diff --git a/data_bags/credentials/btcpay.json b/data_bags/credentials/btcpay.json new file mode 100644 index 0000000..352f5f5 --- /dev/null +++ b/data_bags/credentials/btcpay.json @@ -0,0 +1,10 @@ +{ + "id": "btcpay", + "postgres_password": { + "encrypted_data": "sDiikAwXFqRCguREzzL0ybo33pl3CiSnJt5pqqnY7Q==\n", + "iv": "2qY/agvlvTJCGaj+\n", + "auth_tag": "kC5KmBBtlR0Yzi44WU5Ntw==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 6199ee3..f7336e9 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -41,3 +41,9 @@ node.default['nbxplorer']['port'] = '24445' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' node.default['btcpay']['revision'] = 'latest' node.default['btcpay']['source_dir'] = '/opt/btcpay' +node.default['btcpay']['config_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/Main/settings.config" +node.default['btcpay']['log_path'] = "/home/#{node['bitcoin']['username']}/.btcpayserver/debug.log" +node.default['btcpay']['port'] = '23001' +node.default['btcpay']['postgres']['port'] = 5432 +node.default['btcpay']['postgres']['database'] = 'btcpayserver' +node.default['btcpay']['postgres']['user'] = 'satoshi' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb index 25cb6b5..3d15031 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb @@ -7,15 +7,83 @@ build_essential include_recipe "git" -git node['nbxplorer']['source_dir'] do - repository node['nbxplorer']['repo'] - revision node['nbxplorer']['revision'] +git node['btcpay']['source_dir'] do + repository node['btcpay']['repo'] + revision node['btcpay']['revision'] action :sync - notifies :run, 'bash[build_nbxplorer]', :immediately + notifies :run, 'bash[build_btcpay]', :immediately end -bash 'build_nbxplorer' do - cwd node['nbxplorer']['source_dir'] +bash 'build_btcpay' do + cwd node['btcpay']['source_dir'] code './build.sh' action :nothing end + +directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do + owner node['bitcoin']['username'] + group node['bitcoin']['usergroup'] + mode '0750' + recursive true +end + +directory File.dirname(node['btcpay']['config_path']) do + owner node['bitcoin']['username'] + group node['bitcoin']['usergroup'] + mode '0750' + recursive true +end + +credentials = Chef::EncryptedDataBagItem.load('credentials', 'btcpay') + +template node['btcpay']['config_path'] do + source "btcpay-settings.config.erb" + owner node['bitcoin']['username'] + group node['bitcoin']['usergroup'] + mode '0640' + variables bitcoin_network: node['bitcoin']['network'], + nbxplorer_url: "http://127.0.0.1:#{node['nbxplorer']['port']}", + btcpay_port: node['btcpay']['port'], + btcpay_log_path: node['btcpay']['log_path'], + postgres_host: "192.168.122.1", + postgres_port: node['btcpay']['postgres']['port'], + postgres_database: node['btcpay']['postgres']['database'], + postgres_user: node['btcpay']['postgres']['user'], + postgres_password: credentials['postgres_password'] +end + +directory '/run/btcpayserver' do + owner node['bitcoin']['username'] + group node['bitcoin']['usergroup'] + mode '0640' +end + +systemd_unit 'btcpayserver.service' do + content({ + Unit: { + Description: 'BTCPay Server daemon', + Documentation: ['https://docs.btcpayserver.org/ManualDeployment/'], + Requires: 'nbxplorer.service', + After: 'nbxplorer.service' + }, + Service: { + User: node['bitcoin']['username'], + Group: node['bitcoin']['usergroup'], + Type: 'simple', + WorkingDirectory: node['btcpay']['source_dir'], + ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}", + PIDFile: '/run/btcpayserver/btcpayserver.pid', + Restart: 'on-failure', + PrivateTmp: true, + ProtectSystem: 'full', + NoNewPrivileges: true, + PrivateDevices: true + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] +end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb index 0800c87..729e076 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb @@ -1,27 +1,34 @@ # # Cookbook:: kosmos-bitcoin -# Recipe:: btcpay +# Recipe:: nbxplorer # build_essential include_recipe "git" -git node['btcpay']['source_dir'] do - repository node['btcpay']['repo'] - revision node['btcpay']['revision'] +git node['nbxplorer']['source_dir'] do + repository node['nbxplorer']['repo'] + revision node['nbxplorer']['revision'] action :sync - notifies :run, 'bash[build_btcpay]', :immediately + notifies :run, 'bash[build_nbxplorer]', :immediately end -bash 'build_btcpay' do - cwd node['btcpay']['source_dir'] +bash 'build_nbxplorer' do + cwd node['nbxplorer']['source_dir'] code './build.sh' action :nothing end bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') +directory "/home/#{node['bitcoin']['username']}/.nbxplorer" do + owner node['bitcoin']['username'] + group node['bitcoin']['usergroup'] + mode '0750' + recursive true +end + directory File.dirname(node['nbxplorer']['config_path']) do owner node['bitcoin']['username'] group node['bitcoin']['usergroup'] @@ -59,7 +66,7 @@ systemd_unit 'nbxplorer.service' do Group: node['bitcoin']['usergroup'], Type: 'simple', ExecStart: "/usr/bin/dotnet '#{node['nbxplorer']['source_dir']}/NBXplorer/bin/Release/netcoreapp3.1/NBXplorer.dll' -c #{node['nbxplorer']['config_path']} --noauth", - PIDFile: "/run/nbxplorer/nbxplorer.pid", + PIDFile: '/run/nbxplorer/nbxplorer.pid', Restart: 'on-failure', PrivateTmp: true, ProtectSystem: 'full', diff --git a/site-cookbooks/kosmos-bitcoin/recipes/source.rb b/site-cookbooks/kosmos-bitcoin/recipes/source.rb index cac64c4..34e138d 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/source.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/source.rb @@ -27,6 +27,7 @@ end build_essential include_recipe 'ark' + %w{ libtool autotools-dev make automake cmake curl g++-multilib libtool binutils-gold bsdmainutils pkg-config python3 patch }.each do |pkg| apt_package pkg diff --git a/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb b/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb new file mode 100644 index 0000000..fc6ed31 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb @@ -0,0 +1,8 @@ +network=<%= @bitcoin_network %> +port=<%= @btcpay_port %> +bind=127.0.0.1 +chains=btc +BTC.explorer.url=<%= @nbxplorer_url %> +postgres=User ID=<%= @postgres_user %>;Password=<%= @postgres_password %>;Host=<%= @postgres_host %>;Port=<%= @postgres_port %>;Database=<%= @postgres_database %>; +debuglog=<%= @btcpay_log_path %> +<%# TODO BTC.lightning=type=clightning;server=/mnt/data/lightningd/lightning-rpc %>