From 2ca576468ed13cb8482d4b779ea7e703987d4626 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 30 Jun 2021 17:09:31 +0200 Subject: [PATCH 1/3] Auto-unlock LND wallet/node The latest release added a new config option for auto-unlocking the wallet/node using a password file. This changeset adds support for just that to the lnd recipe, so that nobody has to manually unlock it after reboots or service restarts. --- site-cookbooks/kosmos-bitcoin/attributes/default.rb | 5 +++-- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 13 +++++++++++++ .../kosmos-bitcoin/templates/lnd.conf.erb | 1 + 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 8111a5e..054639a 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -45,8 +45,9 @@ node.default['lnd']['public_ip'] = '148.251.237.111' node.default['lnd']['public_port'] = '9735' node.default['lnd']['port'] = '9736' node.default['lnd']['minchansize'] = '1000000' -node.default['lnd']['basefee'] = '500' -node.default['lnd']['feerate'] = '1' +node.default['lnd']['basefee'] = '1000' +node.default['lnd']['feerate'] = '50' +node.default['lnd']['auto_unlock'] = true # requires credentials/lnd data bag item node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git' node.default['rtl']['revision'] = 'v0.11.0' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index 4e2464a..6f36bb7 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -36,6 +36,17 @@ directory lnd_dir do action :create end +if node['lnd']['auto_unlock'] + lnd_credentials = Chef::EncryptedDataBagItem.load('credentials', 'lnd') + + file "#{lnd_dir}/.unlock.txt" do + content lnd_credentials['password'] + mode '0600' + owner bitcoin_user + group bitcoin_group + end +end + template "#{lnd_dir}/lnd.conf" do source "lnd.conf.erb" owner bitcoin_user @@ -49,6 +60,8 @@ template "#{lnd_dir}/lnd.conf" do lnd_minchansize: node['lnd']['minchansize'], lnd_basefee: node['lnd']['basefee'], lnd_feerate: node['lnd']['feerate'], + lnd_dir: lnd_dir, + auto_unlock: node['lnd']['auto_unlock'], bitcoin_datadir: node['bitcoin']['datadir'], bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'], bitcoin_rpc_password: bitcoin_credentials["rpcpassword"], diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb index b96f7d8..57c7caf 100644 --- a/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb @@ -6,6 +6,7 @@ alias=<%= @lnd_alias %> color=<%= @lnd_color %> maxpendingchannels=2 minchansize=<%= @lnd_minchansize %> +<% if @auto_unlock %>wallet-unlock-password-file=<%= @lnd_dir %>/.unlock.txt<% end %> [autopilot] autopilot.active=0 From 4bda4d7857f21cb7395b1e9a6156cbfbf1818642 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Wed, 30 Jun 2021 17:10:57 +0200 Subject: [PATCH 2/3] Install LND with all subsystems enabled This allows to run loopd and other tools. --- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index 6f36bb7..bcf1cd0 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -17,7 +17,7 @@ bash "compile_lnd" do cwd node['lnd']['source_dir'] code <<-EOH source /etc/profile.d/golang.sh - make clean && make && make install + make clean && make && make install tags="signrpc walletrpc chainrpc invoicesrpc" EOH action :nothing notifies :restart, "systemd_unit[lnd.service]", :delayed From 37873fb881de437b842fd7ed3467f12edb029376 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 1 Jul 2021 13:17:51 +0200 Subject: [PATCH 3/3] Add data bag for LND credentials --- data_bags/credentials/lnd.json | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 data_bags/credentials/lnd.json diff --git a/data_bags/credentials/lnd.json b/data_bags/credentials/lnd.json new file mode 100644 index 0000000..5e61dcb --- /dev/null +++ b/data_bags/credentials/lnd.json @@ -0,0 +1,10 @@ +{ + "id": "lnd", + "password": { + "encrypted_data": "etEgstimoXqyD8HhZZ7rKW0+LW3rnYAR3f++AOv6SA==\n", + "iv": "g9LA7GpA6eV1ZAJu\n", + "auth_tag": "wv67Nliq0HGqAhVeyhNO/g==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file