#
# Cookbook:: kosmos-bitcoin
# Recipe:: lndhub-go
#

include_recipe 'git'
include_recipe 'kosmos-bitcoin::golang'
include_recipe 'kosmos-bitcoin::user'

bitcoin_user  = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
lnd_dir       = node['lnd']['lnd_dir']
lncli_bin     = '/opt/go/bin/lncli'
source_dir    = node['lndhub-go']['source_dir']
macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
credentials   = data_bag_item('credentials', 'lndhub-go')
postgres_host = "pg.kosmos.local"
postgres_user = node['lndhub-go']['postgres']['user']
postgres_db   = node['lndhub-go']['postgres']['database']
postgres_port = node['lndhub-go']['postgres']['port']

begin
  akkounts_host = search(:node, "role:akkounts").first["knife_zero"]["host"]
  node.normal['lndhub-go']['webhook_url'] = "http://#{akkounts_host}:3000/webhooks/lndhub"
rescue => e
  puts "NO AKKOUNTS HOST FOUND"
  puts e.message
end

git source_dir do
  repository node['lndhub-go']['repo']
  revision node['lndhub-go']['revision']
  action :sync
  notifies :run, 'bash[compile_lndhub-go]', :immediately
end

bash 'compile_lndhub-go' do
  cwd source_dir
  code 'make'
  action :nothing
  notifies :restart, 'service[lndhub-go]', :delayed
end

bash 'bake_lndhub_macaroon' do
  user bitcoin_user
  cwd lnd_dir
  code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
  not_if { File.exist?(macaroon_path) }
end

template "#{source_dir}/.env" do
  source 'lndhub-go.env.erb'
  owner bitcoin_user
  group bitcoin_group
  mode 0600
  sensitive true
  variables config: {
    database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
    jwt_secret: credentials['jwt_secret'],
    lnd_address: 'localhost:10009', # gRPC address,
    lnd_macaroon_file: macaroon_path,
    lnd_cert_file:  "#{lnd_dir}/tls.cert",
    custom_name: node['lndhub-go']['domain'],
    port: node['lndhub-go']['port'],
    admin_token: credentials['admin_token'],
    default_rate_limit: node['lndhub-go']['default_rate_limit'],
    strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
    burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
    service_fee: 1,
    no_service_fee_up_to_amount: 1000,
    branding: node['lndhub-go']['branding'],
    webhook_url: node['lndhub-go']['webhook_url'],
    sentry_dsn: credentials['sentry_dsn']
  }
  notifies :restart, 'service[lndhub-go]', :delayed
end

systemd_unit 'lndhub-go.service' do
  content({
    Unit: {
      Description: 'LndHub compatible API written in Go',
      Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
      Requires: 'lnd.service',
      After: 'lnd.service'
    },
    Service: {
      User: bitcoin_user,
      Group: bitcoin_group,
      Type: 'simple',
      WorkingDirectory: source_dir,
      ExecStart: "#{source_dir}/lndhub",
      Restart: 'always',
      RestartSec: '10',
      TimeoutSec: '60',
      PrivateTmp: true,
      ProtectSystem: 'full',
      NoNewPrivileges: true,
      PrivateDevices: true,
      MemoryDenyWriteExecute: true
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable, :start]
end

service 'lndhub-go' do
  action :nothing
end

firewall_rule 'lndhub-go' do
  port     node['lndhub-go']['port']
  source   '10.1.1.0/24'
  protocol :tcp
  command  :allow
end