diff --git a/ansible/roles/faucet/README.md b/ansible/roles/faucet/README.md new file mode 100644 index 0000000..c85935b --- /dev/null +++ b/ansible/roles/faucet/README.md @@ -0,0 +1,12 @@ +# Description + +This role configures the [faucet](https://github.com/status-im/faucet) service which provides a REST API for receiving funds from our Ropsten and Rinkeby miner cluster. + +# Configuration + +The only required settings are: +```yaml +faucet_account_pass: 'very-secret-password' +faucet_network: 'rinkeby-faucet.example.org' +faucet_domain: 'rinkeby' +``` diff --git a/ansible/roles/faucet/defaults/main.yml b/ansible/roles/faucet/defaults/main.yml new file mode 100644 index 0000000..8ce8d6f --- /dev/null +++ b/ansible/roles/faucet/defaults/main.yml @@ -0,0 +1,28 @@ +--- +# map of network IDs +miner_network_ids: + frontier: 1 + morden: 2 + ropsten: 3 + rinkeby: 4 + +faucet_account_pass: ~ +faucet_domain: ~ +faucet_network: ~ +faucet_network_id: '{{ faucet_network_ids[faucet_network] | mandatory }}' + +faucet_cont_tag: 'latest' +faucet_cont_image: 'statusteam/faucet:{{ miner_cont_tag }}' +faucet_cont_name: 'faucet-api' +faucet_http_port: 3001 + +faucet_geth_tag: 'v1.8.23' +faucet_geth_image: 'ethereum/client-go:{{ faucet_geth_tag }}' +faucet_geth_name: 'faucet-geth' +faucet_geth_vol: '/docker/{{ faucet_geth_name }}' +faucet_geth_rpc_port: 8454 + +# generic container settings +cont_state: started +cont_recreate: false +cont_restart: false diff --git a/ansible/roles/faucet/handlers/main.yml b/ansible/roles/faucet/handlers/main.yml new file mode 100644 index 0000000..bb5d7e5 --- /dev/null +++ b/ansible/roles/faucet/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Save iptables rules + shell: iptables-save > /etc/iptables/rules.v4 + +- name: reload nginx + service: name=nginx state=reloaded diff --git a/ansible/roles/faucet/tasks/consul.yml b/ansible/roles/faucet/tasks/consul.yml new file mode 100644 index 0000000..dccb3c4 --- /dev/null +++ b/ansible/roles/faucet/tasks/consul.yml @@ -0,0 +1,14 @@ +--- +- name: 'Consul service definition - {{ faucet_cont_name }}' + include_role: name=consul-service + vars: + consul_config_name: '{{ faucet_cont_name | replace("-", "_") }}' + consul_services: + - id: '{{ faucet_cont_name }}' + name: '{{ faucet_cont_name }}' + port: '{{ faucet_http_port }}' + tags: ['{{ env }}.{{ stage }}', 'faucet'] + checks: + - id: faucet-http-health + type: http + script: 'http://127.0.0.1:{{ faucet_http_port }}/faucet-info' diff --git a/ansible/roles/faucet/tasks/faucet.yml b/ansible/roles/faucet/tasks/faucet.yml new file mode 100644 index 0000000..a48fda9 --- /dev/null +++ b/ansible/roles/faucet/tasks/faucet.yml @@ -0,0 +1,16 @@ +--- +- name: Create faucet container + docker_container: + name: '{{ faucet_cont_name }}' + image: '{{ faucet_cont_image }}' + user: root + pull: true + restart_policy: always + state: '{{ cont_state }}' + recreate: '{{ cont_recreate }}' + restart: '{{ cont_restart }}' + ports: + - '127.0.0.1:{{ faucet_http_port | mandatory }}:{{ faucet_http_port }}' + command: | + -network={{ faucet_network | mandatory }} + -acc_pass={{ faucet_account_pass | mandatory }} diff --git a/ansible/roles/faucet/tasks/firewall.yml b/ansible/roles/faucet/tasks/firewall.yml new file mode 100644 index 0000000..bda6dc7 --- /dev/null +++ b/ansible/roles/faucet/tasks/firewall.yml @@ -0,0 +1,12 @@ +--- +- name: Enable faucet HTTP port + iptables: + comment: 'Enable faucet' + action: insert + chain: DOCKER-USER + jump: ACCEPT + source: '0.0.0.0/0' + protocol: tcp + destination_port: '{{ faucet_http_port }}' + notify: + - Save iptables rules diff --git a/ansible/roles/faucet/tasks/geth.yml b/ansible/roles/faucet/tasks/geth.yml new file mode 100644 index 0000000..fad07f6 --- /dev/null +++ b/ansible/roles/faucet/tasks/geth.yml @@ -0,0 +1,30 @@ +--- +- name: Create container folders + file: + path: '{{ miner_geth_vol }}/data' + state: directory + mode: 0750 + owner: dockremap + group: docker + +- name: Create faucet container + docker_container: + name: '{{ faucet_cont_name }}' + image: '{{ faucet_cont_image }}' + user: root + pull: true + restart_policy: always + state: '{{ cont_state }}' + recreate: '{{ cont_recreate }}' + restart: '{{ cont_restart }}' + command: | + --datadir=/data + --networkid={{ faucet_network_id | mandatory }} + --syncmode=light + --rpc + --rpcapi=eth + --rpcaddr=0.0.0.0 + --rpcport={{ faucet_geth_rpc_port }} + --v5disc + volumes: + - '{{ miner_geth_vol }}/data:/date' diff --git a/ansible/roles/faucet/tasks/main.yml b/ansible/roles/faucet/tasks/main.yml new file mode 100644 index 0000000..f013138 --- /dev/null +++ b/ansible/roles/faucet/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- import_tasks: geth.yml +- import_tasks: faucet.yml +- import_tasks: proxy.yml +- import_tasks: firewall.yml +- import_tasks: consul.yml diff --git a/ansible/roles/faucet/tasks/proxy.yml b/ansible/roles/faucet/tasks/proxy.yml new file mode 100644 index 0000000..6ee3cc9 --- /dev/null +++ b/ansible/roles/faucet/tasks/proxy.yml @@ -0,0 +1,13 @@ +--- +- name: 'Template proxy config: {{ faucet_cont_name }}' + template: + src: faucet-proxy.conf.j2 + dest: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf' + notify: reload nginx + +- name: 'Symlink proxy config: {{ faucet_cont_name }}' + file: + src: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf' + dest: '/etc/nginx/sites-enabled/{{ faucet_cont_name }}.conf' + state: link + notify: reload nginx diff --git a/ansible/roles/faucet/templates/faucet-proxy.conf.j2 b/ansible/roles/faucet/templates/faucet-proxy.conf.j2 new file mode 100644 index 0000000..6c78c4b --- /dev/null +++ b/ansible/roles/faucet/templates/faucet-proxy.conf.j2 @@ -0,0 +1,18 @@ +server { + listen 80; + server_name {{ faucet_domain | mandatory }}; + return 302 https://$host$request_uri; +} + +server { + listen 443 ssl; + + server_name {{ faucet_domain | mandatory }}; + + ssl_certificate /certs/origin.crt; + ssl_certificate_key /certs/origin.key; + + location / { + proxy_pass http://127.0.0.1:{{ faucet_http_port }}/; + } +}