#
# Cookbook:: kosmos-bitcoin
# Recipe:: lnd
#

include_recipe "git"
include_recipe "kosmos-bitcoin::golang"

git node['lnd']['source_dir'] do
  repository node['lnd']['repo']
  revision node['lnd']['revision']
  action :sync
  notifies :run, 'bash[compile_lnd]', :immediately
end

bash "compile_lnd" do
  cwd node['lnd']['source_dir']
  code <<-EOH
    source /etc/profile.d/golang.sh
    make clean && make && make install tags="signrpc walletrpc chainrpc invoicesrpc routerrpc"
  EOH
  action :nothing
  notifies :restart, "systemd_unit[lnd.service]", :delayed
end

bitcoin_user  = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
lnd_dir       = node['lnd']['lnd_dir']

bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')

directory lnd_dir do
  owner bitcoin_user
  group bitcoin_group
  mode '0750'
  action :create
end

if node['lnd']['auto_unlock']
  lnd_credentials = Chef::EncryptedDataBagItem.load('credentials', 'lnd')

  file "#{lnd_dir}/.unlock.txt" do
    content lnd_credentials['password']
    mode '0600'
    owner bitcoin_user
    group bitcoin_group
  end
end

template "#{lnd_dir}/lnd.conf" do
  source "lnd.conf.erb"
  owner bitcoin_user
  group bitcoin_group
  mode '0640'
  variables lnd_alias: node['lnd']['alias'],
            lnd_color: node['lnd']['color'],
            lnd_log_level: node['lnd']['log_level'],
            lnd_externalip: "#{node['lnd']['public_ip']}:#{node['lnd']['public_port']}",
            lnd_port: node['lnd']['port'],
            lnd_minchansize: node['lnd']['minchansize'],
            lnd_basefee: node['lnd']['basefee'],
            lnd_feerate: node['lnd']['feerate'],
            lnd_dir: lnd_dir,
            lnd_tor: node['lnd']['tor'],
            auto_unlock: node['lnd']['auto_unlock'],
            tor_enabled: node['bitcoin']['tor_enabled'],
            bitcoin_datadir: node['bitcoin']['datadir'],
            bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
            bitcoin_rpc_password: bitcoin_credentials["rpcpassword"],
            bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
            bitcoin_zmqpubrawblock: node['bitcoin']['conf']['zmqpubrawblock'],
            bitcoin_zmqpubrawtx: node['bitcoin']['conf']['zmqpubrawtx']
  notifies :restart, "systemd_unit[lnd.service]", :delayed
end

systemd_unit 'lnd.service' do
  content({
    Unit: {
      Description: 'Lightning Network Daemon',
      Documentation: ['https://github.com/lightningnetwork/lnd/tree/master/docs'],
      Requires: 'bitcoind.service',
      After: 'bitcoind.service'
    },
    Service: {
      User: bitcoin_user,
      Group: bitcoin_group,
      Type: 'simple',
      ExecStart: "/opt/go/bin/lnd",
      Restart: 'always',
      RestartSec: '30',
      TimeoutSec: '240',
      LimitNOFILE: '128000',
      PrivateTmp: true,
      ProtectSystem: 'full',
      NoNewPrivileges: true,
      PrivateDevices: true,
      MemoryDenyWriteExecute: true
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable, :start]
end

firewall_rule 'lnd' do
  port     [node['lnd']['port']]
  protocol :tcp
  command  :allow
end

if node['bitcoin']['tor_enabled']
  node.override['tor']['ControlPort'] = 9051
  node.override['tor']['CookieAuthentication'] = true
end

unless node.chef_environment == 'development'
  node.override['backup']['archives']['lnd'] = [node['lnd']['lnd_dir']]
  include_recipe 'backup'
end