#
# Cookbook:: kosmos-bitcoin
# Recipe:: rtl
#

node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_18.x"
include_recipe 'kosmos-nodejs'

app_name      = "rtl"
rtl_dir       = "/opt/#{app_name}"
lnd_dir       = node['lnd']['lnd_dir']
bitcoin_user  = node['bitcoin']['username']
bitcoin_group = node['bitcoin']['usergroup']
credentials   = Chef::EncryptedDataBagItem.load('credentials', 'rtl')

rtl_config = {
  host: node['rtl']['host'],
  port: node['rtl']['port'],
  defaultNodeIndex: 1,
  SSO: {
    rtlSSO: 0,
    rtlCookiePath: "",
    logoutRedirectLink: ""
  },
  nodes: [
    {
      index: 1,
      lnNode: node['lnd']['alias'],
      lnImplementation: "LND",
      Authentication: {
        macaroonPath: "#{lnd_dir}/data/chain/bitcoin/mainnet",
        configPath: "#{lnd_dir}/lnd.conf"
      },
      Settings: {
        userPersona: "MERCHANT",
        themeMode: "NIGHT",
        themeColor: "TEAL",
        channelBackupPath: "",
        enableLogging: true,
        lnServerUrl: "https://localhost:8080",
        fiatConversion: true,
        currencyUnit: "EUR"
      }
    }
  ],
  multiPassHashed: credentials["multiPassHashed"]
}

git rtl_dir do
  user bitcoin_user
  group bitcoin_group
  repository node['rtl']['repo']
  revision node['rtl']['revision']
  notifies :run, "execute[npm_install]", :immediately
  notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
end

execute "npm_install" do
  cwd rtl_dir
  environment "HOME" => rtl_dir
  user bitcoin_user
  # TODO remove --force when upstream dependency issues have been resolved
  command "npm install --force"
  action :nothing
end

file "#{rtl_dir}/RTL-Config.json" do
  owner bitcoin_user
  group bitcoin_group
  mode '0640'
  content rtl_config.to_json
  notifies :restart, "systemd_unit[#{app_name}.service]", :delayed
end

systemd_unit "#{app_name}.service" do
  content({
    Unit: {
      Description: 'Ride The Lightning',
      Documentation: ['https://github.com/Ride-The-Lightning/RTL'],
      Requires: 'lnd.service',
      After: 'lnd.service'
    },
    Service: {
      User: bitcoin_user,
      Group: bitcoin_group,
      Type: 'simple',
      # ExecStartPre: '/bin/sleep 120',
      ExecStart: "/usr/bin/node #{rtl_dir}/rtl.js",
      Restart: 'always',
      RestartSec: '30',
      TimeoutSec: '120',
      PrivateTmp: true,
      ProtectSystem: 'full',
      NoNewPrivileges: true,
      PrivateDevices: true,
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create, :enable, :start]
end

include_recipe 'firewall'
firewall_rule 'rtl_private' do
  port     node['rtl']['port'].to_i
  source   "10.1.1.0/24"
  protocol :tcp
  command  :allow
end