Rework playbooks to setup initial server

admin/README.md

@@ -0,0 +1,4 @@
+## Required Ansible Modules
+
+- community.general
+- community.postgresql

admin/includes/00-make-base-system/couchdb.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>CouchDB</short>
+  <description>Apache CouchDB</description>
+  <port protocol="tcp" port="5984"/>
+</service>

admin/includes/00-make-base-system/pg_hba.conf

@@ -90,7 +90,7 @@
 local   all             postgres                                peer
 
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
-host    all             all             192.168.1.1/16          scram-sha-256
+host    all             all             192.168.0.0/16          scram-sha-256
 
 # "local" is for Unix domain socket connections only
 local   all             all                                     peer

admin/includes/00-make-base-system/postgresql.conf

@@ -39,15 +39,15 @@
 # The default values of these variables are driven from the -D command-line
 # option or PGDATA environment variable, represented here as ConfigDir.
 
-data_directory = '/var/lib/postgresql/15/main'		# use data in another directory
+data_directory = '/var/lib/postgresql/17/main'		# use data in another directory
 					# (change requires restart)
-hba_file = '/etc/postgresql/15/main/pg_hba.conf'	# host-based authentication file
+hba_file = '/etc/postgresql/17/main/pg_hba.conf'	# host-based authentication file
 					# (change requires restart)
-ident_file = '/etc/postgresql/15/main/pg_ident.conf'	# ident configuration file
+ident_file = '/etc/postgresql/17/main/pg_ident.conf'	# ident configuration file
 					# (change requires restart)
 
 # If external_pid_file is not explicitly set, no extra PID file is written.
-external_pid_file = '/var/run/postgresql/15-main.pid'			# write an extra PID file
+external_pid_file = '/var/run/postgresql/17-main.pid'			# write an extra PID file
 					# (change requires restart)
 
 
@@ -57,15 +57,15 @@ external_pid_file = '/var/run/postgresql/15-main.pid'			# write an extra PID fil
 
 # - Connection Settings -
 
-listen_addresses = '*'
+listen_addresses = '*'		# what IP address(es) to listen on;
-#listen_addresses = 'localhost'		# what IP address(es) to listen on;
 					# comma-separated list of addresses;
 					# defaults to 'localhost'; use '*' for all
 					# (change requires restart)
 port = 5432				# (change requires restart)
 max_connections = 100			# (change requires restart)
+#reserved_connections = 0		# (change requires restart)
 #superuser_reserved_connections = 3	# (change requires restart)
-unix_socket_directories = '/var/run/postgresql'	# comma-separated list of directories
+unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories
 					# (change requires restart)
 #unix_socket_group = ''			# (change requires restart)
 #unix_socket_permissions = 0777		# begin with 0 to use octal notation
@@ -95,21 +95,22 @@ unix_socket_directories = '/var/run/postgresql'	# comma-separated list of direct
 
 #authentication_timeout = 1min		# 1s-600s
 #password_encryption = scram-sha-256	# scram-sha-256 or md5
-#db_user_namespace = off
+#scram_iterations = 4096
 
 # GSSAPI using Kerberos
 #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
 #krb_caseins_users = off
+#gss_accept_delegation = off
 
 # - SSL -
 
-ssl = on
+ssl = off
 #ssl_ca_file = ''
-ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
+# ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'
 #ssl_crl_file = ''
 #ssl_crl_dir = ''
-ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
+# ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'
-#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
+#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL'	# allowed SSL ciphers
 #ssl_prefer_server_ciphers = on
 #ssl_ecdh_curve = 'prime256v1'
 #ssl_min_protocol_version = 'TLSv1.2'
@@ -138,8 +139,8 @@ shared_buffers = 128MB			# min 128kB
 # you actively intend to use prepared transactions.
 #work_mem = 4MB				# min 64kB
 #hash_mem_multiplier = 2.0		# 1-1000.0 multiplier on hash table work_mem
-#maintenance_work_mem = 64MB		# min 1MB
+#maintenance_work_mem = 64MB		# min 64kB
-#autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
+#autovacuum_work_mem = -1		# min 64kB, or -1 to use maintenance_work_mem
 #logical_decoding_work_mem = 64MB	# min 64kB
 #max_stack_depth = 2MB			# min 100kB
 #shared_memory_type = mmap		# the default is the first option
@@ -156,12 +157,27 @@ dynamic_shared_memory_type = posix	# the default is usually the first option
 					#   mmap
 					# (change requires restart)
 #min_dynamic_shared_memory = 0MB	# (change requires restart)
+#vacuum_buffer_usage_limit = 2MB	# size of vacuum and analyze buffer access strategy ring;
+					# 0 to disable vacuum buffer access strategy;
+					# range 128kB to 16GB
+
+# SLRU buffers (change requires restart)
+#commit_timestamp_buffers = 0		# memory for pg_commit_ts (0 = auto)
+#multixact_offset_buffers = 16		# memory for pg_multixact/offsets
+#multixact_member_buffers = 32		# memory for pg_multixact/members
+#notify_buffers = 16			# memory for pg_notify
+#serializable_buffers = 32		# memory for pg_serial
+#subtransaction_buffers = 0		# memory for pg_subtrans (0 = auto)
+#transaction_buffers = 0		# memory for pg_xact (0 = auto)
 
