gpg -\ No newline at end of file diff --git a/roles/packages/tasks/base-packages.yml b/roles/packages/tasks/base-packages.yml @@ -1,15 +0,0 @@ ---- -- name: Install packages on Debian/Ubuntu - apt: - name: - - uuid-runtime - - make - - sudo - - curl - - jq - - wget - - python3-sphinx - - python3-pip - state: present - when: ansible_os_family == 'Debian' - diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml @@ -1,14 +0,0 @@ ---- -# Role: Install ALL packages and dependencies - -- name: Install base packages - include_tasks: base-packages.yml - -- name: Install Python and Python packages - include_tasks: python-packages.yml - -- name: Add Taler repo to sources.list - include_tasks: add-taler-repo.yml - -- name: Install Taler packages - include_tasks: taler-packages.yml diff --git a/roles/packages/tasks/python-packages.yml b/roles/packages/tasks/python-packages.yml @@ -1,36 +0,0 @@ ---- -- name: Install Python on Debian/Ubuntu - package: - name: python3 - state: present - when: ansible_os_family == 'Debian' - -- name: Install PostgreSQL client packages - ansible.builtin.apt: - name: libpq-dev - state: present - -- name: Install psycopg2 - ansible.builtin.apt: - name: python3-psycopg2 - state: present - -- name: Install Python Sphinx - ansible.builtin.apt: - name: python3-sphinx - state: present - -- name: Install Argon2 - ansible.builtin.apt: - name: python3-argon2 - state: present - -- name: Install pycryptodome - ansible.builtin.apt: - name: python3-pycryptodome - state: present - - -# pending packages to install: (haven't found then in debian apt) -# sphinx-markdown-builder -# htmlark diff --git a/roles/packages/tasks/taler-packages.yml b/roles/packages/tasks/taler-packages.yml @@ -1,11 +0,0 @@ ---- -- name: Install Taler packages - apt: - name: - - taler-exchange - #- taler-terms-generator - #- taler-harness - #- libeufin-nexus - #- taler-exchange-offline - state: present - when: ansible_os_family == 'Debian' diff --git a/roles/taler/tasks/main.yml b/roles/taler/tasks/main.yml @@ -1,3 +1,34 @@ --- -- name: Configure Taler exchange - # include_tasks: setup-exchange.yml (Devan) +- name: Install git + apt: + name: + - git + state: present + update_cache: true + when: ansible_os_family == 'Debian' + +- name: Checkout Taler deployment repo + git: + repo: 'https://git.taler.net/deployment.git' + dest: /tmp/deployment + version: master + +- name: Ensure config dir exists + file: + path: "/tmp/deployment/regional-currency/config" + state: directory + +- name: Install the Taler config + template: + src: taler.conf + dest: "/tmp/deployment/regional-currency/config/user.conf" + +- name: Setup Taler libeufin + shell: + cmd: bash -ex /tmp/deployment/regional-currency/setup-libeufin.sh + chdir: /tmp/deployment/regional-currency + +- name: Setup Taler Exchange + shell: + cmd: bash -ex /tmp/deployment/regional-currency/setup-exchange.sh + chdir: /tmp/deployment/regional-currency diff --git a/roles/taler/tasks/setup-exchange.yml b/roles/taler/tasks/setup-exchange.yml diff --git a/roles/taler/templates/taler.conf b/roles/taler/templates/taler.conf @@ -0,0 +1,14 @@ +DO_CONFIG_ENCRYPTION='n' +CURRENCY='NETZBON' +DO_CONVERSION='n' +BANK_NAME='TalerAnsibleBank' +DOMAIN_NAME='taler.localhost' +ENABLE_TLS='n' +PROTO='http' +DO_OFFLINE='y' +DO_TELESIGN='n' +BANK_ADMIN_PASSWORD='1234abc' +BANK_ADMIN_PASSWORD_GENERATED='n' +DO_EXCHANGE_TERMS='n' +DO_EXCHANGE_PRIVACY='n' +BANK_PORT='8080' diff --git a/roles/webserver/defaults/main.yml b/roles/webserver/defaults/main.yml diff --git a/roles/webserver/handlers/main.yml b/roles/webserver/handlers/main.yml @@ -1,5 +1,5 @@ --- -- name: Reload Nginx +- name: restart nginx service: name: nginx - state: reloaded + state: restarted diff --git a/roles/webserver/tasks/enable-virtualhosts.yml