commit 3ca64f164d7d769f31675d414b065e26edc04560 Author: Matt Smith Date: Tue Aug 4 23:23:26 2020 +0100 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..80c7a75 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/virtualenv diff --git a/README.md b/README.md new file mode 100644 index 0000000..fb1e7c3 --- /dev/null +++ b/README.md @@ -0,0 +1,18 @@ +# ansible-remote-node + +[Ansible][] playbook for deploying Wownero remote nodes. + +## Funding + +Part of a project funded by the Wownero community. Thank you :) + +See the [WFS Proposal][] for more info. + +## License + +Released under the terms of the [Unlicense][]. +See UNLICENSE file in project root for more info. + +[Ansible]: https://www.ansible.com/ "Ansible homepage" +[WFS Proposal]: https://funding.wownero.com/proposal/44 "Funding request" +[Unlicense]: https://unlicense.org/ "Unlicense homepage" diff --git a/UNLICENSE b/UNLICENSE new file mode 100644 index 0000000..68a49da --- /dev/null +++ b/UNLICENSE @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to diff --git a/inventory.ini b/inventory.ini new file mode 100644 index 0000000..87b18f0 --- /dev/null +++ b/inventory.ini @@ -0,0 +1,9 @@ +[all] +de1.wownodes.com +us1.wownodes.com +sg1.wownodes.com + +[all:vars] +ansible_python_interpreter='/usr/bin/python3' +ansible_ssh_common_args='-o StrictHostKeyChecking=no' +ansible_user='root' diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 0000000..37fd7ea --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,10 @@ +ansible==2.9.11 +ansible-lint==4.2.0 +cffi==1.14.1 +cryptography==3.0 +Jinja2==2.11.2 +MarkupSafe==1.1.1 +pycparser==2.20 +PyYAML==5.3.1 +ruamel.yaml==0.16.10 +six==1.15.0 diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..df08dac --- /dev/null +++ b/requirements.txt @@ -0,0 +1,8 @@ +ansible==2.9.11 +cffi==1.14.1 +cryptography==3.0 +Jinja2==2.11.2 +MarkupSafe==1.1.1 +pycparser==2.20 +PyYAML==5.3.1 +six==1.15.0 diff --git a/roles/wownerod/defaults/main.yaml b/roles/wownerod/defaults/main.yaml new file mode 100644 index 0000000..afc38ce --- /dev/null +++ b/roles/wownerod/defaults/main.yaml @@ -0,0 +1,8 @@ +--- +wownerod_remote_url: "https://distfiles.offtopica.uk/wownerod-0.8.0.2" +wownerod_remote_hash: "sha256:ac7bba8924d43dfc9e9cf868737ebebc68591fdc17273cd0b3b9216e959fb0bc" +wownero_version: "0.8.0.2" +wownero_bin_dir: "/usr/local/bin" +wownerod_path: "{{ wownero_bin_dir }}/wownerod" +wownerod_p2p_port: "34567" +wownerod_rpc_port: "34568" diff --git a/roles/wownerod/handlers/main.yaml b/roles/wownerod/handlers/main.yaml new file mode 100644 index 0000000..21a1a35 --- /dev/null +++ b/roles/wownerod/handlers/main.yaml @@ -0,0 +1,6 @@ +--- +- name: restart wownerod + systemd: + daemon_reload: yes + name: wownerod.service + state: restarted diff --git a/roles/wownerod/tasks/install.yaml b/roles/wownerod/tasks/install.yaml new file mode 100644 index 0000000..4c492b1 --- /dev/null +++ b/roles/wownerod/tasks/install.yaml @@ -0,0 +1,11 @@ +--- +- name: Download release binary + get_url: + url: "{{ wownerod_remote_url }}" + dest: "{{ wownerod_path }}" + checksum: "{{ wownerod_remote_hash }}" + owner: root + group: root + mode: '0755' + notify: + - restart