118 lines
3.4 KiB
Ruby
118 lines
3.4 KiB
Ruby
#
|
|
# Cookbook:: kosmos-bitcoin
|
|
# Recipe:: lndhub-go
|
|
#
|
|
|
|
include_recipe 'git'
|
|
include_recipe 'kosmos-bitcoin::golang'
|
|
include_recipe 'kosmos-bitcoin::user'
|
|
|
|
bitcoin_user = node['bitcoin']['username']
|
|
bitcoin_group = node['bitcoin']['usergroup']
|
|
lnd_dir = node['lnd']['lnd_dir']
|
|
lncli_bin = '/opt/go/bin/lncli'
|
|
source_dir = node['lndhub-go']['source_dir']
|
|
macaroon_path = "#{lnd_dir}/data/lndhub.macaroon"
|
|
credentials = data_bag_item('credentials', 'lndhub-go')
|
|
postgres_host = "pg.kosmos.local"
|
|
postgres_user = node['lndhub-go']['postgres']['user']
|
|
postgres_db = node['lndhub-go']['postgres']['database']
|
|
postgres_port = node['lndhub-go']['postgres']['port']
|
|
|
|
begin
|
|
akkounts_host = search(:node, "role:akkounts").first["knife_zero"]["host"]
|
|
node.normal['lndhub-go']['webhook_url'] = "http://#{akkounts_host}:3000/webhooks/lndhub"
|
|
rescue => e
|
|
puts "NO AKKOUNTS HOST FOUND"
|
|
puts e.message
|
|
end
|
|
|
|
git source_dir do
|
|
repository node['lndhub-go']['repo']
|
|
revision node['lndhub-go']['revision']
|
|
action :sync
|
|
notifies :run, 'bash[compile_lndhub-go]', :immediately
|
|
end
|
|
|
|
bash 'compile_lndhub-go' do
|
|
cwd source_dir
|
|
code 'make'
|
|
action :nothing
|
|
notifies :restart, 'service[lndhub-go]', :delayed
|
|
end
|
|
|
|
bash 'bake_lndhub_macaroon' do
|
|
user bitcoin_user
|
|
cwd lnd_dir
|
|
code "#{lncli_bin} bakemacaroon --save_to=./data/lndhub.macaroon info:read invoices:read invoices:write offchain:read offchain:write"
|
|
not_if { File.exist?(macaroon_path) }
|
|
end
|
|
|
|
template "#{source_dir}/.env" do
|
|
source 'lndhub-go.env.erb'
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
mode 0600
|
|
sensitive true
|
|
variables config: {
|
|
database_uri: "postgresql://#{postgres_user}:#{credentials['postgresql_password']}@#{postgres_host}:#{postgres_port}/#{postgres_db}?sslmode=disable",
|
|
jwt_secret: credentials['jwt_secret'],
|
|
lnd_address: 'localhost:10009', # gRPC address,
|
|
lnd_macaroon_file: macaroon_path,
|
|
lnd_cert_file: "#{lnd_dir}/tls.cert",
|
|
custom_name: node['lndhub-go']['domain'],
|
|
port: node['lndhub-go']['port'],
|
|
admin_token: credentials['admin_token'],
|
|
default_rate_limit: node['lndhub-go']['default_rate_limit'],
|
|
strict_rate_limit: node['lndhub-go']['strict_rate_limit'],
|
|
burst_rate_limit: node['lndhub-go']['burst_rate_limit'],
|
|
branding: node['lndhub-go']['branding'],
|
|
webhook_url: node['lndhub-go']['webhook_url'],
|
|
sentry_dsn: credentials['sentry_dsn']
|
|
}
|
|
notifies :restart, 'service[lndhub-go]', :delayed
|
|
end
|
|
|
|
systemd_unit 'lndhub-go.service' do
|
|
content({
|
|
Unit: {
|
|
Description: 'LndHub compatible API written in Go',
|
|
Documentation: ['https://github.com/getAlby/lndhub.go/blob/main/README.md'],
|
|
Requires: 'lnd.service',
|
|
After: 'lnd.service'
|
|
},
|
|
Service: {
|
|
User: bitcoin_user,
|
|
Group: bitcoin_group,
|
|
Type: 'simple',
|
|
WorkingDirectory: source_dir,
|
|
ExecStart: "#{source_dir}/lndhub",
|
|
Restart: 'always',
|
|
RestartSec: '10',
|
|
TimeoutSec: '60',
|
|
PrivateTmp: true,
|
|
ProtectSystem: 'full',
|
|
NoNewPrivileges: true,
|
|
PrivateDevices: true,
|
|
MemoryDenyWriteExecute: true
|
|
},
|
|
Install: {
|
|
WantedBy: 'multi-user.target'
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable, :start]
|
|
end
|
|
|
|
service 'lndhub-go' do
|
|
action :nothing
|
|
end
|
|
|
|
firewall_rule 'lndhub-go' do
|
|
port node['lndhub-go']['port']
|
|
source '10.1.1.0/24'
|
|
protocol :tcp
|
|
command :allow
|
|
end
|