zcdziura/debt-pirate
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Rework playbooks to setup initial server

Browse source
This commit is contained in:
Z. Charles Dziura 2025-02-08 20:01:11 -05:00
parent a98c7df133
commit 3e84a21dcd
15 changed files with 2755 additions and 283 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
admin/README.md Normal file
View file

@ -0,0 +1,4 @@
## Required Ansible Modules
- community.general
- community.postgresql

6
admin/includes/00-make-base-system/couchdb.xml Normal file
View file

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>CouchDB</short>
<description>Apache CouchDB</description>
<port protocol="tcp" port="5984"/>
</service>

2
admin/includes/pg_hba.conf → admin/includes/00-make-base-system/pg_hba.conf
View file

@ -90,7 +90,7 @@
local all postgres peer
# TYPE DATABASE USER ADDRESS METHOD
host all all 192.168.1.1/16 scram-sha-256
host all all 192.168.0.0/16 scram-sha-256
# "local" is for Unix domain socket connections only
local all all peer

132
admin/includes/postgresql.conf → admin/includes/00-make-base-system/postgresql.conf
View file

@ -39,15 +39,15 @@
# The default values of these variables are driven from the -D command-line
# option or PGDATA environment variable, represented here as ConfigDir.
data_directory = '/var/lib/postgresql/15/main' # use data in another directory
data_directory = '/var/lib/postgresql/17/main' # use data in another directory
# (change requires restart)
hba_file = '/etc/postgresql/15/main/pg_hba.conf' # host-based authentication file
hba_file = '/etc/postgresql/17/main/pg_hba.conf' # host-based authentication file
# (change requires restart)
ident_file = '/etc/postgresql/15/main/pg_ident.conf' # ident configuration file
ident_file = '/etc/postgresql/17/main/pg_ident.conf' # ident configuration file
# (change requires restart)
# If external_pid_file is not explicitly set, no extra PID file is written.
external_pid_file = '/var/run/postgresql/15-main.pid' # write an extra PID file
external_pid_file = '/var/run/postgresql/17-main.pid' # write an extra PID file
# (change requires restart)
@ -57,15 +57,15 @@ external_pid_file = '/var/run/postgresql/15-main.pid' # write an extra PID fil
# - Connection Settings -
listen_addresses = '*'
#listen_addresses = 'localhost' # what IP address(es) to listen on;
listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)
max_connections = 100 # (change requires restart)
#reserved_connections = 0 # (change requires restart)
#superuser_reserved_connections = 3 # (change requires restart)
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
# (change requires restart)
#unix_socket_group = '' # (change requires restart)
#unix_socket_permissions = 0777 # begin with 0 to use octal notation
@ -95,21 +95,22 @@ unix_socket_directories = '/var/run/postgresql' # comma-separated list of direct
#authentication_timeout = 1min # 1s-600s
#password_encryption = scram-sha-256 # scram-sha-256 or md5
#db_user_namespace = off
#scram_iterations = 4096
# GSSAPI using Kerberos
#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
#krb_caseins_users = off
#gss_accept_delegation = off
# - SSL -
ssl = on
ssl = off
#ssl_ca_file = ''
ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
# ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
#ssl_crl_file = ''
#ssl_crl_dir = ''
ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
# ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
#ssl_prefer_server_ciphers = on
#ssl_ecdh_curve = 'prime256v1'
#ssl_min_protocol_version = 'TLSv1.2'
@ -138,8 +139,8 @@ shared_buffers = 128MB # min 128kB
# you actively intend to use prepared transactions.
#work_mem = 4MB # min 64kB
#hash_mem_multiplier = 2.0 # 1-1000.0 multiplier on hash table work_mem
#maintenance_work_mem = 64MB # min 1MB
#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem
#maintenance_work_mem = 64MB # min 64kB
#autovacuum_work_mem = -1 # min 64kB, or -1 to use maintenance_work_mem
#logical_decoding_work_mem = 64MB # min 64kB
#max_stack_depth = 2MB # min 100kB
