kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Set up lndhub.go

Browse Source 
closes #454
This commit is contained in:
Râu Cao 2022-12-11 14:30:27 +01:00
parent 430f8b36b6
commit 7d11450c4e
Signed by: raucao
GPG Key ID: 15E65F399D084BA9
9 changed files with 171 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
data_bags/credentials/lndhub-go.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "lndhub-go",
"jwt_secret": {
"encrypted_data": "cFost8pLsoJ/8Gp5m/TgN8xjMkvk0oZuEZ3XfxDIaYjOVYi3fEX8\n",
"iv": "47gV4v/D+10B6xqu\n",
"auth_tag": "MKEyVFfJ3f5pxWRSyMH4Rw==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"postgresql_password": {
"encrypted_data": "YSMEIWdZn08lyrZeJNAUZ5xwKhWHESa1A5MojKJ/5iiE\n",
"iv": "0mlURPOohnKbG+i8\n",
"auth_tag": "bqIOqFEEIxA99wlvpTqxFA==\n",
"version": 3,
"cipher": "aes-256-gcm"
},
"admin_token": {
"encrypted_data": "Jv2vQySZT9qn87g24IOYK1dpfSbZoUE/8VtZhzljQGIL\n",
"iv": "kjtrzmjTFKQq+nTV\n",
"auth_tag": "3YbOzU/ndVARbHTU1hoa9g==\n",
"version": 3,
"cipher": "aes-256-gcm"
}
}

12
nodes/bitcoin-2.json
View File

@ -12,14 +12,16 @@
"hostname": "bitcoin-2",
"ipaddress": "192.168.122.148",
"roles": [
"base",
"kvm_guest",
"btcpay",
"postgresql_client"
"postgresql_client",
"btcpay"
],
"recipes": [
"kosmos-base",
"kosmos-base::default",
"kosmos_kvm::guest",
"kosmos_postgresql::hostsfile",
"tor-full",
"tor-full::default",
"kosmos-bitcoin::source",
@ -29,7 +31,7 @@
"kosmos-bitcoin::boltz",
"kosmos-bitcoin::rtl",
"kosmos-bitcoin::lndhub",
"kosmos_postgresql::hostsfile",
"kosmos-bitcoin::lndhub-go",
"kosmos-bitcoin::dotnet",
"kosmos-bitcoin::nbxplorer",
"kosmos-bitcoin::btcpay",
@ -97,8 +99,9 @@
}
},
"run_list": [
"recipe[kosmos-base]",
"role[base]",
"role[kvm_guest]",
"role[postgresql_client]",
"recipe[tor-full]",
"recipe[kosmos-bitcoin::source]",
"recipe[kosmos-bitcoin::c-lightning]",
@ -107,6 +110,7 @@
"recipe[kosmos-bitcoin::boltz]",
"recipe[kosmos-bitcoin::rtl]",
"recipe[kosmos-bitcoin::lndhub]",
"recipe[kosmos-bitcoin::lndhub-go]",
"role[btcpay]"
]
}

4
nodes/postgres-2.json
View File

@ -21,8 +21,10 @@
"kosmos_kvm::guest",
"kosmos_postgresql::primary",
"kosmos_postgresql::firewall",
"kosmos_gitea::pg_db",
"kosmos-bitcoin::lndhub-go_pg_db",
"kosmos_drone::pg_db",
"kosmos_gitea::pg_db",
"kosmos-mastodon::pg_db",
"apt::default",
"timezone_iii::default",
"timezone_iii::debian",

3
roles/postgresql_primary.rb
View File

@ -3,7 +3,8 @@ name "postgresql_primary"
run_list %w(
kosmos_postgresql::primary
kosmos_postgresql::firewall
kosmos_gitea::pg_db
kosmos-bitcoin::lndhub-go_pg_db
kosmos_drone::pg_db
kosmos_gitea::pg_db
kosmos-mastodon::pg_db
)

9
site-cookbooks/kosmos-bitcoin/attributes/default.rb
View File

@ -79,6 +79,15 @@ node.default['lndhub']['revision'] = 'master'
node.default['lndhub']['port'] = '3023'
node.default['lndhub']['domain'] = 'lndhub.kosmos.org'
node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
node.default['lndhub-go']['revision'] = '0.11.0'
node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
node.default['lndhub-go']['port'] = 3026
node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
node.default['lndhub-go']['postgres']['database'] = 'lndhub'
node.default['lndhub-go']['postgres']['user'] = 'lndhub'
node.default['lndhub-go']['postgres']['port'] = 5432
node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"

