v1

Signed-off-by: Dylan Schultz <[email protected]>
LavenderFive · Sep 7, 2022 · de656cb · de656cb
1 parent 84c221e
commit de656cb
Show file tree

Hide file tree

Showing 11 changed files with 75 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,5 @@
 inventory.yml
 group_vars/mainnets/*
+group_vars/testnets/*
+keys/*
+hostbin/*
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 # Functions
 nam = $(firstword $(subst :, ,$1))
 val = $(or $(word 2,$(subst ": ", , $1)),$(value 2))
-hostarch:=linux_amd64
+hostarch:=darwin_arm64
 tmphorcruxVer := $(shell grep horcrux_version group_vars/all.yml)
 tmphorcruxRepo := $(shell grep horcrux_repo group_vars/all.yml)
 horcruxVer = $(subst $\',,$(call val,$(tmphorcruxVer)))

diff --git a/group_vars/example.yml b/group_vars/example.yml
@@ -0,0 +1,11 @@
+---
+network: 
+chain_id: ''
+sentries: 
+  - '1.0.2.1:17659'
+  - '1.2.3.4:12859'
+
+signer_port: 053
+rpc_timeout: "750ms"
+threshold: 2
+shares: 3
diff --git a/group_vars/mainnets/example.yml b/group_vars/mainnets/example.yml
diff --git a/horcrux.yml b/horcrux.yml
@@ -1,7 +1,9 @@
 ---
 - name: Install node
-  hosts: '{{ target }}'
+  hosts: all
   become: true
   gather_facts: false
+  vars_files:
+    - '{{ var_file }}'
   roles:
     - horcrux_install
diff --git a/roles/horcrux_install/tasks/configure_horcrux.yml b/roles/horcrux_install/tasks/configure_horcrux.yml
@@ -4,7 +4,7 @@
     owner: '{{ horcrux_user }}'
     group: '{{ horcrux_user }}'
     state: directory
-    path: '{{ horcrux_dir }}'
+    path: '{{ horcrux_dir }}/state'
     mode: '0750'
 
 - name: Create state files
@@ -19,23 +19,50 @@
     - priv_validator_state.json
     - share_sign_state.json
 
-- name: Copy horcrux service file
-  become: true
-  template:
-    src: 'horcrux.service.j2'
-    dest: '/etc/systemd/system/{{ service_file }}'
-    owner: root
-    group: root
-    mode: 600
-
 - name: Generate private keys
+  become: false
   local_action: command make genkeys
   run_once: True
 
+- name: Find local key share
+  delegate_to: localhost
+  become: no
+  stat:
+    path: "{{ playbook_dir }}/keys/private_share_{{ my_share }}.json"
+  register: has_share
+
 - name: Copy keys
   copy:
-    src: "keys/private_share_{{ signorder }}.json"
+    src: "keys/private_share_{{ my_share }}.json"
     dest: "{{ horcrux_dir }}/share.json"
     owner: "{{ horcrux_user }}"
     group: "{{ horcrux_user }}"
     mode: '0400'
+  when: has_share.stat.isreg is defined and has_share.stat.isreg
+
+- name: Copy config
+  template:
+    backup: yes
+    src: config.yml
+    dest: "{{ horcrux_dir }}/config.yml"
+    owner: "{{ horcrux_user }}"
+    group: "{{ horcrux_user }}"
+    mode: '0644'
+  tags: configs
+
+- name: Copy horcrux service file
+  become: true
+  template:
+    src: 'horcrux.service.j2'
+    dest: '/etc/systemd/system/{{ service_file }}'
+    owner: root
+    group: root
+    mode: 600
+  register: systemdunit
+
+- name: Enable systemd unit
+  systemd:
+    daemon_reload: yes
+    name: "{{ service_file }}"
+    enabled: yes
+  when: systemdunit.changed
diff --git a/roles/horcrux_install/tasks/create_user.yml b/roles/horcrux_install/tasks/create_user.yml
@@ -2,6 +2,17 @@
 - name: Create horcrux user
   user:
     name: '{{ horcrux_user }}'
-    password: '!'
     home: '{{ horcrux_home }}'
+    password: '{{ horcrux_password }}'
     shell: /bin/bash
+    password_lock: true
+
+- name: Set authorized keys
+  authorized_key:
+    user: "{{ horcrux_user }}"
+    key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"
+
+- name: Allow sudo for administrator
+  copy:
+    content: '{{ horcrux_user }} ALL=(ALL:ALL) NOPASSWD: ALL'
+    dest: '/etc/sudoers.d/{{ horcrux_user }}'
diff --git a/roles/horcrux_install/tasks/install_horcrux.yml b/roles/horcrux_install/tasks/install_horcrux.yml
@@ -2,24 +2,24 @@
 - name: Clone horcrux repo
   git:
     repo: '{{ horcrux_repo }}'
-    dest: '{{ horcrux_dir }}/horcrux'
+    dest: '{{ horcrux_home }}/horcrux'
     version: "{{ horcrux_version }}"
     update: yes
 
 - name: Install horcrux
   command: '{{ item }}'
   args:
-    chdir: '{{ horcrux_dir }}/horcrux'
+    chdir: '{{ horcrux_home }}/horcrux'
   with_items:
     - 'make install'
   environment:
     PATH: '{{ path }}'
-    GOPATH: '{{ horcrux_dir }}/go'
+    GOPATH: '{{ horcrux_home }}/go'
 
 - name: Copy .profile
   template:
     src: 'profile.j2'
-    dest: '{{ horcrux_dir }}/.profile'
+    dest: '{{ horcrux_home }}/.profile'
     owner: '{{ horcrux_user }}'
     group: '{{ horcrux_user }}'
     mode: '0600'
diff --git a/roles/horcrux_install/tasks/main.yml b/roles/horcrux_install/tasks/main.yml
@@ -3,9 +3,7 @@
   import_tasks: create_user.yml
 
 - name: Install horcrux
-  become_user: {{ horcrux_user }}
   import_tasks: install_horcrux.yml
 
 - name: Configure horcrux
-  become_user: {{ horcrux_user }}
   import_tasks: configure_horcrux.yml
diff --git a/roles/horcrux_install/templates/config.yml b/roles/horcrux_install/templates/config.yml
@@ -3,12 +3,12 @@ chain-id: {{ chain_id }}
 cosigner:
   threshold: {{ threshold }}
   shares: {{ shares }}
-  p2p-listen: tcp://{{ ansible_wg0.ipv4.address }}:2{{ signer_port }}
+  p2p-listen: tcp://{{ ansible_host }}:2{{ signer_port }}
   peers:
 {% for peer in horcrux_peers %}
 {% if peer.share_id != my_share %}
   - share-id: {{ peer.share_id }}
-    p2p-addr: {{ peer.p2p_addr }}
+    p2p-addr: tcp://{{ peer.p2p_addr }}:2{{ signer_port }}
 {% endif %}
 {% endfor %}
   rpc-timeout: {{ rpc_timeout }}

diff --git a/roles/horcrux_install/templates/horcrux.service.j2 b/roles/horcrux_install/templates/horcrux.service.j2
@@ -1,5 +1,5 @@
 [Unit]
-Description={{ chain_id }}  Signer node {{ signorder }}
+Description={{ chain_id }}  Signer node {{ my_share }}
 After=network.target
 
 [Service]