#shared_memory_type = mmap # the default is the first option
@ -156,12 +157,27 @@ dynamic_shared_memory_type = posix # the default is usually the first option
# mmap
# (change requires restart)
#min_dynamic_shared_memory = 0MB # (change requires restart)
#vacuum_buffer_usage_limit = 2MB # size of vacuum and analyze buffer access strategy ring;
# 0 to disable vacuum buffer access strategy;
# range 128kB to 16GB
# SLRU buffers (change requires restart)
#commit_timestamp_buffers = 0 # memory for pg_commit_ts (0 = auto)
#multixact_offset_buffers = 16 # memory for pg_multixact/offsets
#multixact_member_buffers = 32 # memory for pg_multixact/members
#notify_buffers = 16 # memory for pg_notify
#serializable_buffers = 32 # memory for pg_serial
#subtransaction_buffers = 0 # memory for pg_subtrans (0 = auto)
#transaction_buffers = 0 # memory for pg_xact (0 = auto)
# - Disk -
#temp_file_limit = -1 # limits per-process temp file space
# in kilobytes, or -1 for no limit
#max_notify_queue_pages = 1048576 # limits the number of SLRU pages allocated
# for NOTIFY / LISTEN queue
# - Kernel Resources -
#max_files_per_process = 1000 # min 64
@ -187,14 +203,13 @@ dynamic_shared_memory_type = posix # the default is usually the first option
#backend_flush_after = 0 # measured in pages, 0 disables
#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching
#maintenance_io_concurrency = 10 # 1-1000; 0 disables prefetching
#io_combine_limit = 128kB # usually 1-32 blocks (depends on OS)
#max_worker_processes = 8 # (change requires restart)
#max_parallel_workers_per_gather = 2 # limited by max_parallel_workers
#max_parallel_maintenance_workers = 2 # limited by max_parallel_workers
#max_parallel_workers = 8 # number of max_worker_processes that
# can be used in parallel operations
#parallel_leader_participation = on
#old_snapshot_threshold = -1 # 1min-60d; -1 disables; 0 is immediate
# (change requires restart)
#------------------------------------------------------------------------------
@ -244,29 +259,29 @@ min_wal_size = 80MB
# - Prefetching during recovery -
#recovery_prefetch = try # prefetch pages referenced in the WAL?
#wal_decode_buffer_size = 512kB # lookahead window used for prefetching
# (change requires restart)
#recovery_prefetch = try # prefetch pages referenced in the WAL?
#wal_decode_buffer_size = 512kB # lookahead window used for prefetching
# (change requires restart)
# - Archiving -
#archive_mode = off # enables archiving; off, on, or always
# (change requires restart)
#archive_library = '' # library to use to archive a logfile segment
#archive_library = '' # library to use to archive a WAL file
# (empty string indicates archive_command should
# be used)
#archive_command = '' # command to use to archive a logfile segment
#archive_command = '' # command to use to archive a WAL file
# placeholders: %p = path of file to archive
# %f = file name only
# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
#archive_timeout = 0 # force a logfile segment switch after this
#archive_timeout = 0 # force a WAL file switch after this
# number of seconds; 0 disables
# - Archive Recovery -
# These are only used in recovery mode.
#restore_command = '' # command to use to restore an archived logfile segment
#restore_command = '' # command to use to restore an archived WAL file
# placeholders: %p = path of file to restore
# %f = file name only
# e.g. 'cp /mnt/server/archivedir/%f %p'
@ -278,7 +293,7 @@ min_wal_size = 80MB
# Set these only when performing a targeted recovery.
#recovery_target = '' # 'immediate' to end recovery as soon as a
# consistent state is reached
# consistent state is reached
# (change requires restart)
#recovery_target_name = '' # the named restore point to which recovery will proceed
# (change requires restart)
@ -288,14 +303,19 @@ min_wal_size = 80MB
# (change requires restart)
#recovery_target_lsn = '' # the WAL LSN up to which recovery will proceed
# (change requires restart)
#recovery_target_inclusive = on # Specifies whether to stop:
