Merge pull request 'Set up lndhub.go' (#457) from feature/454-lndhub.go into master
Reviewed-on: #457
This commit is contained in:
commit
0c37504ac6
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
"id": "lndhub-go",
|
||||
"jwt_secret": {
|
||||
"encrypted_data": "cFost8pLsoJ/8Gp5m/TgN8xjMkvk0oZuEZ3XfxDIaYjOVYi3fEX8\n",
|
||||
"iv": "47gV4v/D+10B6xqu\n",
|
||||
"auth_tag": "MKEyVFfJ3f5pxWRSyMH4Rw==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"postgresql_password": {
|
||||
"encrypted_data": "YSMEIWdZn08lyrZeJNAUZ5xwKhWHESa1A5MojKJ/5iiE\n",
|
||||
"iv": "0mlURPOohnKbG+i8\n",
|
||||
"auth_tag": "bqIOqFEEIxA99wlvpTqxFA==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
},
|
||||
"admin_token": {
|
||||
"encrypted_data": "Jv2vQySZT9qn87g24IOYK1dpfSbZoUE/8VtZhzljQGIL\n",
|
||||
"iv": "kjtrzmjTFKQq+nTV\n",
|
||||
"auth_tag": "3YbOzU/ndVARbHTU1hoa9g==\n",
|
||||
"version": 3,
|
||||
"cipher": "aes-256-gcm"
|
||||
}
|
||||
}
|
|
@ -4,7 +4,10 @@
|
|||
"garage": {
|
||||
"replication_mode": "2",
|
||||
"s3_api_root_domain": ".s3.garage.kosmos.org",
|
||||
"s3_web_root_domain": ".web.garage.kosmos.org"
|
||||
"s3_web_root_domain": ".web.garage.kosmos.org",
|
||||
"s3_web_domains": [
|
||||
"s3.kosmos.social"
|
||||
]
|
||||
},
|
||||
"gitea": {
|
||||
"postgresql_host": "pg.kosmos.local:5432",
|
||||
|
@ -23,4 +26,4 @@
|
|||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,7 +12,9 @@
|
|||
"hostname": "akkounts-1",
|
||||
"ipaddress": "192.168.122.160",
|
||||
"roles": [
|
||||
"base",
|
||||
"kvm_guest",
|
||||
"ldap_client",
|
||||
"akkounts",
|
||||
"postgresql_client"
|
||||
],
|
||||
|
@ -20,6 +22,7 @@
|
|||
"kosmos-base",
|
||||
"kosmos-base::default",
|
||||
"kosmos_kvm::guest",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-akkounts",
|
||||
"kosmos-akkounts::default",
|
||||
|
@ -46,7 +49,6 @@
|
|||
"redis::default",
|
||||
"backup::default",
|
||||
"logrotate::default",
|
||||
"kosmos-dirsrv::hostsfile",
|
||||
"nodejs::npm",
|
||||
"nodejs::install",
|
||||
"kosmos-nginx::default",
|
||||
|
@ -83,4 +85,4 @@
|
|||
"role[ldap_client]",
|
||||
"role[akkounts]"
|
||||
]
|
||||
}
|
||||
}
|
|
@ -12,9 +12,14 @@
|
|||
"hostname": "bitcoin-2",
|
||||
"ipaddress": "192.168.122.148",
|
||||
"roles": [
|
||||
"base",
|
||||
"kvm_guest",
|
||||
"btcpay",
|
||||
"postgresql_client"
|
||||
"bitcoind",
|
||||
"cln",
|
||||
"lnd",
|
||||
"lndhub",
|
||||
"postgresql_client",
|
||||
"btcpay"
|
||||
],
|
||||
"recipes": [
|
||||
"kosmos-base",
|
||||
|
@ -22,14 +27,16 @@
|
|||
"kosmos_kvm::guest",
|
||||
"tor-full",
|
||||
"tor-full::default",
|
||||
"kosmos-bitcoin::source",
|
||||
"kosmos-bitcoin::bitcoind",
|
||||
"kosmos-bitcoin::c-lightning",
|
||||
"kosmos-bitcoin::lnd",
|
||||
"kosmos-bitcoin::lnd-scb-s3",
|
||||
"kosmos-bitcoin::boltz",
|
||||
"kosmos-bitcoin::rtl",
|
||||
"kosmos-bitcoin::lndhub",
|
||||
"kosmos-bitcoin::peerswap-lnd",
|
||||
"kosmos_postgresql::hostsfile",
|
||||
"kosmos-bitcoin::lndhub",
|
||||
"kosmos-bitcoin::lndhub-go",
|
||||
"kosmos-bitcoin::dotnet",
|
||||
"kosmos-bitcoin::nbxplorer",
|
||||
"kosmos-bitcoin::btcpay",
|
||||
|
@ -70,7 +77,6 @@
|
|||
"redisio::disable_os_default",
|
||||
"redisio::configure",
|
||||
"redisio::enable",
|
||||
"kosmos-base::letsencrypt",
|
||||
"kosmos-nginx::default",
|
||||
"nginx::default",
