reorganize docker and add static certs/macroon to lnd
This commit is contained in:
parent
7fe959a720
commit
215f330771
26
.env.sample
26
.env.sample
|
@ -47,21 +47,13 @@ OPENSEARCH_MODEL_ID=
|
||||||
# if you want to work with payments you'll need these #
|
# if you want to work with payments you'll need these #
|
||||||
#######################################################
|
#######################################################
|
||||||
|
|
||||||
# lnd
|
# lnurl ... you'll need a tunnel to localhost:3000 for these
|
||||||
LND_CERT=
|
|
||||||
LND_MACAROON=
|
|
||||||
LND_SOCKET=sn_lnd:10009
|
|
||||||
|
|
||||||
# lnurl
|
|
||||||
LNAUTH_URL=
|
LNAUTH_URL=
|
||||||
LNWITH_URL=
|
LNWITH_URL=
|
||||||
|
|
||||||
# nostr (NIP-57 zap receipts)
|
#########################
|
||||||
NOSTR_PRIVATE_KEY=
|
# SNDEV STUFF WE PRESET #
|
||||||
|
#########################
|
||||||
###############
|
|
||||||
# LEAVE AS IS #
|
|
||||||
###############
|
|
||||||
|
|
||||||
# static things
|
# static things
|
||||||
NEXTAUTH_URL=http://localhost:3000/api/auth
|
NEXTAUTH_URL=http://localhost:3000/api/auth
|
||||||
|
@ -72,6 +64,16 @@ NEXTAUTH_SECRET=3_0W_PhDRZVanbeJsZZGIEljexkKoGbL6qGIqSwTjjI
|
||||||
JWT_SIGNING_PRIVATE_KEY={"kty":"oct","kid":"FvD__hmeKoKHu2fKjUrWbRKfhjimIM4IKshyrJG4KSM","alg":"HS512","k":"3_0W_PhDRZVanbeJsZZGIEljexkKoGbL6qGIqSwTjjI"}
|
JWT_SIGNING_PRIVATE_KEY={"kty":"oct","kid":"FvD__hmeKoKHu2fKjUrWbRKfhjimIM4IKshyrJG4KSM","alg":"HS512","k":"3_0W_PhDRZVanbeJsZZGIEljexkKoGbL6qGIqSwTjjI"}
|
||||||
INVOICE_HMAC_KEY=a4c1d9c81edb87b79d28809876a18cf72293eadb39f92f3f4f2f1cfbdf907c91
|
INVOICE_HMAC_KEY=a4c1d9c81edb87b79d28809876a18cf72293eadb39f92f3f4f2f1cfbdf907c91
|
||||||
|
|
||||||
|
# lnd
|
||||||
|
# xxd -p -c0 docker/lnd/sn/macaroons/admin.macaroon
|
||||||
|
LND_CERT=2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494943516a43434165696741774942416749516139493834682b48653350385a437541525854554d54414b42676771686b6a4f50515144416a41344d5238770a485159445651514b45785a73626d5167595856306232646c626d56795958526c5a43426a5a584a304d5255774577594456515144457778694e6a41785a5749780a4d474d354f444d774868634e4d6a51774d7a41334d5463774d6a45355768634e4d6a55774e5441794d5463774d6a4535576a41344d523877485159445651514b0a45785a73626d5167595856306232646c626d56795958526c5a43426a5a584a304d5255774577594456515144457778694e6a41785a5749784d474d354f444d770a5754415442676371686b6a4f5051494242676771686b6a4f50514d4242774e4341415365596a4b62542b4a4a4a37624b6770677a6d6c3278496130364e3174680a2f4f7033533173382b4f4a41387836647849682f326548556b4f7578675a36703549434b496f375a544c356a5963764375793941334b6e466f3448544d4948510a4d41344741315564447745422f775145417749437044415442674e56485355454444414b4267677242674546425163444154415042674e5648524d42416638450a425441444151482f4d4230474131556444675157424252545756796e653