Chore: Updated python dependencies

Chore: Updated angular to v19
Chore: Refactored ops with docker and ansible

ansible/.gitignore

@@ -0,0 +1,2 @@
+app/package.json
+app/pyproject.toml

ansible/bake-pies.yml

@@ -0,0 +1,179 @@
+#################################################
+# DO Community Playbooks: Docker
+#################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/pies.yml
+
+  tasks:
+    # - name: Check if LCD Rotated
+    #   shell: grep -c "lcd_rotate=2" /boot/config.txt || true
+    #   register: lcd_rotate_test
+
+    # - name: rotate the lcd
+    #   lineinfile:
+    #     dest: /boot/config.txt
+    #     line: lcd_rotate=2
+    #   when: lcd_rotate_test.stdout == "0"
+
+    - name: Update the hostname file
+      replace:
+        path: /etc/hostname
+        regexp: '(\s*)raspberrypi(\s+.*)?$'
+        replace: "\\1{{ hostname }}\\2"
+        backup: yes
+
+    - name: Update the hosts file
+      replace:
+        path: /etc/hosts
+        regexp: '(\s+)raspberrypi(\s+.*)?$'
+        replace: "\\1{{ hostname }}\\2"
+        backup: yes
+
+    - name: Ensure SSH Directory exists
+      file:
+          path: "/home/{{ user }}/.ssh"
+          state: directory
+          group: "{{ user }}"
+          owner: "{{ user }}"
+          mode: 0700
+
+    - name: Ensure authorized_keys file exists
+      copy:
+        content: ""
+        dest: "/home/{{ user }}/.ssh/authorized_keys"
+        force: no
+        group: "{{ user }}"
+        owner: "{{ user }}"
+        mode: 0644
+
+    - name: Check Terminus public key
+      shell: "grep -c \"{{ terminus_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
+      register: terminuskey_test
+
+    - name: Add Terminus public key
+      lineinfile:
+        dest: "/home/{{ user }}/.ssh/authorized_keys"
+        line: "{{ terminus_key }}"
+      when: terminuskey_test.stdout == "0"
+
+    - name: Check rohan public key
+      shell: "grep -c \"{{ rohan_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
+      register: rohankey_test
+
+    - name: Add Rohan public key
+      lineinfile:
+        dest: "/home/{{ user }}/.ssh/authorized_keys"
+        line: "{{ rohan_key }}"
+      when: rohankey_test.stdout == "0"
+
+    - name: Check Anjin public key
+      shell: "grep -c \"{{ anjin_key }}\" /home/{{ user }}/.ssh/authorized_keys || true"
+      register: anjin_key_test
+
+    - name: Add Anjin public key
+      lineinfile:
+        dest: "/home/{{ user }}/.ssh/authorized_keys"
+        line: "{{ anjin_key }}"
+      when: anjin_key_test.stdout == "0"
+
+    - name: Update the sshd config file to disable password logins
+      replace:
+        path: /etc/ssh/sshd_config
+        regexp: '(\s+)#PasswordAuthentication yes(\s+.*)?$'
+        replace: "\\1PasswordAuthentication no\\2"
+        backup: yes
+
+    - name: Check if .ssh config file exists
+      stat:
+        path: "/home/{{ user }}/.ssh/config"
+      register: config_status
+
+    - name: No need to upload the .ssh config
+      when: config_status.stat.exists == true
+      debug:
+        msg: No need to upload the .ssh config as it already exists.
+
+    - name: Upload the .ssh config file
+      when: config_status.stat.exists == false
+      template:
+        src: "files/config"
+        dest: "/home/{{ user }}/.ssh/config"
+        group: "{{ user }}"
+        owner: "{{ user }}"
+        mode: 0644
+
+    - name: Check if ed25519 key exists
+      stat:
+        path: "/home/{{ user }}/.ssh/id_ed25519"
+      register: key_status
+
+    - name: No need to generate new ed25519 key
+      when: key_status.stat.exists == true
+      debug:
+        msg: No need to generate new ed25519 key as it already exists.
+
+    - name: Generate new id_ed25519 key
+      when: key_status.stat.exists == false
+      become: yes
+      become_user: "{{ user }}"
+      shell: ssh-keygen -t ed25519 -q -f "/home/{{ user }}/.ssh/id_ed25519" -C "{{ user }}@{{ hostname }} $(date '+%Y.%m.%d')" -N ""
+
+    - name: Install Docker
+      shell: curl -sSL https://get.docker.com | sh
+
+    - name: Install matchbox-keyboard
+      package:
+        name: matchbox-keyboard
+        state: latest
+
+    - name: Install python3-docker
+      package:
+        name: python3-docker
+        state: latest
+
+    - name: adding user to group docker
+      user:
+        name: "{{ user }}"
+        groups: docker
+        append: yes
+
+    - name: adding user to group lp (line printers)
+      user:
+        name: "{{ user }}"
+        groups: lp
+        append: yes
+
+    - name: install rohan-redis-tunnel systemd unit file
+      template:
+        src: "files/rohan-redis-tunnel.service"
+        dest: "/etc/systemd/system/rohan-redis-tunnel.service"
+
+    - name: enable service rohan-redis-tunnel and ensure it is not masked
+      systemd:
+        name: rohan-redis-tunnel
+        enabled: yes
+        masked: no
+
+    - name: Make sure rohan-redis-tunnel service is running
+      systemd:
+        state: started
+        name: rohan-redis-tunnel
+
+    - name: install leardal systemd unit file
+      template:
+        src: "files/leardal.service"
+        dest: "/etc/systemd/system/leardal.service"
+
+    - name: enable service leardal and ensure it is not masked
+      systemd:
+        name: leardal
+        enabled: yes
+        masked: no
+
+    - name: Make sure leardal service is running
+      systemd:
+        state: started
+        name: leardal

