Autogenerating bitcoin_rpcuser / password / and rpcauth data if not defined in hosts file

hosts

@@ -33,9 +33,8 @@ bitcoin_version=26.0
 clightning_version=23.11.2
 clightning_platform=Fedora-28-amd64
 bitcoin_rpcuser=n0xb0x
-bitcoin_rpcpassword=VTyzGzBQZn2PdAHgl_mSQPDNJnhNGqQE13N7acOnLIE
+bitcoin_rpcpassword=8BaOf-luoLM-5zA8V0ozLOtqzZZch2knK9gWIBfafDw
-#bitcoin_rpcpassword=rVhfmriXjB8uFekmn7sLvnUiY610JaOx
+bitcoin_rpcauth=n0xb0x:413f1f82906117464e662853bce33577$80a039d800184a1cffd1de5468b5b2a7442ab1d368a13782e5283e575a9f57b2
-bitcoin_rpcauth=n0xb0x:abc92d2e5020c3071600c7db53075dfc$1a0aff9b8ebcf3889edfa003c64ef81b9b117987da0d97aa967c08ac0c5ad7d2
 electrs_version=0.10.2
 zerotier_network=
 #Update wariness - 1 = very reluctant to update, 0 = eager to update

roles/apps/files/bitcoin/rpcauth.py

@@ -1,14 +1,3 @@
-#! /usr/bin/env python3
-# vim:fenc=utf-8
-#
-# Copyright © 2024 barry <barry@e14>
-#
-# Distributed under terms of the MIT license.
-
-"""
-bitcoin tool to generate rpcauth
-"""
-
 #!/usr/bin/env python3
 # Copyright (c) 2015-2021 The Bitcoin Core developers
 # Distributed under the MIT software license, see the accompanying
@@ -18,6 +7,7 @@ from argparse import ArgumentParser
 from getpass import getpass
 from secrets import token_hex, token_urlsafe
 import hmac
+import json
 
 def generate_salt(size):
     """Create size byte hex salt"""
@@ -35,6 +25,7 @@ def main():
     parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
     parser.add_argument('username', help='the username for authentication')
     parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
+    parser.add_argument("-json", help="output to json instead of plain-text", action='store_true')
     args = parser.parse_args()
 
     if not args.password:
@@ -46,9 +37,13 @@ def main():
     salt = generate_salt(16)
     password_hmac = password_to_hmac(salt, args.password)
 
-    print('String to be appended to bitcoin.conf:')
+    if (args.json):
-    print(f'rpcauth={args.username}:{salt}${password_hmac}')
+        odict={'username':args.username, 'password':args.password, 'rpcauth':f'{args.username}:{salt}${password_hmac}'}
-    print(f'Your password:\n{args.password}')
+        print(json.dumps(odict))
+    else:
+        print('String to be appended to bitcoin.conf:')
+        print(f'rpcauth={args.username}:{salt}${password_hmac}')
+        print(f'Your password:\n{args.password}')
 
 if __name__ == '__main__':
     main()

