chef/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb

#
# Cookbook:: kosmos-bitcoin
# Recipe:: nbxplorer
#

build_essential

include_recipe "git"

credentials         = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer')
bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
postgres_user       = node["nbxplorer"]["postgres"]["user"]
postgres_database   = node["nbxplorer"]["postgres"]["database"]

git node['nbxplorer']['source_dir'] do
  repository node['nbxplorer']['repo']
  revision node['nbxplorer']['revision']
  action :sync
  notifies :stop, "service[nbxplorer]", :immediately
  notifies :run, 'bash[build_nbxplorer]', :immediately
end

bash 'build_nbxplorer' do
  cwd node['nbxplorer']['source_dir']
  code './build.sh'
  action :nothing
end

directory "/home/#{node['bitcoin']['username']}/.nbxplorer" do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0750'
  recursive true
end

directory File.dirname(node['nbxplorer']['config_path']) do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0750'
  recursive true
end

template node['nbxplorer']['config_path'] do
  source "nbxplorer-settings.config.erb"
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0640'
  variables bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
            bitcoin_rpc_password: bitcoin_credentials["rpcpassword"],
            bitcoin_rpc_url: "http://#{node['bitcoin']['conf']['rpcbind']}",
            nbxplorer_port: node['nbxplorer']['port']
end

directory '/run/nbxplorer' do
  owner node['bitcoin']['username']
  group node['bitcoin']['usergroup']
  mode '0640'
end

env = {
  NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20"
}

systemd_unit 'nbxplorer.service' do
  content({
    Unit: {
      Description: 'NBXplorer daemon',
      Documentation: ['https://github.com/dgarage/NBXplorer'],
      Requires: 'bitcoind.service',
      After: 'bitcoind.service'
    },
    Service: {
      User: node['bitcoin']['username'],
      Group: node['bitcoin']['usergroup'],
      Type: 'simple',
      WorkingDirectory: node['nbxplorer']['source_dir'],
      Environment: env.map{|k, v| "'#{k}=#{v}'"}.join(' '),
      ExecStart: "#{node['nbxplorer']['source_dir']}/run.sh -c #{node['nbxplorer']['config_path']} --noauth",
      PIDFile: '/run/nbxplorer/nbxplorer.pid',
      Restart: 'on-failure',
      PrivateTmp: true,
      ProtectSystem: 'full',
      NoNewPrivileges: true,
      PrivateDevices: true
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create]
end

service "nbxplorer" do
  action [:enable, :start]
end