 # - Disk -
 
 #temp_file_limit = -1			# limits per-process temp file space
 					# in kilobytes, or -1 for no limit
 
+#max_notify_queue_pages = 1048576	# limits the number of SLRU pages allocated
+					# for NOTIFY / LISTEN queue
+
 # - Kernel Resources -
 
 #max_files_per_process = 1000		# min 64
@@ -187,14 +203,13 @@ dynamic_shared_memory_type = posix	# the default is usually the first option
 #backend_flush_after = 0		# measured in pages, 0 disables
 #effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
 #maintenance_io_concurrency = 10	# 1-1000; 0 disables prefetching
+#io_combine_limit = 128kB		# usually 1-32 blocks (depends on OS)
 #max_worker_processes = 8		# (change requires restart)
 #max_parallel_workers_per_gather = 2	# limited by max_parallel_workers
 #max_parallel_maintenance_workers = 2	# limited by max_parallel_workers
 #max_parallel_workers = 8		# number of max_worker_processes that
 					# can be used in parallel operations
 #parallel_leader_participation = on
-#old_snapshot_threshold = -1		# 1min-60d; -1 disables; 0 is immediate
-					# (change requires restart)
 
 
 #------------------------------------------------------------------------------
@@ -244,29 +259,29 @@ min_wal_size = 80MB
 
 # - Prefetching during recovery -
 
-#recovery_prefetch = try		# prefetch pages referenced in the WAL?
+#recovery_prefetch = try	# prefetch pages referenced in the WAL?
-#wal_decode_buffer_size = 512kB		# lookahead window used for prefetching
+#wal_decode_buffer_size = 512kB	# lookahead window used for prefetching
-					# (change requires restart)
+				# (change requires restart)
 
 # - Archiving -
 
 #archive_mode = off		# enables archiving; off, on, or always
 				# (change requires restart)
-#archive_library = ''		# library to use to archive a logfile segment
+#archive_library = ''		# library to use to archive a WAL file
 				# (empty string indicates archive_command should
 				# be used)
-#archive_command = ''		# command to use to archive a logfile segment
+#archive_command = ''		# command to use to archive a WAL file
 				# placeholders: %p = path of file to archive
 				#               %f = file name only
 				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
-#archive_timeout = 0		# force a logfile segment switch after this
+#archive_timeout = 0		# force a WAL file switch after this
 				# number of seconds; 0 disables
 
 # - Archive Recovery -
 
 # These are only used in recovery mode.
 
-#restore_command = ''		# command to use to restore an archived logfile segment
+#restore_command = ''		# command to use to restore an archived WAL file
 				# placeholders: %p = path of file to restore
 				#               %f = file name only
 				# e.g. 'cp /mnt/server/archivedir/%f %p'
@@ -278,7 +293,7 @@ min_wal_size = 80MB
 # Set these only when performing a targeted recovery.
 
 #recovery_target = ''		# 'immediate' to end recovery as soon as a
-                                # consistent state is reached
+				# consistent state is reached
 				# (change requires restart)
 #recovery_target_name = ''	# the named restore point to which recovery will proceed
 				# (change requires restart)
@@ -288,14 +303,19 @@ min_wal_size = 80MB
 				# (change requires restart)
 #recovery_target_lsn = ''	# the WAL LSN up to which recovery will proceed
 				# (change requires restart)
-#recovery_target_inclusive = on # Specifies whether to stop:
+#recovery_target_inclusive = on	# Specifies whether to stop:
 				# just after the specified recovery target (on)
 				# just before the recovery target (off)
 				# (change requires restart)
 #recovery_target_timeline = 'latest'	# 'current', 'latest', or timeline ID
-				# (change requires restart)
+					# (change requires restart)
 #recovery_target_action = 'pause'	# 'pause', 'promote', 'shutdown'
-				# (change requires restart)
+					# (change requires restart)
+
+# - WAL Summarization -
+
+#summarize_wal = off		# run WAL summarizer process?
+#wal_summary_keep_time = '10d'	# when to remove old summary files, 0 = never
 
