Repository: lncapital/torq Branch: main Commit: beece5cc1cf6 Files: 28 Total size: 31.8 KB Directory structure: gitextract_lzkbubux/ ├── .editorconfig ├── .gitignore ├── README.md ├── SECURITY.md ├── docker/ │ ├── delete.sh │ ├── example-docker-compose-host-network.yml │ ├── example-docker-compose.yml │ ├── example-torq.conf │ ├── install.sh │ ├── nginx.conf │ ├── reverse-proxy-example.sh │ ├── start.sh │ ├── stop.sh │ └── update.sh └── kubernetes/ ├── README.md ├── bitcoin-core-pvc.yaml ├── bitcoin-core.yaml ├── cluster-issuer.yaml ├── lnd-postgres-configmap.yaml ├── lnd-postgres-pvc.yaml ├── lnd-postgres.yaml ├── lnd-pvc.yaml ├── lnd.yaml ├── torq-ingress.yaml ├── torq-postgres-configmap.yaml ├── torq-postgres-pvc.yaml ├── torq-postgres.yaml └── torq.yaml ================================================ FILE CONTENTS ================================================ ================================================ FILE: .editorconfig ================================================ # http://editorconfig.org root = true [*] charset = utf-8 end_of_line = lf insert_final_newline = true trim_trailing_whitespace = true max_line_length = 120 [*.go] indent_style = tab indent_size = 4 [*.tsx] indent_style = space indent_size = 2 [*.jsx] indent_style = space indent_size = 2 [*.js] indent_style = space indent_size = 2 [*.ts] indent_style = space indent_size = 2 [*.json] indent_style = space indent_size = 2 [*.css] indent_style = space indent_size = 2 [*.scss] indent_style = space indent_size = 2 [Makefile] indent_style = tab ================================================ FILE: .gitignore ================================================ .DS_Store .idea ================================================ FILE: README.md ================================================ ![Torq - Banner](./docs/images/readme-banner.png) # Torq ![All Tests](https://github.com/lncapital/torq/actions/workflows/test-on-push.yml/badge.svg) Torq is an advanced node management software that helps lightning node operators analyze and automate their nodes. It is designed to handle large nodes with over 1000 channels, and it offers a range of features to simplify your node management tasks, including: * Analyze, connect and manage all your nodes from one place! * Access a complete overview of all channels instantly. * Build advanced automation workflows to automate Rebalancing, Channel Policy, Tagging and eventually any node action. * Review forwarding history, both current and at any point in history. * Customize and save table views. Containing only selected columns, advanced sorting and high fidelity filters. * Export table data as CSV. Finally get all your forwarding or channel data as CSV files. * Enjoy advanced charts to visualize your node's performance and make informed decisions. Whether you're running a small or a large node, Torq can help you optimize its performance and streamline your node management process. Give it a try and see how it can simplify your node management tasks. ![torq-automation-preview](./docs/images/automation.png) ## Quick start ### Docker compose To install Torq via docker compose: ```bash bash -c "$(curl -fsSL https://torq.sh)" ``` You do not need sudo/root to run this, and you can check the contents of the installation script here: https://torq.sh When you: - Have a firewall - Run Torq in a container - Need to access LND or CLN on the host - Are not using host network configuration for the container Then make sure to allow docker bridge network traffic i.e. `sudo ufw allow from 172.16.0.0/12` ### Podman To run the database via host network: ```sh podman run -d --name torqdb --network=host -v torq_db:/var/lib/postgresql/data -e POSTGRES_PASSWORD="" timescale/timescaledb:latest-pg14 ``` To run Torq via host network: First create your TOML configuration file and store it in `~/.torq/torq.conf` ```sh podman run -d --name torq --network=host -v ~/.torq/torq.conf:/home/torq/torq.conf lncapital/torq:latest --config=/home/torq/torq.conf start ``` **Note**: Only run with host network when your server has a firewall and doesn't automatically open all port