#
# Cookbook:: kosmos-bitcoin
# Recipe:: btcpay
#

build_essential

include_recipe "git"

git node['btcpay']['source_dir'] do
  repository node['btcpay']['repo']
  revision node['btcpay']['revision']
  action :sync
  notifies :run, 'bash[build_btcpay]', :immediately
end

bash 'build_btcpay' do
  cwd node['btcpay']['source_dir']
  code <<-EOH
    systemctl stop btcpayserver.service
    ./build.sh
  EOH
  action :nothing
  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
end

directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0750'
  recursive true
end

directory File.dirname(node['btcpay']['config_path']) do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0750'
  recursive true
end

credentials = Chef::EncryptedDataBagItem.load('credentials', 'btcpay')

lnd_admin_macaroon_path = "#{node['lnd']['lnd_dir']}/data/chain/bitcoin/mainnet/admin.macaroon" rescue nil

template node['btcpay']['config_path'] do
  source "btcpay-settings.config.erb"
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0640'
  variables bitcoin_network: node['bitcoin']['network'],
            nbxplorer_url: "http://127.0.0.1:#{node['nbxplorer']['port']}",
            btcpay_port: node['btcpay']['port'],
            btcpay_log_path: node['btcpay']['log_path'],
            postgres_host: "pg.kosmos.local",
            postgres_port: node['btcpay']['postgres']['port'],
            postgres_database: node['btcpay']['postgres']['database'],
            postgres_user: node['btcpay']['postgres']['user'],
            postgres_password: credentials['postgres_password'],
            lnd_admin_macaroon_path: lnd_admin_macaroon_path
  notifies :restart, "systemd_unit[btcpayserver.service]", :delayed
end

directory '/run/btcpayserver' do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0640'
end

systemd_unit 'btcpayserver.service' do
  content({
    Unit: {
      Description: 'BTCPay Server daemon',
      Documentation: ['https://docs.btcpayserver.org/ManualDeployment/'],
      Requires: 'nbxplorer.service',
      After: 'nbxplorer.service'
    },
    Service: {
      User: node['bitcoin']['username'],
      Group: node['bitcoin']['usergroup'],
      Type: 'simple',
      WorkingDirectory: node['btcpay']['source_dir'],
      ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}",
      PIDFile: '/run/btcpayserver/btcpayserver.pid',
      Restart: 'on-failure',
      PrivateTmp: true,
      ProtectSystem: 'full',
      NoNewPrivileges: true,
      PrivateDevices: true
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable, :start]
end

#
# HTTPS Reverse Proxy
#

include_recipe "kosmos-nginx"
server_name = node["btcpay"]["domain"]

template "#{node["nginx"]["dir"]}/sites-available/#{server_name}" do
  source "nginx_conf_btcpayserver.erb"
  owner node["nginx"]["user"]
  mode 0640
  variables btcpay_port: node["btcpay"]["port"],
            server_name: server_name,
            ssl_cert:    "/etc/letsencrypt/live/#{server_name}/fullchain.pem",
            ssl_key:     "/etc/letsencrypt/live/#{server_name}/privkey.pem"
  notifies :reload, "service[nginx]", :delayed
end

nginx_site server_name do
  action :enable
end

nginx_certbot_site server_name