 
 #------------------------------------------------------------------------------
@@ -324,7 +344,8 @@ min_wal_size = 80MB
 				# method to choose sync standbys, number of sync standbys,
 				# and comma-separated list of application_name
 				# from standby(s); '*' = all
-#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
+#synchronized_standby_slots = ''	# streaming replication standby server slot
+				# names that logical walsender processes will wait for
 
 # - Standby Servers -
 
@@ -332,7 +353,6 @@ min_wal_size = 80MB
 
 #primary_conninfo = ''			# connection string to sending server
 #primary_slot_name = ''			# replication slot on sending server
-#promote_trigger_file = ''		# file name whose presence ends recovery
 #hot_standby = on			# "off" disallows queries during recovery
 					# (change requires restart)
 #max_standby_archive_delay = 30s	# max delay before canceling queries
@@ -353,6 +373,7 @@ min_wal_size = 80MB
 #wal_retrieve_retry_interval = 5s	# time to wait before retrying to
 					# retrieve WAL after a failed attempt
 #recovery_min_apply_delay = 0		# minimum delay for applying changes during recovery
+#sync_replication_slots = off		# enables slot synchronization on the physical standby from the primary
 
 # - Subscribers -
 
@@ -361,6 +382,7 @@ min_wal_size = 80MB
 #max_logical_replication_workers = 4	# taken from max_worker_processes
 					# (change requires restart)
 #max_sync_workers_per_subscription = 2	# taken from max_logical_replication_workers
+#max_parallel_apply_workers_per_subscription = 2	# taken from max_logical_replication_workers
 
 
 #------------------------------------------------------------------------------
@@ -386,9 +408,11 @@ min_wal_size = 80MB
 #enable_partition_pruning = on
 #enable_partitionwise_join = off
 #enable_partitionwise_aggregate = off
+#enable_presorted_aggregate = on
 #enable_seqscan = on
 #enable_sort = on
 #enable_tidscan = on
+#enable_group_by_reordering = on
 
 # - Planner Cost Constants -
 
@@ -397,7 +421,7 @@ min_wal_size = 80MB
 #cpu_tuple_cost = 0.01			# same scale as above
 #cpu_index_tuple_cost = 0.005		# same scale as above
 #cpu_operator_cost = 0.0025		# same scale as above
-#parallel_setup_cost = 1000.0	# same scale as above
+#parallel_setup_cost = 1000.0		# same scale as above
 #parallel_tuple_cost = 0.1		# same scale as above
 #min_parallel_table_scan_size = 8MB
 #min_parallel_index_scan_size = 512kB
@@ -458,7 +482,7 @@ min_wal_size = 80MB
 #log_directory = 'log'			# directory where log files are written,
 					# can be absolute or relative to PGDATA
 #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
-					# can include strftime() escapes
+							# can include strftime() escapes
 #log_file_mode = 0600			# creation mode for log files,
 					# begin with 0 to use octal notation
 #log_rotation_age = 1d			# Automatic rotation of logfiles will
@@ -597,12 +621,9 @@ log_line_prefix = '%m [%p] %q%u@%d '		# special values:
 					# -1 disables, 0 logs all temp files
 log_timezone = 'Etc/UTC'
 
+# - Process Title -
 
-#------------------------------------------------------------------------------
+cluster_name = '17/main'			# added to process titles if nonempty
-# PROCESS TITLE
-#------------------------------------------------------------------------------
-
-cluster_name = '15/main'			# added to process titles if nonempty
 					# (change requires restart)
 #update_process_title = on
 
@@ -619,7 +640,7 @@ cluster_name = '15/main'			# added to process titles if nonempty
 #track_io_timing = off
 #track_wal_io_timing = off
 #track_functions = none			# none, pl, all
-#stats_fetch_consistency = cache
+#stats_fetch_consistency = cache	# cache, none, snapshot
 
