bank: Set up revbank-deposit

2025-04-12 22:52:51 +02:00 · 2025-04-12 22:52:51 +02:00 · f5a61a557d
commit f5a61a557d
parent 75795f0238
7 changed files with 97 additions and 3 deletions
--- a/bank.yaml
+++ b/bank.yaml
@ -1,8 +1,8 @@
 ---
-
 - hosts: bank
-  vars:
-    bank_revbank_git: https://github.com/bitlair/revbank.git
  roles:
    - { role: "common", tags: [ "common" ] }
+    - { role: "nft", tags: [ "nft" ] }
+    - { role: "nginx", tags: [ "nginx" ] }
+    - { role: "acme", tags: [ "acme" ] }
    - { role: "bank", tags: [ "bank" ] }
--- a/group_vars/bank.yaml
+++ b/group_vars/bank.yaml
@ -1,2 +1,17 @@
 ---
+deposit_hostname: deposit.bitlair.nl

+acme_domains:
+ - "{{ deposit_hostname }}"
+
+nginx_sites:
+  - server_name: "{{ deposit_hostname }}"
+    config:
+      - |-
+        location / {
+          proxy_pass http://localhost:8000/;
+          include proxy_params;
+        }
+
+group_nft_input:
+  - "tcp dport { http, https } accept # Allow web-traffic from world"
--- a/roles/bank/handlers/main.yaml
+++ b/roles/bank/handlers/main.yaml
@ -1,3 +1,9 @@
 ---
 - ansible.builtin.import_tasks:
    file: ../../common/handlers/main.yaml
+
+- name: Restart revbank-deposit
+  ansible.builtin.systemd:
+    name: revbank-deposit
+    state: restarted
+    daemon_reload: true
--- a/roles/bank/tasks/main.yaml
+++ b/roles/bank/tasks/main.yaml
@ -6,3 +6,7 @@
 - tags: [ bank, bank_revbank ]
  ansible.builtin.import_tasks:
    file: revbank.yaml
+
+- tags: [ bank, bank_revbank_deposit ]
+  ansible.builtin.import_tasks:
+    file: revbank-deposit.yaml
--- a/roles/bank/tasks/revbank-deposit.yaml
+++ b/roles/bank/tasks/revbank-deposit.yaml
@ -0,0 +1,47 @@
+---
+- name: Clone source
+  ansible.builtin.git:
+    repo: https://git.bitlair.nl/bitlair/revbank-deposit.git
+    version: main
+    dest: /usr/local/lib/revbank-deposit
+    accept_hostkey: yes
+  notify: Restart revbank-deposit
+
+- name: Install apt dependencies
+  ansible.builtin.apt:
+    name:
+      - python3-pip
+      - python3-virtualenv
+
+- name: Install pip dependencies
+  ansible.builtin.pip:
+    chdir: /usr/local/lib/revbank-deposit
+    virtualenv: .venv
+    requirements: requirements.txt
+
+- name: Configure revbank-deposit
+  ansible.builtin.template:
+    src: revbank-deposit.conf
+    dest: /etc/revbank-deposit.conf
+    owner: root
+    group: root
+    mode: 0600
+  notify: Restart revbank-deposit
+
+- name: Install revbank-deposit service
+  ansible.builtin.template:
+    src: revbank-deposit.service
+    dest: /etc/systemd/system/revbank-deposit.service
+    owner: root
+    group: root
+    mode: 0644
+  notify: Restart revbank-deposit
+
+- name: Start revbank-deposit
+  ansible.builtin.systemd:
+    daemon_reload: true
+    name: revbank-deposit
+    state: started
+    enabled: true
+
+- meta: flush_handlers
--- a/roles/bank/templates/revbank-deposit.conf
+++ b/roles/bank/templates/revbank-deposit.conf
@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+PUBLIC_URL=https://{{ deposit_hostname }}
+MOLLIE_API_KEY={{ lookup('passwordstore', 'mollie subkey=apikey') }}
--- a/roles/bank/templates/revbank-deposit.service
+++ b/roles/bank/templates/revbank-deposit.service
@ -0,0 +1,18 @@
+# {{ ansible_managed }}
+
+[Unit]
+Description=Revbank Deposit
+After=network.target
+
+[Service]
+Type=simple
+Restart=on-failure
+RestartSec=10s
+ExecStart=/usr/local/lib/revbank-deposit/.venv/bin/fastapi run main.py --host 127.0.0.1
+WorkingDirectory=/usr/local/lib/revbank-deposit
+EnvironmentFile=/etc/revbank-deposit.conf
+DynamicUser=true
+
+[Install]
+WantedBy=multi-user.target
+