Write akkounts .env config, add config for lndhub admin UI

closes #462

data_bags/credentials/akkounts.json

@@ -1,16 +1,23 @@
 {
   "id": "akkounts",
+  "postgresql_username": {
+    "encrypted_data": "Mw+E6dXUYIRQgMzfxij9cFT9XFauVn9VUT9p\n",
+    "iv": "c2b2zKGTf1S3laui\n",
+    "auth_tag": "3ytXQSpxNYXGEeDOTq5g7g==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
   "postgresql_password": {
-    "encrypted_data": "Vt/jXxrJPbJbEl8Nw9EdVymoId21hdzHxA0zwEfAkA==\n",
+    "encrypted_data": "UCwTT6i0ORWiVRn5gbjWMOuikAIb7gAwL8g0TFhIvg==\n",
-    "iv": "rV3dOjUhPsrdhF59\n",
+    "iv": "xL6W4GqhxAf7FxmK\n",
-    "auth_tag": "GwuMLjf5zqTxLUIKb7ZKjA==\n",
+    "auth_tag": "EFE3C0PBAuusn/SqTAdyYA==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "rails_master_key": {
-    "encrypted_data": "GjtdLy59dThzWYbEUD9Ss4G9vC3tcVgWDWLz3AoUl/jjJfSP2ym7ErjYwJhl\nE+1J2T3+\n",
+    "encrypted_data": "QZD0AJIcq3iqrFAHN9DHxfctCXAMRQjuTSI9QgmaIUXgCz4+3LawI6eYGvr9\nV2nyDGJa\n",
-    "iv": "7PJXyCr2ozJHsMWZ\n",
+    "iv": "4hw1Dk+NsQ8wF7Og\n",
-    "auth_tag": "nuW914Rh3Cn+ldGMc1JdGw==\n",
+    "auth_tag": "uoVSykmRQImRld1Ln0bg2g==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }

environments/production.json

@@ -1,6 +1,11 @@
 {
   "name": "production",
   "override_attributes": {
+    "akkounts": {
+      "lndhub": {
+        "public_url": "https://lndhub.kosmos.org"
+      }
+    },
     "garage": {
       "replication_mode": "2",
       "s3_api_root_domain": ".s3.garage.kosmos.org",

nodes/akkounts-1.json

@@ -1,5 +1,6 @@
 {
   "name": "akkounts-1",
+  "chef_environment": "production",
   "normal": {
     "knife_zero": {
       "host": "10.1.1.144"

site-cookbooks/kosmos-akkounts/attributes/default.rb

@@ -4,3 +4,7 @@ node.default['akkounts']['port'] = 3000
 node.default['akkounts']['domain'] = 'accounts.kosmos.org'
 
 node.default['akkounts_api']['domain'] = 'api.kosmos.org'
+
+node.default['akkounts']['lndhub']['api_url'] = nil
+node.default['akkounts']['lndhub']['public_url'] = nil
+node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub'

site-cookbooks/kosmos-akkounts/recipes/default.rb

@@ -31,6 +31,52 @@ ruby_version = "2.7.5"
 bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle"
 rails_env = node.chef_environment == "development" ? "development" : "production"
 
+postgres_readonly_host = search(:node, "role:postgresql_replica").first["knife_zero"]["host"] rescue nil
+btcpay_host = search(:node, "role:btcpay").first["knife_zero"]["host"] rescue nil
+lndhub_host = search(:node, "role:lndhub").first["knife_zero"]["host"] rescue nil
+webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',')
+env = {}
+
+if webhooks_allowed_ips.length > 0
+  env[:webhooks_allowed_ips] = webhooks_allowed_ips
+end
+if btcpay_host
+  env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1"
+end
+if lndhub_host
+  node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026"
+  env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"]
+  env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"]
+  env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"]
+  if postgres_readonly_host
+    env[:lndhub_admin_ui] = true
+    env[:lndhub_pg_host] = postgres_readonly_host
+    env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db']
+    env[:lndhub_pg_username] = credentials['postgresql_username']
+    env[:lndhub_pg_password] = credentials['postgresql_password']
+  end
+end
+
+ejabberd_private_ip_addresses = []
+search(:node, "role:ejabberd").each do |node|
+  ejabberd_private_ip_addresses << node["knife_zero"]["host"]
+end
+
+ejabberd_private_ip_addresses.each do |ip_address|
+  IPAddr.new ip_address
+  hostsfile_entry ip_address do
+    hostname 'xmpp.kosmos.org'
+    action :create
+  end
+rescue IPAddr::InvalidAddressError
+  ejabberd_private_ip_addresses.delete! ip_address
+  next
+end
+
+if ejabberd_private_ip_addresses.size > 0
+  env[:ejabberd_api_url] = 'https://xmpp.kosmos.org:5443/api'
+end
+
 systemd_unit "akkounts.service" do
   content({
     Unit: {
@@ -120,6 +166,16 @@ application deploy_path do
     group deploy_group
   end
 
+  template "#{deploy_path}/.env.production" do
+    source 'env.production.erb'
+    owner deploy_user
+    group deploy_group
+    mode 0600
+    sensitive true
+    variables config: env
+    notifies :restart, "application[#{deploy_path}]", :delayed
+  end
+
   execute "bundle install" do
     environment "HOME" => deploy_path
     user deploy_user
@@ -159,21 +215,6 @@ application deploy_path do
   end
 end
 
-ejabberd_private_ip_addresses = []
-search(:node, "role:ejabberd").each do |node|
-  ejabberd_private_ip_addresses << node["knife_zero"]["host"]
-end
-
-ejabberd_private_ip_addresses.each do |ip_address|
-  IPAddr.new ip_address
-  hostsfile_entry ip_address do
-    hostname 'xmpp.kosmos.org'
-    action :create
-  end
-rescue IPAddr::InvalidAddressError
-  next
-end
-
 # TODO move to nginx proxy
 include_recipe 'kosmos-akkounts::nginx'
 

site-cookbooks/kosmos-akkounts/templates/env.production.erb

@@ -0,0 +1,11 @@
+<% @config.each do |key, value| %>
+<% if value.is_a?(Hash) %>
+<% value.each do |k, v| %>
+<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %>
+<% end %>
+<% else %>
+<% if value %>
+<%= key.upcase %>=<%= value.to_s %>
+<% end %>
+<% end %>
+<% end %>