|
||||
"nginx::package",
|
||||
|
@ -80,7 +86,8 @@
|
|||
"nginx::commons_dir",
|
||||
"nginx::commons_script",
|
||||
"nginx::commons_conf",
|
||||
"kosmos-nginx::firewall"
|
||||
"kosmos-nginx::firewall",
|
||||
"kosmos-base::letsencrypt"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
"platform_version": "20.04",
|
||||
|
@ -97,16 +104,13 @@
|
|||
}
|
||||
},
|
||||
"run_list": [
|
||||
"recipe[kosmos-base]",
|
||||
"role[base]",
|
||||
"role[kvm_guest]",
|
||||
"recipe[tor-full]",
|
||||
"recipe[kosmos-bitcoin::source]",
|
||||
"recipe[kosmos-bitcoin::c-lightning]",
|
||||
"recipe[kosmos-bitcoin::lnd]",
|
||||
"recipe[kosmos-bitcoin::lnd-scb-s3]",
|
||||
"recipe[kosmos-bitcoin::boltz]",
|
||||
"recipe[kosmos-bitcoin::rtl]",
|
||||
"recipe[kosmos-bitcoin::lndhub]",
|
||||
"role[bitcoind]",
|
||||
"role[cln]",
|
||||
"role[lnd]",
|
||||
"role[lndhub]",
|
||||
"role[btcpay]"
|
||||
]
|
||||
}
|
|
@ -31,20 +31,21 @@
|
|||
"kosmos_assets::nginx_site",
|
||||
"kosmos_discourse::nginx",
|
||||
"kosmos_drone::nginx",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"kosmos_garage::nginx_web",
|
||||
"kosmos_gitea::nginx",
|
||||
"kosmos_website",
|
||||
"kosmos_website::default",
|
||||
"kosmos-akkounts::nginx_api",
|
||||
"kosmos-bitcoin::nginx_lndhub",
|
||||
"kosmos-ejabberd::nginx",
|
||||
"kosmos-hubot::nginx_botka_irc-libera-chat",
|
||||
"kosmos-hubot::nginx_hal8000_xmpp",
|
||||
"kosmos-ipfs::nginx_public_gateway",
|
||||
"kosmos-mastodon::nginx",
|
||||
"remotestorage_discourse::nginx",
|
||||
"kosmos_garage",
|
||||
"kosmos_garage::default",
|
||||
"kosmos_garage::firewall_rpc",
|
||||
"kosmos_garage::nginx_web",
|
||||
"kosmos_zerotier::controller",
|
||||
"kosmos_zerotier::firewall",
|
||||
"kosmos_zerotier::zncui",
|
||||
|
@ -73,11 +74,11 @@
|
|||
"nginx::commons_conf",
|
||||
"kosmos-nginx::firewall",
|
||||
"discourse::nginx",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"git::default",
|
||||
"git::package",
|
||||
"kosmos-base::letsencrypt",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"fail2ban::default"
|
||||
],
|
||||
"platform": "ubuntu",
|
||||
|
|
|
@ -21,8 +21,10 @@
|
|||
"kosmos_kvm::guest",
|
||||
"kosmos_postgresql::primary",
|
||||
"kosmos_postgresql::firewall",
|
||||
"kosmos_gitea::pg_db",
|
||||
"kosmos-bitcoin::lndhub-go_pg_db",
|
||||
"kosmos_drone::pg_db",
|
||||
"kosmos_gitea::pg_db",
|
||||
"kosmos-mastodon::pg_db",
|
||||
"apt::default",
|
||||
"timezone_iii::default",
|
||||
"timezone_iii::debian",
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
name "bitcoind"
|
||||
|
||||
run_list %w(
|
||||
kosmos-bitcoin::bitcoind
|
||||
)
|
|
@ -0,0 +1,5 @@
|
|||
name "cln"
|
||||
|
||||
run_list %w(
|
||||
kosmos-bitcoin::c-lightning
|
||||
)
|
|
@ -0,0 +1,9 @@
|
|||
name "lnd"
|
||||
|
||||
run_list %w(
|
||||
kosmos-bitcoin::lnd
|
||||
kosmos-bitcoin::lnd-scb-s3
|
||||
kosmos-bitcoin::boltz
|
||||
kosmos-bitcoin::rtl
|
||||
kosmos-bitcoin::peerswap-lnd
|
||||
)
|
|
@ -0,0 +1,7 @@
|
|||
name "lndhub"
|
||||
|
||||
run_list %w(
|
||||
role[postgresql_client]
|
||||
kosmos-bitcoin::lndhub
|
||||
kosmos-bitcoin::lndhub-go
|
||||
)
|
|
@ -18,18 +18,19 @@ default_run_list = %w(
|
|||
kosmos_assets::nginx_site
|
||||
kosmos_discourse::nginx
|
||||
kosmos_drone::nginx
|
||||
kosmos_garage::default
|
||||