 
 # - Monitoring -
@@ -643,19 +664,19 @@ cluster_name = '15/main'			# added to process titles if nonempty
 #autovacuum_vacuum_threshold = 50	# min number of row updates before
 					# vacuum
 #autovacuum_vacuum_insert_threshold = 1000	# min number of row inserts
-					# before vacuum; -1 disables insert
+						# before vacuum; -1 disables insert
-					# vacuums
+						# vacuums
 #autovacuum_analyze_threshold = 50	# min number of row updates before
 					# analyze
 #autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
 #autovacuum_vacuum_insert_scale_factor = 0.2	# fraction of inserts over table
-					# size before insert vacuum
+						# size before insert vacuum
 #autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
 #autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
 					# (change requires restart)
 #autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
-					# before forced vacuum
+							# before forced vacuum
-					# (change requires restart)
+							# (change requires restart)
 #autovacuum_vacuum_cost_delay = 2ms	# default vacuum cost delay for
 					# autovacuum, in milliseconds;
 					# -1 means use vacuum_cost_delay
@@ -692,10 +713,11 @@ cluster_name = '15/main'			# added to process titles if nonempty
 #default_transaction_read_only = off
 #default_transaction_deferrable = off
 #session_replication_role = 'origin'
-#statement_timeout = 0			# in milliseconds, 0 is disabled
+#statement_timeout = 0				# in milliseconds, 0 is disabled
-#lock_timeout = 0			# in milliseconds, 0 is disabled
+#transaction_timeout = 0			# in milliseconds, 0 is disabled
+#lock_timeout = 0				# in milliseconds, 0 is disabled
 #idle_in_transaction_session_timeout = 0	# in milliseconds, 0 is disabled
-#idle_session_timeout = 0		# in milliseconds, 0 is disabled
+#idle_session_timeout = 0			# in milliseconds, 0 is disabled
 #vacuum_freeze_table_age = 150000000
 #vacuum_freeze_min_age = 50000000
 #vacuum_failsafe_age = 1600000000
@@ -706,13 +728,15 @@ cluster_name = '15/main'			# added to process titles if nonempty
 #xmlbinary = 'base64'
 #xmloption = 'content'
 #gin_pending_list_limit = 4MB
+#createrole_self_grant = ''		# set and/or inherit
+#event_triggers = on
 
 # - Locale and Formatting -
 
 datestyle = 'iso, mdy'
 #intervalstyle = 'postgres'
 timezone = 'Etc/UTC'
-#timezone_abbreviations = 'Default'     # Select the set of available time zone
+#timezone_abbreviations = 'Default'	# Select the set of available time zone
 					# abbreviations.  Currently, there are
 					#   Default
 					#   Australia (historical usage)
@@ -725,11 +749,14 @@ timezone = 'Etc/UTC'
 					# encoding
 
 # These settings are initialized by initdb, but they can be changed.
-lc_messages = 'en_US.UTF-8'			# locale for system error message
+lc_messages = 'en_US.UTF-8'		# locale for system error message
 					# strings
-lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
+lc_monetary = 'en_US.UTF-8'		# locale for monetary formatting
-lc_numeric = 'en_US.UTF-8'			# locale for number formatting
+lc_numeric = 'en_US.UTF-8'		# locale for number formatting
-lc_time = 'en_US.UTF-8'				# locale for time formatting
+lc_time = 'en_US.UTF-8'			# locale for time formatting
+
+#icu_validation_level = warning		# report ICU locale validation
+					# errors at the given level
 
 # default configuration for text search
 default_text_search_config = 'pg_catalog.english'
@@ -738,7 +765,7 @@ default_text_search_config = 'pg_catalog.english'
 
 #local_preload_libraries = ''
 #session_preload_libraries = ''
-#shared_preload_libraries = ''	# (change requires restart)
+#shared_preload_libraries = ''		# (change requires restart)
 #jit_provider = 'llvmjit'		# JIT library to use
 
 # - Other Defaults -
@@ -761,7 +788,7 @@ default_text_search_config = 'pg_catalog.english'
 #max_pred_locks_per_relation = -2	# negative values mean
 					# (max_pred_locks_per_transaction
 					#  / -max_pred_locks_per_relation) - 1
-#max_pred_locks_per_page = 2            # min 0
+#max_pred_locks_per_page = 2		# min 0
 
 
 #------------------------------------------------------------------------------
@@ -781,6 +808,7 @@ default_text_search_config = 'pg_catalog.english'
 # - Other Platforms and Clients -
 
 #transform_null_equals = off
+#allow_alter_system = on
 
 
 #------------------------------------------------------------------------------

admin/includes/00-make-base-system/sources.list

@@ -0,0 +1,16 @@
+deb http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+# deb-src http://deb.debian.org/debian/ trixie main contrib non-free non-free-firmware
+
+deb http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+# deb-src http://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
+
+# trixie-updates, to get updates before a point release is made;
+# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
+deb http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+# deb-src http://deb.debian.org/debian/ trixie-updates main contrib non-free non-free-firmware
+
+# This system was installed using small removable media
+# (e.g. netinst, live or single CD). The matching "deb cdrom"
+# entries were disabled at the end of the installation process.
+# For information about how to configure apt package sources,
+# see the sources.list(5) manual.