ansible/files/.env

@@ -0,0 +1,18 @@
+HOST=0.0.0.0
+PORT=80
+LOG_LEVEL=WARN
+DEBUG=false
+SQLALCHEMY_DATABASE_URI=postgresql://postgres:123456@db:5432/petty{{ name }}
+MODULE_NAME=barker.main
+PROJECT_NAME=barker
+MAX_WORKERS=4
+REDIS_HOST=redis
+REDIS_PORT=6379
+SECRET_KEY={{ secret_key }}
+MIDDLEWARE_SECRET_KEY={{ middleware_key }}
+ALGORITHM=HS256
+JWT_TOKEN_EXPIRE_MINUTES=30
+NEW_DAY_OFFSET_MINUTES=420
+TIMEZONE_OFFSET_MINUTES=330
+ALEMBIC_LOG_LEVEL=INFO
+ALEMBIC_SQLALCHEMY_LOG_LEVEL=WARN

ansible/files/build-frank.sh

@@ -0,0 +1 @@
+docker build --file /home/{{ user }}/dockerfile/app/frank.Dockerfile --tag frank:latest /home/{{ user }}/dockerfile/app

ansible/files/config

@@ -0,0 +1,4 @@
+Host rohan rohan.tanshu.com
+    HostName rohan.tanshu.com
+    IdentityFile ~/.ssh/id_ed25519
+    User tanshu

ansible/files/frank.env

@@ -0,0 +1,3 @@
+REDIS_HOST=localhost
+REDIS_PORT=6379
+QUEUE_NAME={{ queue_name }}

ansible/files/frank.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Frank container service
+After=docker.service rohan-redis-tunnel.service
+Wants=network-online.target docker.socket rohan-redis-tunnel.service
+Requires=docker.socket rohan-redis-tunnel.service
+PartOf=rohan-redis-tunnel.service
+
+[Service]
+Restart=always
+RestartSec=3
+ExecStart=/usr/bin/docker start -a frank
+ExecStop=/usr/bin/docker stop -t 10 frank
+
+[Install]
+WantedBy=multi-user.target

