b0xxer/bitb0x
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Autogenerating bitcoin_rpcuser / password / and rpcauth data if not defined in hosts file

Browse Source
This commit is contained in:
b0xxer 2024-02-14 07:57:48 -06:00
parent 273102b9a3
commit d39cd9dd74
4 changed files with 76 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hosts
View File

@ -33,9 +33,8 @@ bitcoin_version=26.0
clightning_version=23.11.2
clightning_platform=Fedora-28-amd64
bitcoin_rpcuser=n0xb0x
bitcoin_rpcpassword=VTyzGzBQZn2PdAHgl_mSQPDNJnhNGqQE13N7acOnLIE
#bitcoin_rpcpassword=rVhfmriXjB8uFekmn7sLvnUiY610JaOx
bitcoin_rpcauth=n0xb0x:abc92d2e5020c3071600c7db53075dfc$1a0aff9b8ebcf3889edfa003c64ef81b9b117987da0d97aa967c08ac0c5ad7d2
bitcoin_rpcpassword=8BaOf-luoLM-5zA8V0ozLOtqzZZch2knK9gWIBfafDw
bitcoin_rpcauth=n0xb0x:413f1f82906117464e662853bce33577$80a039d800184a1cffd1de5468b5b2a7442ab1d368a13782e5283e575a9f57b2
electrs_version=0.10.2
zerotier_network=
#Update wariness - 1 = very reluctant to update, 0 = eager to update

23
roles/apps/files/bitcoin/rpcauth.py
View File

@ -1,14 +1,3 @@
#! /usr/bin/env python3
# vim:fenc=utf-8
#
# Copyright © 2024 barry <barry@e14>
#
# Distributed under terms of the MIT license.
"""
bitcoin tool to generate rpcauth
"""
#!/usr/bin/env python3
# Copyright (c) 2015-2021 The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
@ -18,6 +7,7 @@ from argparse import ArgumentParser
from getpass import getpass
from secrets import token_hex, token_urlsafe
import hmac
import json
def generate_salt(size):
"""Create size byte hex salt"""
@ -35,6 +25,7 @@ def main():
parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
parser.add_argument('username', help='the username for authentication')
parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
parser.add_argument("-json", help="output to json instead of plain-text", action='store_true')
args = parser.parse_args()
if not args.password:
@ -46,9 +37,13 @@ def main():
salt = generate_salt(16)
password_hmac = password_to_hmac(salt, args.password)
print('String to be appended to bitcoin.conf:')
print(f'rpcauth={args.username}:{salt}${password_hmac}')
print(f'Your password:\n{args.password}')
if (args.json):
odict={'username':args.username, 'password':args.password, 'rpcauth':f'{args.username}:{salt}${password_hmac}'}
print(json.dumps(odict))
else:
print('String to be appended to bitcoin.conf:')
print(f'rpcauth={args.username}:{salt}${password_hmac}')
print(f'Your password:\n{args.password}')
if __name__ == '__main__':
main()