kosmos_garage::firewall_rpc
|
||||
kosmos_garage::nginx_web
|
||||
kosmos_gitea::nginx
|
||||
kosmos_website::default
|
||||
kosmos-akkounts::nginx_api
|
||||
kosmos-bitcoin::nginx_lndhub
|
||||
kosmos-ejabberd::nginx
|
||||
kosmos-hubot::nginx_botka_irc-libera-chat
|
||||
kosmos-hubot::nginx_hal8000_xmpp
|
||||
kosmos-ipfs::nginx_public_gateway
|
||||
kosmos-mastodon::nginx
|
||||
remotestorage_discourse::nginx
|
||||
kosmos_garage::default
|
||||
kosmos_garage::firewall_rpc
|
||||
kosmos_garage::nginx_web
|
||||
)
|
||||
|
||||
env_run_lists(
|
||||
|
|
|
@ -3,7 +3,8 @@ name "postgresql_primary"
|
|||
run_list %w(
|
||||
kosmos_postgresql::primary
|
||||
kosmos_postgresql::firewall
|
||||
kosmos_gitea::pg_db
|
||||
kosmos-bitcoin::lndhub-go_pg_db
|
||||
kosmos_drone::pg_db
|
||||
kosmos_gitea::pg_db
|
||||
kosmos-mastodon::pg_db
|
||||
)
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
node.default['akkounts']['repo'] = 'https://gitea.kosmos.org/kosmos/akkounts.git'
|
||||
node.default['akkounts']['revision'] = 'master'
|
||||
node.default['akkounts']['revision'] = 'feature/73-lndhub-go'
|
||||
node.default['akkounts']['port'] = 3000
|
||||
node.default['akkounts']['domain'] = 'accounts.kosmos.org'
|
||||
|
||||
|
|
|
@ -79,6 +79,26 @@ node.default['lndhub']['revision'] = 'master'
|
|||
node.default['lndhub']['port'] = '3023'
|
||||
node.default['lndhub']['domain'] = 'lndhub.kosmos.org'
|
||||
|
||||
node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
|
||||
node.default['lndhub-go']['revision'] = '0.12.0'
|
||||
node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
|
||||
node.default['lndhub-go']['port'] = 3026
|
||||
node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
|
||||
node.default['lndhub-go']['postgres']['database'] = 'lndhub'
|
||||
node.default['lndhub-go']['postgres']['user'] = 'lndhub'
|
||||
node.default['lndhub-go']['postgres']['port'] = 5432
|
||||
node.default['lndhub-go']['default_rate_limit'] = 20
|
||||
node.default['lndhub-go']['strict_rate_limit'] = 1
|
||||
node.default['lndhub-go']['burst_rate_limit'] = 10
|
||||
node.default['lndhub-go']['branding'] = {
|
||||
'title' => 'LndHub - Kosmos Lightning',
|
||||
'desc' => 'Kosmos accounts for the Lightning Network',
|
||||
'url' => 'https://lndhub.kosmos.org',
|
||||
'logo' => 'https://assets.kosmos.org/img/icon-lndhub-400px.png',
|
||||
'favicon' => 'https://kosmos.org/favicon.ico',
|
||||
'footer' => 'about=https://kosmos.org'
|
||||
}
|
||||
|
||||
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
|
||||
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
|
||||
|
||||
|
@ -98,3 +118,7 @@ node.default["btcpay"]["domain"] = 'btcpay.kosmos.org'
|
|||
node.default['btcpay']['postgres']['port'] = 5432
|
||||
node.default['btcpay']['postgres']['database'] = 'btcpayserver'
|
||||
node.default['btcpay']['postgres']['user'] = 'satoshi'
|
||||
|
||||
node.default['peerswap']['repo'] = 'https://github.com/ElementsProject/peerswap.git'
|
||||
node.default['peerswap']['revision'] = 'master'
|
||||
node.default['peerswap-lnd']['source_dir'] = '/opt/peerswap'
|
||||
|
|
|
@ -7,25 +7,15 @@ long_description 'Installs/configures bitcoin-related software'
|
|||
version '0.1.0'
|
||||
chef_version '>= 14.0'
|
||||
|
||||
# The `issues_url` points to the location where issues for this cookbook are
|
||||
# tracked. A `View Issues` link will be displayed on this cookbook's page when
|
||||
# uploaded to a Supermarket.
|
||||
#
|
||||
# issues_url 'https://github.com/<insert_org_here>/kosmos-bitcoin/issues'
|
||||
|
||||
# The `source_url` points to the development repository for this cookbook. A
|
||||
# `View Source` link will be displayed on this cookbook's page when uploaded to
|
||||
# a Supermarket.
|
||||
#
|
||||
# source_url 'https://github.com/<insert_org_here>/kosmos-bitcoin'
|
||||
|
||||
depends 'application_javascript'
|
||||
depends 'ark'
|
||||
depends 'backup'
|
||||
depends 'firewall'
|
||||
depends 'git'
|
||||
depends 'golang'
|
||||
depends 'kosmos-nginx'
|
||||
depends 'kosmos-nodejs'
|
||||
depends 'firewall'
|
||||
depends 'application_javascript'
|
||||
depends 'tor-full'
|
||||
depends 'kosmos_postgresql'
|
||||
depends 'postgresql'
|
||||
depends 'redisio'
|
||||
depends 'tor-full'
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: source
|
||||
# Recipe:: bitcoind
|
||||
#
|
||||
|
||||
build_essential
|
|
@ -1,6 +1,6 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: boltz
|
||||
# Recipe:: golang
|
||||
#
|
||||
# Internal recipe for managing the Go installation in one place
|
||||
#
|
||||
|
|
|
@ -0,0 +1,107 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: lndhub-go
|
||||
#
|
||||
|
||||
include_recipe 'git'
|
||||
include_recipe 'kosmos-bitcoin::golang'
|
||||
include_recipe 'kosmos-bitcoin::user'
|
||||
|
||||
bitcoin_user = node['bitcoin']['username']
|
||||
bitcoin_group = node['bitcoin']['usergroup']
|
||||
lnd_dir = node['lnd']['lnd_dir']
|
||||
lncli_bin = '/opt/go/bin/lncli'
|
||||
source_dir = node['lndhub-go']['source_dir']
|
||||
macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
|
||||
credentials = data_bag_item('credentials', 'lndhub-go')
|
||||
postgres_host = "pg.kosmos.local"
|
||||
postgres_user = node['lndhub-go']['postgres']['user']
|
||||
postgres_db = node['lndhub-go']['postgres']['database']
|
||||
postgres_port = node['lndhub-go']['postgres']['port']
|
||||
|
||||
git source_dir do
|
||||
repository node['lndhub-go']['repo']
|
||||
revision node['lndhub-go']['revision']
|
||||
action :sync
|
||||
notifies :run, 'bash[compile_lndhub-go]', :immediately
|
||||
end
|
||||
|
||||
bash 'compile_lndhub-go' do
|
||||
cwd source_dir
|
||||
code 'make'
|
||||
action :nothing
|
||||
notifies :restart, 'service[lndhub-go]', :delayed
|
||||
end
|
||||
|
||||
bash 'bake_lndhub_macaroon' do
|
||||
user bitcoin_user
|
||||
cwd lnd_dir
|
||||
code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
|
||||
not_if { File.exist?(macaroon_path) }
|
||||
end
|
||||
|
||||
template "#{source_dir}/.env" do
|
||||
source 'lndhub-go.env.erb'
|
||||
owner bitcoin_user
|
||||
group bitcoin_group
|
||||
mode 0600
|
||||
sensitive true
|
||||
variables config: {
|
||||
database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
|
||||
jwt_secret: credentials['jwt_secret'],
|
||||
lnd_address: 'localhost:10009', # gRPC address,
|
||||
lnd_macaroon_file: macaroon_path,
|
||||
lnd_cert_file: "#{lnd_dir}/tls.cert",
|
||||
custom_name: node['lndhub-go']['domain'],
|
||||
port: node['lndhub-go']['port'],
|
||||
admin_token: credentials['admin_token'],
|
||||
default_rate_limit: node['lndhub-go']['default_rate_limit'],
|
||||
strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
|
||||
burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
|
||||
branding: node['lndhub-go']['branding']
|
||||
}
|
||||
notifies :restart, 'service[lndhub-go]', :delayed
|
||||
end
|
||||
|
||||
systemd_unit 'lndhub-go.service' do
|
||||
content({
|
||||
Unit: {
|
||||
Description: 'LndHub compatible API written in Go',
|
||||
Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
|
||||
Requires: 'lnd.service',
|
||||
After: 'lnd.service'
|
||||
},
|
||||
Service: {
|
||||
User: bitcoin_user,
|
||||
Group: bitcoin_group,
|
||||
Type: 'simple',
|
||||
WorkingDirectory: source_dir,
|
||||
ExecStart: "#{source_dir}/lndhub",
|
||||
Restart: 'always',
|
||||
RestartSec: '10',
|
||||
TimeoutSec: '60',
|
||||
PrivateTmp: true,
|
||||
ProtectSystem: 'full',
|
||||
NoNewPrivileges: true,
|
||||
PrivateDevices: true,
|
||||
MemoryDenyWriteExecute: true
|
||||
},
|
||||
Install: {
|
||||
WantedBy: 'multi-user.target'
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create, :enable, :start]
|
||||
end
|
||||
|
||||
service 'lndhub-go' do
|
||||
action :nothing
|
||||
end
|
||||
|
||||
firewall_rule 'lndhub-go' do
|
||||
port node['lndhub-go']['port']
|
||||
source '10.1.1.0/24'
|
||||
protocol :tcp
|
||||
command :allow
|
||||
end
|
|
@ -0,0 +1,19 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos-bitcoin
|
||||
# Recipe:: lndhub-go_pg_db
|
||||
#
|
||||
|
||||
credentials = data_bag_item('credentials', 'lndhub-go')
|
||||
|
||||
postgres_user = node['lndhub-go']['postgres']['user']
|
||||
postgres_db = node['lndhub-go']['postgres']['database']
|
||||
|
||||
postgresql_user postgres_user do
|
||||
action :create
|
||||
password credentials['postgresql_password']
|
||||
end
|
||||
|
||||
postgresql_database postgres_db do
|
||||
owner postgres_user
|
||||
action :create
|
||||
end
|
|
@ -90,27 +90,7 @@ firewall_rule 'lndhub_private' do
|
|||
command :allow
|
||||
end
|
||||
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
include_recipe "kosmos-nginx"
|
||||
return if node.chef_environment == "development"
|
||||
|
||||
nginx_certbot_site node[app_name]['domain']
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{node[app_name]['domain']}" do
|
||||
source 'nginx_conf_lndhub.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables port: node[app_name]['port'],
|
||||
server_name: node[app_name]['domain'],
|
||||
ssl_cert: "/etc/letsencrypt/live/#{node[app_name]['domain']}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{node[app_name]['domain']}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site node[app_name]['domain'] do
|
||||
action :enable
|
||||
end
|
||||
|
||||
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
|
||||
include_recipe "backup"
|
||||
end
|
||||
node.override["backup"]["archives"]["lndhub"] = ["/var/lib/redis/dump-6379.rdb"]
|
||||
include_recipe "backup"
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: nginx_lndhub
|
||||
#
|
||||
|
||||
include_recipe "kosmos-base::letsencrypt"
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domain = node['lndhub-go']['domain']
|
||||
|
||||
nginx_certbot_site domain
|
||||
|
||||
upstream_host = search(:node, "role:lndhub").first["knife_zero"]["host"]
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{domain}" do
|
||||
source 'nginx_conf_lndhub.erb'
|
||||
owner node["nginx"]["user"]
|
||||
mode 0640
|
||||
variables port: node['lndhub-go']['port'],
|
||||
server_name: domain,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{domain}/privkey.pem",
|
||||
upstream_host: upstream_host
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site domain do
|
||||
action :enable
|
||||
end
|
|
@ -0,0 +1,86 @@
|
|||
#
|
||||
# Cookbook:: kosmos-bitcoin
|
||||
# Recipe:: peerswap-lnd
|
||||
#
|
||||
|
||||
include_recipe 'git'
|
||||
include_recipe 'kosmos-bitcoin::golang'
|
||||
include_recipe 'kosmos-bitcoin::user'
|
||||
|
||||
bitcoin_user = node['bitcoin']['username']
|
||||
bitcoin_group = node['bitcoin']['usergroup']
|
||||
lnd_dir = node['lnd']['lnd_dir']
|
||||
macaroon_path = "#{lnd_dir}/data/chain/bitcoin/#{node['bitcoin']['network']}/admin.macaroon"
|
||||
source_dir = node['peerswap-lnd']['source_dir']
|
||||
config_dir = "/home/#{bitcoin_user}/.peerswap"
|
||||
|
||||
directory config_dir do
|
||||
owner bitcoin_user
|
||||
group bitcoin_group
|
||||
mode '0700'
|
||||
action :create
|
||||
end
|
||||
|
||||
git source_dir do
|
||||
repository node['peerswap']['repo']
|
||||
revision node['peerswap']['revision']
|
||||
action :sync
|
||||
notifies :run, 'bash[compile_peerswap]', :immediately
|
||||
end
|
||||
|
||||
bash 'compile_peerswap' do
|
||||
cwd source_dir
|
||||
environment 'GOPATH' => '/opt/go'
|
||||
code 'make lnd-release'
|
||||
action :run
|
||||
notifies :restart, 'service[peerswap]', :delayed
|
||||
end
|
||||
|
||||
template "#{config_dir}/peerswap.conf" do
|
||||
source 'peerswap-lnd.conf.erb'
|
||||
owner bitcoin_user
|
||||
group bitcoin_group
|
||||
mode 0600
|
||||
sensitive true
|
||||
variables config: {
|
||||
tlscertpath: "#{lnd_dir}/tls.cert",
|
||||
macaroonpath: macaroon_path
|
||||
}
|
||||
notifies :restart, 'service[peerswap]', :delayed
|
||||
end
|
||||
|
||||
systemd_unit 'peerswap.service' do
|
||||
content({
|
||||
Unit: {
|
||||
Description: 'PeerSwap Lightning channel balancing',
|
||||
Documentation: ['https://github.com/ElementsProject/peerswap'],
|
||||
Requires: 'lnd.service',
|
||||
After: 'lnd.service'
|
||||
},
|
||||
Service: {
|
||||
User: bitcoin_user,
|
||||
Group: bitcoin_group,
|
||||
Type: 'simple',
|
||||
WorkingDirectory: source_dir,
|
||||
ExecStart: "/opt/go/bin/peerswapd",
|
||||
Restart: 'always',
|
||||
RestartSec: '10',
|
||||
TimeoutSec: '60',
|
||||
PrivateTmp: true,
|
||||
ProtectSystem: 'full',
|
||||
NoNewPrivileges: true,
|
||||
PrivateDevices: true,
|
||||
MemoryDenyWriteExecute: true
|
||||
},
|
||||
Install: {
|
||||
WantedBy: 'multi-user.target'
|
||||
}
|
||||
})
|
||||
verify false
|
||||
triggers_reload true
|
||||
action [:create, :enable, :start]
|
||||
end
|
||||
|
||||
service 'peerswap' do
|
||||
action :nothing
|
||||
end
|
|
@ -0,0 +1,9 @@
|
|||
<% @config.each do |key, value| %>
|
||||
<% if value.is_a?(Hash) %>
|
||||
<% value.each do |k, v| %>
|
||||
<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
|
||||
<% end %>
|
||||
<% else %>
|
||||
<%= key.upcase %>=<%= value.to_s %>
|
||||
<% end %>
|
||||
<% end %>
|
|
@ -2,10 +2,9 @@
|
|||
# Generated by Chef
|
||||
#
|
||||
upstream _lndhub {
|
||||
server localhost:<%= @port %>;
|
||||
