From 12c85d6234da46ddd3d532c15540782d1d303c92 Mon Sep 17 00:00:00 2001
From: wh1te909 <dcparsi@gmail.com>
Date: Wed, 20 Jul 2022 07:16:47 +0000
Subject: [PATCH] start ansible role to deploy dev environment

---
 ansible/README.md                             |   3 +
 ansible/roles/trmm_dev/defaults/main.yml      |  37 +++
 .../roles/trmm_dev/files/nginx-default.conf   |  25 ++
 ansible/roles/trmm_dev/files/vimrc.local      |  20 ++
 ansible/roles/trmm_dev/tasks/main.yml         | 253 ++++++++++++++++++
 .../trmm_dev/templates/local_settings.j2      |  19 ++
 ansible/roles/trmm_dev/vars/main.yml          |  14 +
 ansible/setup_dev.yml                         |   6 +
 8 files changed, 377 insertions(+)
 create mode 100644 ansible/README.md
 create mode 100644 ansible/roles/trmm_dev/defaults/main.yml
 create mode 100644 ansible/roles/trmm_dev/files/nginx-default.conf
 create mode 100644 ansible/roles/trmm_dev/files/vimrc.local
 create mode 100644 ansible/roles/trmm_dev/tasks/main.yml
 create mode 100644 ansible/roles/trmm_dev/templates/local_settings.j2
 create mode 100644 ansible/roles/trmm_dev/vars/main.yml
 create mode 100644 ansible/setup_dev.yml

diff --git a/ansible/README.md b/ansible/README.md
new file mode 100644
index 00000000..04d78e8a
--- /dev/null
+++ b/ansible/README.md
@@ -0,0 +1,3 @@
+### tacticalrmm ansible WIP
+
+ansible role to setup a Debian 11 VM for tacticalrmm local development
\ No newline at end of file
diff --git a/ansible/roles/trmm_dev/defaults/main.yml b/ansible/roles/trmm_dev/defaults/main.yml
new file mode 100644
index 00000000..1e980525
--- /dev/null
+++ b/ansible/roles/trmm_dev/defaults/main.yml
@@ -0,0 +1,37 @@
+---
+user: "tactical"
+python_ver: "3.10.4"
+backend_repo: "https://github.com/amidaware/tacticalrmm.git"
+frontend_repo: "https://github.com/amidaware/tacticalrmm-web.git"
+scripts_repo: "https://github.com/amidaware/community-scripts.git"
+backend_dir: "/opt/trmm"
+frontend_dir: "/opt/trmm-web"
+scripts_dir: "/opt/community-scripts"
+trmm_dir: "/opt/trmm/api/tacticalrmm/tacticalrmm"
+settings_file: "{{ trmm_dir }}/settings.py"
+local_settings_file: "{{ trmm_dir }}/local_settings.py"
+
+base_pkgs:
+  - build-essential
+  - curl
+  - wget
+  - dirmngr
+  - gnupg
+  - openssl
+  - gcc
+  - g++
+  - make
+  - ca-certificates
+  - redis
+  - git
+
+python_pkgs:
+  - zlib1g-dev
+  - libncurses5-dev
+  - libgdbm-dev
+  - libnss3-dev
+  - libssl-dev
+  - libreadline-dev
+  - libffi-dev
+  - libsqlite3-dev
+  - libbz2-dev
diff --git a/ansible/roles/trmm_dev/files/nginx-default.conf b/ansible/roles/trmm_dev/files/nginx-default.conf
new file mode 100644
index 00000000..1b759baf
--- /dev/null
+++ b/ansible/roles/trmm_dev/files/nginx-default.conf
@@ -0,0 +1,25 @@
+worker_rlimit_nofile 1000000;
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+        worker_connections 2048;
+}
+
+http {
+        sendfile on;
+        tcp_nopush on;
+        types_hash_max_size 2048;
+        server_names_hash_bucket_size 64;
+        include /etc/nginx/mime.types;
+        default_type application/octet-stream;
+        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+        ssl_prefer_server_ciphers on;
+        access_log /var/log/nginx/access.log;
+        error_log /var/log/nginx/error.log;
+        gzip on;
+        include /etc/nginx/conf.d/*.conf;
+        include /etc/nginx/sites-enabled/*;
+}
diff --git a/ansible/roles/trmm_dev/files/vimrc.local b/ansible/roles/trmm_dev/files/vimrc.local
new file mode 100644
index 00000000..f980e727
--- /dev/null
+++ b/ansible/roles/trmm_dev/files/vimrc.local
@@ -0,0 +1,20 @@
+" This file loads the default vim options at the beginning and prevents
+" that they are being loaded again later. All other options that will be set,
+" are added, or overwrite the default settings. Add as many options as you
+" whish at the end of this file.
