From 7d11450c4e87bdafb8c7f838152d18a97afa1c83 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 11 Dec 2022 14:30:27 +0100 Subject: [PATCH] Set up lndhub.go closes #454 --- data_bags/credentials/lndhub-go.json | 24 +++++ nodes/bitcoin-2.json | 12 ++- nodes/postgres-2.json | 4 +- roles/postgresql_primary.rb | 3 +- .../kosmos-bitcoin/attributes/default.rb | 9 ++ site-cookbooks/kosmos-bitcoin/metadata.rb | 20 +--- .../kosmos-bitcoin/recipes/lndhub-go.rb | 98 +++++++++++++++++++ .../kosmos-bitcoin/recipes/lndhub-go_pg_db.rb | 19 ++++ .../templates/lndhub-go.env.erb | 3 + 9 files changed, 171 insertions(+), 21 deletions(-) create mode 100644 data_bags/credentials/lndhub-go.json create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb create mode 100644 site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb diff --git a/data_bags/credentials/lndhub-go.json b/data_bags/credentials/lndhub-go.json new file mode 100644 index 0000000..d61ccc9 --- /dev/null +++ b/data_bags/credentials/lndhub-go.json @@ -0,0 +1,24 @@ +{ + "id": "lndhub-go", + "jwt_secret": { + "encrypted_data": "cFost8pLsoJ/8Gp5m/TgN8xjMkvk0oZuEZ3XfxDIaYjOVYi3fEX8\n", + "iv": "47gV4v/D+10B6xqu\n", + "auth_tag": "MKEyVFfJ3f5pxWRSyMH4Rw==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "postgresql_password": { + "encrypted_data": "YSMEIWdZn08lyrZeJNAUZ5xwKhWHESa1A5MojKJ/5iiE\n", + "iv": "0mlURPOohnKbG+i8\n", + "auth_tag": "bqIOqFEEIxA99wlvpTqxFA==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, + "admin_token": { + "encrypted_data": "Jv2vQySZT9qn87g24IOYK1dpfSbZoUE/8VtZhzljQGIL\n", + "iv": "kjtrzmjTFKQq+nTV\n", + "auth_tag": "3YbOzU/ndVARbHTU1hoa9g==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index 6112db0..0e458c8 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -12,14 +12,16 @@ "hostname": "bitcoin-2", "ipaddress": "192.168.122.148", "roles": [ + "base", "kvm_guest", - "btcpay", - "postgresql_client" + "postgresql_client", + "btcpay" ], "recipes": [ "kosmos-base", "kosmos-base::default", "kosmos_kvm::guest", + "kosmos_postgresql::hostsfile", "tor-full", "tor-full::default", "kosmos-bitcoin::source", @@ -29,7 +31,7 @@ "kosmos-bitcoin::boltz", "kosmos-bitcoin::rtl", "kosmos-bitcoin::lndhub", - "kosmos_postgresql::hostsfile", + "kosmos-bitcoin::lndhub-go", "kosmos-bitcoin::dotnet", "kosmos-bitcoin::nbxplorer", "kosmos-bitcoin::btcpay", @@ -97,8 +99,9 @@ } }, "run_list": [ - "recipe[kosmos-base]", + "role[base]", "role[kvm_guest]", + "role[postgresql_client]", "recipe[tor-full]", "recipe[kosmos-bitcoin::source]", "recipe[kosmos-bitcoin::c-lightning]", @@ -107,6 +110,7 @@ "recipe[kosmos-bitcoin::boltz]", "recipe[kosmos-bitcoin::rtl]", "recipe[kosmos-bitcoin::lndhub]", + "recipe[kosmos-bitcoin::lndhub-go]", "role[btcpay]" ] } \ No newline at end of file diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 6cc24a9..2ddf554 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -21,8 +21,10 @@ "kosmos_kvm::guest", "kosmos_postgresql::primary", "kosmos_postgresql::firewall", - "kosmos_gitea::pg_db", + "kosmos-bitcoin::lndhub-go_pg_db", "kosmos_drone::pg_db", + "kosmos_gitea::pg_db", + "kosmos-mastodon::pg_db", "apt::default", "timezone_iii::default", "timezone_iii::debian", diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 183da14..9854b01 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -3,7 +3,8 @@ name "postgresql_primary" run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall - kosmos_gitea::pg_db + kosmos-bitcoin::lndhub-go_pg_db kosmos_drone::pg_db + kosmos_gitea::pg_db kosmos-mastodon::pg_db ) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 26efdd9..0786a61 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -79,6 +79,15 @@ node.default['lndhub']['revision'] = 'master' node.default['lndhub']['port'] = '3023' node.default['lndhub']['domain'] = 'lndhub.kosmos.org' +node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git' +node.default['lndhub-go']['revision'] = '0.11.0' +node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go' +node.default['lndhub-go']['port'] = 3026 +node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org' +node.default['lndhub-go']['postgres']['database'] = 'lndhub' +node.default['lndhub-go']['postgres']['user'] = 'lndhub' +node.default['lndhub-go']['postgres']['port'] = 5432 + node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb" node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" diff --git a/site-cookbooks/kosmos-bitcoin/metadata.rb b/site-cookbooks/kosmos-bitcoin/metadata.rb index 8f58ce4..cfea78c 100644 --- a/site-cookbooks/kosmos-bitcoin/metadata.rb +++ b/site-cookbooks/kosmos-bitcoin/metadata.rb @@ -7,25 +7,15 @@ long_description 'Installs/configures bitcoin-related software' version '0.1.0' chef_version '>= 14.0' -# The `issues_url` points to the location where issues for this cookbook are -# tracked. A `View Issues` link will be displayed on this cookbook's page when -# uploaded to a Supermarket. -# -# issues_url 'https://github.com//kosmos-bitcoin/issues' - -# The `source_url` points to the development repository for this cookbook. A -# `View Source` link will be displayed on this cookbook's page when uploaded to -# a Supermarket. -# -# source_url 'https://github.com//kosmos-bitcoin' - +depends 'application_javascript' depends 'ark' depends 'backup' +depends 'firewall' depends 'git' depends 'golang' depends 'kosmos-nginx' depends 'kosmos-nodejs' -depends 'firewall' -depends 'application_javascript' -depends 'tor-full' +depends 'kosmos_postgresql' +depends 'postgresql' depends 'redisio' +depends 'tor-full' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb new file mode 100644 index 0000000..f529d02 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb @@ -0,0 +1,98 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: lndhub-go +# + +include_recipe 'git' +include_recipe 'kosmos-bitcoin::golang' + +bitcoin_user = node['bitcoin']['username'] +bitcoin_group = node['bitcoin']['usergroup'] +lnd_dir = node['lnd']['lnd_dir'] +lncli_bin = "/opt/go/bin/lncli" +source_dir = node['lndhub-go']['source_dir'] +macaroon_path = "#{lnd_dir}/data/lndhub.macaroon" +credentials = data_bag_item('credentials', 'lndhub-go') +postgres_host = "pg.kosmos.local" +postgres_user = node['lndhub-go']['postgres']['user'] +postgres_db = node['lndhub-go']['postgres']['database'] +postgres_port = node['lndhub-go']['postgres']['port'] + +git source_dir do + repository node['lndhub-go']['repo'] + revision node['lndhub-go']['revision'] + action :sync + notifies :run, 'bash[compile_lndhub-go]', :immediately +end + +bash 'compile_lndhub-go' do + cwd node['lndhub-go']['source_dir'] + code "make" + action :nothing + notifies :restart, "systemd_unit[lndhub-go.service]", :delayed +end + +bash 'bake_lndhub_macaroon' do + user bitcoin_user + cwd lnd_dir + code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write" + not_if { File.exist?(macaroon_path) } +end + +template "#{source_dir}/.env" do + source 'lndhub-go.env.erb' + owner bitcoin_user + group bitcoin_group + mode 0600 + sensitive true + variables config: { + database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable", + jwt_secret: credentials['jwt_secret'], + lnd_address: 'localhost:10009', # gRPC address, + lnd_macaroon_file: macaroon_path, + lnd_cert_file: "#{lnd_dir}/tls.cert", + custom_name: node['lndhub-go']['domain'], + port: node['lndhub-go']['port'], + admin_token: credentials['admin_token'] + } + notifies :restart, 'service[lndhub-go]', :delayed +end + +systemd_unit 'lndhub-go.service' do + content({ + Unit: { + Description: 'LndHub compatible API written in Go', + Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'], + Requires: 'lnd.service', + After: 'lnd.service' + }, + Service: { + User: bitcoin_user, + Group: bitcoin_group, + Type: 'simple', + WorkingDirectory: source_dir, + ExecStart: "#{source_dir}/lndhub", + Restart: 'always', + RestartSec: '10', + TimeoutSec: '60', + PrivateTmp: true, + ProtectSystem: 'full', + NoNewPrivileges: true, + PrivateDevices: true, + MemoryDenyWriteExecute: true + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] +end + +firewall_rule 'lndhub-go' do + port node['lndhub-go']['port'] + source "10.1.1.0/24" + protocol :tcp + command :allow +end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb new file mode 100644 index 0000000..b18d8b8 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: kosmos-bitcoin +# Recipe:: lndhub-go_pg_db +# + +credentials = data_bag_item('credentials', 'lndhub-go') + +postgres_user = node['lndhub-go']['postgres']['user'] +postgres_db = node['lndhub-go']['postgres']['database'] + +postgresql_user postgres_user do + action :create + password credentials['postgresql_password'] +end + +postgresql_database postgres_db do + owner postgres_user + action :create +end diff --git a/site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb b/site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb new file mode 100644 index 0000000..e467ef6 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb @@ -0,0 +1,3 @@ +<% @config.each do |key, value| %> +<%= key.upcase %>=<%= value.to_s %> +<% end %>