diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..e74d32d --- /dev/null +++ b/.editorconfig @@ -0,0 +1,21 @@ +# editorconfig.org +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[Makefile] +indent_style = space +indent_size = 4 + +[*.{bash,sh}] +indent_style = space +indent_size = 4 + +[*.{yaml,yml}] +indent_size = 2 \ No newline at end of file diff --git a/.github/workflows/lint-ansible.yaml b/.github/workflows/lint-ansible.yaml new file mode 100644 index 0000000..15187bd --- /dev/null +++ b/.github/workflows/lint-ansible.yaml @@ -0,0 +1,16 @@ +--- +name: Lint Ansible files + +on: + push: + paths: + - 'ansible/**' + pull_request: + paths: + - 'ansible/**' + +jobs: + ansible-lint: + uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main + with: + args: '-p ansible' diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..01b5cc0 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/home/linuxbrew/.linuxbrew/bin/python3" +} \ No newline at end of file diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint new file mode 100644 index 0000000..d425eab --- /dev/null +++ b/ansible/.ansible-lint @@ -0,0 +1,8 @@ +# .ansible-lint +skip_list: + - yaml[indentation] + - yaml[line-length] +warn_list: + - command-instead-of-module + - command-instead-of-shell + - unnamed-task diff --git a/ansible/.envrc b/ansible/.envrc new file mode 100644 index 0000000..84fc8e5 --- /dev/null +++ b/ansible/.envrc @@ -0,0 +1,7 @@ +# Automatically sets up your devbox environment whenever you cd into this +# directory via our direnv integration: + +eval "$(devbox generate direnv --print-envrc)" + +# check out https://www.jetpack.io/devbox/docs/ide_configuration/direnv/ +# for more details diff --git a/ansible/ansible.cfg b/ansible/ansible.cfg new file mode 100644 index 0000000..901d023 --- /dev/null +++ b/ansible/ansible.cfg @@ -0,0 +1,36 @@ +[defaults] +# General settings +nocows = True +executable = /bin/bash +stdout_callback = yaml +force_valid_group_names = ignore +# File/Directory settings +log_path = ~/.ansible/ansible.log +inventory = ./inventory +roles_path = ~/.ansible/roles:./roles +collections_path = ~/.ansible/collections +remote_tmp = ~/.ansible/tmp +local_tmp = ~/.ansible/tmp +# Fact Caching settings +fact_caching = jsonfile +fact_caching_connection = ~/.ansible/facts_cache +# SSH settings +remote_port = 22 +timeout = 60 +host_key_checking = False +privatekeyfile = ~/.ssh/id_ed25519 +# Plugin settings +vars_plugins_enabled = host_group_vars,community.sops.sops + +[inventory] +unparsed_is_failed = true + +[privilege_escalation] +become = True + +[ssh_connection] +scp_if_ssh = smart +retries = 3 +ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o Compression=yes -o ServerAliveInterval=15s +pipelining = True +control_path = %(directory)s/%%h-%%r \ No newline at end of file diff --git a/ansible/deploy-prod.yml b/ansible/deploy-prod.yml new file mode 100644 index 0000000..19fce1b --- /dev/null +++ b/ansible/deploy-prod.yml @@ -0,0 +1,8 @@ +--- +- name: Deploy all testnets on production + hosts: testnet-1 + become: true + gather_facts: true + any_errors_fatal: true + roles: + - role: testnets diff --git a/ansible/devbox.json b/ansible/devbox.json new file mode 100644 index 0000000..db874d0 --- /dev/null +++ b/ansible/devbox.json @@ -0,0 +1,18 @@ +{ + "$schema": "https://raw.githubusercontent.com/jetify-com/devbox/0.12.0/.schema/devbox.schema.json", + "packages": [ + "ansible@latest", + "sshpass@latest", + "ansible-lint@latest" + ], + "shell": { + "init_hook": [ + "echo 'Welcome to devbox!' > /dev/null" + ], + "scripts": { + "test": [ + "echo \"Error: no test specified\" && exit 1" + ] + } + } +} diff --git a/ansible/devbox.lock b/ansible/devbox.lock new file mode 100644 index 0000000..9d8bcdb --- /dev/null +++ b/ansible/devbox.lock @@ -0,0 +1,181 @@ +{ + "lockfile_version": "1", + "packages": { + "ansible-lint@latest": { + "last_modified": "2024-09-12T11:58:09Z", + "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#ansible-lint", + "source": "devbox-search", + "version": "24.7.0", + "systems": { + "aarch64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/8kw0mgmarhdb7q0w4c8fz8bxvr9dfx5n-ansible-lint-24.7.0", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/xc9wdnvblnhig0vn3cf745m52f3pp6an-ansible-lint-24.7.0-dist" + } + ], + "store_path": "/nix/store/8kw0mgmarhdb7q0w4c8fz8bxvr9dfx5n-ansible-lint-24.7.0" + }, + "aarch64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/rd8qm9g5mr6mv3x9vdpmx3fkn5nh854v-ansible-lint-24.7.0", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/9mkxbg37ar9cklrzfbkan8r6ms7a4mwx-ansible-lint-24.7.0-dist" + } + ], + "store_path": "/nix/store/rd8qm9g5mr6mv3x9vdpmx3fkn5nh854v-ansible-lint-24.7.0" + }, + "x86_64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/i122r8v2xw0i2asi2p9wl8pbghi0940x-ansible-lint-24.7.0", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/8d5gbdi0zmdinf1y94bkp7frdv191wvn-ansible-lint-24.7.0-dist" + } + ], + "store_path": "/nix/store/i122r8v2xw0i2asi2p9wl8pbghi0940x-ansible-lint-24.7.0" + }, + "x86_64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/47yhwgfvxbb5asa29c1l456xm5kb3xph-ansible-lint-24.7.0", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/g61gz0img0zkvxs7r69hkngql4j0dlp5-ansible-lint-24.7.0-dist" + } + ], + "store_path": "/nix/store/47yhwgfvxbb5asa29c1l456xm5kb3xph-ansible-lint-24.7.0" + } + } + }, + "ansible@latest": { + "last_modified": "2024-09-12T11:58:09Z", + "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#ansible", + "source": "devbox-search", + "version": "2.17.3", + "systems": { + "aarch64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/4jdf9cb0as37prwlx2ap5m9nqh9njz6r-python3.12-ansible-core-2.17.3", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/q60c9n6j4x56g5i1bihjxcginglhczy6-python3.12-ansible-core-2.17.3-dist" + } + ], + "store_path": "/nix/store/4jdf9cb0as37prwlx2ap5m9nqh9njz6r-python3.12-ansible-core-2.17.3" + }, + "aarch64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/zig81xwrwh7px53ijjw4y66nlxbsvllv-python3.12-ansible-core-2.17.3", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/y4yyxcznzaq2rpvrnl97xr33300kqfhp-python3.12-ansible-core-2.17.3-dist" + } + ], + "store_path": "/nix/store/zig81xwrwh7px53ijjw4y66nlxbsvllv-python3.12-ansible-core-2.17.3" + }, + "x86_64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/a8rp8yf97nfds6w0wspwrlav5qmg862d-python3.12-ansible-core-2.17.3", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/g5y90v14l9vi072ygy7k91yr6p9zpdbn-python3.12-ansible-core-2.17.3-dist" + } + ], + "store_path": "/nix/store/a8rp8yf97nfds6w0wspwrlav5qmg862d-python3.12-ansible-core-2.17.3" + }, + "x86_64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/7qnck0rqk29pjcsa7ikrdllgvlcwr63p-python3.12-ansible-core-2.17.3", + "default": true + }, + { + "name": "dist", + "path": "/nix/store/zzhy27dlgl7hh7j311qrkd61750wxknl-python3.12-ansible-core-2.17.3-dist" + } + ], + "store_path": "/nix/store/7qnck0rqk29pjcsa7ikrdllgvlcwr63p-python3.12-ansible-core-2.17.3" + } + } + }, + "sshpass@latest": { + "last_modified": "2024-09-12T11:58:09Z", + "resolved": "github:NixOS/nixpkgs/280db3decab4cbeb22a4599bd472229ab74d25e1#sshpass", + "source": "devbox-search", + "version": "1.10", + "systems": { + "aarch64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/lhkh0i81b7yj7g37bw6r17q29b25zfag-sshpass-1.10", + "default": true + } + ], + "store_path": "/nix/store/lhkh0i81b7yj7g37bw6r17q29b25zfag-sshpass-1.10" + }, + "aarch64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/jrwfva3l4y1ygrib07b0jnl17w5wdd03-sshpass-1.10", + "default": true + } + ], + "store_path": "/nix/store/jrwfva3l4y1ygrib07b0jnl17w5wdd03-sshpass-1.10" + }, + "x86_64-darwin": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/vh5rzdxhvg1ls1p2j5xyzmzjgmgrkqij-sshpass-1.10", + "default": true + } + ], + "store_path": "/nix/store/vh5rzdxhvg1ls1p2j5xyzmzjgmgrkqij-sshpass-1.10" + }, + "x86_64-linux": { + "outputs": [ + { + "name": "out", + "path": "/nix/store/97bimcdwd8gw9yqis5z95qfash5l62g8-sshpass-1.10", + "default": true + } + ], + "store_path": "/nix/store/97bimcdwd8gw9yqis5z95qfash5l62g8-sshpass-1.10" + } + } + } + } +} diff --git a/ansible/inventory/group_vars/all.yml b/ansible/inventory/group_vars/all.yml new file mode 100644 index 0000000..804932a --- /dev/null +++ b/ansible/inventory/group_vars/all.yml @@ -0,0 +1,3 @@ +--- +quadlet_dir: /home/nonroot/.config/containers/systemd/ +quadlet_volumes_dir: /mnt/container-volumes diff --git a/ansible/inventory/hosts.yaml b/ansible/inventory/hosts.yaml new file mode 100644 index 0000000..a315a88 --- /dev/null +++ b/ansible/inventory/hosts.yaml @@ -0,0 +1,6 @@ +--- +all: + hosts: + testnet-1: + ansible_host: 91.107.211.214 + ansible_user: root diff --git a/ansible/roles/testnets/handlers/main.yml b/ansible/roles/testnets/handlers/main.yml new file mode 100644 index 0000000..c42efd5 --- /dev/null +++ b/ansible/roles/testnets/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: Systemd_enableservices_nonroot + ansible.builtin.systemd_service: + name: "{{ item }}" + daemon_reload: true + scope: user + enabled: true + state: restarted + loop: + - cancri-1-validator-1 + become: true + become_user: nonroot diff --git a/ansible/roles/testnets/tasks/cancri-1.yml b/ansible/roles/testnets/tasks/cancri-1.yml new file mode 100644 index 0000000..61120d5 --- /dev/null +++ b/ansible/roles/testnets/tasks/cancri-1.yml @@ -0,0 +1,12 @@ +--- +- name: Testnet | cancri-1 | validator-1 | Deploy quadlet files + ansible.builtin.template: + src: "cancri-1-validator-1/{{ item }}.j2" + dest: "{{ quadlet_dir }}/cancri-1-validator-1.{{ item }}" + owner: nonroot + group: users + mode: "0644" + loop: + - container + - volume + notify: systemd_enableservices_nonroot diff --git a/ansible/roles/testnets/tasks/main.yml b/ansible/roles/testnets/tasks/main.yml new file mode 100644 index 0000000..2b7bde6 --- /dev/null +++ b/ansible/roles/testnets/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- name: Cancri-1 Testnet + ansible.builtin.include_tasks: cancri-1.yml + tags: + - cancri-1 diff --git a/ansible/roles/testnets/templates/cancri-1-validator-1/container.j2 b/ansible/roles/testnets/templates/cancri-1-validator-1/container.j2 new file mode 100644 index 0000000..ec473a2 --- /dev/null +++ b/ansible/roles/testnets/templates/cancri-1-validator-1/container.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=cancri-1 testnet - cosmos-sdk - validator #1 +After=network-online.target +Wants=network-online.target + +[Service] +TimeoutStartSec=900 +Restart=always +RestartSec=3 + +[Container] +AutoUpdate=registry +ContainerName=cancri-1-validator-1 +Image=ghcr.io/auricom/cosmos-sdk:0.52@sha256:2b0a31840ff468c3c49ce1f162b77d72dcf4f86513adc42a328a66dbe00b6c81 +PublishPort=26656:26656 +PublishPort=26657:26657 +Volume=cancri-1-validator-1:/config +Label=app=cancri-1-validator-1 + +[Install] +WantedBy=default.target diff --git a/ansible/roles/testnets/templates/cancri-1-validator-1/volume.j2 b/ansible/roles/testnets/templates/cancri-1-validator-1/volume.j2 new file mode 100644 index 0000000..732cd28 --- /dev/null +++ b/ansible/roles/testnets/templates/cancri-1-validator-1/volume.j2 @@ -0,0 +1,6 @@ +[Volume] +[Unit] +Description=Cancri-1 Validator-1 Home Volume + +[Volume] +Label=app=cancri-1-validator-1