server <%= @upstream_host || "localhost" %>:<%= @port %>;
|
||||
}
|
||||
|
||||
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
server_name <%= @server_name %>;
|
||||
|
@ -16,10 +15,13 @@ server {
|
|||
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
proxy_pass http://_lndhub;
|
||||
}
|
||||
}
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
}
|
||||
<% end -%>
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
<% @config.each do |k, v| %>
|
||||
<%= "lnd.#{k}=#{v}" %>
|
||||
<% end %>
|
|
@ -1,5 +1,6 @@
|
|||
node.default['garage']['version'] = '0.8.0'
|
||||
node.default['garage']['checksum']['amd64'] = '66dd2ea1f677281a43e10eb619523b1b269f8fde9047ce8caa70958f3b13ca74'
|
||||
node.default['garage']['replication_mode'] = 'none'
|
||||
node.default['garage']['s3_api_port'] = 3900
|
||||
node.default['garage']['rpc_port'] = 3901
|
||||
node.default['garage']['s3_web_port'] = 3902
|
||||
|
@ -7,4 +8,4 @@ node.default['garage']['admin_port'] = 3903
|
|||
node.default['garage']['k2v_api_port'] = 3904
|
||||
node.default['garage']['s3_api_root_domain'] = '.s3.garage.localhost'
|
||||
node.default['garage']['s3_web_root_domain'] = '.web.garage.localhost'
|
||||
node.default['garage']['replication_mode'] = 'none'
|
||||
node.default['garage']['s3_web_domains'] = []
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
#
|
||||
# Cookbook Name:: kosmos_garage
|
||||
# Recipe:: nginx_web
|
||||
#
|
||||
|
||||
include_recipe "kosmos-nginx"
|
||||
|
||||
domains = node['garage']['s3_web_domains']
|
||||
|
||||
domains.each do |server_name|
|
||||
nginx_certbot_site server_name
|
||||
|
||||
template "#{node['nginx']['dir']}/sites-available/#{server_name}" do
|
||||
source 'nginx_conf_web.erb'
|
||||
owner 'www-data'
|
||||
mode 0640
|
||||
variables server_name: server_name,
|
||||
ssl_cert: "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
|
||||
ssl_key: "/etc/letsencrypt/live/#{server_name}/privkey.pem"
|
||||
notifies :reload, 'service[nginx]', :delayed
|
||||
end
|
||||
|
||||
nginx_site server_name do
|
||||
action :enable
|
||||
end
|
||||
end
|
|
@ -0,0 +1,33 @@
|
|||
upstream garage_web {
|
||||
server localhost:3902;
|
||||
}
|
||||
|
||||
proxy_cache_path /var/cache/nginx/garage levels=1:2 keys_zone=garage_cache:10m
|
||||
max_size=1g inactive=60m use_temp_path=off;
|
||||
|
||||
server {
|
||||
listen 443 http2 ssl;
|
||||
listen [::]:443 http2 ssl;
|
||||
|
||||
server_name <%= @server_name %>;
|
||||
|
||||
access_log off;
|
||||
|
||||
ssl_certificate <%= @ssl_cert %>;
|
||||
ssl_certificate_key <%= @ssl_key %>;
|
||||
|
||||
error_page 401 403 404 500 /__empty-page.html;
|
||||
|
||||
location = /__empty-page.html {
|
||||
internal;
|
||||
return 200 "";
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_intercept_errors on;
|
||||
proxy_cache garage_cache;
|
||||
proxy_pass http://garage_web;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
class Chef
|
||||
class Recipe
|
||||
def postgresql_primary
|
||||
postgresql_primary = search(:node, "role:postgresql_primary AND chef_environment:#{node.chef_environment}").first
|
||||
postgresql_primary = search(:node, "role:postgresql_primary").first
|
||||
|
||||
unless postgresql_primary.nil?
|
||||
primary_ip = ip_for(postgresql_primary)
|
||||
|
|
Loading…
Reference in New Issue