feat: add charts for a self-hosted signet setup

charts/bitcoind/regtest-values.yaml

@@ -7,6 +7,12 @@ global:
     ports: 
       rpc: 18443
 
+secrets:
+  create: false
+
+persistence:
+  enabled: false
+
 service:
   type: ClusterIP
   ports:

charts/bitcoind/signet-values.yml

@@ -0,0 +1,28 @@
+# Example of values for signet bitcoind.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+  network: signet
+  service:
+    ports:
+      rpc: 38332
+
+secrets:
+  create: false
+
+persistence:
+  enabled: true
+  size: 2Gi
+
+service:
+  type: ClusterIP
+  ports:
+    zmqpubrawtx: 28333
+    zmqpubrawblock: 28332
+    p2p: 38333
+
+# these flags need to be here and not in bitcoindGenericConfig because they have to be present under a separate section inside bitcoind.conf when in testnet/regtest mode
+bitcoindCustomConfig:
+  bind: 0.0.0.0
+  rpcbind: 0.0.0.0
+  rpcallowip: 0.0.0.0/0

charts/bitcoind/templates/configmap.yaml

@@ -13,7 +13,7 @@ data:
     {{ printf "%s=%s" $k $v}}
   {{- end }}
   {{ .Values.global.network | indent 2 }}=1
-  {{- $sections := splitList "," "test,regtest" }}
+  {{- $sections := splitList "," "test,regtest,signet" }}
   {{- range $sections }}
     {{printf "[%s]" . }}
     {{- range $k, $v := $.Values.bitcoindCustomConfig }}

charts/bitcoind/testnet-values.yaml

@@ -9,7 +9,7 @@ global:
 
 persistence:
   enabled: true
-  size: 30Gi
+  size: 50Gi
 
 service:
   type: ClusterIP

charts/galoy/templates/_helpers.tpl

@@ -146,6 +146,7 @@ Return Galoy environment variables for LND 1 configuration
     secretKeyRef:
       name: {{ .Values.galoy.lnd1.pubkeyExistingSecret.name }}
       key: {{ .Values.galoy.lnd1.pubkeyExistingSecret.key }}
+{{ if .Values.loop.enabled }}
 - name: LND1_LOOP_MACAROON
   valueFrom:
     secretKeyRef:
@@ -156,6 +157,7 @@ Return Galoy environment variables for LND 1 configuration
     secretKeyRef:
       name: {{ .Values.galoy.lnd1.loopCredentialsExistingSecret.name }}
       key: {{ .Values.galoy.lnd1.loopCredentialsExistingSecret.tls_key }}
+{{ end }}
 {{- end -}}
 
 {{/*
@@ -179,6 +181,7 @@ Return Galoy environment variables for LND 2 configuration
     secretKeyRef:
       name: {{ .Values.galoy.lnd2.pubkeyExistingSecret.name }}
       key: {{ .Values.galoy.lnd2.pubkeyExistingSecret.key }}
+{{ if .Values.loop.enabled }}
 - name: LND2_LOOP_MACAROON
   valueFrom:
     secretKeyRef:
@@ -189,6 +192,7 @@ Return Galoy environment variables for LND 2 configuration
     secretKeyRef:
       name: {{ .Values.galoy.lnd2.loopCredentialsExistingSecret.name }}
       key: {{ .Values.galoy.lnd2.loopCredentialsExistingSecret.tls_key }}
+{{ end }}
 {{- end -}}
 
 {{/*

charts/galoy/values.yaml

@@ -577,3 +577,5 @@ postgresql:
     username: price-history
     database: price-history
     existingSecret: galoy-price-history-postgres-creds
+loop:
+  enabled: true

dev/.gitignore

@@ -1,3 +1,4 @@
 .terraform
 .terraform.lock.hcl
+.terraform.tfstate*
 terraform.tfstate*

dev/Makefile

@@ -2,7 +2,9 @@ TF:=terraform
 REPO:=$(shell git rev-parse --show-toplevel)
 
 create-cluster:
-	k3d cluster create --image rancher/k3s:v1.22.13-k3s1 -v "$(REPO):/charts" --k3s-arg "--disable=traefik@server:0" --k3s-arg "--disable=servicelb@server:0"
+	k3d cluster create --image rancher/k3s:v1.22.13-k3s1 -v "$(REPO):/charts" \
+					   --k3s-arg "--disable=traefik@server:0" \
+					   --k3s-arg "--disable=servicelb@server:0"
 
 delete-cluster:
 	k3d cluster delete && rm terraform.tfstate
@@ -11,13 +13,52 @@ init:
 	terraform init
 
