From 756382ec9f0f8c9d2cb6d408856c326344b14fd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Wed, 26 Oct 2022 15:46:29 +0200
Subject: [PATCH] Move block data files to CIFS share

This is the vast majority of disk space used on the host currently.
---
 data_bags/credentials/bitcoin.json            | 27 +++++++++--
 nodes/bitcoin-2.json                          |  2 +
 .../kosmos-bitcoin/attributes/default.rb      |  2 +
 .../kosmos-bitcoin/recipes/blocksdir-mount.rb | 46 +++++++++++++++++++
 .../kosmos-bitcoin/recipes/source.rb          | 23 +++++-----
 site-cookbooks/kosmos-bitcoin/recipes/user.rb | 18 ++++++++
 6 files changed, 104 insertions(+), 14 deletions(-)
 create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/blocksdir-mount.rb
 create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/user.rb

diff --git a/data_bags/credentials/bitcoin.json b/data_bags/credentials/bitcoin.json
index 3be7b2d..654655f 100644
--- a/data_bags/credentials/bitcoin.json
+++ b/data_bags/credentials/bitcoin.json
@@ -1,9 +1,30 @@
 {
   "id": "bitcoin",
   "rpcpassword": {
-    "encrypted_data": "dBXJXEYJIoWzo+TPg8CzaKfTo94SdowFDdQKVL/njQ==\n",
-    "iv": "UNragm2xuewXZu0v\n",
-    "auth_tag": "tfjO8qfvti3k5L3Ms2jPLw==\n",
+    "encrypted_data": "nxeli1CRJM0gdTM2VFjW16Ppf6L6YoE+OtpHfUahnA==\n",
+    "iv": "ZIlp+3rJEtkgphz/\n",
+    "auth_tag": "+HJlC9VRedwCpUN69gwkJQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "blocksdir_cifs_share": {
+    "encrypted_data": "csJVGkvRoqbEqBnULyfvbf29vYWGKqJdCyV71x5No2otJdtKCl6JYDTQCkPc\nJ15f8PKLSgdyy22BmJvslg==\n",
+    "iv": "ov6OGMuAl6pVxXnj\n",
+    "auth_tag": "e+/RV87T1Wv/JgU9AQKMnQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "blocksdir_cifs_user": {
+    "encrypted_data": "cZhyF8q/cc9mlVBpNK84QnHslndXdR8SNXiImBkD3g==\n",
+    "iv": "E7FdytrPzEp8yjDW\n",
+    "auth_tag": "MluvP85h1dMHLlGE1SVApw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "blocksdir_cifs_password": {
+    "encrypted_data": "MWuPvyIyBggWT9tM64OBg3QrFqfAIBUQH0HxEx1zujCcykg=\n",
+    "iv": "A7xdthaeDHAMBZrf\n",
+    "auth_tag": "vtbgB9WJ57sV74kTWeuVpg==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }
diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json
index 0d6d430..4112837 100644
--- a/nodes/bitcoin-2.json
+++ b/nodes/bitcoin-2.json
@@ -48,6 +48,8 @@
       "postfix::sasl_auth",
       "hostname::default",
       "ark::default",
+      "kosmos-bitcoin::user",
+      "kosmos-bitcoin::blocksdir-mount",
       "kosmos-bitcoin::firewall",
       "git::default",
       "git::package",
diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
index 03bb73a..a16f9c3 100644
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@@ -6,6 +6,8 @@ node.default['bitcoin']['network']   = 'mainnet'
 node.default['bitcoin']['conf_path'] = '/home/satoshi/.bitcoin/bitcoin.conf'
 node.default['bitcoin']['walletdir'] = '/home/satoshi/.bitcoin'
 node.default['bitcoin']['datadir']   = '/mnt/data/bitcoin'
+node.default['bitcoin']['blocksdir'] = '/mnt/data/blocks'
+node.default['bitcoin']['blocksdir_mount_type'] = 'cifs'
 
