anchor.yml

---
    - hosts: anchor
      become: yes
      environment:
        ROOT_DOMAIN: "{{ ROOT_DOMAIN }}"
        HEADER_AUTH: "{{ HEADER_AUTH }}"
        REG_CODE: "{{ REG_CODE }}"
        DEBUG_DB: "{{ DEBUG_DB }}"
      vars:
        swap_configure: true
        swap_enable: true
        swap_file_path: "/swapfile"
        swap_file_size_mb: 2048
        swappiness: 1
      gather_facts: true
      tasks:
      
      - name: Install packages
        remote_user: root
        apt:
          name: ['apt-transport-https', 'ca-certificates', 'curl', 'software-properties-common', 'git', 'iptables', 'resolvconf', 'linux-headers-generic', 'wireguard', 'debian-keyring', 'debian-archive-keyring', 'apt-transport-https']
          state: present
          update_cache: yes
        tags:
          - docker

      - name: Configure swap
        block:

          - name: Check if swap file exists
            stat:
              path: "{{swap_file_path}}"
              get_checksum: false
              get_md5: false
            register: swap_file_check
            changed_when: false

          - name: Set variable for existing swap file size
            set_fact:
              swap_file_existing_size_mb: "{{ (swap_file_check.stat.size / 1024 / 1024) | int }}"
            when: swap_file_check.stat.exists

          - name: Check if swap is on
            shell: swapon --show | grep {{swap_file_path}}
            register: swap_is_enabled
            changed_when: false
            failed_when: false

          - name: Disable swap
            command: swapoff {{swap_file_path}}
            register: swap_disabled
            when: >
              swap_file_check.stat.exists
              and 'rc' in swap_is_enabled and swap_is_enabled.rc == 0
              and (not swap_enable or (swap_enable and swap_file_existing_size_mb != swap_file_size_mb))

          - name: Configure swap
            block:

              - name: Create or change the size of swap file
                command: dd if=/dev/zero of={{swap_file_path}} count={{swap_file_size_mb}} bs=1MiB
                register: swap_file_created
                when: >
                  not swap_file_check.stat.exists
                  or swap_file_existing_size_mb != swap_file_size_mb

              - name: Change swap file permissions
                file:
                  path: "{{swap_file_path}}"
                  mode: 0600

              - name: Check if swap is formatted
                shell: file {{swap_file_path}} | grep 'swap file'
                register: swap_file_is_formatted
                changed_when: false
                failed_when: false

              - name: Format swap file if it's not formatted
                command: mkswap {{swap_file_path}}
                when: >
                  ('rc' in swap_file_is_formatted and swap_file_is_formatted.rc > 0)
                  or swap_file_created.changed

              - name: Add swap entry to fstab
                mount:
                  name: none
                  src: "{{swap_file_path}}"
                  fstype: swap
                  opts: sw
                  passno: '0'
                  dump: '0'
                  state: present

              - name: Turn on swap
                shell: swapon -a
                when: >
                  ('rc' in swap_is_enabled and swap_is_enabled.rc != 0)
                  or swap_disabled.changed

              - name: Configure swappiness
                sysctl:
                  name: vm.swappiness
                  value: "{{ swappiness|string }}"
                  state: present
    
      - name: Add Docker PGP
        remote_user: root
        apt_key:
          url: https://download.docker.com/linux/ubuntu/gpg
          state: present
        tags:
          - docker
    
      - name: Verify fingerprint
        remote_user: root
        apt_key:
          id: 0EBFCD88
          state: present
        tags:
          - docker
      
      - name: Add Docker repo
        remote_user: root
        apt_repository:
          repo: deb [arch=amd64] https://download.docker.com/linux/ubuntu xenial stable
          state: present
          update_cache: yes
        tags:
          - docker
    
      - name: Update apt
        remote_user: root
        apt:
          update_cache: yes
        tags:
          - docker
    
      - name: Install docker
        remote_user: root
        apt:
          name: docker-ce
          state: present
          update_cache: yes
        tags:
          - docker
    
      - name: Add remote user to "docker" group
        remote_user: root
        user:
          name: root
          groups: "docker"
          append: yes
        tags:
          - docker
    
      - name: Install docker-compose
        remote_user: root
        get_url: 
          url : https://github.com/docker/compose/releases/download/v2.9.0/docker-compose-linux-x86_64
          dest: /usr/local/bin/docker-compose
          mode: 'u+x,g+x'
    
      - name: Clone anchor git
        remote_user: root
        git:
          repo: "https://github.com/Native-Planet/anchor.git"
          dest: "{{ ansible_env.HOME }}/anchor"
          version: master
    
      - name: Write env vars
        remote_user: root
        shell: printf 'HEADER_AUTH={{ HEADER_AUTH }}\n
          ROOT_DOMAIN={{ ROOT_DOMAIN }}\n
          REG_CODE={{ REG_CODE }}' > "{{ ansible_env.HOME }}/anchor/.env"
    
      - name: Remove leading spaces from env file
        remote_user: root
        ansible.builtin.replace:
          path: "{{ ansible_env.HOME }}/anchor/.env"
          regexp: '^[ \t]*'
          replace: ''
    
      - name: Write rebuild script
        remote_user: root
        shell: printf '#!/bin/bash\n
          export HEADER_AUTH={{ HEADER_AUTH }}\n
          export ROOT_DOMAIN={{ ROOT_DOMAIN }}\n
          export REG_CODE={{ REG_CODE }}\n
          docker-compose down\n
          git pull\n
          docker-compose up --build -d\n
          docker logs api -f' > "{{ ansible_env.HOME }}/anchor/rebuild"
    
      - name: Remove leading spaces from rebuild script
        remote_user: root
        ansible.builtin.replace:
          path: "{{ ansible_env.HOME }}/anchor/rebuild"
          regexp: '^[ \t]*'
          replace: ''
    
      - name: Write to bashrc
        remote_user: root
        shell: printf 'docker logs api -f\n' >> "{{ ansible_env.HOME }}/.bashrc"
    
      - name: +x rebuild
        file:
          dest: "{{ ansible_env.HOME }}/anchor/rebuild"
          mode: a+x
    
      - name: Execute composition
        command: docker-compose up -d
        become: yes
        args:
          chdir: "{{ ansible_env.HOME }}/anchor"
    
      - name: Allow HTTP
        ufw:
          rule: allow
          port: '80'
          proto: tcp
    
      - name: Allow HTTPS
        ufw:
          rule: allow
          port: '443'
          proto: tcp
      
      - name: Allow UDP
        ufw:
          rule: allow
          port: 10000:65535
          proto: udp