to the internet. You don't want the database to be accessible from the internet! ### Kubernetes We shared templates for CRDs in folder [kubernetes](./kubernetes). This folder also has its own [readme](./kubernetes/README.md). ### Network Be aware that when you try Torq on testnet, simnet or some other type of network that you must use the network switch when trying to browse the web interface. The network switch is the globe icon in the top left corner, next to the Torq logo. ### Guides We're adding more guides and help articles on [docs.torq.co](https://docs.torq.co). * [How to add a domain for Torq with https](https://docs.torq.co/en/articles/7323907-how-to-add-a-domain-to-torq-using-caddy). * [How to monitor your infrastructure with Torq](https://docs.torq.co/en/articles/7323908-how-to-monitor-your-infrastructure-with-torq). ## Configuration Torq supports a TOML configuration file. The docker compose install script auto generates this file. You can find an example configuration file at [example-torq.conf](./docker/example-torq.conf) It is also possible not to use any TOML configuration files and use command like parameters or environment variables. The list of parameters are: - **--lnd.url**: (optional) Host:Port of the LND node (example: "127.0.0.1:10009") - **--lnd.macaroon-path**: (optional) Path on disk to LND Macaroon (example: "~/.lnd/admin.macaroon") - **--lnd.tls-path**: (optional) Path on disk to LND TLS file (example: "~/.lnd/tls.cert") - **--cln.url**: (optional) Host:Port of the CLN node (example: "127.0.0.1:17272") - **--cln.certificate-path**: (optional) Path on disk to CLN client certificate file (example: "~/.cln/client.pem") - **--cln.key-path**: (optional) Path on disk to CLN client key file (example: "~/.cln/client-key.pem") - **--cln.ca-certificate-path**: (optional) Path on disk to CLN certificate authority file (example: "~/.cln/ca.pem") - **--db.name**: (optional) Name of the database (default: "torq") - **--db.user**: (optional) Name of the postgres user with access to the database (default: "postgres") - **--db.password**: (optional) Password used to access the database (default: "runningtorq") - **--db.port**: (optional) Port of the database (default: "5432") - **--db.host**: (optional) Host of the database (default: "localhost") - **--torq.password**: Password used to access the API and frontend (example: "C44y78A4JXHCVziRcFqaJfFij5HpJhF6VwKjz4vR") - **--torq.network-interface**: (optional) The nework interface to serve the HTTP API (default: "0.0.0.0") - **--torq.port**: (optional) Port to serve the HTTP API (default: "8080") - **--torq.pprof.path**: (optional) When pprof path is set then pprof is loaded when Torq boots. (example: ":6060"). **See Note** - **--torq.prometheus.path**: (optional) When prometheus path is set then prometheus is loaded when Torq boots. (example: "localhost:7070"). **See Note** - **--torq.debuglevel**: (optional) Specify different debug levels (panic|fatal|error|warn|info|debug|trace) (default: "info") - **--torq.vector.url**: (optional) Alternative path for alternative vector service implementation (default: "https://vector.ln.capital/") - **--torq.cookie-path**: (optional) Path to auth cookie file - **--torq.no-sub**: (optional) Start the server without subscribing to node data (default: "false") - **--torq.auto-login**: (optional) Allows logging in without a password (default: "false") - **--customize.mempool.url**: (optional) Mempool custom URL (no trailing slash) (default: "https://mempool.space") - **--customize.electrum.path**: (optional) Electrum path (example: "localhost:50001") - **--otel.exporter.type**: (optional) OpenTelemetry exporter type: stdout/file/jaeger (default: "stdout") - **--otel.exporter.endpoint**: (optional) OpenTelemetry exporter endpoint - **--otel.exporter.path**: (optional) OpenTelemetry exporter path (default: "traces.txt") - **--otel.sampler.fraction**: (optional) OpenTelemetry sampler fraction (default: "0.0") - **--bitcoind.network**: (optional) Bitcoind network: MainNet/TestNet/RegTest/SigNet/SimNet. (default: "MainNet") - **--bitcoind.url**: (optional) Bitcoind RPC Host:Port - **--bitcoind.user**: (optional) Bitcoind RPC username - **--bitcoind.password**: (optional) Bitcoind RPC password **Note**: pprof and prometheus expose internal statistics, be careful not to expose this publicly. More information about infrastructure and node monitoring over [here](https://docs.torq.co/en/articles/8488866-infrastructure-and-node-monitoring) ## How to Videos [You can find the full list of video guides here.](https://docs.torq.co/en/collections/3817618-torq-video-tutorials) ### How to create custom Channel Views [![Torq Forwarding Views YouTube Guide](https://img.youtube.com/vi/5ZfgflfOFwQ/maxresdefault.jpg)](https://www.youtube.com/watch?v=5ZfgflfOFwQ) ### How to use Automation Workflows [![Torq Workflow Automation YouTube Guide](https://img.youtube.com/vi/Go4uJoMhwrE/maxresdefault.jpg)](https://www.youtube.com/watch?v=Go4uJoMhwrE) ### How to use the Forwards Tab [![Torq Forwarding Views YouTube Guide](https://img.youtube.com/vi/ZTetH8_jbgk/maxresdefault.jpg)](https://www.youtube.com/watch?v=ZTetH8_jbgk) ## LND Permissions Since Torq is built to manage your node, it needs most/all permissions to be fully functional. However, if you want to be extra careful you can disable some permissions that are not strictly needed. Torq does not for now need the ability to create new macaroon or stop the LND daemon, lncli bakemacaroon \ invoices:read \ invoices:write \ onchain:read \ onchain:write \ offchain:read \ offchain:write \ address:read \ address:write \ message:read \ message:write \ peers:read \ peers:write \ info:read \ uri:/lnrpc.Lightning/UpdateChannelPolicy \ --save_to=torq.macaroon Here is an example of a macaroon that can be used if you want to prevent all actions that sends funds from your node: lncli bakemacaroon \ invoices:read \ invoices:write \ onchain:read \ offchain:read \ address:read \ address:write \ message:read \ message:write \ peers:read \ peers:write \ info:read \ uri:/lnrpc.Lightning/UpdateChannelPolicy \ --save_to=torq.macaroon ## CLN We support CLN nodes (Except HTLC firewall). Make sure your CLN node is compatible with the version of Torq (See Compatibility). You will have to have RUST active and also specify `--grpc-port` which should generate the appropriate mTLS certificates. You need to provide these certificates once Torq is running (or as boot parameter or in the configuration file) ## Compatibility Torq `v2.0.0` and up are compatible with `CLN v24.05.*` and `LND v0.18.2+` Torq `v1.5.0` <-> `v1.6.1` are compatible with `CLN v23.11.*` Torq `v1.2.0` <-> `v1.4.3` are compatible with `CLN v23.08.1+` Torq `v0.22.1` <-> `v1.1.5` are all compatible with `CLN v23.05.*` ## Help and feedback Join our [Telegram group](https://t.me/joinchat/V-Dks6zjBK4xZWY0) if you need help getting started. Feel free to ping us in the telegram group if you have any feature request or feedback. We would also love to hear your ideas for features or any other feedback you might have. ================================================ FILE: SECURITY.md ================================================ # Security Policy ## Reporting a Vulnerability If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure. **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** Instead, please send an email to max[@]ln.capital. Please include as much of the information listed below as you can to help us better understand and resolve the issue: * The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) * Full paths of source file(s) related to the manifestation of the issue * The location of the affected source code (tag/branch/commit or direct URL) * Any special configuration required to reproduce the issue * Step-by-step instructions to reproduce the issue * Proof-of-concept or exploit code (if possible) * Impact of the issue, including how an attacker might exploit the issue This information will help us triage your report more quickly. ================================================ FILE: docker/delete.sh ================================================ #!