 node.default['bitcoin']['conf'] = {
   irc: 1,
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/blocksdir-mount.rb b/site-cookbooks/kosmos-bitcoin/recipes/blocksdir-mount.rb
new file mode 100644
index 0000000..70d5025
--- /dev/null
+++ b/site-cookbooks/kosmos-bitcoin/recipes/blocksdir-mount.rb
@@ -0,0 +1,46 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: blocksdir-mount
+#
+
+include_recipe 'kosmos-bitcoin::user'
+
+bitcoin_user      = node['bitcoin']['username']
+bitcoin_group     = node['bitcoin']['usergroup']
+bitcoin_blocksdir = node['bitcoin']['blocksdir']
+credentials       = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
+
+directory bitcoin_blocksdir do
+  owner bitcoin_user
+  group bitcoin_group
+  mode '0750'
+  recursive true
+  action :create
+end
+
+case node["bitcoin"]["blocksdir_mount_type"]
+when "cifs"
+  apt_package "cifs-utils"
+
+  systemd_unit "mnt-data-blocks.mount" do
+    content({
+      Unit: {
+        Description: 'Bitcoin Core blocks directory',
+        Requires: 'network-online.target',
+        After: 'network-online.service'
+      },
+      Mount: {
+        What: credentials["blocksdir_cifs_share"],
+        Where: bitcoin_blocksdir,
+        Type: 'cifs',
+        Options: "user=#{credentials["blocksdir_cifs_user"]},password=#{credentials["blocksdir_cifs_password"]},uid=#{bitcoin_user},gid=#{bitcoin_group},rw,vers=1.0"
+      },
+      Install: {
+        WantedBy: 'multi-user.target'
+      }
+    })
+    verify false
+    triggers_reload true
+    action [:create, :enable, :start]
+  end
+end
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/source.rb b/site-cookbooks/kosmos-bitcoin/recipes/source.rb
index 51df04f..92671b6 100644
--- a/site-cookbooks/kosmos-bitcoin/recipes/source.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/source.rb
@@ -3,7 +3,7 @@
 # Recipe:: source
 #
 
-# TODO move to custom kosmos cookbook before publshing bitcoin cookbook
+# TODO move to custom kosmos cookbook before publishing bitcoin cookbook
 systemd_unit "mnt-data-bitcoin.mount" do
   content({
     Unit: {
@@ -27,6 +27,12 @@ end
 build_essential
 include_recipe 'ark'
 
+include_recipe 'kosmos-bitcoin::user'
+
+if node["bitcoin"]["blocksdir_mount_type"]
+  include_recipe "kosmos-bitcoin::blocksdir-mount"
+end
+
 %w{ libtool autotools-dev make automake cmake curl g++-multilib libtool
     binutils-gold bsdmainutils pkg-config python3 patch }.each do |pkg|
   apt_package pkg
@@ -72,15 +78,6 @@ bitcoin_walletdir = node['bitcoin']['walletdir']
 bitcoin_conf_path = node['bitcoin']['conf_path']
 credentials       = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
 
-group bitcoin_group
-
-user bitcoin_user do
-  manage_home true
-  uid 1006
-  gid bitcoin_group
-  shell "/bin/bash"
-end
-
 if node['bitcoin']['tor_enabled']
   group 'debian-tor' do
     action :modify
@@ -99,6 +96,10 @@ end
   end
 end
 
+if bitcoin_blocksdir = node["bitcoin"]["blocksdir"]
+  bitcoind_blocksdir_argument = "-blocksdir=#{bitcoin_blocksdir}"
+end
+
 bitcoin_config = node['bitcoin']['conf'].merge({
   rpcpassword: credentials["rpcpassword"]
 })
@@ -125,7 +126,7 @@ systemd_unit 'bitcoind.service' do
     Service: {
       User: bitcoin_user,
       Type: 'simple',
-      ExecStart: "bitcoind -conf=#{bitcoin_conf_path} -datadir=#{bitcoin_datadir} -walletdir=#{bitcoin_walletdir} -pid=#{bitcoin_datadir}/bitcoind.pid",
+      ExecStart: "bitcoind -conf=#{bitcoin_conf_path} -datadir=#{bitcoin_datadir} #{bitcoind_blocksdir_argument} -walletdir=#{bitcoin_walletdir} -pid=#{bitcoin_datadir}/bitcoind.pid",
       PIDFile: "#{bitcoin_datadir}/bitcoind.pid",
       Restart: 'always',
       PrivateTmp: true,
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/user.rb b/site-cookbooks/kosmos-bitcoin/recipes/user.rb
new file mode 100644
index 0000000..97be3fa
--- /dev/null
+++ b/site-cookbooks/kosmos-bitcoin/recipes/user.rb
@@ -0,0 +1,18 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: user
+#
+
+include_recipe 'kosmos-bitcoin::user'
+
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+
+group bitcoin_group
+
+user bitcoin_user do
+  manage_home true
+  uid 1006
+  gid bitcoin_group
+  shell "/bin/bash"
+end