diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..9806036 --- /dev/null +++ b/Makefile @@ -0,0 +1,3 @@ +update: + + ansible-playbook -i hosts main.yml --ask-become-pass diff --git a/hosts b/hosts new file mode 100644 index 0000000..8936bbc --- /dev/null +++ b/hosts @@ -0,0 +1,11 @@ +# Server Names and their IP Addresses Go Here + +[bitb0x] +192.168.2.103 + +# Each Server should have a "vars" block like below to set individual settings for each +# +[bitb0x:vars] +ansible_user=b0xxy +ansible_password=b0xxy + diff --git a/main.yml b/main.yml new file mode 100644 index 0000000..2aee175 --- /dev/null +++ b/main.yml @@ -0,0 +1,14 @@ +--- + +- hosts: bitb0x + vars: + + roles: + - install + - bitcoin + - config + + tasks: + + - name: Example from an Ansible Playbook + ansible.builtin.ping: diff --git a/podman/bitcoin/Containerfile b/podman/bitcoin/Containerfile new file mode 100644 index 0000000..5270e99 --- /dev/null +++ b/podman/bitcoin/Containerfile @@ -0,0 +1,68 @@ +#Based on Dockerflie from Kyle Manna - https://github.com/kylemanna/docker-bitcoind + +FROM almalinux/9-minimal AS build + +RUN microdnf update -y \ + && microdnf install -y \ + ca-certificates \ + gnupg2 \ + libatomic \ + wget \ + tar \ + gzip \ + && microdnf clean all && rm -fr /tmp/* /var/tmp/* + +ARG VERSION=26.0 +ARG BITCOIN_CORE_SIGNATURE=71A3B16735405025D447E8F274810B012346C9A6 +ENV GOSU_VERSION 1.17 + +RUN cd /tmp \ + && gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys ${BITCOIN_CORE_SIGNATURE} \ + && wget https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS.asc \ + https://bitcoincore.org/bin/bitcoin-core-${VERSION}/SHA256SUMS \ + https://bitcoincore.org/bin/bitcoin-core-${VERSION}/bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz \ + && gpg --verify --status-fd 1 --verify SHA256SUMS.asc SHA256SUMS 2>/dev/null | grep "^\[GNUPG:\] VALIDSIG.*${BITCOIN_CORE_SIGNATURE}\$" \ + && sha256sum --ignore-missing --check SHA256SUMS \ + && tar -xzvf bitcoin-${VERSION}-x86_64-linux-gnu.tar.gz -C /opt \ + && ln -sv bitcoin-${VERSION} /opt/bitcoin \ + && /opt/bitcoin/bin/test_bitcoin --show_progress \ + && rm -v /opt/bitcoin/bin/test_bitcoin /opt/bitcoin/bin/bitcoin-qt + +RUN wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64"; \ + wget -O /usr/local/bin/gosu.asc "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-amd64.asc"; \ + \ +# verify the signature + export GNUPGHOME="$(mktemp -d)"; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \ + gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \ + gpgconf --kill all; \ + rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc; + +FROM almalinux/9-minimal +LABEL maintainer="b0xxer@b0xxy.net" + +ENTRYPOINT ["entrypoint.sh"] +ENV HOME /bitcoin +EXPOSE 8332 8333 +VOLUME ["/bitcoin/.bitcoin"] +WORKDIR /bitcoin + +COPY --from=build /opt/ /opt/ +COPY --from=build /usr/local/bin/gosu /usr/local/bin/ + +RUN microdnf update -y \ + && microdnf install -y libatomic shadow-utils \ + && microdnf clean all && rm -rf /tmp/* /var/tmp/* \ + && ln -sv /opt/bitcoin/bin/* /usr/local/bin + +ARG GROUP_ID=1000 +ARG USER_ID=1000 +RUN groupadd -g ${GROUP_ID} bitcoin \ + && useradd -u ${USER_ID} -g bitcoin -d /bitcoin bitcoin + + +COPY ./bin ./entrypoint.sh /usr/local/bin/ +RUN chmod +x /usr/local/bin/entrypoint.sh && chmod +x /usr/local/bin/gosu \ + && chmod +x /usr/local/bin/btc_oneshot && chmod +x /usr/local/bin/btc_init + +CMD ["btc_oneshot"] diff --git a/podman/bitcoin/bin/btc_init b/podman/bitcoin/bin/btc_init new file mode 100644 index 0000000..8dbae0e --- /dev/null +++ b/podman/bitcoin/bin/btc_init @@ -0,0 +1,25 @@ +#!/bin/bash + +set -ex + +# This shouldn't be in the Dockerfile or containers built from the same image +# will have the same credentials. +if [ ! -e "$HOME/.bitcoin/bitcoin.conf" ]; then + mkdir -p $HOME/.bitcoin + + echo "Creating bitcoin.conf" + + # Seed a random password for JSON RPC server + cat < $HOME/.bitcoin/bitcoin.conf +regtest=${REGTEST:-0} +disablewallet=${DISABLEWALLET:-1} +printtoconsole=${PRINTTOCONSOLE:-1} +rpcuser=${RPCUSER:-bitcoinrpc} +rpcpassword=${RPCPASSWORD:-`dd if=/dev/urandom bs=33 count=1 2>/dev/null | base64`} +EOF + +fi + +cat $HOME/.bitcoin/bitcoin.conf + +echo "Initialization completed successfully" diff --git a/podman/bitcoin/bin/btc_oneshot b/podman/bitcoin/bin/btc_oneshot new file mode 100644 index 0000000..690f447 --- /dev/null +++ b/podman/bitcoin/bin/btc_oneshot @@ -0,0 +1,16 @@ +#!