data_bags/credentials/rtl.json

@@ -0,0 +1,10 @@
+{
+  "id": "rtl",
+  "multiPassHashed": {
+    "encrypted_data": "Kg84dRDmB91Yq5vRwmgBf6CikZQYtQdJrVSgF2Ka8KDAbi2hjFvJMaBWJazl\nJWung87YbwszuqA0eN7fCoTsG70N/lJhfTv0NOArD1Jq+BPxQeM=\n",
+    "iv": "Fc6bk+8wqcs+kuhw\n",
+    "auth_tag": "QApw1XUQy+YxYTN9Xj/WEQ==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}

nodes/bitcoin-2.json

@@ -20,6 +20,7 @@
       "kosmos-bitcoin::source",
       "kosmos-bitcoin::c-lightning",
       "kosmos-bitcoin::lnd",
+      "kosmos-bitcoin::rtl",
       "kosmos-bitcoin::dotnet",
       "kosmos-bitcoin::nbxplorer",
       "kosmos-bitcoin::btcpay",
@@ -42,6 +43,11 @@
       "git::default",
       "git::package",
       "golang::default",
+      "kosmos-nodejs::default",
+      "nodejs::nodejs_from_package",
+      "nodejs::repo",
+      "firewall::default",
+      "chef-sugar::default",
       "kosmos-nginx::default",
       "nginx::default",
       "nginx::package",
@@ -73,6 +79,7 @@
     "recipe[kosmos-bitcoin::source]",
     "recipe[kosmos-bitcoin::c-lightning]",
     "recipe[kosmos-bitcoin::lnd]",
+    "recipe[kosmos-bitcoin::rtl]",
     "role[btcpay]"
   ]
 }

site-cookbooks/kosmos-bitcoin/attributes/default.rb

@@ -37,6 +37,21 @@ node.default['c-lightning']['public_ip'] = '148.251.237.73'
 node.default['lnd']['repo'] = 'https://github.com/lightningnetwork/lnd'
 node.default['lnd']['revision'] = 'v0.11.1-beta'
 node.default['lnd']['source_dir'] = '/opt/lnd'
+node.default['lnd']['lnd_dir'] = "/home/#{node['bitcoin']['username']}/.lnd"
+node.default['lnd']['alias'] = 'ln2.kosmos.org'
+node.default['lnd']['color'] = '#5e0c99'
+node.default['lnd']['log_level'] = 'info'
+node.default['lnd']['public_ip'] = '148.251.237.111'
+node.default['lnd']['public_port'] = '9375'
+node.default['lnd']['port'] = '9736'
+node.default['lnd']['minchansize'] = '1000000'
+node.default['lnd']['basefee'] = '500'
+node.default['lnd']['feerate'] = '1'
+
+node.default['rtl']['repo'] = 'https://github.com/Ride-The-Lightning/RTL.git'
+node.default['rtl']['revision'] = 'v0.10.0'
+node.default['rtl']['host'] = '10.1.1.163'
+node.default['rtl']['port'] = '3000'
 
 node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb"
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"

site-cookbooks/kosmos-bitcoin/metadata.rb

@@ -2,8 +2,8 @@ name 'kosmos-bitcoin'
 maintainer 'Kosmos Developers'
 maintainer_email 'mail@kosmos.org'
 license 'MIT'
-description 'Installs/Configures Bitcoin Core'
-long_description 'Installs/Configures Bitcoin Core'
+description 'Installs/configures bitcoin-related software'
+long_description 'Installs/configures bitcoin-related software'
 version '0.1.0'
 chef_version '>= 14.0'
 
@@ -23,3 +23,6 @@ depends 'ark'
 depends 'git'
 depends 'golang'
 depends 'kosmos-nginx'
+depends 'kosmos-nodejs'
+depends 'firewall'
+depends 'application_javascript'

site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb

@@ -18,6 +18,7 @@ bash 'build_btcpay' do
   cwd node['btcpay']['source_dir']
   code './build.sh'
   action :nothing
+  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
 end
 
 directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do
@@ -36,6 +37,8 @@ end
 
 credentials = Chef::EncryptedDataBagItem.load('credentials', 'btcpay')
 