ansible/files/frank.sh

@@ -0,0 +1 @@
+docker run --detach --name frank --env-file=/home/{{ user }}/frank.env --network=host --restart=no --device /dev/usb/lp0:/printer frank:latest

ansible/files/leardal.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Reverse SSH connection
+After=network.target
+
+[Service]
+Type=simple
+User={{ user }}
+
+ExecStart=/usr/bin/ssh -NTg -o ServerAliveInterval=60 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 -o StrictHostKeyChecking=no -i /home/{{ user }}/.ssh/id_ed25519 -R {{ ssh_port }}:localhost:22 tanshu@rohan.tanshu.com
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+Restart=always
+RestartSec=5s
+
+[Install]
+WantedBy=default.target

ansible/files/nginx.conf.j2

@@ -0,0 +1,39 @@
+server {
+
+  listen 80;
+  server_name {{ http_host }};
+
+  # Allow large attachments
+  client_max_body_size 128M;
+
+  location /api {
+    proxy_set_header Host            $host:$server_port;
+    proxy_set_header X-Scheme        $scheme;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_pass       http://localhost:{{ host_port }};
+  }
+  location /token {
+
+    proxy_set_header Host            $host:$server_port;
+    proxy_set_header X-Scheme        $scheme;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_pass       http://localhost:{{ host_port }};
+  }
+  location /refresh {
+    proxy_set_header Host            $host:$server_port;
+    proxy_set_header X-Scheme        $scheme;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_pass       http://localhost:{{ host_port }};
+  }
+  location /db-image {
+    proxy_set_header Host            $host:$server_port;
+    proxy_set_header X-Scheme        $scheme;
+    proxy_set_header X-Forwarded-For $remote_addr;
+    proxy_pass       http://localhost:{{ host_port }};
+  }
+  location / {
+    root /var/lib/{{ host_directory }}/frontend;
+    index index.html index.htm;
+    try_files $uri $uri/ /index.html =404;
+  }
+}

ansible/files/rohan-redis-tunnel.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Keep ssh tunnel to specified remote host open
+After=network.target
+
+[Service]
+User={{ user }}
+
+ExecStart=/usr/bin/ssh -NT -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o ServerAliveCountMax=2 -o StrictHostKeyChecking=no -i /home/{{ user }}/.ssh/id_ed25519 -L 6379:localhost:6379 tanshu@rohan.tanshu.com
+
+# Restart every >2 seconds to avoid StartLimitInterval failure
+RestartSec=5
+Restart=always
+
+[Install]
+WantedBy=multi-user.target

ansible/hosts

@@ -0,0 +1,14 @@
+#   - Comments begin with the '#' character
+#   - Blank lines are ignored
+#   - Groups of hosts are delimited by [header] elements
+#   - You can enter hostnames or ip addresses
+#   - A hostname/ip can be a member of multiple groups
+
+[barker]
+pkl ansible_host=beacon var_file=vars/pkl.yml
+chd ansible_host=beacon var_file=vars/chd.yml
+mhl ansible_host=beacon var_file=vars/mhl.yml
+hin ansible_host=beacon var_file=vars/hin.yml
+
+[all:vars]
+ansible_python_interpreter=/usr/bin/python3

