diff --git a/data_bags/credentials/rtl.json b/data_bags/credentials/rtl.json new file mode 100644 index 0000000..fcf28ba --- /dev/null +++ b/data_bags/credentials/rtl.json @@ -0,0 +1,10 @@ +{ + "id": "rtl", + "multiPassHashed": { + "encrypted_data": "Kg84dRDmB91Yq5vRwmgBf6CikZQYtQdJrVSgF2Ka8KDAbi2hjFvJMaBWJazl\nJWung87YbwszuqA0eN7fCoTsG70N/lJhfTv0NOArD1Jq+BPxQeM=\n", + "iv": "Fc6bk+8wqcs+kuhw\n", + "auth_tag": "QApw1XUQy+YxYTN9Xj/WEQ==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index 60bc247..c99a571 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -20,6 +20,7 @@ "kosmos-bitcoin::source", "kosmos-bitcoin::c-lightning", "kosmos-bitcoin::lnd", + "kosmos-bitcoin::rtl", "kosmos-bitcoin::dotnet", "kosmos-bitcoin::nbxplorer", "kosmos-bitcoin::btcpay", @@ -42,6 +43,11 @@ "git::default", "git::package", "golang::default", + "kosmos-nodejs::default", + "nodejs::nodejs_from_package", + "nodejs::repo", + "firewall::default", + "chef-sugar::default", "kosmos-nginx::default", "nginx::default", "nginx::package", @@ -73,6 +79,7 @@ "recipe[kosmos-bitcoin::source]", "recipe[kosmos-bitcoin::c-lightning]", "recipe[kosmos-bitcoin::lnd]", + "recipe[kosmos-bitcoin::rtl]", "role[btcpay]" ] } \ No newline at end of file diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index e61fe0f..dc11a70 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -37,6 +37,21 @@ node.default['c-lightning']['public_ip'] = '148.251.237.73' node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd' node.default['lnd']['revision'] = 'v0.11.1-beta' node.default['lnd']['source_dir'] = '/opt/lnd' +node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd" +node.default['lnd']['alias'] = 'ln2.kosmos.org' +node.default['lnd']['color'] = '#5e0c99' +node.default['lnd']['log_level'] = 'info' +node.default['lnd']['public_ip'] = '148.251.237.111' +node.default['lnd']['public_port'] = '9375' +node.default['lnd']['port'] = '9736' +node.default['lnd']['minchansize'] = '1000000' +node.default['lnd']['basefee'] = '500' +node.default['lnd']['feerate'] = '1' + +node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git' +node.default['rtl']['revision'] = 'v0.10.0' +node.default['rtl']['host'] = '10.1.1.163' +node.default['rtl']['port'] = '3000' node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb" node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" diff --git a/site-cookbooks/kosmos-bitcoin/metadata.rb b/site-cookbooks/kosmos-bitcoin/metadata.rb index 992350f..fe6cd0c 100644 --- a/site-cookbooks/kosmos-bitcoin/metadata.rb +++ b/site-cookbooks/kosmos-bitcoin/metadata.rb @@ -2,8 +2,8 @@ name 'kosmos-bitcoin' maintainer 'Kosmos Developers' maintainer_email 'mail@kosmos.org' license 'MIT' -description 'Installs/Configures Bitcoin Core' -long_description 'Installs/Configures Bitcoin Core' +description 'Installs/configures bitcoin-related software' +long_description 'Installs/configures bitcoin-related software' version '0.1.0' chef_version '>= 14.0' @@ -23,3 +23,6 @@ depends 'ark' depends 'git' depends 'golang' depends 'kosmos-nginx' +depends 'kosmos-nodejs' +depends 'firewall' +depends 'application_javascript' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb index dc0657b..ac864dc 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb @@ -18,6 +18,7 @@ bash 'build_btcpay' do cwd node['btcpay']['source_dir'] code './build.sh' action :nothing + notifies :restart, "systemd_unit[btcpayserver.service]", :delayed end directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do @@ -36,6 +37,8 @@ end credentials = Chef::EncryptedDataBagItem.load('credentials', 'btcpay') +lnd_admin_macaroon_path = "#{node['lnd']['lnd_dir']}/data/chain/bitcoin/mainnet/admin.macaroon" rescue nil + template node['btcpay']['config_path'] do source "btcpay-settings.config.erb" owner node['bitcoin']['username'] @@ -49,7 +52,9 @@ template