roles/apps/tasks/bitcoin.yml

@@ -1,6 +1,53 @@
 ---
 # tasks file for build
 #
+- name: bitcoin - Generate rpcauth information if unset
+  register: rpcauth_raw
+  local_action: 
+    module: ansible.builtin.shell
+    cmd: python roles/apps/files/bitcoin/rpcauth.py -json {{ansible_hostname}}
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+  
+- name: bitcoin - Parse raw rpcauth info into json
+  local_action: 
+    module: ansible.builtin.set_fact
+    rpcauth_json: "{{ rpcauth_raw.stdout | from_json }}"
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+
+- name: bitcoin - Write json values (user) to host inventory file
+  local_action:
+    module: ansible.builtin.lineinfile
+    path: hosts
+    search_string: "bitcoin_rpcuser="
+    line: "bitcoin_rpcuser={{rpcauth_json.username}}"
+    insertafter: "^[{{ansible_hostname}}:vars]"
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+
+- name: bitcoin - Write json values (password) to host inventory file
+  local_action:
+    module: ansible.builtin.lineinfile
+    path: hosts
+    search_string: "bitcoin_rpcpassword="
+    line: "bitcoin_rpcpassword={{rpcauth_json.password}}"
+    insertafter: "^[{{ansible_hostname}}:vars]"
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+
+- name: bitcoin - Write json values (auth) to host inventory file
+  local_action:
+    module: ansible.builtin.lineinfile
+    path: hosts
+    search_string: "bitcoin_rpcauth="
+    line: "bitcoin_rpcauth={{rpcauth_json.rpcauth}}"
+    insertafter: "^[{{ansible_hostname}}:vars]"
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+  
+- name: bitcoin - Reset local rpc user/auth facts if they changed
+  ansible.builtin.set_fact:
+    bitcoin_rpcuser: "{{rpcauth_json.username}}"
+    bitcoin_rpcpassword: "{{ rpcauth_json.password }}"
+    bitcoin_rpcauth: "{{ rpcauth_json.rpcauth}}"
+  when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
+
 - name: bitcoin - Create bitcoin-pod
   containers.podman.podman_pod:
     name: bitcoin-pod

roles/config/tasks/main.yml

@@ -7,14 +7,14 @@
   register: variant
   ansible.builtin.shell: grep VARIANT_ID /etc/os-release | sed 's/VARIANT_ID=//g'
 - name: Create /etc/sysusers.d directory
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.file:
     dest: /etc/sysusers.d
     state: directory
 
 - name: Fix parsec bug in Fedora-39
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.copy:
     src: parsec.conf
@@ -23,41 +23,41 @@
   when: variant.stdout=="iot"
 
 - name: Enable Cockpit Service
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.systemd_service:
     name: cockpit.socket
     state: started
-    enabled: yes
+    enabled: true
 
 - name: Enable Cockpit in firewalld
-  become: yes
+  become: true
   become_method: sudo
   ansible.posix.firewalld:
     service: cockpit
-    permanent: yes
+    permanent: true
     state: enabled
   when: variant.stdout=="iot"
 
 - name: Enable Avahi Service
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.systemd_service:
     name: avahi-daemon
     state: started 
-    enabled: yes  
+    enabled: true  
                
 - name: Enable mdns in Firewall
-  become: yes
+  become: true
   become_method: sudo
   ansible.posix.firewalld:
     service: mdns 
-    permanent: yes
+    permanent: true
     state: enabled
   when: variant.stdout=="iot"
                
 - name: Modify nsswitch file for mdns lookups
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.lineinfile:  
     path: /etc/nsswitch.conf
@@ -66,23 +66,23 @@
   notify: restart_avahi
 
 - name: Set hostname to {{ hostname }}
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.hostname:
     name: "{{ hostname }}"
   notify: restart_avahi
 
 - name: Enable Zerotier
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.systemd_service:
     name: zerotier-one
     state: started
-    enabled: yes
+    enabled: true
   when: (zerotier_network is defined) and (zerotier_network|length>0)
 
 - name: Mask Fedora countme timer
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.systemd_service:
     name: rpm-ostree-countme.timer
@@ -91,14 +91,14 @@
     masked: true
 
 #- name: Set {{ ansible_user }} user to linger
-  #become: yes
+  #become: true
   #become_method: sudo
   #command: loginctl enable-linger {{ ansible_user }}
     #args:
       #creates: /var/lib/systemd/linger/{{ ansible_user }}
 
 - name: Set update zincati wariness to {{update_wariness}}
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.copy:
     dest: /etc/zincati/config.d/10-update-wariness.toml
@@ -107,7 +107,7 @@
       rollout_wariness = {{update_wariness}}
 
 - name: Set update schedule for zincati
-  become: yes
+  become: true
   become_method: sudo
   ansible.builtin.copy:
     dest: /etc/zincati/config.d/20-update-schedule.toml