ansible/playbook-frank.yml

@@ -0,0 +1,82 @@
+#################################################
+# DO Community Playbooks: Docker
+#################################################
+---
+- hosts: all
+  become: true
+  vars_files:
+    - vars/frank.yml
+
+  tasks:
+    - name: Copy dockerfile
+      synchronize: src=app dest="/home/{{ user }}/dockerfile"
+
+    - name: Build frank image
+      docker_image:
+        name: frank:latest
+        build:
+          path: "/home/{{ user }}/dockerfile/app"
+          dockerfile: "/home/{{ user }}/dockerfile/app/frank.Dockerfile"
+          pull: yes
+        state: present
+        source: build
+
+    - name: Check if frank .env file exists
+      stat: path="/home/{{ user }}/frank.env"
+      register: status
+
+    - name: No need to upload the frank .env file
+      debug:
+        msg: "No need to upload the frank .env file as it already exists."
+
+    - name: Upload the frank .env file
+      when: status.stat.exists == false
+      template:
+        src: files/frank.env
+        dest: "/home/{{ user }}/frank.env"
+        group: "{{ user }}"
+        owner: "{{ user }}"
+        mode: 0644
+
+    - name: Create frank worker container
+      docker_container:
+        name: "frank"
+        image: frank:latest
+        state: started
+        restart_policy: "no"
+        env_file: "/home/{{ user }}/frank.env"
+        network_mode: "host"
+        devices:
+          - "{{ printer_port }}:/printer"
+
+    - name: Copy docker build script
+      template:
+        src: files/build-frank.sh
+        dest: "/home/{{ user }}/dockerfile/build-frank.sh"
+        group: "{{ user }}"
+        owner: "{{ user }}"
+        mode: 0644
+
+    - name: Copy docker run script
+      template:
+        src: files/frank.sh
+        dest: "/home/{{ user }}/dockerfile/frank.sh"
+        group: "{{ user }}"
+        owner: "{{ user }}"
+        mode: 0644
+
+    - name: install frank systemd unit file
+      template:
+        src: "files/frank.service"
+        dest: "/etc/systemd/system/frank.service"
+
+    - name: enable service frank and ensure it is not masked
+      systemd:
+        name: frank
+        enabled: yes
+        masked: no
+
+    - name: Make sure frank service is running
+      systemd:
+        state: started
+        name: frank

ansible/playbook.yml

@@ -0,0 +1,13 @@
+#################################################
+# DO Community Playbooks: Docker
+#################################################
+---
+- hosts: barker
+  become: true
+  vars_files:
+    - default
+    - "{{ var_file }}"
+
+  roles:
+    - barker
+    - nginx

ansible/roles/barker/tasks/main.yaml

@@ -0,0 +1,39 @@
+---
+# Tasks for docker role
+- name: Log in to Docker registry
+  docker_login:
+    registry: "{{ registry }}"
+    username: "{{ username }}"
+    password: "{{ password }}"
+
+- name: Pull Barker image
+  docker_image:
+    name: "{{ image_name }}"
+    source: pull
+    state: present
+    force_source: yes
+
+- name: Ensure Host Directory exists
+  file:
+      path: "/var/lib/{{ host_directory }}"
+      state: directory
+
+- name: Upload the .env file
+  template:
+    src: "files/.env"
+    dest: "/var/lib/{{ host_directory }}/.env"
+
+- name: Create barker container
+  docker_container:
+    name: "{{ host_directory }}"
+    image: "{{ image_name }}"
+    state: started
+    restart_policy: "unless-stopped"
+    env_file: "/var/lib/{{ host_directory }}/.env"
+    links:
+      - "postgres:db"
+      - "redis:redis"
+    published_ports:
+      - "127.0.0.1:{{ host_port }}:80"
+    volumes:
+      - "/var/lib/{{ host_directory }}/frontend:/frontend"

ansible/roles/nginx/defaults/main.yaml

@@ -0,0 +1,2 @@
+---
+# Default variables for Nginx role

ansible/roles/nginx/handlers/main.yaml

@@ -0,0 +1,6 @@
+---
+# Handlers for Nginx role
+- name: Reload Nginx
+  service:
+    name: nginx
+    state: reloaded

