blee/ansible-role-samourai-dojo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags 72 KiB
35083be06d
Go to file
Brian Lee 35083be06d Dial back directory permissions just enough so that containers can read the generated onion service hostname file.
2023-07-18 14:46:06 -07:00
defaults Dial back directory permissions just enough so that containers can read the generated onion service hostname file. 2023-07-18 14:46:06 -07:00
docs Fix nginx_conf example. 2023-07-16 14:55:02 -07:00
meta Initialize repo for Samourai Dojo container role. 2023-07-16 11:16:07 -07:00
tasks Dial back directory permissions just enough so that containers can read the generated onion service hostname file. 2023-07-18 14:46:06 -07:00
tests Initialize repo for Samourai Dojo container role. 2023-07-16 11:16:07 -07:00
.gitignore Initialize repo for Samourai Dojo container role. 2023-07-16 11:16:07 -07:00
LICENSE.md Initialize repo for Samourai Dojo container role. 2023-07-16 11:16:07 -07:00
README.md Fix nginx_conf example. 2023-07-16 14:55:02 -07:00

README.md

Ansible Role: samourai-dojo

This Ansible Role builds and installs a single Podman container that runs the Node.js code for Samourai Dojo.

For educational purposes: it is intended to be composed with separate roles for Podman, mysql, and web proxy. Backended by a nixbitcoin node.

For experts only: Usage of this role implies complete personal accountability and you should never reach out to the Samourai team for support regarding it. This project has no relation to Samourai.

Requirements

Dependencies

Secrets

Use your favorite secret-store. As an example, you could use GNU pass:

pass generate -n SAMOURAI_DOJO_API
pass generate -n SAMOURAI_DOJO_ADMIN
pass generate -n SAMOURAI_DOJO_JWT
pass generate -n SAMOURAI_DOJO_MARIADB_PASSWORD
pass generate -n BITCOIND_DOJO_RPC_PASSWORD

Then source them into your local environment.

Role Variables

See the defaults for the role.

samourai_dojo_version: "1.20.0"
samourai_dojo_onion_address: "{{ lookup('ansible.builtin.env', 'SAMOURAI_DOJO_ONION') }}"
samourai_dojo_onion_port: 80

Example Playbook

- hosts: dojo
  roles:
    - role: nginxinc.nginx_core.nginx
      become: true
    - role: fauust.mariadb
      become: true
    - role: alvistack.podman
      become: true
    - role: bleetube.dojo
      tags: dojo
  tasks:
    - import_tasks: nginx_conf.yml
      become: true

Have tor, bitcoind, and electrs running separately (e.g. nixbitcoin). And optionally whirlpool-cli.

For a working example, see bleetube/satstack.

Systemd

systemctl --user status container-dojo.service

Upgrades

Configure samourai_dojo_version and rerun the playbook.

ansible-playbook playbooks/samourai.yml --tags dojo

Mind any changes specifically to Node.js environment variables, and the Dojo install scripts (or wait for this role to document any extra upgrade steps).

Monitoring

See dojo-exporter

Troubleshooting

podman logs --follow dojo
podman inspect dojo | jq .[].Config.Env
ngrep -d lo port 80 -W byline

Resources