96 lines
2.4 KiB
Ruby
96 lines
2.4 KiB
Ruby
#
|
|
# Cookbook:: kosmos-bitcoin
|
|
# Recipe:: lndhub
|
|
#
|
|
|
|
include_recipe 'redisio::default'
|
|
include_recipe 'redisio::enable'
|
|
|
|
app_name = "lndhub"
|
|
app_dir = "/opt/#{app_name}"
|
|
lnd_dir = node['lnd']['lnd_dir']
|
|
bitcoin_user = node['bitcoin']['username']
|
|
bitcoin_group = node['bitcoin']['usergroup']
|
|
bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
|
|
|
|
application app_dir do
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
|
|
git do
|
|
user bitcoin_user
|
|
group bitcoin_group
|
|
repository node['lndhub']['repo']
|
|
revision node['lndhub']['revision']
|
|
notifies :restart, "systemd_unit[lndhub.service]", :delayed
|
|
end
|
|
|
|
npm_install do
|
|
user bitcoin_user
|
|
end
|
|
|
|
link "#{app_dir}/admin.macaroon" do
|
|
to "#{lnd_dir}/data/chain/bitcoin/mainnet/admin.macaroon"
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
end
|
|
|
|
link "#{app_dir}/tls.cert" do
|
|
to "#{lnd_dir}/tls.cert"
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
end
|
|
|
|
template "#{app_dir}/config.js" do
|
|
source "lndhub.config.js.erb"
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
mode '0600'
|
|
variables bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
|
|
bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
|
|
bitcoin_rpc_pass: bitcoin_credentials["rpcpassword"],
|
|
lnd_rpc_host: '127.0.0.1:10009'
|
|
notifies :restart, "systemd_unit[lndhub.service]", :delayed
|
|
end
|
|
|
|
systemd_unit 'lndhub.service' do
|
|
content({
|
|
Unit: {
|
|
Description: 'LND Hub',
|
|
Documentation: ['https://github.com/BlueWallet/LndHub'],
|
|
Requires: 'lnd.service',
|
|
After: 'lnd.service'
|
|
},
|
|
Service: {
|
|
User: bitcoin_user,
|
|
Group: bitcoin_group,
|
|
Type: 'simple',
|
|
Environment: "PORT=#{node['lndhub']['port']}",
|
|
WorkingDirectory: app_dir,
|
|
ExecStart: "/usr/bin/npm start",
|
|
Restart: 'always',
|
|
RestartSec: '30',
|
|
TimeoutSec: '120',
|
|
PrivateTmp: true,
|
|
ProtectSystem: 'full',
|
|
NoNewPrivileges: true,
|
|
PrivateDevices: true,
|
|
},
|
|
Install: {
|
|
WantedBy: 'multi-user.target'
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable, :start]
|
|
end
|
|
end
|
|
|
|
include_recipe 'firewall'
|
|
firewall_rule 'lndhub_private' do
|
|
port node['lndhub']['port'].to_i
|
|
source "10.1.1.0/24"
|
|
protocol :tcp
|
|
command :allow
|
|
end
|