#recovery_target_inclusive = on # Specifies whether to stop:
# just after the specified recovery target (on)
# just before the recovery target (off)
# (change requires restart)
#recovery_target_timeline = 'latest' # 'current', 'latest', or timeline ID
# (change requires restart)
# (change requires restart)
#recovery_target_action = 'pause' # 'pause', 'promote', 'shutdown'
# (change requires restart)
# (change requires restart)
# - WAL Summarization -
#summarize_wal = off # run WAL summarizer process?
#wal_summary_keep_time = '10d' # when to remove old summary files, 0 = never
#------------------------------------------------------------------------------
@ -324,7 +344,8 @@ min_wal_size = 80MB
# method to choose sync standbys, number of sync standbys,
# and comma-separated list of application_name
# from standby(s); '*' = all
#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed
#synchronized_standby_slots = '' # streaming replication standby server slot
# names that logical walsender processes will wait for
# - Standby Servers -
@ -332,7 +353,6 @@ min_wal_size = 80MB
#primary_conninfo = '' # connection string to sending server
#primary_slot_name = '' # replication slot on sending server
#promote_trigger_file = '' # file name whose presence ends recovery
#hot_standby = on # "off" disallows queries during recovery
# (change requires restart)
#max_standby_archive_delay = 30s # max delay before canceling queries
@ -353,6 +373,7 @@ min_wal_size = 80MB
#wal_retrieve_retry_interval = 5s # time to wait before retrying to
# retrieve WAL after a failed attempt
#recovery_min_apply_delay = 0 # minimum delay for applying changes during recovery
#sync_replication_slots = off # enables slot synchronization on the physical standby from the primary
# - Subscribers -
@ -361,6 +382,7 @@ min_wal_size = 80MB
#max_logical_replication_workers = 4 # taken from max_worker_processes
# (change requires restart)
#max_sync_workers_per_subscription = 2 # taken from max_logical_replication_workers
#max_parallel_apply_workers_per_subscription = 2 # taken from max_logical_replication_workers
#------------------------------------------------------------------------------
@ -386,9 +408,11 @@ min_wal_size = 80MB
#enable_partition_pruning = on
#enable_partitionwise_join = off
#enable_partitionwise_aggregate = off
#enable_presorted_aggregate = on
#enable_seqscan = on
#enable_sort = on
#enable_tidscan = on
#enable_group_by_reordering = on
# - Planner Cost Constants -
@ -397,7 +421,7 @@ min_wal_size = 80MB
#cpu_tuple_cost = 0.01 # same scale as above
#cpu_index_tuple_cost = 0.005 # same scale as above
#cpu_operator_cost = 0.0025 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#parallel_setup_cost = 1000.0 # same scale as above
#parallel_tuple_cost = 0.1 # same scale as above
#min_parallel_table_scan_size = 8MB
#min_parallel_index_scan_size = 512kB
@ -458,7 +482,7 @@ min_wal_size = 80MB
#log_directory = 'log' # directory where log files are written,
# can be absolute or relative to PGDATA
#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern,
# can include strftime() escapes
# can include strftime() escapes
#log_file_mode = 0600 # creation mode for log files,
# begin with 0 to use octal notation
#log_rotation_age = 1d # Automatic rotation of logfiles will
@ -597,12 +621,9 @@ log_line_prefix = '%m [%p] %q%u@%d ' # special values:
# -1 disables, 0 logs all temp files
log_timezone = 'Etc/UTC'
# - Process Title -
#------------------------------------------------------------------------------
# PROCESS TITLE
#------------------------------------------------------------------------------
cluster_name = '15/main' # added to process titles if nonempty
cluster_name = '17/main' # added to process titles if nonempty
# (change requires restart)
#update_process_title = on
@ -619,7 +640,7 @@ cluster_name = '15/main' # added to process titles if nonempty
#track_io_timing = off
#track_wal_io_timing = off
#track_functions = none # none, pl, all
#stats_fetch_consistency = cache
#stats_fetch_consistency = cache # cache, none, snapshot
