Configure and run RTL

Ride The Lightning is a Web UI for Lightning Network nodes. It is
accessible via the bitcoin VM's private zerotier IP on port 3000.

data_bags/credentials/rtl.json

@@ -0,0 +1,10 @@
+{
+  "id": "rtl",
+  "multiPassHashed": {
+    "encrypted_data": "Kg84dRDmB91Yq5vRwmgBf6CikZQYtQdJrVSgF2Ka8KDAbi2hjFvJMaBWJazl\nJWung87YbwszuqA0eN7fCoTsG70N/lJhfTv0NOArD1Jq+BPxQeM=\n",
+    "iv": "Fc6bk+8wqcs+kuhw\n",
+    "auth_tag": "QApw1XUQy+YxYTN9Xj/WEQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

nodes/bitcoin-2.json

@@ -20,6 +20,7 @@
       "kosmos-bitcoin::source",
       "kosmos-bitcoin::c-lightning",
       "kosmos-bitcoin::lnd",
+      "kosmos-bitcoin::rtl",
       "kosmos-bitcoin::dotnet",
       "kosmos-bitcoin::nbxplorer",
       "kosmos-bitcoin::btcpay",
@@ -42,6 +43,11 @@
       "git::default",
       "git::package",
       "golang::default",
+      "kosmos-nodejs::default",
+      "nodejs::nodejs_from_package",
+      "nodejs::repo",
+      "firewall::default",
+      "chef-sugar::default",
       "kosmos-nginx::default",
       "nginx::default",
       "nginx::package",
@@ -73,6 +79,7 @@
     "recipe[kosmos-bitcoin::source]",
     "recipe[kosmos-bitcoin::c-lightning]",
     "recipe[kosmos-bitcoin::lnd]",
+    "recipe[kosmos-bitcoin::rtl]",
     "role[btcpay]"
   ]
 }

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -48,6 +48,11 @@ node.default['lnd']['minchansize'] = '1000000'
 node.default['lnd']['basefee'] = '500'
 node.default['lnd']['feerate'] = '1'
 
+node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git'
+node.default['rtl']['revision'] = 'v0.10.0'
+node.default['rtl']['host'] = '10.1.1.163'
+node.default['rtl']['port'] = '3000'
+
 node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 

site-cookbooks/kosmos-bitcoin/metadata.rb

@@ -2,8 +2,8 @@ name 'kosmos-bitcoin'
 maintainer 'Kosmos Developers'
 maintainer_email 'mail@kosmos.org'
 license 'MIT'
-description 'Installs/Configures Bitcoin Core'
+description 'Installs/configures bitcoin-related software'
-long_description 'Installs/Configures Bitcoin Core'
+long_description 'Installs/configures bitcoin-related software'
 version '0.1.0'
 chef_version '>= 14.0'
 
@@ -23,3 +23,6 @@ depends 'ark'
 depends 'git'
 depends 'golang'
 depends 'kosmos-nginx'
+depends 'kosmos-nodejs'
+depends 'firewall'
+depends 'application_javascript'

site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb

@@ -78,8 +78,6 @@ systemd_unit 'lightningd.service' do
       Restart: 'always',
       RestartSec: '30',
       TimeoutSec: '240',
-      RuntimeDirectory: 'lightningd', # /run/lightningd
-      RuntimeDirectoryMode: '0710',
       PrivateTmp: true,
       ProtectSystem: 'full',
       NoNewPrivileges: true,

site-cookbooks/kosmos-bitcoin/recipes/lnd.rb

@@ -20,6 +20,7 @@ bash "compile_lnd" do
     make clean && make && make install
   EOH
   action :nothing
+  notifies :restart, "systemd_unit[lnd.service]", :delayed
 end
 
 bitcoin_user  = node['bitcoin']['username']
@@ -74,8 +75,6 @@ systemd_unit 'lnd.service' do
       RestartSec: '30',
       TimeoutSec: '240',
       LimitNOFILE: '128000',
-      RuntimeDirectory: 'lnd', # /run/lnd
-      RuntimeDirectoryMode: '0710',
       PrivateTmp: true,
       ProtectSystem: 'full',
       NoNewPrivileges: true,

site-cookbooks/kosmos-bitcoin/recipes/rtl.rb

@@ -0,0 +1,110 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: rtl
+#
+
+include_recipe 'kosmos-nodejs'
+
+app_name      = "rtl"
+rtl_dir       = "/opt/#{app_name}"
+lnd_dir       = node['lnd']['lnd_dir']
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+credentials   = Chef::EncryptedDataBagItem.load('credentials', 'rtl')
+
+rtl_config = {
+  host: node['rtl']['host'],
+  port: node['rtl']['port'],
+  defaultNodeIndex: 1,
+  SSO: {
+    rtlSSO: 0,
+    rtlCookiePath: "",
+    logoutRedirectLink: ""
+  },
+  nodes: [
+    {
+      index: 1,
+      lnNode: node['lnd']['alias'],
+      lnImplementation: "LND",
+      Authentication: {
+        macaroonPath: "#{lnd_dir}/data/chain/bitcoin/mainnet",
+        configPath: "#{lnd_dir}/lnd.conf"
+      },
+      Settings: {
+        userPersona: "MERCHANT",
+        themeMode: "NIGHT",
+        themeColor: "TEAL",
+        channelBackupPath: "",
+        enableLogging: true,
+        lnServerUrl: "https://localhost:8080",
+        fiatConversion: true,
+        currencyUnit: "EUR"
+      }
+    }
+  ],
+  multiPassHashed: credentials["multiPassHashed"]
+}.to_json
+
+application rtl_dir do
+  owner bitcoin_user
+  group bitcoin_group
+
+  git do
+    user  bitcoin_user
+    group bitcoin_group
+    repository node['rtl']['repo']
+    revision node['rtl']['revision']
+    notifies :restart, "systemd_unit[rtl.service]", :delayed
+  end
+
+  npm_install do
+    user bitcoin_user
+  end
+
+  file "#{rtl_dir}/RTL-Config.json" do
+    owner bitcoin_user
+    group bitcoin_group
+    mode '0640'
+    content rtl_config
+    notifies :restart, "systemd_unit[rtl.service]", :delayed
+  end
+
+  systemd_unit 'rtl.service' do
+    content({
+      Unit: {
+        Description: 'Ride The Lightning',
+        Documentation: ['https://github.com/Ride-The-Lightning/RTL'],
+        Requires: 'lnd.service',
+        After: 'lnd.service'
+      },
+      Service: {
+        User: bitcoin_user,
+        Group: bitcoin_group,
+        Type: 'simple',
+        # ExecStartPre: '/bin/sleep 120',
+        ExecStart: "/usr/bin/node #{rtl_dir}/rtl.js",
+        Restart: 'always',
+        RestartSec: '30',
+        TimeoutSec: '120',
+        PrivateTmp: true,
+        ProtectSystem: 'full',
+        NoNewPrivileges: true,
+        PrivateDevices: true,
+      },
+      Install: {
+        WantedBy: 'multi-user.target'
+      }
+    })
+    verify false
+    triggers_reload true
+    action [:create, :enable, :start]
+  end
+end
+
+include_recipe 'firewall'
+firewall_rule 'rtl_private' do
+  port     node['rtl']['port'].to_i
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end