/usr/bin/env bash # Check that the Docker daemon is running if ! docker ps > /dev/null; then exit 1; fi BASEDIR=$(dirname "$0") read -p "Are you wish to delete Torq including data? (y/n)" -n 1 -r echo # (optional) move to a new line if [[ $REPLY =~ ^[Yy]$ ]] then docker-compose -f $BASEDIR/docker-compose.yml down -v fi ================================================ FILE: docker/example-docker-compose-host-network.yml ================================================ version: "3.7" services: torq: image: "lncapital/torq:latest" restart: always depends_on: - "db" command: - --config - "/home/torq/torq.conf" - start network_mode: "host" volumes: - :/home/torq/torq.conf extra_hosts: - "host.docker.internal:host-gateway" db: restart: always image: "timescale/timescaledb:latest-pg14" environment: POSTGRES_PASSWORD: "runningtorq" # Must match db password set above volumes: - torq_db:/var/lib/postgresql/data network_mode: "host" volumes: torq_db: ================================================ FILE: docker/example-docker-compose.yml ================================================ version: "3.7" services: torq: image: "lncapital/torq:latest" restart: always depends_on: - "db" command: - --config - "/home/torq/torq.conf" - start ports: - ":" - ":" volumes: - :/home/torq/torq.conf extra_hosts: - "host.docker.internal:host-gateway" db: restart: always image: "timescale/timescaledb:latest-pg14" environment: POSTGRES_PASSWORD: "runningtorq" # Must match db password set above volumes: - torq_db:/var/lib/postgresql/data volumes: torq_db: ================================================ FILE: docker/example-torq.conf ================================================ [cln] # Host:Port of the CLN node #url = "127.0.0.1:17272" # Path on disk to CLN client certificate file (if you are running Torq in a container, make sure to mount the file) #certificate-path = "~/.cln/client.pem" # Path on disk to CLN client key file (if you are running Torq in a container, make sure to mount the file) #key-path = "~/.cln/client-key.pem" # Path on disk to CLN certificate authority file (if you are running Torq in a container, make sure to mount the file) #ca-certificate-path = "~/.cln/ca.pem" [lnd] # Host:Port of the LND node #url = "127.0.0.1:10009" # Path on disk to LND Macaroon (if you are running Torq in a container, make sure to mount the file) #macaroon-path = "~/.lnd/admin.macaroon" # Path on disk to LND TLS file (if you are running Torq in a container, make sure to mount the file) #tls-path = "~/.lnd/tls.cert" [bitcoind] # Bitcoind network (MainNet, TestNet, RegTest, SigNet, SimNet) #network = "MainNet" # Bitcoind RPC Host:Port #url = "localhost:8332" # Bitcoind RPC user #user = "bitcoinrpc" # Bitcoind RPC password #password = [db] # Name of the database #name = "torq" # Name of the postgres user with access to the database #user = "postgres" # Password used to access the database password = "runningtorq" # Port of the database #port = "5432" # Host of the database host = "" [torq] # Password used to access the API and frontend password = "" # Network interface to serve the HTTP API" #network-interface = "0.0.0.0" # Port to serve the HTTP API port = "" # When pprof path is set then pprof is loaded when Torq boots. #pprof.path = "localhost:6060" # When prometheus path is set then prometheus is loaded when Torq boots. #prometheus.path = "localhost:7070" # Specify different debug levels (panic|fatal|error|warn|info|debug|trace) #debuglevel = "info" # Alternative path for alternative vector service implementation. #vector.url = "https://vector.ln.capital/" # Path to auth cookie file #cookie-path = # Start the server without subscribing to node data #no-sub = false # Allows logging in without a password #auto-login = false [customize] # Mempool custom URL (no trailing slash) #mempool.url = "https://mempool.space" # Electrum path (example: localhost:50001) #electrum.path = "localhost:50001" [otel] # Type of OpenTelemetry exporter stdout/file/jaeger exporter.type="stdout" # Endpoint for jaeger #exporter.endpoint="" # Path for the exporter #exporter.path="traces.txt" # Sampler ratio default: 0.10 or 10% sampler.fraction=0.0 ================================================ FILE: docker/install.sh ================================================ #!