752786f747568717354727969466d6a36736c557a423542674e5648524545636a42770a676778694e6a41785a5749784d474d354f444f4343577876593246736147397a64494947633235666247356b6768526f62334e304c6d52765932746c636935700a626e526c636d356862494945645735706549494b64573570654842685932746c64494948596e566d59323975626f6345667741414159635141414141414141410a41414141414141414141414141596345724273414254414b42676771686b6a4f5051514441674e4941444246416945413873616c4a667134476671465557532f0a35347a335461746c6447736673796a4a383035425a5263334f326f434943794e6e3975716976566f5575365935345143624c3966394c575779547a516e61616e0a656977482f51696b0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a
|
||||||
|
LND_MACAROON=0201036c6e6402f801030a10206f3a63d5bf8355755851ace460077d1201301a160a0761646472657373120472656164120577726974651a130a04696e666f120472656164120577726974651a170a08696e766f69636573120472656164120577726974651a210a086d616361726f6f6e120867656e6572617465120472656164120577726974651a160a076d657373616765120472656164120577726974651a170a086f6666636861696e120472656164120577726974651a160a076f6e636861696e120472656164120577726974651a140a057065657273120472656164120577726974651a180a067369676e6572120867656e657261746512047265616400000620bc992b1c727644c462370b69a3dd39575666f3a7ac9ec120c97e3e7906dc4cb2
|
||||||
|
LND_SOCKET=sn_lnd:10009
|
||||||
|
|
||||||
|
# nostr (NIP-57 zap receipts)
|
||||||
|
# openssl rand -hex 32
|
||||||
|
NOSTR_PRIVATE_KEY=5f30b7e7714360f51f2be2e30c1d93b7fdf67366e730658e85777dfcc4e4245f
|
||||||
|
|
||||||
# imgproxy options
|
# imgproxy options
|
||||||
IMGPROXY_ENABLE_WEBP_DETECTION=1
|
IMGPROXY_ENABLE_WEBP_DETECTION=1
|
||||||
IMGPROXY_ENABLE_AVIF_DETECTION=1
|
IMGPROXY_ENABLE_AVIF_DETECTION=1
|
||||||
|
|
|
@ -20,7 +20,6 @@ node_modules/
|
||||||
.DS_Store
|
.DS_Store
|
||||||
*.pem
|
*.pem
|
||||||
/*.sql
|
/*.sql
|
||||||
!/anon.sql
|
|
||||||
lnbits/
|
lnbits/
|
||||||
|
|
||||||
# debug
|
# debug
|
||||||
|
|
|
@ -8,4 +8,6 @@ WORKDIR /app
|
||||||
|
|
||||||
EXPOSE 3000
|
EXPOSE 3000
|
||||||
|
|
||||||
CMD ["sh","-c","npm ci --loglevel verbose --legacy-peer-deps && npx prisma migrate dev && npm run dev"]
|
COPY package.json package-lock.json ./
|
||||||
|
RUN npm ci --legacy-peer-deps --loglevel verbose
|
||||||
|
CMD ["sh","-c","npm install --loglevel verbose --legacy-peer-deps && npx prisma migrate dev && npm run dev"]
|
|
@ -2,7 +2,7 @@ version: "3"
|
||||||
services:
|
services:
|
||||||
db:
|
db:
|
||||||
container_name: db
|
container_name: db
|
||||||
build: ./db
|
build: ./docker/db
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "PGPASSWORD=${POSTGRES_PASSWORD} psql -U ${POSTGRES_USER} ${POSTGRES_DB} -c 'SELECT 1 FROM users LIMIT 1'"]
|
test: ["CMD-SHELL", "PGPASSWORD=${POSTGRES_PASSWORD} psql -U ${POSTGRES_USER} ${POSTGRES_DB} -c 'SELECT 1 FROM users LIMIT 1'"]
|
||||||