 deploy-services:
-	$(TF) apply -target module.infra_services.helm_release.cert_manager -auto-approve
-	$(TF) apply -target module.infra_services -auto-approve
+	$(TF) apply -target module.infra_services.helm_release.cert_manager \
+				-var="bitcoin_network=regtest"	\
+				-var="name_prefix=galoy-dev" -auto-approve
+	$(TF) apply -target module.infra_services \
+				-var="bitcoin_network=regtest" 	\
+				-var="name_prefix=galoy-dev"  -auto-approve
 
 deploy:
-	$(TF) apply -auto-approve
+	$(TF) apply -var="bitcoin_network=regtest" \
+				-var="name_prefix=galoy-dev" -auto-approve
+
+all: create-cluster init deploy-services deploy
+
+
+redeploy-galoy:
+	kubectl delete namespace galoy-dev-galoy --force
+	cd galoy
+	$(TF) apply -var="bitcoin_network=regtest" \
+				-var="name_prefix=galoy-dev" -auto-approve
+
+
+deploy-signet-services:
+	$(TF) apply -target module.infra_services.helm_release.cert_manager \
+				-var="bitcoin_network=signet" \
+				-var="name_prefix=galoy-sig" -auto-approve
+	$(TF) apply -target module.infra_services \
+				-var="bitcoin_network=signet" \
+				-var="name_prefix=galoy-sig" -auto-approve
+
+deploy-signet:
+	$(TF) apply -var="bitcoin_network=signet" \
+				-var="name_prefix=galoy-sig" -auto-approve
+
+all-signet: create-cluster init deploy-signet-services deploy-signet
+
+
+redeploy-signet-galoy:
+	kubectl delete namespace galoy-sig-galoy --force
+	cd galoy
+	$(TF) apply -var="bitcoin_network=signet" \
+				-var="name_prefix=galoy-sig" -auto-approve
+
+redeploy-signet-addons:
+	kubectl delete namespace galoy-sig-addons --force
+	cd addons
+	$(TF) apply -var="name_prefix=galoy-sig" -auto-approve
 
 fmt:
 	$(TF) fmt -recursive
-
-all: create-cluster init deploy-services deploy

dev/README.md

@@ -3,13 +3,14 @@
 Intended as a local environment to test changes to the charts. Not as a dev backend for the mobile app.
 Currently successfully brings up charts - no guarantee that everything is working as in prod, but enough to do some refactorings or stuff like that.
 
-## How To
+## Dependencies
 
-dependencies:
 - k3d
 - terraform
 - kubectl
 
+## Regtest
+
 run in the `dev` folder:
 ```
 direnv allow
@@ -19,14 +20,48 @@ make deploy-services
 make deploy
 ```
 
-Test if its working:
+### Test
+
+Forward the galoy API port:
 ```
 kubectl -n galoy-dev-ingress port-forward svc/ingress-nginx-controller 8080:443
 ```
-In other terminal:
+In an other terminal:
 ```
-$ curl -k 'https://localhost:8080/graphql' -H 'Content-Type: application/json' -H 'Accept: application/json' --data-binary '{"query":"mutation login($input: UserLoginInput!) { userLogin(input: $input) { authToken } }","variables":{"input":{"phone":"+59981730222","code":"111111"}}}'
-{"data":{"userLogin":{"authToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiI2MTc2YmQ2NmQ0MmFkYWIzNjM2MmEyY2QiLCJuZXR3b3JrIjoibWFpbm5ldCIsImlhdCI6MTYzNTE3MTY4Nn0.n-p5sA9meAmZrVOdngYr216jG3LKOFsFdJmVw6XND3A"}}}
+curl -k 'https://localhost:8080/graphql' -H 'Content-Type: application/json' -H 'Accept: application/json' --data-binary '{"query":"mutation login($input: UserLoginInput!) { userLogin(input: $input) { authToken } }","variables":{"input":{"phone":"+59981730222","code":"111111"}}}'
 ```
 
-Currently incomplete functionality - but depending on what you want to hack on it'll work
+Expected result:
+```
+{"data":{"userLogin":{"authToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiI2MzM1NDA5MTgzZmZmNTFiYWUyMjE1OWQiLCJuZXR3b3JrIjoicmVndGVzdCIsImlhdCI6MTY2NDQzNDMyMX0.Dc6M49I6TQfqS0ZlmIMrwu71GdCcDDzwZsyTb-EVyMk"}}}
+```
+
+Currently incomplete functionality - but depending on what you want to hack on it'll work.
+
+## Signet
+
+run in the `dev` folder:
+```
+direnv allow
+make create-cluster
+make init
+make deploy-signet-services
+make deploy-signet
+```
+
+### Test
+
+Forward the nginx port:
+```
+kubectl -n galoy-sig-ingress port-forward svc/ingress-nginx-controller 38080:443
+```
+
+In an other terminal:
+```
+curl -k 'https://localhost:38080/graphql' -H 'Content-Type: application/json' -H 'Accept: application/json' --data-binary '{"query":"mutation login($input: UserLoginInput!) { userLogin(input: $input) { authToken } }","variables":{"input":{"phone":"+59981730222","code":"111111"}}}'
+```
+
+Expected result:
+```
+{"data":{"userLogin":{"authToken":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1aWQiOiI2MTc2YmQ2NmQ0MmFkYWIzNjM2MmEyY2QiLCJuZXR3b3JrIjoibWFpbm5ldCIsImlhdCI6MTYzNTE3MTY4Nn0.n-p5sA9meAmZrVOdngYr216jG3LKOFsFdJmVw6XND3A"}}}
+```

