From 0481e42aa41640e9df141bac33b63ebbe5c040dd Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Tue, 16 Nov 2021 16:03:46 -0600
Subject: [PATCH] Install/configure LndHub

---
 .../kosmos-bitcoin/attributes/default.rb      |  4 +
 site-cookbooks/kosmos-bitcoin/metadata.rb     |  1 +
 .../kosmos-bitcoin/recipes/lndhub.rb          | 95 +++++++++++++++++++
 .../templates/lndhub.config.js.erb            | 21 ++++
 4 files changed, 121 insertions(+)
 create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
 create mode 100644 site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb

diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
index 2c9b81e..624c146 100644
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@@ -57,6 +57,10 @@ node.default['rtl']['revision'] = 'v0.11.0'
 node.default['rtl']['host'] = '10.1.1.163'
 node.default['rtl']['port'] = '3000'
 
+node.default['lndhub']['repo'] = 'https://github.com/BlueWallet/LndHub.git'
+node.default['lndhub']['revision'] = 'master'
+node.default['lndhub']['port'] = '3023'
+
 node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 
diff --git a/site-cookbooks/kosmos-bitcoin/metadata.rb b/site-cookbooks/kosmos-bitcoin/metadata.rb
index c8bb476..3d9ac07 100644
--- a/site-cookbooks/kosmos-bitcoin/metadata.rb
+++ b/site-cookbooks/kosmos-bitcoin/metadata.rb
@@ -27,3 +27,4 @@ depends 'kosmos-nodejs'
 depends 'firewall'
 depends 'application_javascript'
 depends 'tor-full'
+depends 'redisio'
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb b/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
new file mode 100644
index 0000000..3140ee5
--- /dev/null
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub.rb
@@ -0,0 +1,95 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: lndhub
+#
+
+include_recipe 'redisio::default'
+include_recipe 'redisio::enable'
+
+app_name      = "lndhub"
+app_dir       = "/opt/#{app_name}"
+lnd_dir       = node['lnd']['lnd_dir']
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
+
+application app_dir do
+  owner bitcoin_user
+  group bitcoin_group
+
+  git do
+    user  bitcoin_user
+    group bitcoin_group
+    repository node['lndhub']['repo']
+    revision node['lndhub']['revision']
+    notifies :restart, "systemd_unit[lndhub.service]", :delayed
+  end
+
+  npm_install do
+    user bitcoin_user
+  end
+
+  link "#{app_dir}/admin.macaroon" do
+    to "#{lnd_dir}/data/chain/bitcoin/mainnet/admin.macaroon"
+    owner bitcoin_user
+    group bitcoin_group
+  end
+
+  link "#{app_dir}/tls.cert"  do
+    to "#{lnd_dir}/tls.cert"
+    owner bitcoin_user
+    group bitcoin_group
+  end
+
+  template "#{app_dir}/config.js" do
+    source "lndhub.config.js.erb"
+    owner bitcoin_user
+    group bitcoin_group
+    mode '0600'
+    variables bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
+              bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
+              bitcoin_rpc_pass: bitcoin_credentials["rpcpassword"],
+              lnd_rpc_host: '127.0.0.1:10009'
+    notifies :restart, "systemd_unit[lndhub.service]", :delayed
+  end
+
+  systemd_unit 'lndhub.service' do
+    content({
+      Unit: {
+        Description: 'LND Hub',
+        Documentation: ['https://github.com/BlueWallet/LndHub'],
+        Requires: 'lnd.service',
+        After: 'lnd.service'
+      },
+      Service: {
+        User: bitcoin_user,
+        Group: bitcoin_group,
+        Type: 'simple',
+        Environment: "PORT=#{node['lndhub']['port']}",
+        WorkingDirectory: app_dir,
+        ExecStart: "/usr/bin/npm start",
+        Restart: 'always',
+        RestartSec: '30',
+        TimeoutSec: '120',
+        PrivateTmp: true,
+        ProtectSystem: 'full',
+        NoNewPrivileges: true,
+        PrivateDevices: true,
+      },
+      Install: {
+        WantedBy: 'multi-user.target'
+      }
+    })
+    verify false
+    triggers_reload true
+    action [:create, :enable, :start]
+  end
+end
+
+include_recipe 'firewall'
+firewall_rule 'lndhub_private' do
+  port     node['lndhub']['port'].to_i
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end
diff --git a/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb
new file mode 100644
index 0000000..86933bf
--- /dev/null
+++ b/site-cookbooks/kosmos-bitcoin/templates/lndhub.config.js.erb
@@ -0,0 +1,21 @@
+let config = {
+  enableUpdateDescribeGraph: false,
+  postRateLimit: 100,
+  rateLimit: 200,
+  forwardReserveFee: 0.01, // default 0.01
+  intraHubFee: 0.003, // default 0.003
+  bitcoind: {
+    rpc: 'http://<%= @bitcoin_rpc_user %>:<%= @bitcoin_rpc_pass %>@<%= @bitcoin_rpc_host %>/wallet/wallet.dat',
+  },
+  redis: {
+    port: 6379,
+    host: '127.0.0.1',
+    family: 4,
+    db: 0,
+  },
+  lnd: {
+    url: '<%= @lnd_rpc_host %>'
+  },
+};
+
+module.exports = config;