Allow BTCPay API access over private network

site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb

@@ -97,13 +97,23 @@ systemd_unit 'btcpayserver.service' do
   action [:create, :enable, :start]
 end
 
+firewall_rule "BTCPay API private access" do
+  command  :allow
+  port     23001
+  protocol :tcp
+  source   "10.1.1.0/24"
+end
+
 #
 # HTTPS Reverse Proxy
+# TODO move to separate recipe, nginx proxy role
 #
 
 include_recipe "kosmos-nginx"
 server_name = node["btcpay"]["domain"]
 
+nginx_certbot_site server_name
+
 template "#{node["nginx"]["dir"]}/sites-available/#{server_name}" do
   source "nginx_conf_btcpayserver.erb"
   owner node["nginx"]["user"]
@@ -118,5 +128,3 @@ end
 nginx_site server_name do
   action :enable
 end
-
-nginx_certbot_site server_name