+lnd_admin_macaroon_path = "#{node['lnd']['lnd_dir']}/data/chain/bitcoin/mainnet/admin.macaroon" rescue nil
+
 template node['btcpay']['config_path'] do
   source "btcpay-settings.config.erb"
   owner node['bitcoin']['username']
@@ -49,7 +52,9 @@ template node['btcpay']['config_path'] do
             postgres_port: node['btcpay']['postgres']['port'],
             postgres_database: node['btcpay']['postgres']['database'],
             postgres_user: node['btcpay']['postgres']['user'],
-            postgres_password: credentials['postgres_password']
+            postgres_password: credentials['postgres_password'],
+            lnd_admin_macaroon_path: lnd_admin_macaroon_path
+  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
 end
 
 directory '/run/btcpayserver' do

site-cookbooks/kosmos-bitcoin/recipes/c-lightning.rb

@@ -71,15 +71,13 @@ systemd_unit 'lightningd.service' do
       After: 'bitcoind.service'
     },
     Service: {
-      User: node['bitcoin']['username'],
-      Group: node['bitcoin']['usergroup'],
+      User: bitcoin_user,
+      Group: bitcoin_group,
       Type: 'simple',
-      ExecStart: "/usr/local/bin/lightningd",
+      ExecStart: '/usr/local/bin/lightningd',
       Restart: 'always',
       RestartSec: '30',
       TimeoutSec: '240',
-      RuntimeDirectory: 'lightningd', # /run/lightningd
-      RuntimeDirectoryMode: '0710',
       PrivateTmp: true,
       ProtectSystem: 'full',
       NoNewPrivileges: true,

site-cookbooks/kosmos-bitcoin/recipes/lnd.rb

@@ -6,11 +6,6 @@
 include_recipe "git"
 include_recipe "golang"
 
-# bitcoin_user      = node['bitcoin']['username']
-# bitcoin_group     = node['bitcoin']['usergroup']
-# bitcoin_datadir   = node['bitcoin']['datadir']
-# bitcoin_conf_path = node['bitcoin']['conf_path']
-
 git node['lnd']['source_dir'] do
   repository node['lnd']['repo']
   revision node['lnd']['revision']
@@ -25,4 +20,72 @@ bash "compile_lnd" do
     make clean && make && make install
   EOH
   action :nothing
+  notifies :restart, "systemd_unit[lnd.service]", :delayed
+end
+
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+lnd_dir       = node['lnd']['lnd_dir']
+
+bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
+
+directory lnd_dir do
+  owner bitcoin_user
+  group bitcoin_group
+  mode '0750'
+  action :create
+end
+
+template "#{lnd_dir}/lnd.conf" do
+  source "lnd.conf.erb"
+  owner bitcoin_user
+  group bitcoin_group
+  mode '0640'
+  variables lnd_alias: node['lnd']['alias'],
+            lnd_color: node['lnd']['color'],
+            lnd_log_level: node['lnd']['log_level'],
+            lnd_externalip: "#{node['lnd']['public_ip']}:#{node['lnd']['public_port']}",
+            lnd_port: node['lnd']['port'],
+            lnd_minchansize: node['lnd']['minchansize'],
+            lnd_basefee: node['lnd']['basefee'],
+            lnd_feerate: node['lnd']['feerate'],
+            bitcoin_datadir: node['bitcoin']['datadir'],
+            bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
+            bitcoin_rpc_password: bitcoin_credentials["rpcpassword"],
+            bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
+            bitcoin_zmqpubrawblock: node['bitcoin']['conf']['zmqpubrawblock'],
+            bitcoin_zmqpubrawtx: node['bitcoin']['conf']['zmqpubrawtx']
+  notifies :restart, "systemd_unit[lnd.service]", :delayed
+end
+
+systemd_unit 'lnd.service' do
+  content({
+    Unit: {
+      Description: 'Lightning Network Daemon',
+      Documentation: ['https://github.com/lightningnetwork/lnd/tree/master/docs'],
+      Requires: 'bitcoind.service',
+      After: 'bitcoind.service'
+    },
+    Service: {
+      User: bitcoin_user,
+      Group: bitcoin_group,
+      Type: 'simple',
+      ExecStart: '/opt/go/bin/lnd',
+      Restart: 'always',
+      RestartSec: '30',
+      TimeoutSec: '240',
+      LimitNOFILE: '128000',
+      PrivateTmp: true,
+      ProtectSystem: 'full',
+      NoNewPrivileges: true,
+      PrivateDevices: true,
+      MemoryDenyWriteExecute: true
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable, :start]
 end