node['btcpay']['config_path'] do postgres_port: node['btcpay']['postgres']['port'], postgres_database: node['btcpay']['postgres']['database'], postgres_user: node['btcpay']['postgres']['user'], - postgres_password: credentials['postgres_password'] + postgres_password: credentials['postgres_password'], + lnd_admin_macaroon_path: lnd_admin_macaroon_path + notifies :restart, "systemd_unit[btcpayserver.service]", :delayed end directory '/run/btcpayserver' do diff --git a/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb b/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb index cb9f14d..b86b184 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb @@ -71,15 +71,13 @@ systemd_unit 'lightningd.service' do After: 'bitcoind.service' }, Service: { - User: node['bitcoin']['username'], - Group: node['bitcoin']['usergroup'], + User: bitcoin_user, + Group: bitcoin_group, Type: 'simple', - ExecStart: "/usr/local/bin/lightningd", + ExecStart: '/usr/local/bin/lightningd', Restart: 'always', RestartSec: '30', TimeoutSec: '240', - RuntimeDirectory: 'lightningd', # /run/lightningd - RuntimeDirectoryMode: '0710', PrivateTmp: true, ProtectSystem: 'full', NoNewPrivileges: true, diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index b730a8e..b179c42 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -6,11 +6,6 @@ include_recipe "git" include_recipe "golang" -# bitcoin_user = node['bitcoin']['username'] -# bitcoin_group = node['bitcoin']['usergroup'] -# bitcoin_datadir = node['bitcoin']['datadir'] -# bitcoin_conf_path = node['bitcoin']['conf_path'] - git node['lnd']['source_dir'] do repository node['lnd']['repo'] revision node['lnd']['revision'] @@ -25,4 +20,72 @@ bash "compile_lnd" do make clean && make && make install EOH action :nothing + notifies :restart, "systemd_unit[lnd.service]", :delayed +end + +bitcoin_user = node['bitcoin']['username'] +bitcoin_group = node['bitcoin']['usergroup'] +lnd_dir = node['lnd']['lnd_dir'] + +bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') + +directory lnd_dir do + owner bitcoin_user + group bitcoin_group + mode '0750' + action :create +end + +template "#{lnd_dir}/lnd.conf" do + source "lnd.conf.erb" + owner bitcoin_user + group bitcoin_group + mode '0640' + variables lnd_alias: node['lnd']['alias'], + lnd_color: node['lnd']['color'], + lnd_log_level: node['lnd']['log_level'], + lnd_externalip: "#{node['lnd']['public_ip']}:#{node['lnd']['public_port']}", + lnd_port: node['lnd']['port'], + lnd_minchansize: node['lnd']['minchansize'], + lnd_basefee: node['lnd']['basefee'], + lnd_feerate: node['lnd']['feerate'], + bitcoin_datadir: node['bitcoin']['datadir'], + bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'], + bitcoin_rpc_password: bitcoin_credentials["rpcpassword"], + bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'], + bitcoin_zmqpubrawblock: node['bitcoin']['conf']['zmqpubrawblock'], + bitcoin_zmqpubrawtx: node['bitcoin']['conf']['zmqpubrawtx'] + notifies :restart, "systemd_unit[lnd.service]", :delayed +end + +systemd_unit 'lnd.service' do + content({ + Unit: { + Description: 'Lightning Network Daemon', + Documentation: ['https://github.com/lightningnetwork/lnd/tree/master/docs'], + Requires: 'bitcoind.service', + After: 'bitcoind.service' + }, + Service: { + User: bitcoin_user, + Group: bitcoin_group, + Type: 'simple', + ExecStart: '/opt/go/bin/lnd', + Restart: 'always', + RestartSec: '30', + TimeoutSec: '240', + LimitNOFILE: '128000', + PrivateTmp: true, + ProtectSystem: 'full', + NoNewPrivileges: true, + PrivateDevices: true, + MemoryDenyWriteExecute: true + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb new file mode 100644 index 0000000..31b619e --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/rtl.rb @@ -0,0 +1,110 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: rtl +# + +include_recipe 'kosmos-nodejs' + +app_name = "rtl" +rtl_dir = "/opt/#{app_name}" +lnd_dir = node['lnd']['lnd_dir'] +bitcoin_user = node['bitcoin']['username'] +bitcoin_group = node['bitcoin']['usergroup'] +credentials = Chef::EncryptedDataBagItem.load('credentials', 'rtl') + +rtl_config = { + host: node['rtl']['host'], + port: node['rtl']['port'], + defaultNodeIndex: 1, + SSO: { + rtlSSO: 0, + rtlCookiePath: "", + logoutRedirectLink: "" + }, + nodes: [ + { + index: 1, + lnNode: node['lnd']['alias'], + lnImplementation: "LND", + Authentication: { + macaroonPath: "#{lnd_dir}/data/chain/bitcoin/mainnet", + configPath: "#{lnd_dir}/lnd.conf" + }, + Settings: { + userPersona: "MERCHANT", + themeMode: "NIGHT", + themeColor: "TEAL", + channelBackupPath: "", + enableLogging: true, + lnServerUrl: "https://localhost:8080", + fiatConversion: true, + currencyUnit: "EUR" + } + } + ], + multiPassHashed: credentials["multiPassHashed"] +}.to_json + +application rtl_dir do + owner bitcoin_user + group bitcoin_group + + git do + user bitcoin_user + group bitcoin_group + repository node['rtl']['repo'] + revision node['rtl']['revision'] + notifies :restart, "systemd_unit[rtl.service]", :delayed + end + + npm_install do + user bitcoin_user + end + + file "#{rtl_dir}/RTL-Config.json" do + owner bitcoin_user + group bitcoin_group + mode '0640' + content rtl_config + notifies :restart, "systemd_unit[rtl.service]", :delayed + end + + systemd_unit 'rtl.service' do + content({ + Unit: { + Description: 'Ride The Lightning', + Documentation: ['https://github.com/Ride-The-Lightning/RTL'], + Requires: 'lnd.service', + After: 'lnd.service' + }, + Service: { + User: bitcoin_user, + Group: bitcoin_group, + Type: 'simple', + # ExecStartPre: '/bin/sleep 120', + ExecStart: "/usr/bin/node #{rtl_dir}/rtl.js", + Restart: 'always', + RestartSec: '30', + TimeoutSec: '120', + PrivateTmp: true, + ProtectSystem: 'full', + NoNewPrivileges: true, + PrivateDevices: true, + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] + end +end + +include_recipe 'firewall' +firewall_rule 'rtl_private' do + port node['rtl']['port'].to_i + source "10.1.1.0/24" + protocol :tcp + command :allow +end diff --git a/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb b/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb index fc6ed31..8bdbf55 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb @@ -2,7 +2,9 @@ network=<%= @bitcoin_network %> port=<%= @btcpay_port %> bind=127.0.0.1 chains=btc -BTC.explorer.url=<%= @nbxplorer_url %> postgres=User ID=<%= @postgres_user %>;Password=<%= @postgres_password %>;Host=<%= @postgres_host %>;Port=<%= @postgres_port %>;Database=<%= @postgres_database %>; debuglog=<%= @btcpay_log_path %> -<%# TODO BTC.lightning=type=clightning;server=/mnt/data/lightningd/lightning-rpc %> +BTC.explorer.url=<%= @nbxplorer_url %> +<% if @lnd_admin_macaroon_path %> +BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=<%= @lnd_admin_macaroon_path %>;allowinsecure=true +<% end %> diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb new file mode 100644 index 0000000..b96f7d8 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb @@ -0,0 +1,26 @@ +[Application Options] +debuglevel=<%= @lnd_log_level %> +listen=0.0.0.0:<%= @lnd_port %> +externalip=<%= @lnd_externalip %> +alias=<%= @lnd_alias %> +color=<%= @lnd_color %> +maxpendingchannels=2 +minchansize=<%= @lnd_minchansize %> + +[autopilot] +autopilot.active=0 + +[Bitcoin] +bitcoin.active=1 +bitcoin.mainnet=1 +bitcoin.node=bitcoind +bitcoin.basefee=<%= @lnd_basefee %> +bitcoin.feerate=<%= @lnd_feerate %> + +[bitcoind] +bitcoind.dir=<%= @bitcoin_datadir %> +bitcoind.rpchost=<%= @bitcoin_rpc_host %> +bitcoind.rpcuser=<%= @bitcoin_rpc_user %> +bitcoind.rpcpass=<%= @bitcoin_rpc_password %> +bitcoind.zmqpubrawblock=<%= @bitcoin_zmqpubrawblock %> +bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %>