diff --git a/data_bags/credentials/akkounts.json b/data_bags/credentials/akkounts.json index 1c4ab41..bc7f7a0 100644 --- a/data_bags/credentials/akkounts.json +++ b/data_bags/credentials/akkounts.json @@ -1,16 +1,23 @@ { "id": "akkounts", + "postgresql_username": { + "encrypted_data": "Mw+E6dXUYIRQgMzfxij9cFT9XFauVn9VUT9p\n", + "iv": "c2b2zKGTf1S3laui\n", + "auth_tag": "3ytXQSpxNYXGEeDOTq5g7g==\n", + "version": 3, + "cipher": "aes-256-gcm" + }, "postgresql_password": { - "encrypted_data": "Vt/jXxrJPbJbEl8Nw9EdVymoId21hdzHxA0zwEfAkA==\n", - "iv": "rV3dOjUhPsrdhF59\n", - "auth_tag": "GwuMLjf5zqTxLUIKb7ZKjA==\n", + "encrypted_data": "UCwTT6i0ORWiVRn5gbjWMOuikAIb7gAwL8g0TFhIvg==\n", + "iv": "xL6W4GqhxAf7FxmK\n", + "auth_tag": "EFE3C0PBAuusn/SqTAdyYA==\n", "version": 3, "cipher": "aes-256-gcm" }, "rails_master_key": { - "encrypted_data": "GjtdLy59dThzWYbEUD9Ss4G9vC3tcVgWDWLz3AoUl/jjJfSP2ym7ErjYwJhl\nE+1J2T3+\n", - "iv": "7PJXyCr2ozJHsMWZ\n", - "auth_tag": "nuW914Rh3Cn+ldGMc1JdGw==\n", + "encrypted_data": "QZD0AJIcq3iqrFAHN9DHxfctCXAMRQjuTSI9QgmaIUXgCz4+3LawI6eYGvr9\nV2nyDGJa\n", + "iv": "4hw1Dk+NsQ8wF7Og\n", + "auth_tag": "uoVSykmRQImRld1Ln0bg2g==\n", "version": 3, "cipher": "aes-256-gcm" } diff --git a/environments/production.json b/environments/production.json index b83bcc6..72e7ef2 100644 --- a/environments/production.json +++ b/environments/production.json @@ -1,6 +1,11 @@ { "name": "production", "override_attributes": { + "akkounts": { + "lndhub": { + "public_url": "https://lndhub.kosmos.org" + } + }, "garage": { "replication_mode": "2", "s3_api_root_domain": ".s3.garage.kosmos.org", diff --git a/nodes/akkounts-1.json b/nodes/akkounts-1.json index cbd58f3..14dce01 100644 --- a/nodes/akkounts-1.json +++ b/nodes/akkounts-1.json @@ -1,5 +1,6 @@ { "name": "akkounts-1", + "chef_environment": "production", "normal": { "knife_zero": { "host": "10.1.1.144" diff --git a/site-cookbooks/kosmos-akkounts/attributes/default.rb b/site-cookbooks/kosmos-akkounts/attributes/default.rb index 4386c90..782ba9e 100644 --- a/site-cookbooks/kosmos-akkounts/attributes/default.rb +++ b/site-cookbooks/kosmos-akkounts/attributes/default.rb @@ -4,3 +4,7 @@ node.default['akkounts']['port'] = 3000 node.default['akkounts']['domain'] = 'accounts.kosmos.org' node.default['akkounts_api']['domain'] = 'api.kosmos.org' + +node.default['akkounts']['lndhub']['api_url'] = nil +node.default['akkounts']['lndhub']['public_url'] = nil +node.default['akkounts']['lndhub']['postgres_db'] = 'lndhub' diff --git a/site-cookbooks/kosmos-akkounts/recipes/default.rb b/site-cookbooks/kosmos-akkounts/recipes/default.rb index efd8f63..4543b38 100644 --- a/site-cookbooks/kosmos-akkounts/recipes/default.rb +++ b/site-cookbooks/kosmos-akkounts/recipes/default.rb @@ -31,6 +31,52 @@ ruby_version = "2.7.5" bundle_path = "/opt/ruby_build/builds/#{ruby_version}/bin/bundle" rails_env = node.chef_environment == "development" ? "development" : "production" +postgres_readonly_host = search(:node, "role:postgresql_replica").first["knife_zero"]["host"] rescue nil +btcpay_host = search(:node, "role:btcpay").first["knife_zero"]["host"] rescue nil +lndhub_host = search(:node, "role:lndhub").first["knife_zero"]["host"] rescue nil +webhooks_allowed_ips = [lndhub_host].compact.uniq.join(',') +env = {} + +if webhooks_allowed_ips.length > 0 + env[:webhooks_allowed_ips] = webhooks_allowed_ips +end +if btcpay_host + env[:btcpay_api_url] = "http://#{btcpay_host}:23001/api/v1" +end +if lndhub_host + node.override["akkounts"]["lndhub"]["api_url"] = "http://#{lndhub_host}:3026" + env[:lndhub_legacy_api_url] = node["akkounts"]["lndhub"]["api_url"] + env[:lndhub_api_url] = node["akkounts"]["lndhub"]["api_url"] + env[:lndhub_public_url] = node["akkounts"]["lndhub"]["public_url"] + if postgres_readonly_host + env[:lndhub_admin_ui] = true + env[:lndhub_pg_host] = postgres_readonly_host + env[:lndhub_pg_database] = node['akkounts']['lndhub']['postgres_db'] + env[:lndhub_pg_username] = credentials['postgresql_username'] + env[:lndhub_pg_password] = credentials['postgresql_password'] + end +end + +ejabberd_private_ip_addresses = [] +search(:node, "role:ejabberd").each do |node| + ejabberd_private_ip_addresses << node["knife_zero"]["host"] +end + +ejabberd_private_ip_addresses.each do |ip_address| + IPAddr.new ip_address + hostsfile_entry ip_address do + hostname 'xmpp.kosmos.org' + action :create + end +rescue IPAddr::InvalidAddressError + ejabberd_private_ip_addresses.delete! ip_address + next +end + +if ejabberd_private_ip_addresses.size > 0 + env[:ejabberd_api_url] = 'https://xmpp.kosmos.org:5443/api' +end + systemd_unit "akkounts.service" do content({ Unit: { @@ -120,6 +166,16 @@ application deploy_path do group deploy_group end + template "#{deploy_path}/.env.production" do + source 'env.production.erb' + owner deploy_user + group deploy_group + mode 0600 + sensitive true + variables config: env + notifies :restart, "application[#{deploy_path}]", :delayed + end + execute "bundle install" do environment "HOME" => deploy_path user deploy_user @@ -159,21 +215,6 @@ application deploy_path do end end -ejabberd_private_ip_addresses = [] -search(:node, "role:ejabberd").each do |node| - ejabberd_private_ip_addresses << node["knife_zero"]["host"] -end - -ejabberd_private_ip_addresses.each do |ip_address| - IPAddr.new ip_address - hostsfile_entry ip_address do - hostname 'xmpp.kosmos.org' - action :create - end -rescue IPAddr::InvalidAddressError - next -end - # TODO move to nginx proxy include_recipe 'kosmos-akkounts::nginx' diff --git a/site-cookbooks/kosmos-akkounts/templates/env.production.erb b/site-cookbooks/kosmos-akkounts/templates/env.production.erb new file mode 100644 index 0000000..4b1faa5 --- /dev/null +++ b/site-cookbooks/kosmos-akkounts/templates/env.production.erb @@ -0,0 +1,11 @@ +<% @config.each do |key, value| %> +<% if value.is_a?(Hash) %> +<% value.each do |k, v| %> +<%= "#{key.upcase}_#{k.upcase}" %>=<%= v.to_s %> +<% end %> +<% else %> +<% if value %> +<%= key.upcase %>=<%= value.to_s %> +<% end %> +<% end %> +<% end %>