/usr/bin/env bash echo Configuring docker-compose and torq.conf files eval CURRENT_DIRECTORY=`pwd` printf "\n" echo Please specify where you want to add the Torq help commands read -p "Directory (default: ~/.torq): " TORQDIR eval TORQDIR="${TORQDIR:=$HOME/.torq}" echo $TORQDIR mkdir -p $TORQDIR cd $TORQDIR eval TORQDIR=`pwd` cd $CURRENT_DIRECTORY printf "\n" # Set web UI password printf "\n" stty -echo read -p "Please set a web UI password: " UIPASSWORD while [[ -z "$UIPASSWORD" ]]; do printf "\n" read -p "The password cannot be empty, please try again: " UIPASSWORD done stty echo printf "\n" # Set web UI port number printf "\n" echo Please choose a port number for the web UI. echo NB! Umbrel users needs to use a different port than 8080. Try 8081. read -p "Port number (default: 8080): " UI_PORT eval UI_PORT="${UI_PORT:=8080}" while [[ ! $UI_PORT =~ ^[0-9]+$ ]] || [[ $UI_PORT -lt 1 ]] || [[ $UI_PORT -gt 65535 ]]; do read -p "Invalid port number. Please enter a valid port number from 1 through 65535: " UI_PORT done # Set gRPC port number printf "\n" echo Please choose a port number for the Torq gRPC. read -p "Port number (default: 50051): " GRPC_PORT eval GRPC_PORT="${GRPC_PORT:=50051}" while [[ ! $GRPC_PORT =~ ^[0-9]+$ ]] || [[ $GRPC_PORT -lt 1 ]] || [[ $GRPC_PORT -gt 65535 ]]; do read -p "Invalid port number. Please enter a valid port number from 1 through 65535: " GRPC_PORT done # Set network type printf "\n" echo "Only run with host network when your server has a firewall and doesn't automatically open all port to the internet." echo "You don't want the database to be accessible from the internet!" echo "You usually want host network when you have a firewall and access the GRPC via localhost or 127.0.0.1" echo "In all other cases bridge is the better and safer choice" read -p "Please choose network type host or bridge (default: bridge): " NETWORK eval NETWORK="${NETWORK:=bridge}" while [[ "$NETWORK" != "host" ]] && [[ "$NETWORK" != "bridge" ]]; do printf "\n" read -p "Please choose network type host or bridge (default: bridge): " NETWORK eval NETWORK="${NETWORK:=bridge}" done printf "\n" [ -f ${TORQDIR}/docker-compose.yml ] && rm ${TORQDIR}/docker-compose.yml TORQ_CONFIG=${TORQDIR}/torq.conf curl --location --silent --output "${TORQ_CONFIG}" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-torq.conf if [[ "$NETWORK" == "host" ]]; then curl --location --silent --output "${TORQDIR}/docker-compose.yml" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-docker-compose-host-network.yml fi if [[ "$NETWORK" == "bridge" ]]; then curl --location --silent --output "${TORQDIR}/docker-compose.yml" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-docker-compose.yml fi # https://stackoverflow.com/questions/16745988/sed-command-with-i-option-in-place-editing-works-fine-on-ubuntu-but-not-mac #torq.conf setup sed -i.bak "s||$TORQ_CONFIG|g" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak if [[ "$NETWORK" == "bridge" ]]; then sed -i.bak "s//db/g" $TORQ_CONFIG && rm $TORQ_CONFIG.bak sed -i.bak "s//$UI_PORT/g" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak sed -i.bak "s//$GRPC_PORT/g" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak fi sed -i.bak "s//$UIPASSWORD/g" $TORQ_CONFIG && rm $TORQ_CONFIG.bak sed -i.bak "s//$UI_PORT/g" $TORQ_CONFIG && rm $TORQ_CONFIG.bak sed -i.bak "s//$GRPC_PORT/g" $TORQ_CONFIG && rm $TORQ_CONFIG.bak if [[ "$NETWORK" == "host" ]]; then sed -i.bak "s//localhost/g" $TORQ_CONFIG && rm $TORQ_CONFIG.bak fi echo 'Docker compose file (docker-compose.yml) created in '$TORQDIR echo 'Torq configuration file (torq.conf) created in '$TORQDIR printf "\n" START_COMMAND='start-torq' STOP_COMMAND='stop-torq' UPDATE_COMMAND='update-torq' DELETE_COMMAND='delete-torq' curl --location --silent --output "${TORQDIR}/${START_COMMAND}" https://raw.githubusercontent.com/lncapital/torq/main/docker/start.sh curl --location --silent --output "${TORQDIR}/${STOP_COMMAND}" https://raw.githubusercontent.com/lncapital/torq/main/docker/stop.sh