/bin/sh + +set -ex + +# Generate bitcoin.conf +btc_init + +# Default / no argument invocation listens for RPC commands and has to accept non-localhost because of +# Docker port proxying or Docker private networking. +if [ $# -eq 0 ]; then + # If IPv6 is in the container do both: + #set -- '-rpcbind=[::]:8332' '-rpcallowip=::/0' '-rpcallowip=0.0.0.0/0' + set -- '-rpcbind=:8332' '-rpcallowip=0.0.0.0/0' +fi + +exec bitcoind "$@" diff --git a/podman/bitcoin/entrypoint.sh b/podman/bitcoin/entrypoint.sh new file mode 100644 index 0000000..ce4a57c --- /dev/null +++ b/podman/bitcoin/entrypoint.sh @@ -0,0 +1,18 @@ +#!/bin/sh +set -e + +# first arg is `-f` or `--some-option` +# or first arg is `something.conf` +if [ "${1#-}" != "$1" ] || [ "${1%.conf}" != "$1" ]; then + set -- btc_oneshot "$@" +fi + +# Allow the container to be started with `--user`, if running as root drop privileges +if [ "$1" = 'btc_oneshot' -a "$(id -u)" = '0' ]; then + chown -R bitcoin . + exec gosu bitcoin "$0" "$@" +fi + +# If not root (i.e. docker run --user $USER ...), then run as invoked +exec "$@" + diff --git a/podman/bitcoin/run.sh b/podman/bitcoin/run.sh new file mode 100644 index 0000000..5023b0e --- /dev/null +++ b/podman/bitcoin/run.sh @@ -0,0 +1,9 @@ +#! /bin/sh +# +# Distributed under terms of the MIT license. +# + +podman pod create --name bitcoin-pod -p 8333:8333 -p 127.0.0.1:8332:8332 +podman volume create --name=bitcoind-data +podman run -v bitcoind-data:/bitcoin/.bitcoin --pod bitcoin-pod --name=bitcoind-node -d \ + git.b0xxy.net/b0xxer/bitcoin:26 diff --git a/roles/bitcoin/README.md b/roles/bitcoin/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/bitcoin/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/bitcoin/defaults/main.yml b/roles/bitcoin/defaults/main.yml new file mode 100644 index 0000000..2c17c2c --- /dev/null +++ b/roles/bitcoin/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for bitcoin diff --git a/roles/bitcoin/handlers/main.yml b/roles/bitcoin/handlers/main.yml new file mode 100644 index 0000000..fb3f1de --- /dev/null +++ b/roles/bitcoin/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for bitcoin diff --git a/roles/bitcoin/meta/main.yml b/roles/bitcoin/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/bitcoin/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/bitcoin/tasks/main.yml b/roles/bitcoin/tasks/main.yml new file mode 100644 index 0000000..a462c82 --- /dev/null +++ b/roles/bitcoin/tasks/main.yml @@ -0,0 +1,2 @@ +--- +# tasks file for bitcoin diff --git a/roles/bitcoin/tests/inventory b/roles/bitcoin/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/bitcoin/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/bitcoin/tests/test.yml b/roles/bitcoin/tests/test.yml new file mode 100644 index 0000000..3bf7590 --- /dev/null +++ b/roles/bitcoin/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - bitcoin diff --git a/roles/bitcoin/vars/main.yml b/roles/bitcoin/vars/main.yml new file mode 100644 index 0000000..c6935b1 --- /dev/null +++ b/roles/bitcoin/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for bitcoin diff --git a/roles/config/README.md b/roles/config/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/config/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/config/defaults/main.yml b/roles/config/defaults/main.yml new file mode 100644 index 0000000..2a36380 --- /dev/null +++ b/roles/config/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for config diff --git a/roles/config/handlers/main.yml b/roles/config/handlers/main.yml new file mode 100644 index 0000000..272031c --- /dev/null +++ b/roles/config/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for config diff --git a/roles/config/meta/main.yml b/roles/config/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/config/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/config/tasks/main.yml b/roles/config/tasks/main.yml new file mode 100644 index 0000000..cc16256 --- /dev/null +++ b/roles/config/tasks/main.yml @@ -0,0 +1,62 @@ +--- +# tasks file for config +# +# +- import_tasks: parsec-bug.yml + +- name: Enable Cockpit Service + become: yes + become_method: sudo + ansible.builtin.systemd_service: + name: cockpit.socket + state: started + enabled: yes + +- name: Enable cockpit in firewalld + become: yes + become_method: sudo + ansible.posix.firewalld: + service: cockpit + permanent: yes + state: enabled + +- name: Enable Avahi Service + become: yes + become_method: sudo + ansible.builtin.systemd_service: + name: avahi-daemon + state: started + enabled: yes + +- name: Enable mdns in Firewall + become: yes + become_method: sudo + ansible.posix.firewalld: + service: mdns + permanent: yes + state: enabled + +- name: Modify nsswitch file for mdns lookups + become: yes + become_method: sudo + ansible.builtin.lineinfile: + path: /etc/nsswitch.conf + regexp: '^hosts:' + line: 'hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname' + +- name: Set hostname to bitb0x + become: yes + become_method: sudo + ansible.builtin.hostname: + name: bitb0x + +- name: Refresh gpg keys + shell: gpg --keyserver hkps://keys.openpgp.org --refresh-keys + +- name: Enable Avahi Service + become: yes + become_method: sudo + ansible.builtin.systemd_service: + name: avahi-daemon + state: restarted + diff --git a/roles/config/tasks/parsec-bug.yml b/roles/config/tasks/parsec-bug.yml new file mode 100644 index 0000000..83d8251 --- /dev/null +++ b/roles/config/tasks/parsec-bug.yml @@ -0,0 +1,4 @@ +# get user id: ls -ln /var/lib | grep parsec | grep -v dbus | awk '{print $3}' +# sudo mkdir /etc/sysusers.d +# echo "u parsec 983 \"parsec user\" /var/lib/parsec /sbin/nologin" | sudo tee /etc/sysusers.d/parsec.conf +# sudo chown -R parsec:parsec /var/lib/parsec diff --git a/roles/config/tests/inventory b/roles/config/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/config/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/config/tests/test.yml b/roles/config/tests/test.yml new file mode 100644 index 0000000..f4826c1 --- /dev/null +++ b/roles/config/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - config diff --git a/roles/config/vars/main.yml b/roles/config/vars/main.yml new file mode 100644 index 0000000..5ed2f0d --- /dev/null +++ b/roles/config/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for config diff --git a/roles/install/README.md b/roles/install/README.md new file mode 100644 index 0000000..225dd44 --- /dev/null +++ b/roles/install/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/install/defaults/main.yml b/roles/install/defaults/main.yml new file mode 100644 index 0000000..6f84363 --- /dev/null +++ b/roles/install/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for install diff --git a/roles/install/handlers/main.yml b/roles/install/handlers/main.yml new file mode 100644 index 0000000..a1f371c --- /dev/null +++ b/roles/install/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for install diff --git a/roles/install/meta/main.yml b/roles/install/meta/main.yml new file mode 100644 index 0000000..c572acc --- /dev/null +++ b/roles/install/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/install/tasks/main.yml b/roles/install/tasks/main.yml new file mode 100644 index 0000000..44e6498 --- /dev/null +++ b/roles/install/tasks/main.yml @@ -0,0 +1,31 @@ +--- +# tasks file for install +# + +- name: Install packages + become: yes + become_method: sudo + register: reboot_status + community.general.rpm_ostree_pkg: + name: + - podman + - podman-compose + - gpg + - git + - avahi + - nss-mdns + - cockpit + - cockpit-networkmanager + - cockpit-ostree + - cockpit-podman + +- name: Reboot System + become: yes + become_method: sudo + ansible.builtin.reboot: + ignore_errors: true + when: reboot_status['changed']==True + + + + diff --git a/roles/install/tests/inventory b/roles/install/tests/inventory new file mode 100644 index 0000000..878877b --- /dev/null +++ b/roles/install/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/install/tests/test.yml b/roles/install/tests/test.yml new file mode 100644 index 0000000..9116fa7 --- /dev/null +++ b/roles/install/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - install diff --git a/roles/install/vars/main.yml b/roles/install/vars/main.yml new file mode 100644 index 0000000..b658f78 --- /dev/null +++ b/roles/install/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for install