site-cookbooks/kosmos-bitcoin/recipes/rtl.rb

@@ -0,0 +1,110 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: rtl
+#
+
+include_recipe 'kosmos-nodejs'
+
+app_name      = "rtl"
+rtl_dir       = "/opt/#{app_name}"
+lnd_dir       = node['lnd']['lnd_dir']
+bitcoin_user  = node['bitcoin']['username']
+bitcoin_group = node['bitcoin']['usergroup']
+credentials   = Chef::EncryptedDataBagItem.load('credentials', 'rtl')
+
+rtl_config = {
+  host: node['rtl']['host'],
+  port: node['rtl']['port'],
+  defaultNodeIndex: 1,
+  SSO: {
+    rtlSSO: 0,
+    rtlCookiePath: "",
+    logoutRedirectLink: ""
+  },
+  nodes: [
+    {
+      index: 1,
+      lnNode: node['lnd']['alias'],
+      lnImplementation: "LND",
+      Authentication: {
+        macaroonPath: "#{lnd_dir}/data/chain/bitcoin/mainnet",
+        configPath: "#{lnd_dir}/lnd.conf"
+      },
+      Settings: {
+        userPersona: "MERCHANT",
+        themeMode: "NIGHT",
+        themeColor: "TEAL",
+        channelBackupPath: "",
+        enableLogging: true,
+        lnServerUrl: "https://localhost:8080",
+        fiatConversion: true,
+        currencyUnit: "EUR"
+      }
+    }
+  ],
+  multiPassHashed: credentials["multiPassHashed"]
+}.to_json
+
+application rtl_dir do
+  owner bitcoin_user
+  group bitcoin_group
+
+  git do
+    user  bitcoin_user
+    group bitcoin_group
+    repository node['rtl']['repo']
+    revision node['rtl']['revision']
+    notifies :restart, "systemd_unit[rtl.service]", :delayed
+  end
+
+  npm_install do
+    user bitcoin_user
+  end
+
+  file "#{rtl_dir}/RTL-Config.json" do
+    owner bitcoin_user
+    group bitcoin_group
+    mode '0640'
+    content rtl_config
+    notifies :restart, "systemd_unit[rtl.service]", :delayed
+  end
+
+  systemd_unit 'rtl.service' do
+    content({
+      Unit: {
+        Description: 'Ride The Lightning',
+        Documentation: ['https://github.com/Ride-The-Lightning/RTL'],
+        Requires: 'lnd.service',
+        After: 'lnd.service'
+      },
+      Service: {
+        User: bitcoin_user,
+        Group: bitcoin_group,
+        Type: 'simple',
+        # ExecStartPre: '/bin/sleep 120',
+        ExecStart: "/usr/bin/node #{rtl_dir}/rtl.js",
+        Restart: 'always',
+        RestartSec: '30',
+        TimeoutSec: '120',
+        PrivateTmp: true,
+        ProtectSystem: 'full',
+        NoNewPrivileges: true,
+        PrivateDevices: true,
+      },
+      Install: {
+        WantedBy: 'multi-user.target'
+      }
+    })
+    verify false
+    triggers_reload true
+    action [:create, :enable, :start]
+  end
+end
+
+include_recipe 'firewall'
+firewall_rule 'rtl_private' do
+  port     node['rtl']['port'].to_i
+  source   "10.1.1.0/24"
+  protocol :tcp
+  command  :allow
+end

site-cookbooks/kosmos-bitcoin/templates/btcpay-settings.config.erb

@@ -2,7 +2,9 @@ network=<%= @bitcoin_network %>
 port=<%= @btcpay_port %>
 bind=127.0.0.1
 chains=btc
-BTC.explorer.url=<%= @nbxplorer_url %>
 postgres=User ID=<%= @postgres_user %>;Password=<%= @postgres_password %>;Host=<%= @postgres_host %>;Port=<%= @postgres_port %>;Database=<%= @postgres_database %>;
 debuglog=<%= @btcpay_log_path %>
-<%# TODO BTC.lightning=type=clightning;server=/mnt/data/lightningd/lightning-rpc %>
+BTC.explorer.url=<%= @nbxplorer_url %>
+<% if @lnd_admin_macaroon_path %>
+BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=<%= @lnd_admin_macaroon_path %>;allowinsecure=true
+<% end %>

site-cookbooks/kosmos-bitcoin/templates/lnd.conf.erb

@@ -0,0 +1,26 @@
+[Application Options]
+debuglevel=<%= @lnd_log_level %>
+listen=0.0.0.0:<%= @lnd_port %>
+externalip=<%= @lnd_externalip %>
+alias=<%= @lnd_alias %>
+color=<%= @lnd_color %>
+maxpendingchannels=2
+minchansize=<%= @lnd_minchansize %>
+
+[autopilot]
+autopilot.active=0
+
+[Bitcoin]
+bitcoin.active=1
+bitcoin.mainnet=1
+bitcoin.node=bitcoind
+bitcoin.basefee=<%= @lnd_basefee %>
+bitcoin.feerate=<%= @lnd_feerate %>
+
+[bitcoind]
+bitcoind.dir=<%= @bitcoin_datadir %>
+bitcoind.rpchost=<%= @bitcoin_rpc_host %>
+bitcoind.rpcuser=<%= @bitcoin_rpc_user %>
+bitcoind.rpcpass=<%= @bitcoin_rpc_password %>
+bitcoind.zmqpubrawblock=<%= @bitcoin_zmqpubrawblock %>
+bitcoind.zmqpubrawtx=<%= @bitcoin_zmqpubrawtx %>