20
site-cookbooks/kosmos-bitcoin/metadata.rb
View File

@ -7,25 +7,15 @@ long_description 'Installs/configures bitcoin-related software'
version '0.1.0'
chef_version '>= 14.0'
# The `issues_url` points to the location where issues for this cookbook are
# tracked. A `View Issues` link will be displayed on this cookbook's page when
# uploaded to a Supermarket.
#
# issues_url 'https://github.com/<insert_org_here>/kosmos-bitcoin/issues'
# The `source_url` points to the development repository for this cookbook. A
# `View Source` link will be displayed on this cookbook's page when uploaded to
# a Supermarket.
#
# source_url 'https://github.com/<insert_org_here>/kosmos-bitcoin'
depends 'application_javascript'
depends 'ark'
depends 'backup'
depends 'firewall'
depends 'git'
depends 'golang'
depends 'kosmos-nginx'
depends 'kosmos-nodejs'
depends 'firewall'
depends 'application_javascript'
depends 'tor-full'
depends 'kosmos_postgresql'
depends 'postgresql'
depends 'redisio'
depends 'tor-full'

98
site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb Normal file
View File

@ -0,0 +1,98 @@
#
# Cookbook:: kosmos-bitcoin
# Recipe:: lndhub-go
#
include_recipe 'git'
include_recipe 'kosmos-bitcoin::golang'
bitcoin_user = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
lnd_dir = node['lnd']['lnd_dir']
lncli_bin = "/opt/go/bin/lncli"
source_dir = node['lndhub-go']['source_dir']
macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
credentials = data_bag_item('credentials', 'lndhub-go')
postgres_host = "pg.kosmos.local"
postgres_user = node['lndhub-go']['postgres']['user']
postgres_db = node['lndhub-go']['postgres']['database']
postgres_port = node['lndhub-go']['postgres']['port']
git source_dir do
repository node['lndhub-go']['repo']
revision node['lndhub-go']['revision']
action :sync
notifies :run, 'bash[compile_lndhub-go]', :immediately
end
bash 'compile_lndhub-go' do
cwd node['lndhub-go']['source_dir']
code "make"
action :nothing
notifies :restart, "systemd_unit[lndhub-go.service]", :delayed
end
bash 'bake_lndhub_macaroon' do
user bitcoin_user
cwd lnd_dir
code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
not_if { File.exist?(macaroon_path) }
end
template "#{source_dir}/.env" do
source 'lndhub-go.env.erb'
owner bitcoin_user
group bitcoin_group
mode 0600
sensitive true
variables config: {
database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
jwt_secret: credentials['jwt_secret'],
lnd_address: 'localhost:10009', # gRPC address,
lnd_macaroon_file: macaroon_path,
lnd_cert_file: "#{lnd_dir}/tls.cert",
custom_name: node['lndhub-go']['domain'],
port: node['lndhub-go']['port'],
admin_token: credentials['admin_token']
}
notifies :restart, 'service[lndhub-go]', :delayed
end
systemd_unit 'lndhub-go.service' do
content({
Unit: {
Description: 'LndHub compatible API written in Go',
Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
Requires: 'lnd.service',
After: 'lnd.service'
},
Service: {
User: bitcoin_user,
Group: bitcoin_group,
Type: 'simple',
WorkingDirectory: source_dir,
ExecStart: "#{source_dir}/lndhub",
Restart: 'always',
RestartSec: '10',
TimeoutSec: '60',
PrivateTmp: true,
ProtectSystem: 'full',
NoNewPrivileges: true,
PrivateDevices: true,
MemoryDenyWriteExecute: true
},
Install: {
WantedBy: 'multi-user.target'
}
})
verify false
triggers_reload true
action [:create, :enable, :start]
end
firewall_rule 'lndhub-go' do
port node['lndhub-go']['port']
source "10.1.1.0/24"
protocol :tcp
command :allow
end

19
site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb Normal file
View File

@ -0,0 +1,19 @@
#
# Cookbook Name:: kosmos-bitcoin
# Recipe:: lndhub-go_pg_db
#
credentials = data_bag_item('credentials', 'lndhub-go')
postgres_user = node['lndhub-go']['postgres']['user']
postgres_db = node['lndhub-go']['postgres']['database']
postgresql_user postgres_user do
action :create
password credentials['postgresql_password']
end
postgresql_database postgres_db do
owner postgres_user
action :create
end

3
site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb Normal file
View File

@ -0,0 +1,3 @@
<% @config.each do |key, value| %>
<%= key.upcase %>=<%= value.to_s %>
<% end %>