# - Monitoring -
@ -643,19 +664,19 @@ cluster_name = '15/main' # added to process titles if nonempty
#autovacuum_vacuum_threshold = 50 # min number of row updates before
# vacuum
#autovacuum_vacuum_insert_threshold = 1000 # min number of row inserts
# before vacuum; -1 disables insert
# vacuums
# before vacuum; -1 disables insert
# vacuums
#autovacuum_analyze_threshold = 50 # min number of row updates before
# analyze
#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum
#autovacuum_vacuum_insert_scale_factor = 0.2 # fraction of inserts over table
# size before insert vacuum
# size before insert vacuum
#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze
#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum
# (change requires restart)
#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age
# before forced vacuum
# (change requires restart)
# before forced vacuum
# (change requires restart)
#autovacuum_vacuum_cost_delay = 2ms # default vacuum cost delay for
# autovacuum, in milliseconds;
# -1 means use vacuum_cost_delay
@ -692,10 +713,11 @@ cluster_name = '15/main' # added to process titles if nonempty
#default_transaction_read_only = off
#default_transaction_deferrable = off
#session_replication_role = 'origin'
#statement_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#statement_timeout = 0 # in milliseconds, 0 is disabled
#transaction_timeout = 0 # in milliseconds, 0 is disabled
#lock_timeout = 0 # in milliseconds, 0 is disabled
#idle_in_transaction_session_timeout = 0 # in milliseconds, 0 is disabled
#idle_session_timeout = 0 # in milliseconds, 0 is disabled
#idle_session_timeout = 0 # in milliseconds, 0 is disabled
#vacuum_freeze_table_age = 150000000
#vacuum_freeze_min_age = 50000000
#vacuum_failsafe_age = 1600000000
@ -706,13 +728,15 @@ cluster_name = '15/main' # added to process titles if nonempty
#xmlbinary = 'base64'
#xmloption = 'content'
#gin_pending_list_limit = 4MB
#createrole_self_grant = '' # set and/or inherit
#event_triggers = on
# - Locale and Formatting -
datestyle = 'iso, mdy'
#intervalstyle = 'postgres'
timezone = 'Etc/UTC'
#timezone_abbreviations = 'Default' # Select the set of available time zone
#timezone_abbreviations = 'Default' # Select the set of available time zone
# abbreviations. Currently, there are
# Default
# Australia (historical usage)
@ -725,11 +749,14 @@ timezone = 'Etc/UTC'
# encoding
# These settings are initialized by initdb, but they can be changed.
lc_messages = 'en_US.UTF-8' # locale for system error message
lc_messages = 'en_US.UTF-8' # locale for system error message
# strings
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
lc_numeric = 'en_US.UTF-8' # locale for number formatting
lc_time = 'en_US.UTF-8' # locale for time formatting
lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
lc_numeric = 'en_US.UTF-8' # locale for number formatting
lc_time = 'en_US.UTF-8' # locale for time formatting
#icu_validation_level = warning # report ICU locale validation
# errors at the given level
# default configuration for text search
default_text_search_config = 'pg_catalog.english'
@ -738,7 +765,7 @@ default_text_search_config = 'pg_catalog.english'
#local_preload_libraries = ''
#session_preload_libraries = ''
#shared_preload_libraries = '' # (change requires restart)
#shared_preload_libraries = '' # (change requires restart)
#jit_provider = 'llvmjit' # JIT library to use
# - Other Defaults -
@ -761,7 +788,7 @@ default_text_search_config = 'pg_catalog.english'
#max_pred_locks_per_relation = -2 # negative values mean
# (max_pred_locks_per_transaction
# / -max_pred_locks_per_relation) - 1
#max_pred_locks_per_page = 2 # min 0
#max_pred_locks_per_page = 2 # min 0
#------------------------------------------------------------------------------
@ -781,6 +808,7 @@ default_text_search_config = 'pg_catalog.english'
# - Other Platforms and Clients -
#transform_null_equals = off
#allow_alter_system = on
#------------------------------------------------------------------------------