admin/includes/00-make-base-system/users.acl

@@ -1,2 +1 @@
 user debt_pirate on >H553jOui2734 +multi +ping +@keyspace +@read +@string +@hash +@set +@pubsub ~*debt_pirate* &*debt_pirate*
-user default off

admin/playbooks/00-make-base-system.yml

@@ -0,0 +1,201 @@
+---
+- hosts: alpha
+  become: true
+  vars_files:
+    - '{{ inventory_dir }}/vars.yml'
+  tags:
+    - base
+  tasks:
+    - name: Upgrade base system to Trixie
+      tags:
+        - requires_reboot
+      block:
+        - name: Update base system packages
+          ansible.builtin.apt:
+            update_cache: true
+            upgrade: true
+
+        - name: Do full system upgrade
+          ansible.builtin.apt:
+            upgrade: full
+
+        - name: Change package sources file to pull from Trixie
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/sources.list'
+            dest: '{{ etc_apt }}/sources.list'
+            backup: true
+
+        - name: Clear and fill local apt cache with Trixie packages
+          ansible.builtin.apt:
+            clean: true
+            update_cache: true
+
+        - name: Update base system packages to Trixie versions
+          ansible.builtin.apt:
+            upgrade: true
+
+        - name: Do full system upgrade for remaining Trixie versions
+          ansible.builtin.apt:
+            upgrade: full
+
+        - name: Autoremove old packages
+          ansible.builtin.apt:
+            autoremove: true
+
+        - name: Reboot the system
+          ansible.builtin.reboot:
+
+    - name: Install necessary software packages
+      tags:
+        - base
+      ansible.builtin.package:
+        name: neovim,python3-pip,python3-pexpect,python3-psycopg2
+        state: present
+
+    - name: Enable and configure the firewall
+      tags:
+        - firewall
+      block:
+        - name: Install firewalld
+          ansible.builtin.package:
+            name: nftables,firewalld
+            state: present
+
+        - name: Define a firewalld service for CouchDB
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/couchdb.xml'
+            dest: '{{ etc_firewalld_services }}/couchdb.xml'
+
+        - name: Reload firewalld
+          ansible.builtin.command:
+            cmd: 'firewall-cmd --reload'
+
+        - name: Add all of the necessary services to firewalld
+          ansible.builtin.command:
+            cmd: 'firewall-cmd --permanent --add-service=http --add-service=https --add-service=redis --add-service=ssh --add-service=postgresql --add-service=couchdb'
+
+        - name: Reload firewalld to apply service changes
+          ansible.builtin.command:
+            cmd: 'firewall-cmd --reload'
+
+    - name: Install and set up databases
+      tags:
+        - database
+      block:
+        - name: Install Valkey and PostgreSQL
+          tags:
+            - postgres
+          ansible.builtin.package:
+            update_cache: true
+            name: valkey-server,postgresql
+            state: present
+
+        - name: Copy Postgres config file
+          tags:
+            - postgres
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/postgresql.conf'
+            dest: '{{ etc_postgres }}/postgresql.conf'
+
+        - name: Copy Postgres pg_hba file
+          tags:
+            - postgres
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/pg_hba.conf'
+            dest: '{{ etc_postgres }}/pg_hba.conf'
+
+        - name: Restart Postgres
+          tags:
+            - postgres
+          ansible.builtin.systemd_service:
+            name: postgresql.service
+            state: restarted
+
+        - name: Create DebtPirate database user account
+          # no_log: true
+          tags:
+            - postgres
+          ansible.builtin.expect:
+            command: 'su -c "createuser -d -P debt_pirate" - postgres'
+            creates: /root/.dp-user-created
+            responses:
+              'Enter': HRURqlUmtjIy
+
+        - name: Create 'db user created' file
+          tags:
+            - postgres
+          ansible.builtin.file:
+            path: /root/.dp-user-created
+            state: touch
+
+        - name: Create DebtPirate database
+          tags:
+            - postgres
+          ansible.builtin.command:
+            cmd: 'su -c "createdb -E UTF8 -l en_US.UTF-8 -O debt_pirate debt_pirate" - postgres'
+            creates: /root/.dp-db-created
+
+        - name: Create 'db created' file
+          tags:
+            - postgres
+          ansible.builtin.file:
+            path: /root/.dp-db-created
+            state: touch
+
+        - name: Copy Valkey conf file to destination
+          tags:
+            - valkey
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/valkey.conf'
+            dest: '{{ etc_valkey }}/valkey.conf'
+            backup: true
+
+        - name: Copy Valkey acl file to destination
+          tags:
+            - valkey
+          ansible.builtin.copy:
+            src: '{{ inventory_dir }}/includes/00-make-base-system/users.acl'
+            dest: '{{ etc_valkey }}/users.acl'
+
+        - name: Restart Valkey
+          tags:
+            - valkey
+          ansible.builtin.systemd_service:
+            name: valkey.service
+            state: restarted
+
+        # - name: Install build dependencies for ValkeyJSON
+        #   tags:
+        #     - valkey
+        #   ansible.builtin.package:
+        #     name: build-essential,clang,cmake,git,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
+        #     state: present
+
+        # - name: Download ValkeyJSON module
+        #   tags:
+        #     - valkey
+        #   ansible.builtin.get_url:
+        #     url: https://github.com/valkey-io/valkeyJSON/archive/refs/heads/unstable.zip
+        #     dest: '{{ usr_src_valkey_json }}.zip'
+
+        # - name: Unzip ValkeyJSON source
+        #   tags:
+        #     - valkey
+        #   ansible.builtin.unarchive:
+        #     remote_src: true
+        #     src: '{{ usr_src_valkey_json }}.zip'
+        #     dest: /usr/local/src
+
+        # - name: Compile ValkeyJSON
+        #   tags:
+        #     - valkey
+        #   environment:
+        #     SERVER_VERSION: '{{ valkey_version }}'
+        #   ansible.builtin.command:
+        #     chdir: '{{ usr_src_valkey_json }}'
+        #     cmd: '{{ usr_src_valkey_json }}/build.sh'
+
+        # - name: Restart Valkey
+        #   ansible.builtin.systemd_service:
+        #     name: valkey.service
+        #     state: restarted