|
@ -15,9 +15,9 @@ services:
|
||||||
ports:
|
ports:
|
||||||
- "5431:5432"
|
- "5431:5432"
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
volumes:
|
volumes:
|
||||||
- ./anon.sql:/docker-entrypoint-initdb.d/anon.sql
|
- ./docker/db/seed.sql:/docker-entrypoint-initdb.d/seed.sql
|
||||||
- db:/var/lib/postgresql/data
|
- db:/var/lib/postgresql/data
|
||||||
app:
|
app:
|
||||||
container_name: app
|
container_name: app
|
||||||
|
@ -37,7 +37,7 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
restart: true
|
restart: true
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
expose:
|
expose:
|
||||||
- "3000"
|
- "3000"
|
||||||
ports:
|
ports:
|
||||||
|
@ -63,7 +63,7 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
restart: true
|
restart: true
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
volumes:
|
volumes:
|
||||||
- ./:/app
|
- ./:/app
|
||||||
links:
|
links:
|
||||||
|
@ -85,7 +85,7 @@ services:
|
||||||
start_period: 1m
|
start_period: 1m
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
ports:
|
ports:
|
||||||
- "3001:8080"
|
- "3001:8080"
|
||||||
links:
|
links:
|
||||||
|
@ -101,7 +101,7 @@ services:
|
||||||
start_period: 1m
|
start_period: 1m
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
environment:
|
environment:
|
||||||
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=mVchg1T5oA9wudUh
|
- OPENSEARCH_INITIAL_ADMIN_PASSWORD=mVchg1T5oA9wudUh
|
||||||
ports:
|
ports:
|
||||||
|
@ -131,7 +131,7 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
restart: true
|
restart: true
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
environment:
|
environment:
|
||||||
- opensearch.ssl.verificationMode=none
|
- opensearch.ssl.verificationMode=none
|
||||||
- OPENSEARCH_HOSTS=http://opensearch:9200
|
- OPENSEARCH_HOSTS=http://opensearch:9200
|
||||||
|
@ -195,7 +195,7 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
restart: true
|
restart: true
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
command:
|
command:
|
||||||
- 'lnd'
|
- 'lnd'
|
||||||
- '--noseedbackup'
|
- '--noseedbackup'
|
||||||
|
@ -222,6 +222,9 @@ services:
|
||||||
- "${LND_GRPC_PORT}:${LND_GRPC_PORT}"
|
- "${LND_GRPC_PORT}:${LND_GRPC_PORT}"
|
||||||
volumes:
|
volumes:
|
||||||
- sn_lnd:/home/lnd/.lnd
|
- sn_lnd:/home/lnd/.lnd
|
||||||
|
- ./docker/lnd/sn/macaroons/macaroons.db:/home/lnd/.lnd/data/chain/bitcoin/regtest/macaroons.db
|
||||||
|
- ./docker/lnd/sn/tls.cert:/home/lnd/.lnd/tls.cert
|
||||||
|
- ./docker/lnd/sn/tls.key:/home/lnd/.lnd/tls.key
|
||||||
stacker_lnd:
|
stacker_lnd:
|
||||||
image: polarlightning/lnd:0.17.4-beta
|
image: polarlightning/lnd:0.17.4-beta
|
||||||
container_name: stacker_lnd
|
container_name: stacker_lnd
|
||||||
|
@ -237,14 +240,14 @@ services:
|
||||||
condition: service_healthy
|
condition: service_healthy