16
admin/includes/00-make-base-system/sources.list Normal file
View file

@ -0,0 +1,16 @@
deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
# deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
# deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
# trixie-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
deb http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
# deb-src http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
# This system was installed using small removable media
# (e.g. netinst, live or single CD). The matching "deb cdrom"
# entries were disabled at the end of the installation process.
# For information about how to configure apt package sources,
# see the sources.list(5) manual.

1
admin/includes/users.acl → admin/includes/00-make-base-system/users.acl
View file

@ -1,2 +1 @@
user debt_pirate on >H553jOui2734 +multi +ping +@keyspace +@read +@string +@hash +@set +@pubsub ~*debt_pirate* &*debt_pirate*
user default off

2394
admin/includes/00-make-base-system/valkey.conf Normal file
View file

File diff suppressed because it is too large Load diff

201
admin/playbooks/00-make-base-system.yml Normal file
View file

@ -0,0 +1,201 @@
---
- hosts: alpha
become: true
vars_files:
- '{{ inventory_dir }}/vars.yml'
tags:
- base
tasks:
- name: Upgrade base system to Trixie
tags:
- requires_reboot
block:
- name: Update base system packages
ansible.builtin.apt:
update_cache: true
upgrade: true
- name: Do full system upgrade
ansible.builtin.apt:
upgrade: full
- name: Change package sources file to pull from Trixie
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/sources.list'
dest: '{{ etc_apt }}/sources.list'
backup: true
- name: Clear and fill local apt cache with Trixie packages
ansible.builtin.apt:
clean: true
update_cache: true
- name: Update base system packages to Trixie versions
ansible.builtin.apt:
upgrade: true
- name: Do full system upgrade for remaining Trixie versions
ansible.builtin.apt:
upgrade: full
- name: Autoremove old packages
ansible.builtin.apt:
autoremove: true
- name: Reboot the system
ansible.builtin.reboot:
- name: Install necessary software packages
tags:
- base
ansible.builtin.package:
name: neovim,python3-pip,python3-pexpect,python3-psycopg2
state: present
- name: Enable and configure the firewall
tags:
- firewall
block:
- name: Install firewalld
ansible.builtin.package:
name: nftables,firewalld
state: present
- name: Define a firewalld service for CouchDB
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml'
dest: '{{ etc_firewalld_services }}/couchdb.xml'
- name: Reload firewalld
ansible.builtin.command:
cmd: 'firewall-cmd --reload'
- name: Add all of the necessary services to firewalld
ansible.builtin.command:
cmd: 'firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb'
- name: Reload firewalld to apply service changes
ansible.builtin.command:
cmd: 'firewall-cmd --reload'
- name: Install and set up databases
tags:
- database
block:
- name: Install Valkey and PostgreSQL
tags:
- postgres
ansible.builtin.package:
update_cache: true
name: valkey-server,postgresql
state: present
- name: Copy Postgres config file
tags:
- postgres
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf'
dest: '{{ etc_postgres }}/postgresql.conf'
- name: Copy Postgres pg_hba file
tags:
- postgres
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf'
dest: '{{ etc_postgres }}/pg_hba.conf'
- name: Restart Postgres
tags:
- postgres
ansible.builtin.systemd_service:
name: postgresql.service
state: restarted
- name: Create DebtPirate database user account
# no_log: true
tags:
- postgres
ansible.builtin.expect:
command: 'su -c "createuser -d -P debt_pirate" - postgres'
creates: /root/.dp-user-created
responses:
'Enter': HRURqlUmtjIy
- name: Create 'db user created' file
tags:
- postgres
ansible.builtin.file:
path: /root/.dp-user-created
state: touch
- name: Create DebtPirate database
tags:
- postgres
ansible.builtin.command:
cmd: 'su -c "createdb -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres'
creates: /root/.dp-db-created
- name: Create 'db created' file
tags:
- postgres
ansible.builtin.file:
path: /root/.dp-db-created
state: touch
- name: Copy Valkey conf file to destination
tags:
- valkey
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/valkey.conf'
dest: '{{ etc_valkey }}/valkey.conf'
backup: true
- name: Copy Valkey acl file to destination
tags:
- valkey
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/00-make-base-system/users.acl'
dest: '{{ etc_valkey }}/users.acl'
- name: Restart Valkey
tags:
- valkey
ansible.builtin.systemd_service:
name: valkey.service
state: restarted
# - name: Install build dependencies for ValkeyJSON
# tags:
# - valkey
# ansible.builtin.package:
# name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
# state: present
# - name: Download ValkeyJSON module
# tags:
# - valkey
# ansible.builtin.get_url:
# url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip
# dest: '{{ usr_src_valkey_json }}.zip'
# - name: Unzip ValkeyJSON source
# tags:
# - valkey
# ansible.builtin.unarchive:
# remote_src: true
# src: '{{ usr_src_valkey_json }}.zip'
# dest: /usr/local/src
# - name: Compile ValkeyJSON
# tags:
# - valkey
# environment:
# SERVER_VERSION: '{{ valkey_version }}'
# ansible.builtin.command:
# chdir: '{{ usr_src_valkey_json }}'
# cmd: '{{ usr_src_valkey_json }}/build.sh'
# - name: Restart Valkey
# ansible.builtin.systemd_service:
# name: valkey.service
# state: restarted