admin/playbooks/01-setup.yml

@@ -1,16 +0,0 @@
----
-- hosts: alpha
-  become: yes
-  tasks:
-    - name: Update System and Packages
-      ansible.builtin.apt:
-        update_cache: yes
-        upgrade: yes
-    - name: Install Basic Tools
-      ansible.builtin.package:
-        name: curl,python3-pip,python3-pexpect,vim
-        state: present
-- import_playbook: 01-setup/setup-base-system.yml
-# - import_playbook: 01-setup/setup-valkey.yml
-# - import_playbook: 01-setup/setup-postgres.yml
-

admin/playbooks/01-setup/setup-base-system.yml

@@ -1,19 +0,0 @@
----
-- name: Setup Base System
-  hosts: alpha
-  become: yes
-  vars_files:
-    - '{{ inventory_dir }}/vars.yml'
-  tasks:
-    - name: Install UFW
-      ansible.builtin.package:
-        name: ufw
-        state: present
-    - name: Allow Access to Named Applications
-      community.general.ufw:
-        rule: allow
-        name: '{{ item }}'
-        delete: true
-      loop:
-        - OpenSSH
-        - WWW Full

admin/playbooks/01-setup/setup-postgres.yml

@@ -1,33 +0,0 @@
----
-- name: Setup Postgres
-  hosts: alpha
-  become: yes
-  vars_files:
-    - '{{ inventory_dir }}/vars.yml'
-  tasks:
-    - name: Install Postgres
-      ansible.builtin.package:
-        name: postgresql
-        state: present
-    - name: Copy Postgres Configuration File
-      ansible.builtin.copy:
-        src: '{{ inventory_dir }}/includes/postgresql.conf'
-        dest: '{{ postgres_etc }}/postgresql.conf'
-    - name: Copy Postgres HBA File
-      ansible.builtin.copy:
-        src: '{{ inventory_dir }}/includes/pg_hba.conf'
-        dest: '{{ postgres_etc }}/pg_hba.conf'
-    - name: Restart Postgres
-      ansible.builtin.systemd_service:
-        name: postgresql.service
-        state: restarted
-    - name: Create Debt Pirate Database User
-      ansible.builtin.expect:
-        creates: /root/.db-user-created
-        command: 'su -c "createuser -d debt_pirate" - postgres'
-        responses:
-          "^[Pp]assword": "HRURqlUmtjIy"
-    - name: Create Debt Pirate Database
-      ansible.builtin.command:
-        creates: /root/.db-created
-        cmd: 'su -c "createdb -E UTF8 -l en_US -O debt_pirate debt_pirate" - postgres'

