feat: testnets cd

.editorconfig

@@ -0,0 +1,21 @@
+# editorconfig.org
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[Makefile]
+indent_style = space
+indent_size = 4
+
+[*.{bash,sh}]
+indent_style = space
+indent_size = 4
+
+[*.{yaml,yml}]
+indent_size = 2

.github/workflows/lint-ansible.yaml

@@ -0,0 +1,16 @@
+---
+name: Lint Ansible files
+
+on:
+  push:
+    paths:
+      - 'ansible/**'
+  pull_request:
+    paths:
+      - 'ansible/**'
+
+jobs:
+  ansible-lint:
+    uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main
+    with:
+      args: '-p ansible'

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "ansible.python.interpreterPath": "/home/linuxbrew/.linuxbrew/bin/python3"
+}

ansible/.ansible-lint

@@ -0,0 +1,8 @@
+# .ansible-lint
+skip_list:
+  - yaml[indentation]
+  - yaml[line-length]
+warn_list:
+  - command-instead-of-module
+  - command-instead-of-shell
+  - unnamed-task

ansible/.envrc

@@ -0,0 +1,7 @@
+# Automatically sets up your devbox environment whenever you cd into this
+# directory via our direnv integration:
+
+eval "$(devbox generate direnv --print-envrc)"
+
+# check out https://www.jetpack.io/devbox/docs/ide_configuration/direnv/
+# for more details

ansible/ansible.cfg

@@ -0,0 +1,36 @@
+[defaults]
+# General settings
+nocows                      = True
+executable                  = /bin/bash
+stdout_callback             = yaml
+force_valid_group_names     = ignore
+# File/Directory settings
+log_path                    = ~/.ansible/ansible.log
+inventory                   = ./inventory
+roles_path                  = ~/.ansible/roles:./roles
+collections_path            = ~/.ansible/collections
+remote_tmp                  = ~/.ansible/tmp
+local_tmp                   = ~/.ansible/tmp
+# Fact Caching settings
+fact_caching                = jsonfile
+fact_caching_connection     = ~/.ansible/facts_cache
+# SSH settings
+remote_port                 = 22
+timeout                     = 60
+host_key_checking           = False
+privatekeyfile              = ~/.ssh/id_ed25519
+# Plugin settings
+vars_plugins_enabled        = host_group_vars,community.sops.sops
+
+[inventory]
+unparsed_is_failed          = true
+
+[privilege_escalation]
+become                      = True
+
+[ssh_connection]
+scp_if_ssh                  = smart
+retries                     = 3
+ssh_args                    = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s
+pipelining                  = True
+control_path                = %(directory)s/%%h-%%r

ansible/deploy-prod.yml

@@ -0,0 +1,8 @@
+---
+- name: Deploy all testnets on production
+  hosts: testnet-1
+  become: true
+  gather_facts: true
+  any_errors_fatal: true
+  roles:
+    - role: testnets

ansible/devbox.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json",
+  "packages": [
+    "ansible@latest",
+    "sshpass@latest",
+    "ansible-lint@latest"
+  ],
+  "shell": {
+    "init_hook": [
+      "echo 'Welcome to devbox!' > /dev/null"
+    ],
+    "scripts": {
+      "test": [
+        "echo \"Error: no test specified\" && exit 1"
+      ]
+    }
+  }
+}

