Set up lndhub.go

closes #454

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -79,6 +79,15 @@ node.default['lndhub']['revision'] = 'master'
 node.default['lndhub']['port'] = '3023'
 node.default['lndhub']['domain'] = 'lndhub.kosmos.org'
 
+node.default['lndhub-go']['repo'] = 'https://github.com/getAlby/lndhub.go.git'
+node.default['lndhub-go']['revision'] = '0.11.0'
+node.default['lndhub-go']['source_dir'] = '/opt/lndhub-go'
+node.default['lndhub-go']['port'] = 3026
+node.default['lndhub-go']['domain'] = 'lndhub.kosmos.org'
+node.default['lndhub-go']['postgres']['database'] = 'lndhub'
+node.default['lndhub-go']['postgres']['user'] = 'lndhub'
+node.default['lndhub-go']['postgres']['port'] = 5432
+
 node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"
 

site-cookbooks/kosmos-bitcoin/metadata.rb

@@ -7,25 +7,15 @@ long_description 'Installs/configures bitcoin-related software'
 version '0.1.0'
 chef_version '>= 14.0'
 
-# The `issues_url` points to the location where issues for this cookbook are
-# tracked.  A `View Issues` link will be displayed on this cookbook's page when
-# uploaded to a Supermarket.
-#
-# issues_url 'https://github.com/<insert_org_here>/kosmos-bitcoin/issues'
-
-# The `source_url` points to the development repository for this cookbook.  A
-# `View Source` link will be displayed on this cookbook's page when uploaded to
-# a Supermarket.
-#
-# source_url 'https://github.com/<insert_org_here>/kosmos-bitcoin'
-
+depends 'application_javascript'
 depends 'ark'
 depends 'backup'
+depends 'firewall'
 depends 'git'
 depends 'golang'
 depends 'kosmos-nginx'
 depends 'kosmos-nodejs'
-depends 'firewall'
-depends 'application_javascript'
-depends 'tor-full'
+depends 'kosmos_postgresql'
+depends 'postgresql'
 depends 'redisio'
+depends 'tor-full'

site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb

@@ -0,0 +1,98 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: lndhub-go
+#
+
+include_recipe 'git'
+include_recipe 'kosmos-bitcoin::golang'
+
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+lnd_dir       = node['lnd']['lnd_dir']
+lncli_bin     = "/opt/go/bin/lncli"
+source_dir    = node['lndhub-go']['source_dir']
+macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
+credentials   = data_bag_item('credentials', 'lndhub-go')
+postgres_host = "pg.kosmos.local"
+postgres_user = node['lndhub-go']['postgres']['user']
+postgres_db   = node['lndhub-go']['postgres']['database']
+postgres_port = node['lndhub-go']['postgres']['port']
+
+git source_dir do
+  repository node['lndhub-go']['repo']
+  revision node['lndhub-go']['revision']
+  action :sync
+  notifies :run, 'bash[compile_lndhub-go]', :immediately
+end
+
+bash 'compile_lndhub-go' do
+  cwd node['lndhub-go']['source_dir']
+  code "make"
+  action :nothing
+  notifies :restart, "systemd_unit[lndhub-go.service]", :delayed
+end
+
+bash 'bake_lndhub_macaroon' do
+  user bitcoin_user
+  cwd lnd_dir
+  code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
+  not_if { File.exist?(macaroon_path) }
+end
+
+template "#{source_dir}/.env" do
+  source 'lndhub-go.env.erb'
+  owner bitcoin_user
+  group bitcoin_group
+  mode 0600
+  sensitive true
+  variables config: {
+    database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
+    jwt_secret: credentials['jwt_secret'],
+    lnd_address: 'localhost:10009', # gRPC address,
+    lnd_macaroon_file: macaroon_path,
+    lnd_cert_file:  "#{lnd_dir}/tls.cert",
+    custom_name: node['lndhub-go']['domain'],
+    port: node['lndhub-go']['port'],
+    admin_token: credentials['admin_token']
+  }
+  notifies :restart, 'service[lndhub-go]', :delayed
+end
+
+systemd_unit 'lndhub-go.service' do
+  content({
+    Unit: {
+      Description: 'LndHub compatible API written in Go',
+      Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
+      Requires: 'lnd.service',
+      After: 'lnd.service'
+    },
+    Service: {
+      User: bitcoin_user,
+      Group: bitcoin_group,
+      Type: 'simple',
+      WorkingDirectory: source_dir,
+      ExecStart: "#{source_dir}/lndhub",
+      Restart: 'always',
+      RestartSec: '10',
+      TimeoutSec: '60',
+      PrivateTmp: true,
+      ProtectSystem: 'full',
+      NoNewPrivileges: true,
+      PrivateDevices: true,
+      MemoryDenyWriteExecute: true
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable, :start]
+end
+
+firewall_rule 'lndhub-go' do
+  port     node['lndhub-go']['port']
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb

@@ -0,0 +1,19 @@
+#
+# Cookbook Name:: kosmos-bitcoin
+# Recipe:: lndhub-go_pg_db
+#
+
+credentials = data_bag_item('credentials', 'lndhub-go')
+
+postgres_user = node['lndhub-go']['postgres']['user']
+postgres_db   = node['lndhub-go']['postgres']['database']
+
+postgresql_user postgres_user do
+  action :create
+  password credentials['postgresql_password']
+end
+
+postgresql_database postgres_db do
+  owner postgres_user
+  action :create
+end

site-cookbooks/kosmos-bitcoin/templates/lndhub-go.env.erb

@@ -0,0 +1,3 @@
+<% @config.each do |key, value| %>
+<%= key.upcase %>=<%= value.to_s %>
+<% end %>