admin/playbooks/01-setup/setup-valkey.yml

@@ -1,156 +0,0 @@
----
-- name: Setup Valkey
-  hosts: alpha
-  become: yes
-  vars_files:
-    - '{{ inventory_dir }}/vars.yml'
-  tasks:
-    - name: Install Build Dependencies
-      ansible.builtin.package:
-        name: build-essential,libssl-dev,libsystemd-dev,zip,pkg-config,tcl
-        state: present
-    - name: Create System User for Valkey
-      ansible.builtin.user:
-        name: valkey
-        system: true
-        create_home: false
-      tags:
-        - valkey
-    - name: Download Valkey Source Code
-      ansible.builtin.get_url:
-        url: https://github.com/valkey-io/valkey/archive/refs/tags/{{ valkey_version }}.zip
-        dest: '{{ valkey_src }}.zip'
-      tags:
-        - valkey
-        - build
-    - name: Unzip Valkey Source Code
-      ansible.builtin.unarchive:
-        src: '{{ valkey_src }}.zip'
-        dest: /usr/local/src
-        remote_src: true
-      tags:
-        - valkey
-        - build
-    - name: Compile Valkey
-      community.general.make:
-        chdir: '{{ valkey_src }}'
-        params:
-          BUILD_TLS: module
-          USE_SYSTEMD: yes
-      tags:
-        - valkey
-        - build
-    - name: Run Valkey Tests
-      ansible.builtin.command:
-        chdir: '{{ valkey_src }}'
-        argv:
-          - make
-          - test
-      tags:
-        - valkey
-        - tests
-    - name: Install Valkey
-      community.general.make:
-        chdir: '{{ valkey_src }}'
-        target: install
-      tags:
-        - valkey
-    - name: Create Valkey Config Directory
-      ansible.builtin.file:
-        path: /etc/valkey
-        state: directory
-        owner: valkey
-        group: valkey
-        mode: 0770
-      tags:
-        - valkey
-    - name: Create Valkey Runtime Directory
-      ansible.builtin.file:
-        path: /var/lib/valkey
-        state: directory
-        owner: valkey
-        group: valkey
-        mode: 0770
-      tags:
-        - valkey
-    - name: Enable ACL File in Valkey Config
-      ansible.builtin.lineinfile:
-        path: '{{ valkey_src }}/valkey.conf'
-        firstmatch: true
-        regex: '^# aclfile'
-        line: aclfile /etc/valkey/users.acl
-    - name: Copy Included Valkey Config File to Config Directory
-      ansible.builtin.copy:
-        remote_src: true
-        src: '{{ valkey_src }}/valkey.conf'
-        dest: /etc/valkey/valkey.conf
-        owner: valkey
-        group: valkey
-        mode: 0640
-      tags:
-        - valkey
-    - name: Copy Valkey ACL File to Config Directory
-      ansible.builtin.copy:
-        src: '{{ inventory_dir }}/includes/users.acl'
-        dest: /etc/valkey/users.acl
-        owner: valkey
-        group: valkey
-        mode: 0640
-      tags:
-        - valkey
-    - name: Edit Valkey Systemd Service File to Set Proper ExecCommand Parameter
-      ansible.builtin.lineinfile:
-        path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
-        firstmatch: true
-        regex: '^ExecStart'
-        line: ExecStart=/usr/local/bin/valkey-server /etc/valkey/valkey.conf --supervised systemd --daemonize no
-        backup: true
-      tags:
-        - valkey
-    - name: Edit Valkey Systemd Service File to Set Proper User Parameter
-      ansible.builtin.lineinfile:
-        path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
-        firstmatch: true
-        regex: '^#User'
-        line: User=valkey
-      tags:
-        - valkey
-    - name: Edit Valkey Systemd Service File to Set Proper Group Parameter
-      ansible.builtin.lineinfile:
-        path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
-        firstmatch: true
-        regex: '^#Group'
-        line: Group=valkey
-      tags:
-        - valkey
-    - name: Edit Valkey Systemd Service File to Set Proper WorkingDirectory Parameter
-      ansible.builtin.lineinfile:
-        path: '{{ valkey_src }}/utils/systemd-valkey_server.service'
-        firstmatch: true
-        regex: '^#WorkingDirectory'
-        line: WorkingDirectory=/var/lib/valkey
-      tags:
-        - valkey
-    - name: Copy Included Valkey Systemd Service File to Proper Location
-      ansible.builtin.copy:
-        remote_src: true
-        src: '{{ valkey_src }}/utils/systemd-valkey_server.service'
-        dest: /etc/systemd/system/valkey.service
-        owner: valkey
-        group: valkey
-        mode: 0
-      tags:
-        - valkey
-    - name: Enable Valkey Service
-      ansible.builtin.systemd_service:
-        name: valkey.service
-        enabled: true
-        daemon_reload: true
-      tags:
-        - valkey
-    - name: Start Valkey Service
-      ansible.builtin.systemd_service:
-        name: valkey.service
-        state: started
-      tags:
-        - valkey

