From 99e029a5ca98639fa683fae9231c1dbc2eeaa573 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 8 Feb 2023 15:30:44 +0800 Subject: [PATCH 1/2] Switch NBXplorer to Postgres --- data_bags/credentials/nbxplorer.json | 10 ++++++++ nodes/postgres-2.json | 1 + roles/postgresql_primary.rb | 1 + .../kosmos-bitcoin/attributes/default.rb | 4 ++- .../kosmos-bitcoin/recipes/btcpay.rb | 7 ++++++ .../kosmos-bitcoin/recipes/nbxplorer.rb | 25 +++++++++++++++---- .../kosmos-bitcoin/recipes/nbxplorer_pg_db.rb | 19 ++++++++++++++ 7 files changed, 61 insertions(+), 6 deletions(-) create mode 100644 data_bags/credentials/nbxplorer.json create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb diff --git a/data_bags/credentials/nbxplorer.json b/data_bags/credentials/nbxplorer.json new file mode 100644 index 0000000..fe06b23 --- /dev/null +++ b/data_bags/credentials/nbxplorer.json @@ -0,0 +1,10 @@ +{ + "id": "nbxplorer", + "postgresql_password": { + "encrypted_data": "FhJPANkxVT08Xf/8SJEj/lilgebkXA4hH4QfDsDb7DX/\n", + "iv": "zyK2uS4Gz9NOkJBB\n", + "auth_tag": "MsybhzFGaOSm66clfoHDsw==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 2ddf554..32655ee 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -22,6 +22,7 @@ "kosmos_postgresql::primary", "kosmos_postgresql::firewall", "kosmos-bitcoin::lndhub-go_pg_db", + "kosmos-bitcoin::nbxplorer_pg_db", "kosmos_drone::pg_db", "kosmos_gitea::pg_db", "kosmos-mastodon::pg_db", diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 9854b01..5f3f2bd 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -4,6 +4,7 @@ run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall kosmos-bitcoin::lndhub-go_pg_db + kosmos-bitcoin::nbxplorer_pg_db kosmos_drone::pg_db kosmos_gitea::pg_db kosmos-mastodon::pg_db diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 2e82464..ab5c630 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -103,10 +103,12 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.3.58' +node.default['nbxplorer']['revision'] = 'v2.3.60' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' +node.default['nbxplorer']['postgres']['database'] = 'nbxplorer' +node.default['nbxplorer']['postgres']['user'] = 'nbxplorer' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' node.default['btcpay']['revision'] = 'v1.7.5' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb index 648414d..b6c63c4 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb @@ -67,6 +67,12 @@ directory '/run/btcpayserver' do mode '0640' end +if node["nbxplorer"]["postgres"] + nbxplorer_credentials = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer') + nbxpg_user = node["nbxplorer"]["postgres"]["user"] + nbxpg_database = node["nbxplorer"]["postgres"]["database"] + nbxpg_connect = "User ID=#{nbxpg_user};Password=#{nbxplorer_credentials['postgresql_password']};Database=#{nbxpg_database};Host=pg.kosmos.local;Port=5432;Application Name=btcpayserver;MaxPoolSize=80" +end systemd_unit 'btcpayserver.service' do content({ Unit: { @@ -80,6 +86,7 @@ systemd_unit 'btcpayserver.service' do Group: node['bitcoin']['usergroup'], Type: 'simple', WorkingDirectory: node['btcpay']['source_dir'], + Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '', ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}", PIDFile: '/run/btcpayserver/btcpayserver.pid', Restart: 'on-failure', diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb index d771ede..5675b35 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb @@ -7,11 +7,16 @@ build_essential include_recipe "git" +credentials = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer') +bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') +postgres_user = node["nbxplorer"]["postgres"]["user"] +postgres_database = node["nbxplorer"]["postgres"]["database"] + git node['nbxplorer']['source_dir'] do repository node['nbxplorer']['repo'] revision node['nbxplorer']['revision'] action :sync - notifies :stop, "systemd_unit[nbxplorer.service]", :immediately + notifies :stop, "service[nbxplorer]", :immediately notifies :run, 'bash[build_nbxplorer]', :immediately end @@ -21,8 +26,6 @@ bash 'build_nbxplorer' do action :nothing end -bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') - directory "/home/#{node['bitcoin']['username']}/.nbxplorer" do owner node['bitcoin']['username'] group node['bitcoin']['usergroup'] @@ -54,6 +57,12 @@ directory '/run/nbxplorer' do mode '0640' end +env = { + NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20", + NBXPLORER_AUTOMIGRATE: "1", + NBXPLORER_NOMIGRATEEVTS: "1" +} + systemd_unit 'nbxplorer.service' do content({ Unit: { @@ -66,7 +75,9 @@ systemd_unit 'nbxplorer.service' do User: node['bitcoin']['username'], Group: node['bitcoin']['usergroup'], Type: 'simple', - ExecStart: "/usr/bin/dotnet '#{node['nbxplorer']['source_dir']}/NBXplorer/bin/Release/netcoreapp3.1/NBXplorer.dll' -c #{node['nbxplorer']['config_path']} --noauth", + WorkingDirectory: node['nbxplorer']['source_dir'], + Environment: env.map{|k, v| "'#{k}=#{v}'"}.join(' '), + ExecStart: "#{node['nbxplorer']['source_dir']}/run.sh -c #{node['nbxplorer']['config_path']} --noauth", PIDFile: '/run/nbxplorer/nbxplorer.pid', Restart: 'on-failure', PrivateTmp: true, @@ -80,5 +91,9 @@ systemd_unit 'nbxplorer.service' do }) verify false triggers_reload true - action [:create, :enable, :start] + action [:create] +end + +service "nbxplorer" do + action [:enable, :start] end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb new file mode 100644 index 0000000..5c4e893 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: kosmos-bitcoin +# Recipe:: nbxplorer-go_pg_db +# + +credentials = data_bag_item('credentials', 'nbxplorer') + +postgres_user = node['nbxplorer']['postgres']['user'] +postgres_db = node['nbxplorer']['postgres']['database'] + +postgresql_user postgres_user do + action :create + password credentials['postgresql_password'] +end + +postgresql_database postgres_db do + owner postgres_user + action :create +end -- 2.25.1 From b762d70b4340a1e3bc868886d5f1e18d22cd6406 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Wed, 8 Feb 2023 15:31:17 +0800 Subject: [PATCH 2/2] Use service resource --- site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb index b6c63c4..c88d7ec 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb @@ -11,7 +11,7 @@ git node['btcpay']['source_dir'] do repository node['btcpay']['repo'] revision node['btcpay']['revision'] action :sync - notifies :stop, "systemd_unit[btcpayserver.service]", :immediately + notifies :stop, "service[btcpayserver]", :immediately notifies :run, 'bash[build_btcpay]', :immediately end @@ -22,7 +22,7 @@ bash 'build_btcpay' do ./build.sh EOH action :nothing - notifies :restart, "systemd_unit[btcpayserver.service]", :delayed + notifies :restart, "service[btcpayserver]", :delayed end directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do @@ -58,7 +58,7 @@ template node['btcpay']['config_path'] do postgres_user: node['btcpay']['postgres']['user'], postgres_password: credentials['postgres_password'], lnd_admin_macaroon_path: lnd_admin_macaroon_path - notifies :restart, "systemd_unit[btcpayserver.service]", :delayed + notifies :restart, "service[btcpayserver]", :delayed end directory '/run/btcpayserver' do @@ -73,6 +73,7 @@ if node["nbxplorer"]["postgres"] nbxpg_database = node["nbxplorer"]["postgres"]["database"] nbxpg_connect = "User ID=#{nbxpg_user};Password=#{nbxplorer_credentials['postgresql_password']};Database=#{nbxpg_database};Host=pg.kosmos.local;Port=5432;Application Name=btcpayserver;MaxPoolSize=80" end + systemd_unit 'btcpayserver.service' do content({ Unit: { @@ -101,7 +102,11 @@ systemd_unit 'btcpayserver.service' do }) verify false triggers_reload true - action [:create, :enable, :start] + action [:create] +end + +service "btcpayserver" do + action [:enable, :start] end firewall_rule "BTCPay API private access" do -- 2.25.1