Set up lndhub.go

closes #454

site-cookbooks/kosmos-bitcoin/recipes/lndhub-go.rb

@@ -0,0 +1,98 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: lndhub-go
+#
+
+include_recipe 'git'
+include_recipe 'kosmos-bitcoin::golang'
+
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+lnd_dir       = node['lnd']['lnd_dir']
+lncli_bin     = "/opt/go/bin/lncli"
+source_dir    = node['lndhub-go']['source_dir']
+macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
+credentials   = data_bag_item('credentials', 'lndhub-go')
+postgres_host = "pg.kosmos.local"
+postgres_user = node['lndhub-go']['postgres']['user']
+postgres_db   = node['lndhub-go']['postgres']['database']
+postgres_port = node['lndhub-go']['postgres']['port']
+
+git source_dir do
+  repository node['lndhub-go']['repo']
+  revision node['lndhub-go']['revision']
+  action :sync
+  notifies :run, 'bash[compile_lndhub-go]', :immediately
+end
+
+bash 'compile_lndhub-go' do
+  cwd node['lndhub-go']['source_dir']
+  code "make"
+  action :nothing
+  notifies :restart, "systemd_unit[lndhub-go.service]", :delayed
+end
+
+bash 'bake_lndhub_macaroon' do
+  user bitcoin_user
+  cwd lnd_dir
+  code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
+  not_if { File.exist?(macaroon_path) }
+end
+
+template "#{source_dir}/.env" do
+  source 'lndhub-go.env.erb'
+  owner bitcoin_user
+  group bitcoin_group
+  mode 0600
+  sensitive true
+  variables config: {
+    database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
+    jwt_secret: credentials['jwt_secret'],
+    lnd_address: 'localhost:10009', # gRPC address,
+    lnd_macaroon_file: macaroon_path,
+    lnd_cert_file:  "#{lnd_dir}/tls.cert",
+    custom_name: node['lndhub-go']['domain'],
+    port: node['lndhub-go']['port'],
+    admin_token: credentials['admin_token']
+  }
+  notifies :restart, 'service[lndhub-go]', :delayed
+end
+
+systemd_unit 'lndhub-go.service' do
+  content({
+    Unit: {
+      Description: 'LndHub compatible API written in Go',
+      Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
+      Requires: 'lnd.service',
+      After: 'lnd.service'
+    },
+    Service: {
+      User: bitcoin_user,
+      Group: bitcoin_group,
+      Type: 'simple',
+      WorkingDirectory: source_dir,
+      ExecStart: "#{source_dir}/lndhub",
+      Restart: 'always',
+      RestartSec: '10',
+      TimeoutSec: '60',
+      PrivateTmp: true,
+      ProtectSystem: 'full',
+      NoNewPrivileges: true,
+      PrivateDevices: true,
+      MemoryDenyWriteExecute: true
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable, :start]
+end
+
+firewall_rule 'lndhub-go' do
+  port     node['lndhub-go']['port']
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos-bitcoin/recipes/lndhub-go_pg_db.rb

@@ -0,0 +1,19 @@
+#
+# Cookbook Name:: kosmos-bitcoin
+# Recipe:: lndhub-go_pg_db
+#
+
+credentials = data_bag_item('credentials', 'lndhub-go')
+
+postgres_user = node['lndhub-go']['postgres']['user']
+postgres_db   = node['lndhub-go']['postgres']['database']
+
+postgresql_user postgres_user do
+  action :create
+  password credentials['postgresql_password']
+end
+
+postgresql_database postgres_db do
+  owner postgres_user
+  action :create
+end