Initial commit

.gitignore

@@ -0,0 +1 @@
+/virtualenv

README.md

@@ -0,0 +1,18 @@
+# ansible-remote-node
+
+[Ansible][] playbook for deploying Wownero remote nodes.
+
+## Funding
+
+Part of a project funded by the Wownero community. Thank you :)
+
+See the [WFS Proposal][] for more info.
+
+## License
+
+Released under the terms of the [Unlicense][].
+See UNLICENSE file in project root for more info.
+
+[Ansible]: https://www.ansible.com/  "Ansible homepage"
+[WFS Proposal]: https://funding.wownero.com/proposal/44  "Funding request"
+[Unlicense]: https://unlicense.org/  "Unlicense homepage"

UNLICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <http://unlicense.org/>

inventory.ini

@@ -0,0 +1,9 @@
+[all]
+de1.wownodes.com
+us1.wownodes.com
+sg1.wownodes.com
+
+[all:vars]
+ansible_python_interpreter='/usr/bin/python3'
+ansible_ssh_common_args='-o StrictHostKeyChecking=no'
+ansible_user='root'

requirements-dev.txt

@@ -0,0 +1,10 @@
+ansible==2.9.11
+ansible-lint==4.2.0
+cffi==1.14.1
+cryptography==3.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+pycparser==2.20
+PyYAML==5.3.1
+ruamel.yaml==0.16.10
+six==1.15.0

requirements.txt

@@ -0,0 +1,8 @@
+ansible==2.9.11
+cffi==1.14.1
+cryptography==3.0
+Jinja2==2.11.2
+MarkupSafe==1.1.1
+pycparser==2.20
+PyYAML==5.3.1
+six==1.15.0

roles/wownerod/defaults/main.yaml

@@ -0,0 +1,8 @@
+---
+wownerod_remote_url: "https://distfiles.offtopica.uk/wownerod-0.8.0.2"
+wownerod_remote_hash: "sha256:ac7bba8924d43dfc9e9cf868737ebebc68591fdc17273cd0b3b9216e959fb0bc"
+wownero_version: "0.8.0.2"
+wownero_bin_dir: "/usr/local/bin"
+wownerod_path: "{{ wownero_bin_dir }}/wownerod"
+wownerod_p2p_port: "34567"
+wownerod_rpc_port: "34568"

roles/wownerod/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+- name: restart wownerod
+  systemd:
+    daemon_reload: yes
+    name: wownerod.service
+    state: restarted

roles/wownerod/tasks/install.yaml

@@ -0,0 +1,11 @@
+---
+- name: Download release binary
+  get_url:
+    url: "{{ wownerod_remote_url }}"
+    dest: "{{ wownerod_path }}"
+    checksum: "{{ wownerod_remote_hash }}"
+    owner: root
+    group: root
+    mode: '0755'
+  notify:
+    - restart wownerod

roles/wownerod/tasks/main.yaml

@@ -0,0 +1,65 @@
+---
+- name: Install ufw
+  apt: name=ufw state=present
+  tags: firewall
+- name: Limit ssh
+  ufw: rule=limit port=ssh proto=tcp
+  tags: firewall
+- name: Enable ufw
+  ufw: state=enabled
+  tags: firewall
+- name: Check if wownerod is installed
+  stat: path="{{ wownerod_path }}"
+  register: stat_wownerod_path
+- name: Check wownerod version
+  command: "{{ wownerod_path }} --version"
+  register: wownerod_version_cmd
+  when: stat_wownerod_path.stat.exists
+- name: Parse wownerod version
+  set_fact:
+    installed_wownerod_version: "{{ wownerod_version_cmd.stdout | regex_search('\\d+\\.\\d+\\.\\d+\\.\\d') }}"
+  when: stat_wownerod_path.stat.exists
+- name: Install wownerod
+  import_tasks: install.yaml
+  when: not stat_wownerod_path.stat.exists or not installed_wownerod_version == wownero_version
+- name: Create wownero user
+  user:
+    name: wownero
+    create_home: no
+    home: /var/lib/wownero
+    shell: /bin/false
+    system: yes
+- name: Install systemd unit file
+  template:
+    src: wownerod.service.j2
+    dest: /etc/systemd/system/wownerod.service
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - restart wownerod
+- name: Install wownerod config file
+  template:
+    src: wownerod.conf.j2
+    dest: /etc/wownerod.conf
+    owner: root
+    group: root
+    mode: '0644'
+  notify:
+    - restart wownerod
+- name: Allow wownerod p2p port
+  ufw:
+    rule: allow
+    port: "{{ wownerod_p2p_port }}"
+    proto: tcp
+  tags: firewall
+- name: Allow wownerod rpc port
+  ufw:
+    rule: allow
+    port: "{{ wownerod_rpc_port }}"
+    proto: tcp
+  tags: firewall
+- name: Enable wownerod service
+  systemd:
+    name: wownerod.service
+    enabled: true

roles/wownerod/templates/wownerod.conf.j2

@@ -0,0 +1,14 @@
+check-updates=disabled
+confirm-external-bind=1
+data-dir=/var/lib/wownero
+log-file=/var/log/wownero/wownerod.log
+log-level=0
+no-igd=1
+p2p-bind-port={{ wownerod_p2p_port }}
+p2p-use-ipv6=1
+public-node=1
+restricted-rpc=1
+rpc-bind-ip=0.0.0.0
+rpc-bind-ipv6-address=::0
+rpc-bind-port={{ wownerod_rpc_port }}
+rpc-use-ipv6=1

roles/wownerod/templates/wownerod.service.j2

@@ -0,0 +1,17 @@
+[Unit]
+Description=Wownero Full Node
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+User=wownero
+Group=wownero
+Environment="MONERO_RANDOMX_UMASK=1"
+StateDirectory=wownero
+LogsDirectory=wownero
+Type=simple
+PIDFile=/run/wownero/wownerod.pid
+ExecStart={{ wownerod_path }} --config-file /etc/wownerod.conf --non-interactive
+
+[Install]
+WantedBy=multi-user.target

site.yaml

@@ -0,0 +1,5 @@
+---
+- hosts: all
+  gather_facts: true
+  roles:
+    - wownerod