|
||||||
restart: true
|
restart: true
|
||||||
env_file:
|
env_file:
|
||||||
- ./.env.sndev
|
- .env.sndev
|
||||||
command:
|
command:
|
||||||
- 'lnd'
|
- 'lnd'
|
||||||
- '--noseedbackup'
|
- '--noseedbackup'
|
||||||
- '--trickledelay=5000'
|
- '--trickledelay=5000'
|
||||||
- '--alias=sn_lnd'
|
- '--alias=stacker_lnd'
|
||||||
- '--externalip=sn_lnd'
|
- '--externalip=stacker_lnd'
|
||||||
- '--tlsextradomain=sn_lnd'
|
- '--tlsextradomain=stacker_lnd'
|
||||||
- '--tlsextradomain=host.docker.internal'
|
- '--tlsextradomain=host.docker.internal'
|
||||||
- '--listen=0.0.0.0:${STACKER_LND_P2P_PORT}'
|
- '--listen=0.0.0.0:${STACKER_LND_P2P_PORT}'
|
||||||
- '--rpclisten=0.0.0.0:${STACKER_LND_GRPC_PORT}'
|
- '--rpclisten=0.0.0.0:${STACKER_LND_GRPC_PORT}'
|
||||||
|
@ -262,8 +265,13 @@ services:
|
||||||
ports:
|
ports:
|
||||||
- "${STACKER_LND_REST_PORT}:${STACKER_LND_REST_PORT}"
|
- "${STACKER_LND_REST_PORT}:${STACKER_LND_REST_PORT}"
|
||||||
- "${STACKER_LND_GRPC_PORT}:${STACKER_LND_GRPC_PORT}"
|
- "${STACKER_LND_GRPC_PORT}:${STACKER_LND_GRPC_PORT}"
|
||||||
|
volumes:
|
||||||
|
- stacker_lnd:/home/lnd/.lnd
|
||||||
|
- ./docker/lnd/stacker/tls.cert:/home/lnd/.lnd/tls.cert
|
||||||
|
- ./docker/lnd/stacker/tls.key:/home/lnd/.lnd/tls.key
|
||||||
volumes:
|
volumes:
|
||||||
db:
|
db:
|
||||||
os:
|
os:
|
||||||
bitcoin:
|
bitcoin:
|
||||||
sn_lnd:
|
sn_lnd:
|
||||||
|
stacker_lnd:
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
We assume control of certs so that the app container doesn't need to inspect lnd for these things.
|
||||||
|
|
||||||
|
For the admin.macaroon, we do the same but we also need to store `macaroons.db` because it contains the master key.
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICQjCCAeigAwIBAgIQa9I84h+He3P8ZCuARXTUMTAKBggqhkjOPQQDAjA4MR8w
|
||||||
|
HQYDVQQKExZsbmQgYXV0b2dlbmVyYXRlZCBjZXJ0MRUwEwYDVQQDEwxiNjAxZWIx
|
||||||
|
MGM5ODMwHhcNMjQwMzA3MTcwMjE5WhcNMjUwNTAyMTcwMjE5WjA4MR8wHQYDVQQK
|
||||||
|
ExZsbmQgYXV0b2dlbmVyYXRlZCBjZXJ0MRUwEwYDVQQDEwxiNjAxZWIxMGM5ODMw
|
||||||
|
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASeYjKbT+JJJ7bKgpgzml2xIa06N1th
|
||||||
|
/Op3S1s8+OJA8x6dxIh/2eHUkOuxgZ6p5ICKIo7ZTL5jYcvCuy9A3KnFo4HTMIHQ
|
||||||
|
MA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8E
|
||||||
|
BTADAQH/MB0GA1UdDgQWBBRTWVyne7RxotuhqsTryiFmj6slUzB5BgNVHREEcjBw
|
||||||
|
ggxiNjAxZWIxMGM5ODOCCWxvY2FsaG9zdIIGc25fbG5kghRob3N0LmRvY2tlci5p
|
||||||
|
bnRlcm5hbIIEdW5peIIKdW5peHBhY2tldIIHYnVmY29ubocEfwAAAYcQAAAAAAAA
|
||||||
|
AAAAAAAAAAAAAYcErBsABTAKBggqhkjOPQQDAgNIADBFAiEA8salJfq4GfqFUWS/
|
||||||
|
54z3TatldGsfsyjJ805BZRc3O2oCICyNn9uqivVoUu6Y54QCbL9f9LWWyTzQnaan
|
||||||
|
eiwH/Qik
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIPw/v7CND3euIqjULW5tCnD5tve0L0E0N8dBtRkJM3u2oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEnmIym0/iSSe2yoKYM5pdsSGtOjdbYfzqd0tbPPjiQPMencSIf9nh
