2023-02-14 13:03:49 +00:00
7 changed files with 70 additions and 10 deletions
--- a/data_bags/credentials/nbxplorer.json
+++ b/data_bags/credentials/nbxplorer.json
@ -0,0 +1,10 @@
+{
+  "id": "nbxplorer",
+  "postgresql_password": {
+    "encrypted_data": "FhJPANkxVT08Xf/8SJEj/lilgebkXA4hH4QfDsDb7DX/\n",
+    "iv": "zyK2uS4Gz9NOkJBB\n",
+    "auth_tag": "MsybhzFGaOSm66clfoHDsw==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  }
+}
--- a/nodes/postgres-2.json
+++ b/nodes/postgres-2.json
@ -22,6 +22,7 @@
      "kosmos_postgresql::primary",
      "kosmos_postgresql::firewall",
      "kosmos-bitcoin::lndhub-go_pg_db",
+      "kosmos-bitcoin::nbxplorer_pg_db",
      "kosmos_drone::pg_db",
      "kosmos_gitea::pg_db",
      "kosmos-mastodon::pg_db",
--- a/roles/postgresql_primary.rb
+++ b/roles/postgresql_primary.rb
@ -4,6 +4,7 @@ run_list %w(
  kosmos_postgresql::primary
  kosmos_postgresql::firewall
  kosmos-bitcoin::lndhub-go_pg_db
+  kosmos-bitcoin::nbxplorer_pg_db
  kosmos_drone::pg_db
  kosmos_gitea::pg_db
  kosmos-mastodon::pg_db
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@ -103,10 +103,12 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/
 node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991"

 node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer'
-node.default['nbxplorer']['revision'] = 'v2.3.58'
+node.default['nbxplorer']['revision'] = 'v2.3.60'
 node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer'
 node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config"
 node.default['nbxplorer']['port'] = '24445'
+node.default['nbxplorer']['postgres']['database'] = 'nbxplorer'
+node.default['nbxplorer']['postgres']['user'] = 'nbxplorer'

 node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver'
 node.default['btcpay']['revision'] = 'v1.7.5'
--- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb
@ -11,7 +11,7 @@ git node['btcpay']['source_dir'] do
  repository node['btcpay']['repo']
  revision node['btcpay']['revision']
  action :sync
-  notifies :stop, "systemd_unit[btcpayserver.service]", :immediately
+  notifies :stop, "service[btcpayserver]", :immediately
  notifies :run, 'bash[build_btcpay]', :immediately
 end

@ -22,7 +22,7 @@ bash 'build_btcpay' do
    ./build.sh
  EOH
  action :nothing
-  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
+  notifies :restart, "service[btcpayserver]", :delayed
 end

 directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do
@ -58,7 +58,7 @@ template node['btcpay']['config_path'] do
            postgres_user: node['btcpay']['postgres']['user'],
            postgres_password: credentials['postgres_password'],
            lnd_admin_macaroon_path: lnd_admin_macaroon_path
-  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
+  notifies :restart, "service[btcpayserver]", :delayed
 end

 directory '/run/btcpayserver' do
@ -67,6 +67,13 @@ directory '/run/btcpayserver' do
  mode '0640'
 end

+if node["nbxplorer"]["postgres"]
+  nbxplorer_credentials = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer')
+  nbxpg_user     = node["nbxplorer"]["postgres"]["user"]
+  nbxpg_database = node["nbxplorer"]["postgres"]["database"]
+  nbxpg_connect = "User ID=#{nbxpg_user};Password=#{nbxplorer_credentials['postgresql_password']};Database=#{nbxpg_database};Host=pg.kosmos.local;Port=5432;Application Name=btcpayserver;MaxPoolSize=80"
+end
+
 systemd_unit 'btcpayserver.service' do
  content({
    Unit: {
@ -80,6 +87,7 @@ systemd_unit 'btcpayserver.service' do
      Group: node['bitcoin']['usergroup'],
      Type: 'simple',
      WorkingDirectory: node['btcpay']['source_dir'],
+      Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '',
      ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
      PIDFile: '/run/btcpayserver/btcpayserver.pid',
      Restart: 'on-failure',
@ -94,7 +102,11 @@ systemd_unit 'btcpayserver.service' do
  })
  verify false
  triggers_reload true
-  action [:create, :enable, :start]
+  action [:create]
+end
+
+service "btcpayserver" do
+  action [:enable, :start]
 end

 firewall_rule "BTCPay API private access" do
--- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb
@ -7,11 +7,16 @@ build_essential

 include_recipe "git"

+credentials         = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer')
+bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
+postgres_user       = node["nbxplorer"]["postgres"]["user"]
+postgres_database   = node["nbxplorer"]["postgres"]["database"]
+
 git node['nbxplorer']['source_dir'] do
  repository node['nbxplorer']['repo']
  revision node['nbxplorer']['revision']
  action :sync
-  notifies :stop, "systemd_unit[nbxplorer.service]", :immediately
+  notifies :stop, "service[nbxplorer]", :immediately
  notifies :run, 'bash[build_nbxplorer]', :immediately
 end

@ -21,8 +26,6 @@ bash 'build_nbxplorer' do
  action :nothing
 end

-bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
-
 directory "/home/#{node['bitcoin']['username']}/.nbxplorer" do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
@ -54,6 +57,12 @@ directory '/run/nbxplorer' do
  mode '0640'
 end

+env = {
+  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20",
+  NBXPLORER_AUTOMIGRATE: "1",
+  NBXPLORER_NOMIGRATEEVTS: "1"
+}
+
 systemd_unit 'nbxplorer.service' do
  content({
    Unit: {
@ -66,7 +75,9 @@ systemd_unit 'nbxplorer.service' do
      User: node['bitcoin']['username'],
      Group: node['bitcoin']['usergroup'],
      Type: 'simple',
-      ExecStart: "/usr/bin/dotnet '#{node['nbxplorer']['source_dir']}/NBXplorer/bin/Release/netcoreapp3.1/NBXplorer.dll' -c #{node['nbxplorer']['config_path']} --noauth",
+      WorkingDirectory: node['nbxplorer']['source_dir'],
+      Environment: env.map{|k, v| "'#{k}=#{v}'"}.join(' '),
+      ExecStart: "#{node['nbxplorer']['source_dir']}/run.sh -c #{node['nbxplorer']['config_path']} --noauth",
      PIDFile: '/run/nbxplorer/nbxplorer.pid',
      Restart: 'on-failure',
      PrivateTmp: true,
@ -80,5 +91,9 @@ systemd_unit 'nbxplorer.service' do
  })
  verify false
  triggers_reload true
-  action [:create, :enable, :start]
+  action [:create]
+end
+
+service "nbxplorer" do
+  action [:enable, :start]
 end
--- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb
@ -0,0 +1,19 @@
+#
+# Cookbook Name:: kosmos-bitcoin
+# Recipe:: nbxplorer-go_pg_db
+#
+
+credentials = data_bag_item('credentials', 'nbxplorer')
+
+postgres_user = node['nbxplorer']['postgres']['user']
+postgres_db   = node['nbxplorer']['postgres']['database']
+
+postgresql_user postgres_user do
+  action :create
+  password credentials['postgresql_password']
+end
+
+postgresql_database postgres_db do
+  owner postgres_user
+  action :create
+end