dev/bitcoin/bitcoind-values.yml → dev/bitcoin/bitcoind-regtest-values.yml

@@ -16,3 +16,9 @@ service:
     zmqpubrawtx: 28333
     zmqpubrawblock: 28332
     p2p: 18444
+
+bitcoindCustomConfig:
+  bind: 0.0.0.0
+  rpcbind: 0.0.0.0
+  rpcallowip: 0.0.0.0/0
+  fallbackfee: 0.0002

dev/bitcoin/bitcoind-signet-values.yml

@@ -0,0 +1,25 @@
+global:
+  network: signet
+  service:
+    ports:
+      rpc: 38332
+
+secrets:
+  create: false
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 2Gi
+
+service:
+  type: ClusterIP
+  ports:
+    zmqpubrawtx: 28333
+    zmqpubrawblock: 28332
+    p2p: 38333
+
+bitcoindCustomConfig:
+  bind: 0.0.0.0
+  rpcbind: 0.0.0.0
+  rpcallowip: 0.0.0.0/0

dev/bitcoin/bitcoind.tf

@@ -15,7 +15,7 @@ resource "helm_release" "bitcoind" {
   namespace = kubernetes_namespace.bitcoin.metadata[0].name
 
   values = [
-    file("${path.module}/bitcoind-values.yml")
+    file("${path.module}/bitcoind-${var.bitcoin_network}-values.yml")
   ]
 
   depends_on = [

dev/bitcoin/lnd-signet-values.yml

@@ -0,0 +1,33 @@
+global:
+  network: signet
+
+resources:
+  limits:
+    cpu: 150m
+    memory: 256Mi
+
+terminationGracePeriodSeconds: 60
+
+persistence:
+  enabled: true
+  accessMode: ReadWriteOnce
+  size: 1Gi
+
+configmap:
+  customValues:
+  - bitcoin.signet=true
+  - bitcoin.defaultchanconfs=0
+  - bitcoind.rpchost=bitcoind:38332
+  - keysend-hold-time=2s
+  - tlsextradomain=lnd1.galoy-sig-bitcoin.svc.cluster.local
+  - debuglevel=info
+
+loop:
+  enabled: false
+loopserver:
+  enabled: false
+lndmon:
+  enabled: false
+
+autoGenerateSeed:
+  enabled: true

dev/bitcoin/lnd1.tf

@@ -16,9 +16,9 @@ resource "helm_release" "lnd" {
   namespace = kubernetes_namespace.bitcoin.metadata[0].name
 
   dependency_update = true
-  timeout           = 600
+  timeout           = local.bitcoin_network == "regtest" ? 900 : 9000
   values = [
-    file("${path.module}/lnd-values.yml")
+    file("${path.module}/lnd-${var.bitcoin_network}-values.yml")
   ]
 
   depends_on = [

dev/bitcoin/main.tf

@@ -1,6 +1,8 @@
 variable "name_prefix" {}
+variable "bitcoin_network" {}
 
 locals {
+  bitcoin_network      = var.bitcoin_network
   smoketest_namespace  = "${var.name_prefix}-smoketest"
   bitcoin_namespace    = "${var.name_prefix}-bitcoin"
   bitcoind_rpcpassword = "rpcpassword"
@@ -15,8 +17,8 @@ resource "kubernetes_namespace" "bitcoin" {
 resource "null_resource" "bitcoind_block_generator" {
 
   provisioner "local-exec" {
-    command     = "./bitcoin/generateBlock.sh"
-    interpreter = ["sh"]
+    command     = local.bitcoin_network == "regtest" && local.bitcoin_namespace == "galoy-dev-bitcoin" ? "./bitcoin/generateBlock.sh" : "echo Running ${local.bitcoin_network}"
+    interpreter = ["sh","-c"]
   }
 
   depends_on = [helm_release.bitcoind]

dev/galoy/galoy-values.yml → dev/galoy/galoy-regtest-values.yml

@@ -6,9 +6,10 @@ galoy:
       - ref: A
         phone: "+59981730222"
         code: "111111"
+        role: "bankowner"
+        username: "bankowner"
+        ref: "bankowner"
         needUsdWallet: true
-        role: bankowner
-        username: bankowner
     apollo:
       playground: true