|
||||||
|
1JDrsYGeqeSAiiKO2Uy+Y2HLwrsvQNypxQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
|
@ -0,0 +1,15 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIICRzCCAe2gAwIBAgIQc06vWIBuP9uKeQNHKbFllDAKBggqhkjOPQQDAjA4MR8w
|
||||||
|
HQYDVQQKExZsbmQgYXV0b2dlbmVyYXRlZCBjZXJ0MRUwEwYDVQQDEww4Y2M4NDFk
|
||||||
|
MjY2MzgwHhcNMjQwMzA3MTcwMjE5WhcNMjUwNTAyMTcwMjE5WjA4MR8wHQYDVQQK
|
||||||
|
ExZsbmQgYXV0b2dlbmVyYXRlZCBjZXJ0MRUwEwYDVQQDEww4Y2M4NDFkMjY2Mzgw
|
||||||
|
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQT/nwvMHaVCfdVaeIgv8MKS+SHAS9c
|
||||||
|
Elif7Xqa7qsVvPiW7Vnh4MDVEBlM5rg0nkaH6V17sCC3rse/OqPLfVY1o4HYMIHV
|
||||||
|
MA4GA1UdDwEB/wQEAwICpDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHRMBAf8E
|
||||||
|
BTADAQH/MB0GA1UdDgQWBBQmamVn/KcRqHoNR9dk9C1g2M+jSTB+BgNVHREEdzB1
|
||||||
|
ggw4Y2M4NDFkMjY2MziCCWxvY2FsaG9zdIILc3RhY2tlcl9sbmSCFGhvc3QuZG9j
|
||||||
|
a2VyLmludGVybmFsggR1bml4ggp1bml4cGFja2V0ggdidWZjb25uhwR/AAABhxAA
|
||||||
|
AAAAAAAAAAAAAAAAAAABhwSsGwAGMAoGCCqGSM49BAMCA0gAMEUCIFD273WBcMKz
|
||||||
|
UPoOL8bwq15JXtrSGePKpAeN1TblY4Q5AiEAvKtuk+ssx9WQFZBEiWxCSjW5geKk
|
||||||
|
6HB7TdxsU+ZbfLg=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,5 @@
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIOxH9uY8mpnlo/X5gRAAVOzOuEPIAOuHHlezkba3vIuHoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEE/58LzB2lQn3VWniIL/DCkvkhwEvXBJYn+16mu6rFbz4lu1Z4eDA
|
||||||
|
1RAZTOa4NJ5Gh+lde7Agt67Hvzqjy31WNQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
10
sndev
10
sndev
|
@ -1,5 +1,9 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
docker__compose() {
|
||||||
|
command docker compose --env-file .env.sndev "$@"
|
||||||
|
}
|
||||||
|
|
||||||
sndev__start() {
|
sndev__start() {
|
||||||
if [ ! -x "$(command -v docker-compose)" ]; then
|
if [ ! -x "$(command -v docker-compose)" ]; then
|
||||||
echo "docker compose is not installed"
|
echo "docker compose is not installed"
|
||||||
|
@ -14,17 +18,17 @@ sndev__start() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Starting application"
|
echo "Starting application"
|
||||||
docker compose --env-file .env.sndev up --build
|
docker__compose up --build
|
||||||
}
|
}
|
||||||
|
|
||||||
sndev__stop() {
|
sndev__stop() {
|
||||||
echo "Stopping application"
|
echo "Stopping application"
|
||||||
docker compose --env-file .env.sndev down
|
docker__compose down
|
||||||
}
|
}
|
||||||
|
|
||||||
sndev__delete() {
|
sndev__delete() {
|
||||||
echo "Deleting application"
|
echo "Deleting application"
|
||||||
docker compose --env-file .env.sndev down --volumes --remove-orphans
|
docker__compose down --volumes --remove-orphans
|
||||||
}
|
}
|
||||||
|
|
||||||
sndev__help() {
|
sndev__help() {
|
||||||
|
|
Loading…
Reference in New Issue