16
admin/playbooks/01-setup.yml
View file

@ -1,16 +0,0 @@
---
- hosts: alpha
become: yes
tasks:
- name: Update System and Packages
ansible.builtin.apt:
update_cache: yes
upgrade: yes
- name: Install Basic Tools
ansible.builtin.package:
name: curl,python3-pip,python3-pexpect,vim
state: present
- import_playbook: 01-setup/setup-base-system.yml
# - import_playbook: 01-setup/setup-valkey.yml
# - import_playbook: 01-setup/setup-postgres.yml

19
admin/playbooks/01-setup/setup-base-system.yml
View file

@ -1,19 +0,0 @@
---
- name: Setup Base System
hosts: alpha
become: yes
vars_files:
- '{{ inventory_dir }}/vars.yml'
tasks:
- name: Install UFW
ansible.builtin.package:
name: ufw
state: present
- name: Allow Access to Named Applications
community.general.ufw:
rule: allow
name: '{{ item }}'
delete: true
loop:
- OpenSSH
- WWW Full

33
admin/playbooks/01-setup/setup-postgres.yml
View file

@ -1,33 +0,0 @@
---
- name: Setup Postgres
hosts: alpha
become: yes
vars_files:
- '{{ inventory_dir }}/vars.yml'
tasks:
- name: Install Postgres
ansible.builtin.package:
name: postgresql
state: present
- name: Copy Postgres Configuration File
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/postgresql.conf'
dest: '{{ postgres_etc }}/postgresql.conf'
- name: Copy Postgres HBA File
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/pg_hba.conf'
dest: '{{ postgres_etc }}/pg_hba.conf'
- name: Restart Postgres
ansible.builtin.systemd_service:
name: postgresql.service
state: restarted
- name: Create Debt Pirate Database User
ansible.builtin.expect:
creates: /root/.db-user-created
command: 'su -c "createuser -d debt_pirate" - postgres'
responses:
"^[Pp]assword": "HRURqlUmtjIy"
- name: Create Debt Pirate Database
ansible.builtin.command:
creates: /root/.db-created
cmd: 'su -c "createdb -E UTF8 -l en_US -O debt_pirate debt_pirate" - postgres'