ansible/devbox.lock

@@ -0,0 +1,181 @@
+{
+  "lockfile_version": "1",
+  "packages": {
+    "ansible-lint@latest": {
+      "last_modified": "2024-09-12T11:58:09Z",
+      "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#ansible-lint",
+      "source": "devbox-search",
+      "version": "24.7.0",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/8kw0mgmarhdb7q0w4c8fz8bxvr9dfx5n-ansible-lint-24.7.0",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/xc9wdnvblnhig0vn3cf745m52f3pp6an-ansible-lint-24.7.0-dist"
+            }
+          ],
+          "store_path": "/nix/store/8kw0mgmarhdb7q0w4c8fz8bxvr9dfx5n-ansible-lint-24.7.0"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/rd8qm9g5mr6mv3x9vdpmx3fkn5nh854v-ansible-lint-24.7.0",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/9mkxbg37ar9cklrzfbkan8r6ms7a4mwx-ansible-lint-24.7.0-dist"
+            }
+          ],
+          "store_path": "/nix/store/rd8qm9g5mr6mv3x9vdpmx3fkn5nh854v-ansible-lint-24.7.0"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/i122r8v2xw0i2asi2p9wl8pbghi0940x-ansible-lint-24.7.0",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/8d5gbdi0zmdinf1y94bkp7frdv191wvn-ansible-lint-24.7.0-dist"
+            }
+          ],
+          "store_path": "/nix/store/i122r8v2xw0i2asi2p9wl8pbghi0940x-ansible-lint-24.7.0"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/47yhwgfvxbb5asa29c1l456xm5kb3xph-ansible-lint-24.7.0",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/g61gz0img0zkvxs7r69hkngql4j0dlp5-ansible-lint-24.7.0-dist"
+            }
+          ],
+          "store_path": "/nix/store/47yhwgfvxbb5asa29c1l456xm5kb3xph-ansible-lint-24.7.0"
+        }
+      }
+    },
+    "ansible@latest": {
+      "last_modified": "2024-09-12T11:58:09Z",
+      "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#ansible",
+      "source": "devbox-search",
+      "version": "2.17.3",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/4jdf9cb0as37prwlx2ap5m9nqh9njz6r-python3.12-ansible-core-2.17.3",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/q60c9n6j4x56g5i1bihjxcginglhczy6-python3.12-ansible-core-2.17.3-dist"
+            }
+          ],
+          "store_path": "/nix/store/4jdf9cb0as37prwlx2ap5m9nqh9njz6r-python3.12-ansible-core-2.17.3"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/zig81xwrwh7px53ijjw4y66nlxbsvllv-python3.12-ansible-core-2.17.3",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/y4yyxcznzaq2rpvrnl97xr33300kqfhp-python3.12-ansible-core-2.17.3-dist"
+            }
+          ],
+          "store_path": "/nix/store/zig81xwrwh7px53ijjw4y66nlxbsvllv-python3.12-ansible-core-2.17.3"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/a8rp8yf97nfds6w0wspwrlav5qmg862d-python3.12-ansible-core-2.17.3",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/g5y90v14l9vi072ygy7k91yr6p9zpdbn-python3.12-ansible-core-2.17.3-dist"
+            }
+          ],
+          "store_path": "/nix/store/a8rp8yf97nfds6w0wspwrlav5qmg862d-python3.12-ansible-core-2.17.3"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/7qnck0rqk29pjcsa7ikrdllgvlcwr63p-python3.12-ansible-core-2.17.3",
+              "default": true
+            },
+            {
+              "name": "dist",
+              "path": "/nix/store/zzhy27dlgl7hh7j311qrkd61750wxknl-python3.12-ansible-core-2.17.3-dist"
+            }
+          ],
+          "store_path": "/nix/store/7qnck0rqk29pjcsa7ikrdllgvlcwr63p-python3.12-ansible-core-2.17.3"
+        }
+      }
+    },
+    "sshpass@latest": {
+      "last_modified": "2024-09-12T11:58:09Z",
+      "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#sshpass",
+      "source": "devbox-search",
+      "version": "1.10",
+      "systems": {
+        "aarch64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/lhkh0i81b7yj7g37bw6r17q29b25zfag-sshpass-1.10",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/lhkh0i81b7yj7g37bw6r17q29b25zfag-sshpass-1.10"
+        },
+        "aarch64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/jrwfva3l4y1ygrib07b0jnl17w5wdd03-sshpass-1.10",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/jrwfva3l4y1ygrib07b0jnl17w5wdd03-sshpass-1.10"
+        },
+        "x86_64-darwin": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/vh5rzdxhvg1ls1p2j5xyzmzjgmgrkqij-sshpass-1.10",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/vh5rzdxhvg1ls1p2j5xyzmzjgmgrkqij-sshpass-1.10"
+        },
+        "x86_64-linux": {
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/97bimcdwd8gw9yqis5z95qfash5l62g8-sshpass-1.10",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/97bimcdwd8gw9yqis5z95qfash5l62g8-sshpass-1.10"
+        }
+      }
+    }
+  }
+}

ansible/inventory/group_vars/all.yml

@@ -0,0 +1,3 @@
+---
+quadlet_dir: /home/nonroot/.config/containers/systemd/
+quadlet_volumes_dir: /mnt/container-volumes

ansible/inventory/hosts.yaml

@@ -0,0 +1,6 @@
+---
+all:
+  hosts:
+    testnet-1:
+      ansible_host: 91.107.211.214
+      ansible_user: root

ansible/roles/testnets/handlers/main.yml

@@ -0,0 +1,12 @@
+---
+- name: systemd_enableservices_nonroot
+  ansible.builtin.systemd_service:
+    name: "{{ item }}"
+    daemon_reload: true
+    scope: user
+    enabled: true
+    state: restarted
+  loop:
+    - cancri-1-validator-1
+  become: true
+  become_user: nonroot

ansible/roles/testnets/tasks/cancri-1.yml

@@ -0,0 +1,12 @@
+---
+- name: Testnet | cancri-1 | validator-1 | Deploy quadlet files
+  ansible.builtin.template:
+    src: "cancri-1-validator-1/{{ item }}.j2"
+    dest: "{{ quadlet_dir }}/cancri-1-validator-1.{{ item }}"
+    owner: nonroot
+    group: users
+    mode: "0644"
+  loop:
+    - container
+    - volume
+  notify: systemd_enableservices_nonroot

ansible/roles/testnets/tasks/main.yml

@@ -0,0 +1,4 @@
+---
+- ansible.builtin.include_tasks: cancri-1.yml
+  tags:
+    - cancri-1

ansible/roles/testnets/templates/cancri-1-validator-1/container.j2

@@ -0,0 +1,21 @@
+[Unit]
+Description=cancri-1 testnet - cosmos-sdk - validator #1
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+TimeoutStartSec=900
+Restart=always
+RestartSec=3
+
+[Container]
+AutoUpdate=registry
+ContainerName=cancri-1-validator-1
+Image=ghcr.io/auricom/cosmos-sdk:0.52@sha256:2b0a31840ff468c3c49ce1f162b77d72dcf4f86513adc42a328a66dbe00b6c81
+PublishPort=26656:26656
+PublishPort=26657:26657
+Volume=cancri-1-validator-1:/config
+Label=app=cancri-1-validator-1
+
+[Install]
+WantedBy=default.target

ansible/roles/testnets/templates/cancri-1-validator-1/volume.j2

@@ -0,0 +1,6 @@
+[Volume]
+[Unit]
+Description=Cancri-1 Validator-1 Home Volume
+
+[Volume]
+Label=app=cancri-1-validator-1