wownerod diff --git a/roles/wownerod/tasks/main.yaml b/roles/wownerod/tasks/main.yaml new file mode 100644 index 0000000..8000e1c --- /dev/null +++ b/roles/wownerod/tasks/main.yaml @@ -0,0 +1,65 @@ +--- +- name: Install ufw + apt: name=ufw state=present + tags: firewall +- name: Limit ssh + ufw: rule=limit port=ssh proto=tcp + tags: firewall +- name: Enable ufw + ufw: state=enabled + tags: firewall +- name: Check if wownerod is installed + stat: path="{{ wownerod_path }}" + register: stat_wownerod_path +- name: Check wownerod version + command: "{{ wownerod_path }} --version" + register: wownerod_version_cmd + when: stat_wownerod_path.stat.exists +- name: Parse wownerod version + set_fact: + installed_wownerod_version: "{{ wownerod_version_cmd.stdout | regex_search('\\d+\\.\\d+\\.\\d+\\.\\d') }}" + when: stat_wownerod_path.stat.exists +- name: Install wownerod + import_tasks: install.yaml + when: not stat_wownerod_path.stat.exists or not installed_wownerod_version == wownero_version +- name: Create wownero user + user: + name: wownero + create_home: no + home: /var/lib/wownero + shell: /bin/false + system: yes +- name: Install systemd unit file + template: + src: wownerod.service.j2 + dest: /etc/systemd/system/wownerod.service + owner: root + group: root + mode: '0644' + notify: + - restart wownerod +- name: Install wownerod config file + template: + src: wownerod.conf.j2 + dest: /etc/wownerod.conf + owner: root + group: root + mode: '0644' + notify: + - restart wownerod +- name: Allow wownerod p2p port + ufw: + rule: allow + port: "{{ wownerod_p2p_port }}" + proto: tcp + tags: firewall +- name: Allow wownerod rpc port + ufw: + rule: allow + port: "{{ wownerod_rpc_port }}" + proto: tcp + tags: firewall +- name: Enable wownerod service + systemd: + name: wownerod.service + enabled: true diff --git a/roles/wownerod/templates/wownerod.conf.j2 b/roles/wownerod/templates/wownerod.conf.j2 new file mode 100644 index 0000000..a555325 --- /dev/null +++ b/roles/wownerod/templates/wownerod.conf.j2 @@ -0,0 +1,14 @@ +check-updates=disabled +confirm-external-bind=1 +data-dir=/var/lib/wownero +log-file=/var/log/wownero/wownerod.log +log-level=0 +no-igd=1 +p2p-bind-port={{ wownerod_p2p_port }} +p2p-use-ipv6=1 +public-node=1 +restricted-rpc=1 +rpc-bind-ip=0.0.0.0 +rpc-bind-ipv6-address=::0 +rpc-bind-port={{ wownerod_rpc_port }} +rpc-use-ipv6=1 diff --git a/roles/wownerod/templates/wownerod.service.j2 b/roles/wownerod/templates/wownerod.service.j2 new file mode 100644 index 0000000..8563a07 --- /dev/null +++ b/roles/wownerod/templates/wownerod.service.j2 @@ -0,0 +1,17 @@ +[Unit] +Description=Wownero Full Node +After=network-online.target +Wants=network-online.target + +[Service] +User=wownero +Group=wownero +Environment="MONERO_RANDOMX_UMASK=1" +StateDirectory=wownero +LogsDirectory=wownero +Type=simple +PIDFile=/run/wownero/wownerod.pid +ExecStart={{ wownerod_path }} --config-file /etc/wownerod.conf --non-interactive + +[Install] +WantedBy=multi-user.target diff --git a/site.yaml b/site.yaml new file mode 100644 index 0000000..788b63f --- /dev/null +++ b/site.yaml @@ -0,0 +1,5 @@ +--- +- hosts: all + gather_facts: true + roles: + - wownerod