From f5a61a557de8839119f0bd382b602107087ea14e Mon Sep 17 00:00:00 2001
From: polyfloyd <floyd@polyfloyd.net>
Date: Sat, 12 Apr 2025 22:52:51 +0200
Subject: [PATCH] bank: Set up revbank-deposit

---
 bank.yaml                                    |  6 +--
 group_vars/bank.yaml                         | 15 +++++++
 roles/bank/handlers/main.yaml                |  6 +++
 roles/bank/tasks/main.yaml                   |  4 ++
 roles/bank/tasks/revbank-deposit.yaml        | 47 ++++++++++++++++++++
 roles/bank/templates/revbank-deposit.conf    |  4 ++
 roles/bank/templates/revbank-deposit.service | 18 ++++++++
 7 files changed, 97 insertions(+), 3 deletions(-)
 create mode 100644 roles/bank/tasks/revbank-deposit.yaml
 create mode 100644 roles/bank/templates/revbank-deposit.conf
 create mode 100644 roles/bank/templates/revbank-deposit.service

diff --git a/bank.yaml b/bank.yaml
index 837d27b..c820bc3 100644
--- a/bank.yaml
+++ b/bank.yaml
@@ -1,8 +1,8 @@
 ---
-
 - hosts: bank
-  vars:
-    bank_revbank_git: https://github.com/bitlair/revbank.git
   roles:
     - { role: "common", tags: [ "common" ] }
+    - { role: "nft", tags: [ "nft" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "acme", tags: [ "acme" ] }
     - { role: "bank", tags: [ "bank" ] }
diff --git a/group_vars/bank.yaml b/group_vars/bank.yaml
index cd21505..1684cfa 100644
--- a/group_vars/bank.yaml
+++ b/group_vars/bank.yaml
@@ -1,2 +1,17 @@
 ---
+deposit_hostname: deposit.bitlair.nl
 
+acme_domains:
+ - "{{ deposit_hostname }}"
+
+nginx_sites:
+  - server_name: "{{ deposit_hostname }}"
+    config:
+      - |-
+        location / {
+          proxy_pass http://localhost:8000/;
+          include proxy_params;
+        }
+
+group_nft_input:
+  - "tcp dport { http, https } accept # Allow web-traffic from world"
diff --git a/roles/bank/handlers/main.yaml b/roles/bank/handlers/main.yaml
index e7a11ce..a06cd29 100644
--- a/roles/bank/handlers/main.yaml
+++ b/roles/bank/handlers/main.yaml
@@ -1,3 +1,9 @@
 ---
 - ansible.builtin.import_tasks:
     file: ../../common/handlers/main.yaml
+
+- name: Restart revbank-deposit
+  ansible.builtin.systemd:
+    name: revbank-deposit
+    state: restarted
+    daemon_reload: true
diff --git a/roles/bank/tasks/main.yaml b/roles/bank/tasks/main.yaml
index 022642e..fd9f58f 100644
--- a/roles/bank/tasks/main.yaml
+++ b/roles/bank/tasks/main.yaml
@@ -6,3 +6,7 @@
 - tags: [ bank, bank_revbank ]
   ansible.builtin.import_tasks:
     file: revbank.yaml
+
+- tags: [ bank, bank_revbank_deposit ]
+  ansible.builtin.import_tasks:
+    file: revbank-deposit.yaml
diff --git a/roles/bank/tasks/revbank-deposit.yaml b/roles/bank/tasks/revbank-deposit.yaml
new file mode 100644
index 0000000..1190a53
--- /dev/null
+++ b/roles/bank/tasks/revbank-deposit.yaml
@@ -0,0 +1,47 @@
+---
+- name: Clone source
+  ansible.builtin.git:
+    repo: https://git.bitlair.nl/bitlair/revbank-deposit.git
+    version: main
+    dest: /usr/local/lib/revbank-deposit
+    accept_hostkey: yes
+  notify: Restart revbank-deposit
+
+- name: Install apt dependencies
+  ansible.builtin.apt:
+    name:
+      - python3-pip
+      - python3-virtualenv
+
+- name: Install pip dependencies
+  ansible.builtin.pip:
+    chdir: /usr/local/lib/revbank-deposit
+    virtualenv: .venv
+    requirements: requirements.txt
+
+- name: Configure revbank-deposit
+  ansible.builtin.template:
+    src: revbank-deposit.conf
+    dest: /etc/revbank-deposit.conf
+    owner: root
+    group: root
+    mode: 0600
+  notify: Restart revbank-deposit
+
+- name: Install revbank-deposit service
+  ansible.builtin.template:
+    src: revbank-deposit.service
+    dest: /etc/systemd/system/revbank-deposit.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart revbank-deposit
+
+- name: Start revbank-deposit
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: revbank-deposit
+    state: started
+    enabled: true
+
+- meta: flush_handlers
diff --git a/roles/bank/templates/revbank-deposit.conf b/roles/bank/templates/revbank-deposit.conf
new file mode 100644
index 0000000..7e02359
--- /dev/null
+++ b/roles/bank/templates/revbank-deposit.conf
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+PUBLIC_URL=https://{{ deposit_hostname }}
+MOLLIE_API_KEY={{ lookup('passwordstore', 'mollie subkey=apikey') }}
diff --git a/roles/bank/templates/revbank-deposit.service b/roles/bank/templates/revbank-deposit.service
new file mode 100644
index 0000000..83a93f5
--- /dev/null
+++ b/roles/bank/templates/revbank-deposit.service
@@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Revbank Deposit
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10s
+ExecStart=/usr/local/lib/revbank-deposit/.venv/bin/fastapi run main.py --host 127.0.0.1
+WorkingDirectory=/usr/local/lib/revbank-deposit
+EnvironmentFile=/etc/revbank-deposit.conf
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
+