119 lines
3.2 KiB
Ruby
119 lines
3.2 KiB
Ruby
#
|
|
# Cookbook:: kosmos-bitcoin
|
|
# Recipe:: lnd
|
|
#
|
|
|
|
include_recipe "git"
|
|
include_recipe "golang"
|
|
|
|
git node['lnd']['source_dir'] do
|
|
repository node['lnd']['repo']
|
|
revision node['lnd']['revision']
|
|
action :sync
|
|
notifies :run, 'bash[compile_lnd]', :immediately
|
|
end
|
|
|
|
bash "compile_lnd" do
|
|
cwd node['lnd']['source_dir']
|
|
code <<-EOH
|
|
source /etc/profile.d/golang.sh
|
|
make clean && make && make install tags="signrpc walletrpc chainrpc invoicesrpc"
|
|
EOH
|
|
action :nothing
|
|
notifies :restart, "systemd_unit[lnd.service]", :delayed
|
|
end
|
|
|
|
bitcoin_user = node['bitcoin']['username']
|
|
bitcoin_group = node['bitcoin']['usergroup']
|
|
lnd_dir = node['lnd']['lnd_dir']
|
|
|
|
bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin')
|
|
|
|
directory lnd_dir do
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
mode '0750'
|
|
action :create
|
|
end
|
|
|
|
if node['lnd']['auto_unlock']
|
|
lnd_credentials = Chef::EncryptedDataBagItem.load('credentials', 'lnd')
|
|
|
|
file "#{lnd_dir}/.unlock.txt" do
|
|
content lnd_credentials['password']
|
|
mode '0600'
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
end
|
|
end
|
|
|
|
template "#{lnd_dir}/lnd.conf" do
|
|
source "lnd.conf.erb"
|
|
owner bitcoin_user
|
|
group bitcoin_group
|
|
mode '0640'
|
|
variables lnd_alias: node['lnd']['alias'],
|
|
lnd_color: node['lnd']['color'],
|
|
lnd_log_level: node['lnd']['log_level'],
|
|
lnd_externalip: "#{node['lnd']['public_ip']}:#{node['lnd']['public_port']}",
|
|
lnd_port: node['lnd']['port'],
|
|
lnd_minchansize: node['lnd']['minchansize'],
|
|
lnd_basefee: node['lnd']['basefee'],
|
|
lnd_feerate: node['lnd']['feerate'],
|
|
lnd_dir: lnd_dir,
|
|
auto_unlock: node['lnd']['auto_unlock'],
|
|
bitcoin_datadir: node['bitcoin']['datadir'],
|
|
bitcoin_rpc_user: node['bitcoin']['conf']['rpcuser'],
|
|
bitcoin_rpc_password: bitcoin_credentials["rpcpassword"],
|
|
bitcoin_rpc_host: node['bitcoin']['conf']['rpcbind'],
|
|
bitcoin_zmqpubrawblock: node['bitcoin']['conf']['zmqpubrawblock'],
|
|
bitcoin_zmqpubrawtx: node['bitcoin']['conf']['zmqpubrawtx']
|
|
notifies :restart, "systemd_unit[lnd.service]", :delayed
|
|
end
|
|
|
|
exec_flags = ""
|
|
exec_flags += "--tor.active --tor.v3" if node['bitcoin']['tor_enabled']
|
|
|
|
systemd_unit 'lnd.service' do
|
|
content({
|
|
Unit: {
|
|
Description: 'Lightning Network Daemon',
|
|
Documentation: ['https://github.com/lightningnetwork/lnd/tree/master/docs'],
|
|
Requires: 'bitcoind.service',
|
|
After: 'bitcoind.service'
|
|
},
|
|
Service: {
|
|
User: bitcoin_user,
|
|
Group: bitcoin_group,
|
|
Type: 'simple',
|
|
ExecStart: "/opt/go/bin/lnd #{exec_flags}",
|
|
Restart: 'always',
|
|
RestartSec: '30',
|
|
TimeoutSec: '240',
|
|
LimitNOFILE: '128000',
|
|
PrivateTmp: true,
|
|
ProtectSystem: 'full',
|
|
NoNewPrivileges: true,
|
|
PrivateDevices: true,
|
|
MemoryDenyWriteExecute: true
|
|
},
|
|
Install: {
|
|
WantedBy: 'multi-user.target'
|
|
}
|
|
})
|
|
verify false
|
|
triggers_reload true
|
|
action [:create, :enable, :start]
|
|
end
|
|
|
|
firewall_rule 'lnd' do
|
|
port [node['lnd']['port']]
|
|
protocol :tcp
|
|
command :allow
|
|
end
|
|
|
|
if node['bitcoin']['tor_enabled']
|
|
node.override['tor']['ControlPort'] = 9051
|
|
node.override['tor']['CookieAuthentication'] = true
|
|
end
|