Add base for lnd

ansible/group_vars/all/main.yml

@@ -2,12 +2,15 @@
 # main
 main_dc_name: columbia
 
+# hashicorp defaults
+hashi_arch: amd64
+
 # consul
-consul_version: 1.8.4
+consul_version: 1.9.1
 consul_domain: masked.name
 
 # vault
-vault_version: 1.5.2
+vault_version: 1.6.1
 vault_pki_policy: masked-dot-name
 vault_ca_cert_name: MaskedName_Root_CA.crt
 vault_ca_cert_payload: |
@@ -56,9 +59,12 @@ vault_ca_cert_payload: |
   -----END CERTIFICATE-----
 
 # nomad
-nomad_version: 0.12.5
+nomad_version: 1.0.1
 nomad_podman_driver_version: 0.1.0
 
 # podman
-podman_version: 2.0.6+dfsg1-2
+podman_version: 2.1.1+dfsg1-4
+
+# lnd
+lnd_version: v0.12.0-beta.rc3
 ...

ansible/host_vars/redwingcherokee.minhas.io/main.yml

@@ -0,0 +1,5 @@
+---
+hashi_arch: arm
+consul_arch: armhfv6
+lnd_arch: armv7
+...

ansible/inventory.txt

@@ -3,12 +3,16 @@ fatman.minhas.io
 ivyking.minhas.io
 ranger.minhas.io
 sedan.minhas.io
+redwingcherokee.minhas.io
 
 [consul_server]
 fatman.minhas.io
 ivyking.minhas.io
 sedan.minhas.io
 
+[lnd]
+redwingcherokee.minhas.io
+
 [nexus]
 ivyking.minhas.io
 

ansible/playbooks/lnd.yml

@@ -0,0 +1,7 @@
+---
+- hosts: lnd
+  roles:
+    - role: tor
+    - role: bitcoind
+    - role: lnd
+...

ansible/playbooks/site.yml

@@ -5,4 +5,5 @@
 - import_playbook: consul-client.yml
 - import_playbook: nomad.yml
 - import_playbook: nexus.yml
+- import_playbook: lnd.yml
 ...

ansible/roles/bitcoind/files/bitcoind.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Bitcoin daemon
+
+[Service]
+ExecStartPre=/bin/sh -c 'sleep 30'
+ExecStart=/usr/bin/bitcoind -daemon -conf=/home/bitcoind/.bitcoin/bitcoin.conf -pid=/home/bitcoind/.bitcoin/bitcoind.pid
+PIDFile=/home/bitcoind/.bitcoin/bitcoind.pid
+User=bitcoind
+Group=bitcoind
+Type=forking
+KillMode=process
+Restart=always
+TimeoutSec=120
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/bitcoind/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload systemd
+  systemd:
+    daemon_reload: True
+...

ansible/roles/bitcoind/tasks/main.yml

@@ -0,0 +1,53 @@
+---
+- name: create bitcoind group
+  group:
+    name: bitcoind
+    state: present
+
+- name: create bitcoind user
+  user:
+    name: bitcoind
+    group: bitcoind
+    state: present
+    shell: /bin/bash
+    home:  /home/bitcoind
+
+- name: ensure bitcoind config directory exists
+  file:
+    path: /home/bitcoind/.bitcoin
+    state: directory
+    owner: bitcoind
+    group: bitcoind
+    mode: '0750'
+
+- name: ensure bitcoind mount exists
+  mount:
+    path: /home/bitcoind/.bitcoin
+    src: /dev/sda1
+    fstype: ext4
+    opts: defaults
+    state: present
+
+- name: install bitcoind
+  apt:
+    name: bitcoind
+    state: present
+
+- name: ensure bitcoind service file exists
+  copy:
+    src: files/bitcoind.service
+    dest: /etc/systemd/system/bitcoind.service
+    mode: 0755
+    owner: root
+    group: root
+  notify: reload systemd
+
+- name: flush handlers for systemd reloading
+  meta: flush_handlers
+
+- name: ensure bitcoind is enabled and started
+  systemd:
+    name: bitcoind
+    state: started
+    enabled: True
+...

ansible/roles/common/tasks/Debian.yml

@@ -14,10 +14,12 @@
 - name: install default packages
   apt:
     name:
+      - acl
       - dbus
       - git
       - htop
       - inxi
+      - make
       - ncdu
       - netcat
       - ntp
@@ -27,6 +29,7 @@
       - sysstat
       - tmux
       - tree
+      - unzip
       - vim
     state: present
 

ansible/roles/common/tasks/Debian_pki.yml

@@ -25,7 +25,7 @@
 
 - name: get vault
   unarchive:
-    src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_amd64.zip"
+    src: "https://releases.hashicorp.com/vault/{{ vault_version }}/vault_{{ vault_version }}_linux_{{ hashi_arch }}.zip"
     dest: /usr/local/bin/
     mode: 0755
     owner: root

ansible/roles/consul/defaults/main.yml

@@ -1,3 +1,4 @@
 ---
 consul_config_path: /etc/consul.d
+consul_arch: '{{ hashi_arch }}'
 ...

ansible/roles/consul/tasks/Debian.yml

@@ -55,7 +55,7 @@
 
 - name: get consul
   unarchive:
-    src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
+    src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_{{ consul_arch }}.zip"
     dest: /usr/local/bin/
     mode: 0755
     owner: root

ansible/roles/lnd/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+lnd_arch: amd64
+...

ansible/roles/lnd/tasks/main.yml

@@ -0,0 +1,30 @@
+---
+- name: ensure go/bin dir exists for bitcoind user
+  file:
+    path: /home/bitcoind/go/bin
+    state: directory
+    owner: bitcoind
+    group: bitcoind
+    mode: 0750
+
+- name: check if lnd is installed
+  stat:
+    path: /home/bitcoind/go/bin/lnd
+  register: lnd_binary
+
+- name: check lnd version
+  shell: /home/bitcoind/go/bin/lnd --version | cut -d ' ' -f3
+  when: lnd_binary.stat.exists
+  changed_when: False
+  register: lnd_installed_version
+
+- name: update lnd
+  unarchive:
+    src: 'https://github.com/lightningnetwork/lnd/releases/download/{{ lnd_version }}/lnd-linux-{{ lnd_arch }}-{{ lnd_version }}.tar.gz'
+    dest: /home/bitcoind/go/bin/
+    owner: bitcoind
+    group: bitcoind
+    remote_src: True
+    extra_opts: [--strip-components=1]
+  when: (lnd_binary.stat.exists == False) or (lnd_version != lnd_installed_version)
+...

ansible/roles/tor/tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- name: ensure tor exists
+  apt:
+    name: tor
+    state: present
+
+- name: ensure tor is started and enabled
+  systemd:
+    name: tor
+    state: started
+    enabled: True