b/roles/webserver/tasks/enable-virtualhosts.yml @@ -1,12 +0,0 @@ ---- -- name: Ensure virtualhost configuration file exists - template: - src: virtualhosts/exchange-nginx.conf.j2 - dest: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}" - notify: Reload Nginx - -- name: Enable virtual host by creating symlink - file: - src: "{{ NGINX_SITES_AVAILABLE }}/{{ VIRTUALHOST }}" - dest: "{{ NGINX_SITES_ENABLED }}/{{ VIRTUALHOST }}" - state: link diff --git a/roles/webserver/tasks/install-nginx.yml b/roles/webserver/tasks/install-nginx.yml @@ -1,20 +0,0 @@ ---- -- name: Update apt package index (for Debian/Ubuntu) - apt: - update_cache: yes - when: ansible_os_family == 'Debian' - -- name: Install Nginx - package: - name: nginx - state: present - tags: - - nginx_installation - -- name: Ensure Nginx service is enabled and started - service: - name: nginx - state: started - enabled: yes - tags: - - nginx_service diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml @@ -1,11 +1,47 @@ --- # Webserver role -- name: Install NGINX - include_tasks: install-nginx.yml +- name: Install Nginx + apt: + name: nginx + state: present + update_cache: yes + when: ansible_os_family == 'Debian' -- name: Enable Virtualhosts - include_tasks: enable-virtualhosts.yml +- name: Ensure Nginx service is enabled and started + service: + name: nginx + state: started + enabled: yes -- name: Request certificates - include_tasks: request-certificates.yml +- name: Ensure virtualhost configuration file exists + template: + src: exchange-nginx.conf + dest: "/etc/nginx/sites-available/exchange-nginx.conf" + notify: restart nginx + +- name: Enable virtual host by creating symlink + file: + src: "/etc/nginx/sites-available/exchange-nginx.conf" + dest: "/etc/nginx/sites-enabled/exchange-nginx.conf" + state: link + notify: restart nginx + + #- name: Install Certbot and Certbot Nginx plugin + # package: + # name: "{{ item }}" + # state: present + # with_items: + # - certbot + # - python3-certbot-nginx # Certbot plugin for Nginx + # + #- name: Obtain or renew SSL certificate using Certbot with Nginx + # command: certbot --nginx --domain "{{ SUBDOMAIN }}.{{ DOMAIN_NAME }}" --redirect --non-interactive --agree-tos --email "{{ ACME_EMAIL }}" + # register: certbot_result + # changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout" + # + #- name: Reload Nginx configuration if certificates were obtained or renewed + # service: + # name: nginx + # state: restarted + # when: certbot_result.changed diff --git a/roles/webserver/tasks/request-certificates.yml b/roles/webserver/tasks/request-certificates.yml @@ -1,19 +0,0 @@ ---- -- name: Install Certbot and Certbot Nginx plugin - package: - name: "{{ item }}" - state: present - with_items: - - certbot - - python3-certbot-nginx # Certbot plugin for Nginx - -- name: Obtain or renew SSL certificate using Certbot with Nginx - command: certbot --nginx --domain {{ SUBDOMAIN }}.{{ DOMAIN_NAME }} --redirect --non-interactive --agree-tos --email sysadmin@taler.net - register: certbot_result - changed_when: "'Certificate not yet due for renewal' not in certbot_result.stdout" - -- name: Reload Nginx configuration if certificates were obtained or renewed - service: - name: nginx - state: reloaded - when: certbot_result.changed diff --git a/roles/webserver/tasks/virtualhosts/exchange-nginx.conf.j2 b/roles/webserver/templates/exchange-nginx.conf diff --git a/roles/webserver/vars/main.yml b/roles/webserver/vars/main.yml @@ -1,6 +1,4 @@ --- -DOMAIN_NAME: valenciatech.cloud +DOMAIN_NAME: example.com SUBDOMAIN: exchange -NGINX_SITES_AVAILABLE: /etc/nginx/sites-available -NGINX_SITES_ENABLED: /etc/nginx/sites-enabled -VIRTUALHOST: exchange-nginx.conf +ACME_EMAIL: "example@example.com"