156
admin/playbooks/01-setup/setup-valkey.yml
View file

@ -1,156 +0,0 @@
---
- name: Setup Valkey
hosts: alpha
become: yes
vars_files:
- '{{ inventory_dir }}/vars.yml'
tasks:
- name: Install Build Dependencies
ansible.builtin.package:
name: build-essential,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
state: present
- name: Create System User for Valkey
ansible.builtin.user:
name: valkey
system: true
create_home: false
tags:
- valkey
- name: Download Valkey Source Code
ansible.builtin.get_url:
url: https://github.com/valkey-io/valkey/archive/refs/tags/{{ valkey_version }}.zip
dest: '{{ valkey_src }}.zip'
tags:
- valkey
- build
- name: Unzip Valkey Source Code
ansible.builtin.unarchive:
src: '{{ valkey_src }}.zip'
dest: /usr/local/src
remote_src: true
tags:
- valkey
- build
- name: Compile Valkey
community.general.make:
chdir: '{{ valkey_src }}'
params:
BUILD_TLS: module
USE_SYSTEMD: yes
tags:
- valkey
- build
- name: Run Valkey Tests
ansible.builtin.command:
chdir: '{{ valkey_src }}'
argv:
- make
- test
tags:
- valkey
- tests
- name: Install Valkey
community.general.make:
chdir: '{{ valkey_src }}'
target: install
tags:
- valkey
- name: Create Valkey Config Directory
ansible.builtin.file:
path: /etc/valkey
state: directory
owner: valkey
group: valkey
mode: 0770
tags:
- valkey
- name: Create Valkey Runtime Directory
ansible.builtin.file:
path: /var/lib/valkey
state: directory
owner: valkey
group: valkey
mode: 0770
tags:
- valkey
- name: Enable ACL File in Valkey Config
ansible.builtin.lineinfile:
path: '{{ valkey_src }}/valkey.conf'
firstmatch: true
regex: '^# aclfile'
line: aclfile /etc/valkey/users.acl
- name: Copy Included Valkey Config File to Config Directory
ansible.builtin.copy:
remote_src: true
src: '{{ valkey_src }}/valkey.conf'
dest: /etc/valkey/valkey.conf
owner: valkey
group: valkey
mode: 0640
tags:
- valkey
- name: Copy Valkey ACL File to Config Directory
ansible.builtin.copy:
src: '{{ inventory_dir }}/includes/users.acl'
dest: /etc/valkey/users.acl
owner: valkey
group: valkey
mode: 0640
tags:
- valkey
- name: Edit Valkey Systemd Service File to Set Proper ExecCommand Parameter
ansible.builtin.lineinfile:
path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
firstmatch: true
regex: '^ExecStart'
line: ExecStart=/usr/local/bin/valkey-server /etc/valkey/valkey.conf --supervised systemd --daemonize no
backup: true
tags:
- valkey
- name: Edit Valkey Systemd Service File to Set Proper User Parameter
ansible.builtin.lineinfile:
path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
firstmatch: true
regex: '^#User'
line: User=valkey
tags:
- valkey
- name: Edit Valkey Systemd Service File to Set Proper Group Parameter
ansible.builtin.lineinfile:
path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
firstmatch: true
regex: '^#Group'
line: Group=valkey
tags:
- valkey
- name: Edit Valkey Systemd Service File to Set Proper WorkingDirectory Parameter
ansible.builtin.lineinfile:
path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
firstmatch: true
regex: '^#WorkingDirectory'
line: WorkingDirectory=/var/lib/valkey
tags:
- valkey
- name: Copy Included Valkey Systemd Service File to Proper Location
ansible.builtin.copy:
remote_src: true
src: '{{ valkey_src }}/utils/systemd-valkey_server.service'
dest: /etc/systemd/system/valkey.service
owner: valkey
group: valkey
mode: 0
tags:
- valkey
- name: Enable Valkey Service
ansible.builtin.systemd_service:
name: valkey.service
enabled: true
daemon_reload: true
tags:
- valkey
- name: Start Valkey Service
ansible.builtin.systemd_service:
name: valkey.service
state: started
tags:
- valkey