ansible/roles/nginx/tasks/main.yaml

@@ -0,0 +1,24 @@
+---
+# Tasks for Nginx role
+- name: Check if Nginx conf file exists
+  stat:
+    path: "/etc/nginx/sites-available/{{ http_conf }}"
+  register: status
+
+- name: No need to reload Nginx
+  debug:
+    msg: "No need to reload Nginx as sites-available entries have already been created"
+
+- name: Set Nginx conf file
+  when: status.stat.exists == false
+  template:
+    src: "files/nginx.conf.j2"
+    dest: "/etc/nginx/sites-available/{{ http_conf }}"
+
+- name: Enable new site
+  when: status.stat.exists == false
+  file:
+    src: "/etc/nginx/sites-available/{{ http_conf }}"
+    dest: "/etc/nginx/sites-enabled/{{ http_conf }}"
+    state: link
+  notify: Reload Nginx

ansible/vars/chd.yml

@@ -0,0 +1,9 @@
+---
+name: chd
+secret_key: d9e4facec94d7e0bf3d63ca03b1d78d834b158627b6593274f7fe27f6aed6db4
+middleware_key: 8d5f28b083
+
+http_host: "knox.greatbear.in"
+http_conf: "knox.greatbear.in.conf"
+host_port: "8337"
+host_directory: "barker-{{ name }}"

ansible/vars/default.yml

@@ -0,0 +1,19 @@
+---
+# name: xxx
+# # openssl rand -hex 32
+# secret_key: 0000000000000000000000000000000000000000000000000000000000000000
+# # openssl rand -hex 5
+# middleware_key: 0000000000
+
+registry: registry.tanshu.com
+username: ta-registry
+password: ff28a01f00c0f39315d94cd9dcb1e554968dba25676a8ea5f2be34e96a9a099f
+title: barker
+tag: latest
+
+image_name: "{{ registry }}/barker:{{ tag }}"
+
+# http_host: "knox.hopsngrains.com"
+# http_conf: "knox.hopsngrains.com.conf"
+# host_port: "8338"
+# host_directory: "barker-{{ name }}"

ansible/vars/frank.yml

@@ -0,0 +1,4 @@
+---
+printer_port: "/dev/usb/lp0"
+user: vari
+queue_name: moz-elante

ansible/vars/hin.yml

@@ -0,0 +1,9 @@
+---
+name: hin
+secret_key: 029858927beda45d76317729824ae500d0938f04d4ca955f3afa95061c9a9298
+middleware_key: c4b0b98ff9
+
+http_host: "knox.mozimo.in"
+http_conf: "knox.mozimo.in.conf"
+host_port: "8335"
+host_directory: "barker-{{ name }}"

ansible/vars/mhl.yml

@@ -0,0 +1,9 @@
+---
+name: mhl
+secret_key: 8b7f704ad1bbee3caa683a57440a6a371937fe5f64a7712a6a15bf3165c3c598
+middleware_key: 1aa5487223
+
+http_host: "knox.hngmohali.com"
+http_conf: "knox.hngmohali.com.conf"
+host_port: "8336"
+host_directory: "barker-{{ name }}"

ansible/vars/pies.yml

@@ -0,0 +1,7 @@
+---
+hostname: "moz2"
+ssh_port: "22542"
+user: "vari"
+terminus_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8WQHla0uCcNwmN0DUE49lbjNWa6+7A6OxrX3WEPQH0 tanshu@terminus 2023.01.08"
+rohan_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKk6HHpwGQTfciXFaKOBWg+zh09XtTYvYxFZaaW3yMln tanshu@rohan 2023.08.06"
+anjin_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMlvalE0JqKyjpEsGTgtf/N1d9QK2MgNFJib+e8O2h9M tanshu@anjin 2024.09.28"

ansible/vars/pkl.yml

@@ -0,0 +1,9 @@
+---
+name: pkl
+secret_key: bd6e5dee0f3b8a6f0db50f7aa08e91d55b2ae5ab6df126defa37e80602481002
+middleware_key: 1d34ef6597
+
+http_host: "knox.hopsngrains.com"
+http_conf: "knox.hopsngrains.com.conf"
+host_port: "8338"
+host_directory: "barker-{{ name }}"