add initial faucet role

Signed-off-by: Jakub Sokołowski <jakub@status.im>

ansible/roles/faucet/README.md

@@ -0,0 +1,12 @@
+# Description
+
+This role configures the [faucet](https://github.com/status-im/faucet) service which provides a REST API for receiving funds from our Ropsten and Rinkeby miner cluster.
+
+# Configuration
+
+The only required settings are:
+```yaml
+faucet_account_pass: 'very-secret-password'
+faucet_network: 'rinkeby-faucet.example.org'
+faucet_domain: 'rinkeby'
+```

ansible/roles/faucet/defaults/main.yml

@@ -0,0 +1,28 @@
+---
+# map of network IDs
+miner_network_ids:
+  frontier: 1
+  morden: 2
+  ropsten: 3
+  rinkeby: 4
+
+faucet_account_pass: ~
+faucet_domain: ~
+faucet_network: ~
+faucet_network_id: '{{ faucet_network_ids[faucet_network] | mandatory }}'
+
+faucet_cont_tag: 'latest'
+faucet_cont_image: 'statusteam/faucet:{{ miner_cont_tag }}'
+faucet_cont_name: 'faucet-api'
+faucet_http_port: 3001
+
+faucet_geth_tag: 'v1.8.23'
+faucet_geth_image: 'ethereum/client-go:{{ faucet_geth_tag }}'
+faucet_geth_name: 'faucet-geth'
+faucet_geth_vol: '/docker/{{ faucet_geth_name }}'
+faucet_geth_rpc_port: 8454
+
+# generic container settings
+cont_state: started
+cont_recreate: false
+cont_restart: false

ansible/roles/faucet/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4
+
+- name: reload nginx
+  service: name=nginx state=reloaded

ansible/roles/faucet/tasks/consul.yml

@@ -0,0 +1,14 @@
+---
+- name: 'Consul service definition - {{ faucet_cont_name }}'
+  include_role: name=consul-service
+  vars:
+    consul_config_name: '{{ faucet_cont_name | replace("-", "_") }}'
+    consul_services:
+      - id: '{{ faucet_cont_name }}'
+        name: '{{ faucet_cont_name }}'
+        port: '{{ faucet_http_port }}'
+        tags: ['{{ env }}.{{ stage }}', 'faucet']
+        checks:
+          - id: faucet-http-health
+            type: http
+            script: 'http://127.0.0.1:{{ faucet_http_port }}/faucet-info'

ansible/roles/faucet/tasks/faucet.yml

@@ -0,0 +1,16 @@
+---
+- name: Create faucet container
+  docker_container:
+    name: '{{ faucet_cont_name }}'
+    image: '{{ faucet_cont_image }}'
+    user: root
+    pull: true
+    restart_policy: always
+    state: '{{ cont_state }}'
+    recreate: '{{ cont_recreate }}'
+    restart: '{{ cont_restart }}'
+    ports:
+      - '127.0.0.1:{{ faucet_http_port | mandatory }}:{{ faucet_http_port }}'
+    command: |
+      -network={{ faucet_network | mandatory }}
+      -acc_pass={{ faucet_account_pass | mandatory }}

ansible/roles/faucet/tasks/firewall.yml

@@ -0,0 +1,12 @@
+---
+- name: Enable faucet HTTP port
+  iptables:
+    comment: 'Enable faucet'
+    action: insert
+    chain: DOCKER-USER
+    jump: ACCEPT
+    source: '0.0.0.0/0'
+    protocol: tcp
+    destination_port: '{{ faucet_http_port }}'
+  notify:
+    - Save iptables rules

ansible/roles/faucet/tasks/geth.yml

@@ -0,0 +1,30 @@
+---
+- name: Create container folders
+  file:
+    path: '{{ miner_geth_vol }}/data'
+    state: directory
+    mode: 0750
+    owner: dockremap
+    group: docker
+
+- name: Create faucet container
+  docker_container:
+    name: '{{ faucet_cont_name }}'
+    image: '{{ faucet_cont_image }}'
+    user: root
+    pull: true
+    restart_policy: always
+    state: '{{ cont_state }}'
+    recreate: '{{ cont_recreate }}'
+    restart: '{{ cont_restart }}'
+    command: |
+      --datadir=/data
+      --networkid={{ faucet_network_id | mandatory }}
+      --syncmode=light
+      --rpc
+      --rpcapi=eth
+      --rpcaddr=0.0.0.0
+      --rpcport={{ faucet_geth_rpc_port }}
+      --v5disc
+    volumes:
+      - '{{ miner_geth_vol }}/data:/date'

ansible/roles/faucet/tasks/main.yml

@@ -0,0 +1,6 @@
+---
+- import_tasks: geth.yml
+- import_tasks: faucet.yml
+- import_tasks: proxy.yml
+- import_tasks: firewall.yml
+- import_tasks: consul.yml

ansible/roles/faucet/tasks/proxy.yml

@@ -0,0 +1,13 @@
+---
+- name: 'Template proxy config: {{ faucet_cont_name }}'
+  template:
+    src: faucet-proxy.conf.j2
+    dest: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf'
+  notify: reload nginx
+
+- name: 'Symlink proxy config: {{ faucet_cont_name }}'
+  file:
+    src: '/etc/nginx/sites-available/{{ faucet_cont_name }}.conf'
+    dest: '/etc/nginx/sites-enabled/{{ faucet_cont_name }}.conf'
+    state: link
+  notify: reload nginx

ansible/roles/faucet/templates/faucet-proxy.conf.j2

@@ -0,0 +1,18 @@
+server {
+    listen 80;
+    server_name {{ faucet_domain | mandatory }};
+    return 302 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl;
+
+    server_name {{ faucet_domain | mandatory }};
+
+    ssl_certificate     /certs/origin.crt;
+    ssl_certificate_key /certs/origin.key;
+
+    location / {
+        proxy_pass http://127.0.0.1:{{ faucet_http_port }}/;
+    }
+}