10
admin/vars.yml
View file

@ -1,4 +1,8 @@
---
valkey_version: 8.0.1
valkey_src: '/usr/local/src/valkey-{{ valkey_version }}'
postgres_etc: '/etc/postgresql/15/main'
etc_apt: '/etc/apt'
etc_postgres: '/etc/postgresql/17/main'
etc_firewalld_services: '/etc/firewalld/services'
etc_valkey: '/etc/valkey'
firewalld_interface: 'enp1s0'
usr_src_valkey_json: /usr/local/src/valkeyJSON-unstable
valkey_version: '8.0.2'

29
app/app/src/main/java/ing/bikeshedengineer/debtpirate/app/screen/auth/presentation/login/LoginScreen.kt
View file

@ -1,6 +1,7 @@
package ing.bikeshedengineer.debtpirate.app.screen.auth.presentation.login
import android.annotation.SuppressLint
import android.util.Log
import android.widget.Toast
import androidx.activity.ComponentActivity
import androidx.compose.foundation.background
@ -42,6 +43,10 @@ import androidx.compose.ui.text.input.PasswordVisualTransformation
import androidx.compose.ui.text.style.TextAlign
import androidx.compose.ui.unit.dp
import androidx.credentials.CredentialManager
import androidx.credentials.GetCredentialRequest
import androidx.credentials.GetPasswordOption
import androidx.credentials.exceptions.GetCredentialException
import androidx.credentials.exceptions.NoCredentialException
import androidx.hilt.navigation.compose.hiltViewModel
@SuppressLint("UnusedMaterial3ScaffoldPaddingParameter")
@ -50,7 +55,29 @@ fun LoginScreen(
viewModel: LoginScreenViewModel = hiltViewModel<LoginScreenViewModel>()
) {
val context = LocalContext.current as ComponentActivity
val _credentialManager = CredentialManager.create(context)
val credentialManager = CredentialManager.create(context)
LaunchedEffect(Unit) {
try {
val result = credentialManager.getCredential(
context, GetCredentialRequest(
listOf(GetPasswordOption())
)
)
viewModel.handleCredentialManagerSignIn(result)
} catch (err: GetCredentialException) {
when (err) {
is NoCredentialException -> {
Log.i("LoginScreen", "No credentials stored")
}
else -> {
Log.e("LoginScreen", "Exception thrown when getting credentials: $err")
}
}
}
}
val toastMessages = viewModel.toastMessages.collectAsState("")
LaunchedEffect(toastMessages.value) {

19
app/app/src/main/java/ing/bikeshedengineer/debtpirate/app/screen/auth/presentation/login/LoginScreenViewModel.kt
View file

@ -1,7 +1,8 @@
package ing.bikeshedengineer.debtpirate.app.screen.auth.presentation.login
import android.util.Log
import androidx.credentials.CreatePasswordRequest
import androidx.credentials.GetCredentialResponse
import androidx.credentials.PasswordCredential
import androidx.lifecycle.ViewModel
import androidx.lifecycle.viewModelScope
import dagger.hilt.android.lifecycle.HiltViewModel
@ -122,4 +123,20 @@ class LoginScreenViewModel @Inject constructor(
navigator.navigate(destination = Destination.AuthRegistration)
}
}
fun handleCredentialManagerSignIn(result: GetCredentialResponse) {
val credentials = result.credential
when (credentials) {
is PasswordCredential -> {
val emailAddress = credentials.id
val password = credentials.password
onAction(LoginScreenStateAction.SubmitLoginRequest(emailAddress, password))
}
else -> {
// TODO: Handle this...
}
}
}
}