admin/vars.yml

@@ -1,4 +1,8 @@
 ---
-valkey_version: 8.0.1
+etc_apt: '/etc/apt'
-valkey_src: '/usr/local/src/valkey-{{ valkey_version }}'
+etc_postgres: '/etc/postgresql/17/main'
-postgres_etc: '/etc/postgresql/15/main'
+etc_firewalld_services: '/etc/firewalld/services'
+etc_valkey: '/etc/valkey'
+firewalld_interface: 'enp1s0'
+usr_src_valkey_json: /usr/local/src/valkeyJSON-unstable
+valkey_version: '8.0.2'

app/app/src/main/java/ing/bikeshedengineer/debtpirate/app/screen/auth/presentation/login/LoginScreen.kt

@@ -1,6 +1,7 @@
 package ing.bikeshedengineer.debtpirate.app.screen.auth.presentation.login
 
 import android.annotation.SuppressLint
+import android.util.Log
 import android.widget.Toast
 import androidx.activity.ComponentActivity
 import androidx.compose.foundation.background
@@ -42,6 +43,10 @@ import androidx.compose.ui.text.input.PasswordVisualTransformation
 import androidx.compose.ui.text.style.TextAlign
 import androidx.compose.ui.unit.dp
 import androidx.credentials.CredentialManager
+import androidx.credentials.GetCredentialRequest
+import androidx.credentials.GetPasswordOption
+import androidx.credentials.exceptions.GetCredentialException
+import androidx.credentials.exceptions.NoCredentialException
 import androidx.hilt.navigation.compose.hiltViewModel
 
 @SuppressLint("UnusedMaterial3ScaffoldPaddingParameter")
@@ -50,7 +55,29 @@ fun LoginScreen(
     viewModel: LoginScreenViewModel = hiltViewModel<LoginScreenViewModel>()
 ) {
     val context = LocalContext.current as ComponentActivity
-    val _credentialManager = CredentialManager.create(context)
+    val credentialManager = CredentialManager.create(context)
+    LaunchedEffect(Unit) {
+        try {
+            val result = credentialManager.getCredential(
+                context, GetCredentialRequest(
+                    listOf(GetPasswordOption())
+                )
+            )
+
+            viewModel.handleCredentialManagerSignIn(result)
+        } catch (err: GetCredentialException) {
+            when (err) {
+                is NoCredentialException -> {
+                    Log.i("LoginScreen", "No credentials stored")
+                }
+
+                else -> {
+                    Log.e("LoginScreen", "Exception thrown when getting credentials: $err")
+
+                }
+            }
+        }
+    }
 
     val toastMessages = viewModel.toastMessages.collectAsState("")
     LaunchedEffect(toastMessages.value) {

app/app/src/main/java/ing/bikeshedengineer/debtpirate/app/screen/auth/presentation/login/LoginScreenViewModel.kt

@@ -1,7 +1,8 @@
 package ing.bikeshedengineer.debtpirate.app.screen.auth.presentation.login
 
 import android.util.Log
-import androidx.credentials.CreatePasswordRequest
+import androidx.credentials.GetCredentialResponse
+import androidx.credentials.PasswordCredential
 import androidx.lifecycle.ViewModel
 import androidx.lifecycle.viewModelScope
 import dagger.hilt.android.lifecycle.HiltViewModel
@@ -122,4 +123,20 @@ class LoginScreenViewModel @Inject constructor(
             navigator.navigate(destination = Destination.AuthRegistration)
         }
     }
+
+    fun handleCredentialManagerSignIn(result: GetCredentialResponse) {
+        val credentials = result.credential
+        when (credentials) {
+            is PasswordCredential -> {
+                val emailAddress = credentials.id
+                val password = credentials.password
+
+                onAction(LoginScreenStateAction.SubmitLoginRequest(emailAddress, password))
+            }
+
+            else -> {
+                // TODO: Handle this...
+            }
+        }
+    }
 }