47
roles/apps/tasks/bitcoin.yml
View File

@ -1,6 +1,53 @@
---
# tasks file for build
#
- name: bitcoin - Generate rpcauth information if unset
register: rpcauth_raw
local_action:
module: ansible.builtin.shell
cmd: python roles/apps/files/bitcoin/rpcauth.py -json {{ansible_hostname}}
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Parse raw rpcauth info into json
local_action:
module: ansible.builtin.set_fact
rpcauth_json: "{{ rpcauth_raw.stdout | from_json }}"
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Write json values (user) to host inventory file
local_action:
module: ansible.builtin.lineinfile
path: hosts
search_string: "bitcoin_rpcuser="
line: "bitcoin_rpcuser={{rpcauth_json.username}}"
insertafter: "^[{{ansible_hostname}}:vars]"
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Write json values (password) to host inventory file
local_action:
module: ansible.builtin.lineinfile
path: hosts
search_string: "bitcoin_rpcpassword="
line: "bitcoin_rpcpassword={{rpcauth_json.password}}"
insertafter: "^[{{ansible_hostname}}:vars]"
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Write json values (auth) to host inventory file
local_action:
module: ansible.builtin.lineinfile
path: hosts
search_string: "bitcoin_rpcauth="
line: "bitcoin_rpcauth={{rpcauth_json.rpcauth}}"
insertafter: "^[{{ansible_hostname}}:vars]"
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Reset local rpc user/auth facts if they changed
ansible.builtin.set_fact:
bitcoin_rpcuser: "{{rpcauth_json.username}}"
bitcoin_rpcpassword: "{{ rpcauth_json.password }}"
bitcoin_rpcauth: "{{ rpcauth_json.rpcauth}}"
when: ((bitcoin_rpcuser is defined) and (bitcoin_rpcuser|length==0)) or ((bitcoin_rpcpassword is defined) and (bitcoin_rpcpassword|length==0)) or ((bitcoin_rpcauth is defined) and (bitcoin_rpcauth|length==0))
- name: bitcoin - Create bitcoin-pod
containers.podman.podman_pod:
name: bitcoin-pod

36
roles/config/tasks/main.yml
View File

@ -7,14 +7,14 @@
register: variant
ansible.builtin.shell: grep VARIANT_ID /etc/os-release | sed 's/VARIANT_ID=//g'
- name: Create /etc/sysusers.d directory
become: yes
become: true
become_method: sudo
ansible.builtin.file:
dest: /etc/sysusers.d
state: directory
- name: Fix parsec bug in Fedora-39
become: yes
become: true
become_method: sudo
ansible.builtin.copy:
src: parsec.conf
@ -23,41 +23,41 @@
when: variant.stdout=="iot"
- name: Enable Cockpit Service
become: yes
become: true
become_method: sudo
ansible.builtin.systemd_service:
name: cockpit.socket
state: started
enabled: yes
enabled: true
- name: Enable Cockpit in firewalld
become: yes
become: true
become_method: sudo
ansible.posix.firewalld:
service: cockpit
permanent: yes
permanent: true
state: enabled
when: variant.stdout=="iot"
- name: Enable Avahi Service
become: yes
become: true
become_method: sudo
ansible.builtin.systemd_service:
name: avahi-daemon
state: started
enabled: yes
enabled: true
- name: Enable mdns in Firewall
become: yes
become: true
become_method: sudo
ansible.posix.firewalld:
service: mdns
permanent: yes
permanent: true
state: enabled
when: variant.stdout=="iot"
- name: Modify nsswitch file for mdns lookups
become: yes
become: true
become_method: sudo
ansible.builtin.lineinfile:
path: /etc/nsswitch.conf
@ -66,23 +66,23 @@
notify: restart_avahi
- name: Set hostname to {{ hostname }}
become: yes
become: true
become_method: sudo
ansible.builtin.hostname:
name: "{{ hostname }}"
notify: restart_avahi
- name: Enable Zerotier
become: yes
become: true
become_method: sudo
ansible.builtin.systemd_service:
name: zerotier-one
state: started
enabled: yes
enabled: true
when: (zerotier_network is defined) and (zerotier_network|length>0)
- name: Mask Fedora countme timer
become: yes
become: true
become_method: sudo
ansible.builtin.systemd_service:
name: rpm-ostree-countme.timer
@ -91,14 +91,14 @@
masked: true
#- name: Set {{ ansible_user }} user to linger
#become: yes
#become: true
#become_method: sudo
#command: loginctl enable-linger {{ ansible_user }}
#args:
#creates: /var/lib/systemd/linger/{{ ansible_user }}
- name: Set update zincati wariness to {{update_wariness}}
become: yes
become: true
become_method: sudo
ansible.builtin.copy:
dest: /etc/zincati/config.d/10-update-wariness.toml
@ -107,7 +107,7 @@
rollout_wariness = {{update_wariness}}
- name: Set update schedule for zincati
become: yes
become: true
become_method: sudo
ansible.builtin.copy:
dest: /etc/zincati/config.d/20-update-schedule.toml