+
+" Load the defaults
+source $VIMRUNTIME/defaults.vim
+
+" Prevent the defaults from being loaded again later, if the user doesn't
+" have a local vimrc (~/.vimrc)
+let skip_defaults_vim = 1
+
+
+" Set more options (overwrites settings from /usr/share/vim/vim80/defaults.vim)
+" Add as many options as you whish
+
+" Set the mouse mode to 'r'
+if has('mouse')
+  set mouse=r
+endif
\ No newline at end of file
diff --git a/ansible/roles/trmm_dev/tasks/main.yml b/ansible/roles/trmm_dev/tasks/main.yml
new file mode 100644
index 00000000..86019983
--- /dev/null
+++ b/ansible/roles/trmm_dev/tasks/main.yml
@@ -0,0 +1,253 @@
+---
+- name: set mouse mode for vim
+  tags: vim
+  become: yes
+  ansible.builtin.copy:
+    src: vimrc.local
+    dest: /etc/vim/vimrc.local
+    owner: "root"
+    group: "root"
+    mode: "0644"
+
+- name: install base packages
+  tags: base
+  become: yes
+  ansible.builtin.apt:
+    pkg: "{{ item }}"
+    state: present
+    update_cache: yes
+  with_items:
+    - "{{ base_pkgs }}"
+
+- name: install python prereqs
+  tags: python
+  become: yes
+  ansible.builtin.apt:
+    pkg: "{{ item }}"
+    state: present
+  with_items:
+    - "{{ python_pkgs }}"
+
+- name: get cpu core count
+  tags: python
+  ansible.builtin.command: nproc
+  register: numprocs
+
+- name: Create python tmpdir
+  tags: python
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: python
+  register: python_tmp
+
+- name: download and extract python
+  tags: python
+  ansible.builtin.unarchive:
+    src: "https://www.python.org/ftp/python/{{ python_ver }}/Python-{{ python_ver }}.tgz"
+    dest: "{{ python_tmp.path }}"
+    remote_src: yes
+
+- name: compile python
+  tags: python
+  ansible.builtin.shell:
+    chdir: "{{ python_tmp.path }}/Python-{{ python_ver }}"
+    cmd: |
+      ./configure --enable-optimizations
+      make -j {{ numprocs.stdout }}
+
+- name: alt install python
+  tags: python
+  become: yes
+  ansible.builtin.shell:
+    chdir: "{{ python_tmp.path }}/Python-{{ python_ver }}"
+    cmd: |
+      make altinstall
+
+- name: install nginx
+  tags: nginx
+  become: yes
+  ansible.builtin.apt:
+    pkg: nginx
+    state: present
+
+- name: set nginx default conf
+  tags: nginx
+  become: yes
+  ansible.builtin.copy:
+    src: nginx-default.conf
+    dest: /etc/nginx/nginx.conf
+    owner: "root"
+    group: "root"
+    mode: "0644"
+
+- name: ensure nginx enabled and restarted
+  tags: nginx
+  become: yes
+  ansible.builtin.service:
+    name: nginx
+    enabled: yes
+    state: restarted
+
+- name: create postgres repo
+  tags: postgres
+  become: yes
+  ansible.builtin.copy:
+    content: "deb http://apt.postgresql.org/pub/repos/apt bullseye-pgdg main"
+    dest: /etc/apt/sources.list.d/pgdg.list
+    owner: root
+    group: root
+    mode: "0440"
+
+- name: import postgres repo signing key
+  tags: postgres
+  become: yes
+  ansible.builtin.apt_key:
+    url: https://www.postgresql.org/media/keys/ACCC4CF8.asc
+    state: present
+
+- name: install postgresql
+  tags: postgres
+  become: yes
+  ansible.builtin.apt:
+    pkg: postgresql-14
+    state: present
+    update_cache: yes
+
+- name: ensure postgres enabled and started
+  tags: postgres
+  become: yes
+  ansible.builtin.service:
+    name: postgresql
+    enabled: yes
+    state: started
+
+- name: setup database
+  tags: postgres
+  become: yes
+  become_user: postgres
+  ansible.builtin.shell:
+    cmd: |
+      psql -c "CREATE DATABASE tacticalrmm"
+      psql -c "CREATE USER {{ db_user }} WITH PASSWORD '{{ db_passwd }}'"
+      psql -c "ALTER ROLE {{ db_user }} SET client_encoding TO 'utf8'"
+      psql -c "ALTER ROLE {{ db_user }} SET default_transaction_isolation TO 'read committed'"
+      psql -c "ALTER ROLE {{ db_user }} SET timezone TO 'UTC'"
+      psql -c "ALTER ROLE {{ db_user }} CREATEDB"
+      psql -c "GRANT ALL PRIVILEGES ON DATABASE tacticalrmm TO {{ db_user }}"
+
+- name: create repo dirs
+  become: yes
+  tags: git
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: "0755"
+  with_items:
+    - "{{ backend_dir }}"
+    - "{{ frontend_dir }}"
+    - "{{ scripts_dir }}"
+
+- name: git clone repos
+  tags: git
+  ansible.builtin.git:
+    repo: "{{ item.repo }}"
+    dest: "{{ item.dest }}"
+    version: "{{ item.version }}"
+  with_items:
+    - {
+        repo: "{{ backend_repo }}",
+        dest: "{{ backend_dir }}",
+        version: develop,
+      }
+    - {
+        repo: "{{ frontend_repo }}",
+        dest: "{{ frontend_dir }}",
+        version: develop,
+      }
+    - { repo: "{{ scripts_repo }}", dest: "{{ scripts_dir }}", version: main }
+
+- name: get nats_server_ver
+  tags: nats
+  ansible.builtin.shell: grep "^NATS_SERVER_VER" {{ settings_file }} | awk -F'[= "]' '{print $5}'
+  register: nats_server_ver
+
+- name: Create nats tmpdir
+  tags: nats
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: nats
+  register: nats_tmp
+
+- name: download and extract nats
+  tags: nats
+  ansible.builtin.unarchive:
+    src: "https://github.com/nats-io/nats-server/releases/download/v{{ nats_server_ver.stdout }}/nats-server-v{{ nats_server_ver.stdout }}-linux-amd64.tar.gz"
+    dest: "{{ nats_tmp.path }}"
+    remote_src: yes
+
+- name: install nats
+  tags: nats
+  become: yes
+  ansible.builtin.copy:
+    remote_src: yes
+    src: "{{ nats_tmp.path }}/nats-server-v{{ nats_server_ver.stdout }}-linux-amd64/nats-server"
+    dest: /usr/local/bin/nats-server
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: "0755"
+
+- name: Create nodejs tmpdir
+  tags: nodejs
+  ansible.builtin.tempfile:
+    state: directory
+    suffix: nodejs
+  register: nodejs_tmp
+
+- name: download nodejs setup
+  tags: nodejs
+  ansible.builtin.get_url:
+    url: https://deb.nodesource.com/setup_16.x
+    dest: "{{ nodejs_tmp.path }}/setup_node.sh"
+    mode: "0755"
+
+- name: run node setup script
+  tags: nodejs
+  become: yes
+  ansible.builtin.command:
+    cmd: "{{ nodejs_tmp.path }}/setup_node.sh"
+
+- name: install nodejs
+  tags: nodejs
+  become: yes
+  ansible.builtin.apt:
+    pkg: nodejs
+    state: present
+    update_cache: yes
+
+- name: update npm
+  tags: nodejs
+  become: yes
+  ansible.builtin.shell:
+    cmd: npm install -g npm
+
+- name: deploy django local settings
+  tags: django
+  ansible.builtin.template:
+    src: local_settings.j2
+    dest: "{{ local_settings_file }}"
+    mode: "0644"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+
+- name: remove tempdirs
+  tags: cleanup
+  become: yes
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  with_items:
+    - "{{ nats_tmp.path }}"
+    - "{{ python_tmp.path }}"
+    - "{{ nodejs_tmp.path }}"
diff --git a/ansible/roles/trmm_dev/templates/local_settings.j2 b/ansible/roles/trmm_dev/templates/local_settings.j2
new file mode 100644
index 00000000..3b9c2cb0
--- /dev/null
+++ b/ansible/roles/trmm_dev/templates/local_settings.j2
@@ -0,0 +1,19 @@
+SECRET_KEY = "{{ django_secret }}"
+DEBUG = True
+ALLOWED_HOSTS = ['{{ api }}']
+ADMIN_URL = "admin/"
+CORS_ORIGIN_WHITELIST = [
+    "https://{{ rmm }}"
+]
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': 'tacticalrmm',
+        'USER': '{{ db_user }}',
+        'PASSWORD': '{{ db_passwd }}',
+        'HOST': 'localhost',
+        'PORT': '5432',
+    }
+}
+REDIS_HOST    = "localhost"
+ADMIN_ENABLED = True
diff --git a/ansible/roles/trmm_dev/vars/main.yml b/ansible/roles/trmm_dev/vars/main.yml
new file mode 100644
index 00000000..a5217714
--- /dev/null
+++ b/ansible/roles/trmm_dev/vars/main.yml
@@ -0,0 +1,14 @@
+---
+api: 'api.example.com'
+rmm: 'rmm.example.com'
+mesh: 'mesh.example.com'
+github_username: 'changeme'
+github_email: 'changeme@example.com'
+mesh_site: 'changeme'
+mesh_user: 'changeme'
+mesh_token: 'changeme'
+db_user: 'changeme'
+db_passwd: 'changeme'
+django_secret: 'changeme'
+
+
diff --git a/ansible/setup_dev.yml b/ansible/setup_dev.yml
new file mode 100644
index 00000000..2fee99b5
--- /dev/null
+++ b/ansible/setup_dev.yml
@@ -0,0 +1,6 @@
+---
+- hosts: "{{ target }}"
+  vars:
+    ansible_user: tactical
+  roles:
+    - trmm_dev