From ad59913555b61b8ceed412812507acf08b9de2c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kip.pe>
Date: Wed, 26 Jul 2023 15:00:55 +0200
Subject: [PATCH] Migrate lndhub proxy to openresty

---
 nodes/draco.kosmos.org.json                   |  1 +
 roles/openresty_proxy.rb                      |  2 +-
 site-cookbooks/kosmos-bitcoin/metadata.rb     |  1 +
 .../kosmos-bitcoin/recipes/nginx_lndhub.rb    | 25 +++++++------------
 .../templates/nginx_conf_lndhub.erb           |  2 +-
 5 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/nodes/draco.kosmos.org.json b/nodes/draco.kosmos.org.json
index d6de9a2..09b0d9a 100644
--- a/nodes/draco.kosmos.org.json
+++ b/nodes/draco.kosmos.org.json
@@ -47,6 +47,7 @@
       "kosmos_website::default",
       "kosmos-akkounts::nginx",
       "kosmos-akkounts::nginx_api",
+      "kosmos-bitcoin::nginx_lndhub",
       "kosmos_encfs",
       "kosmos_encfs::default",
       "kosmos-ejabberd::firewall",
diff --git a/roles/openresty_proxy.rb b/roles/openresty_proxy.rb
index 820bc82..6275af9 100644
--- a/roles/openresty_proxy.rb
+++ b/roles/openresty_proxy.rb
@@ -25,7 +25,6 @@ default_run_list = %w(
   kosmos_garage::firewall_rpc
   kosmos_garage::nginx_web
 
-  kosmos-bitcoin::nginx_lndhub
   kosmos-ejabberd::nginx
   kosmos-hubot::nginx_botka_irc-libera-chat
   kosmos-hubot::nginx_hal8000_xmpp
@@ -45,6 +44,7 @@ production_run_list = %w(
   kosmos_website::default
   kosmos-akkounts::nginx
   kosmos-akkounts::nginx_api
+  kosmos-bitcoin::nginx_lndhub
 )
 
 env_run_lists(
diff --git a/site-cookbooks/kosmos-bitcoin/metadata.rb b/site-cookbooks/kosmos-bitcoin/metadata.rb
index 1cf8f30..5c23e70 100644
--- a/site-cookbooks/kosmos-bitcoin/metadata.rb
+++ b/site-cookbooks/kosmos-bitcoin/metadata.rb
@@ -14,6 +14,7 @@ depends 'git'
 depends 'golang'
 depends 'kosmos-nginx'
 depends 'kosmos-nodejs'
+depends 'kosmos_openresty'
 depends 'kosmos_postgresql'
 depends 'postgresql'
 depends 'redisio'
diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb b/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb
index dcf54f7..83cee60 100644
--- a/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/nginx_lndhub.rb
@@ -3,27 +3,20 @@
 # Recipe:: nginx_lndhub
 #
 
-include_recipe "kosmos-base::letsencrypt"
-include_recipe "kosmos-nginx"
-
 domain = node['lndhub-go']['domain']
 
-nginx_certbot_site domain
-
 upstream_host = search(:node, "role:lndhub").first["knife_zero"]["host"]
 
-template "#{node['nginx']['dir']}/sites-available/#{domain}" do
-  source 'nginx_conf_lndhub.erb'
-  owner node["nginx"]["user"]
-  mode 0640
-  variables port: node['lndhub-go']['port'],
-            server_name: domain,
+tls_cert_for domain do
+  auth "gandi_dns"
+  action :create
+end
+
+openresty_site domain do
+  template 'nginx_conf_lndhub.erb'
+  variables server_name: domain,
+            port: node['lndhub-go']['port'],
             ssl_cert: "/etc/letsencrypt/live/#{domain}/fullchain.pem",
             ssl_key:  "/etc/letsencrypt/live/#{domain}/privkey.pem",
             upstream_host: upstream_host
-  notifies :reload, 'service[nginx]', :delayed
-end
-
-nginx_site domain do
-  action :enable
 end
diff --git a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
index 07ec9a4..f79a0ae 100644
--- a/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/nginx_conf_lndhub.erb
@@ -6,7 +6,7 @@ upstream _lndhub {
 }
 
 server {
-  listen 443 ssl http2;
+  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
   listen [::]:443 ssl http2;
   server_name <%= @server_name %>;