curl --location --silent --output "${TORQDIR}/${UPDATE_COMMAND}" https://raw.githubusercontent.com/lncapital/torq/main/docker/update.sh curl --location --silent --output "${TORQDIR}/${DELETE_COMMAND}" https://raw.githubusercontent.com/lncapital/torq/main/docker/delete.sh #start-torq setup sed -i.bak "s//$UI_PORT/g" $TORQDIR/${START_COMMAND} && rm $TORQDIR/start-torq.bak sed -i.bak "s//$GRPC_PORT/g" $TORQDIR/${START_COMMAND} && rm $TORQDIR/start-torq.bak chmod +x $TORQDIR/$START_COMMAND chmod +x $TORQDIR/$STOP_COMMAND chmod +x $TORQDIR/$UPDATE_COMMAND chmod +x $TORQDIR/$DELETE_COMMAND printf "\n" echo "We have added these scripts to ${TORQDIR}:" echo "${START_COMMAND} (This command starts Torq)" echo "${STOP_COMMAND} (This command stops Torq)" echo "${UPDATE_COMMAND} (This command updates Torq)" echo "${DELETE_COMMAND} (WARNING: This command deletes Torq _including_ all collected data!)" printf "\n" echo "Optional you can add these scripts to your PATH by running:" echo "sudo ln -s ${TORQDIR}/* /usr/local/bin/" printf "\n" echo "Try it out now! Make sure the Docker daemon is running, and then start Torq with:" echo "${TORQDIR}/${START_COMMAND}" ================================================ FILE: docker/nginx.conf ================================================ events {} http { server { listen 132; location /torq/ { proxy_pass http://host.docker.internal:8080/; } } } ================================================ FILE: docker/reverse-proxy-example.sh ================================================ docker run --name reverseproxy --mount type=bind,source=/nginx.conf,target=/etc/nginx/nginx.conf,readonly -p 132:132 --rm nginx ================================================ FILE: docker/start.sh ================================================ #!/usr/bin/env bash # Check that the Docker daemon is running if ! docker ps > /dev/null; then exit 1; fi BASEDIR=$(dirname "$0") docker pull lncapital/torq docker-compose -f $BASEDIR/docker-compose.yml up -d echo Torq is starting, please wait function timeout() { perl -e 'alarm shift; exec @ARGV' "$@"; } timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' localhost:)" != "200" ]]; do sleep 5; done' || false echo Torq has started and is available on http://localhost: if [ "$(uname)" == "Darwin" ]; then open http://localhost: fi if [[ "$(uname)" != "Darwin" && x$DISPLAY != x ]]; then xdg-open http://localhost: fi ================================================ FILE: docker/stop.sh ================================================ #!/usr/bin/env bash # Check that the Docker daemon is running if ! docker ps > /dev/null; then exit 1; fi BASEDIR=$(dirname "$0") docker-compose -f $BASEDIR/docker-compose.yml down ================================================ FILE: docker/update.sh ================================================ #!/usr/bin/env bash # Check that the Docker daemon is running if ! docker ps > /dev/null; then exit 1; fi BASEDIR=$(dirname "$0") docker-compose -f $BASEDIR/docker-compose.yml down docker pull lncapital/torq docker-compose -f $BASEDIR/docker-compose.yml up -d ================================================ FILE: kubernetes/README.md ================================================ ![Torq - Banner](./docs/images/readme-banner.png) # Torq Torq Kubernetes CRD files are work-in-progress example template files. Files that require custom modifications are: - bitcoin-core.yaml: \ - cluster-issuer.yaml: \ - lnd-postgres-configmap.yaml: \ and \ - lnd.yaml: \, \, \ and \ - torq-ingress.yaml: \ - torq-postgres-configmap.yaml: \ and \ - torq.yaml: \ and \ # Secret creation `kubectl create configmap lnd-tls.cert --from-file=/path/to/lnd/tls.cert` `kubectl create configmap lnd-admin.macaroon --from-file=/home/kobe/lnd/admin.macaroon` # TODO Convert more things to secrets. ## Help and feedback Join our [Telegram group](https://t.me/joinchat/V-Dks6zjBK4xZWY0) if you need help getting started. Feel free to ping us in the telegram group if you have any feature request or feedback. We would also love to hear your ideas for features or any other feedback you might have. ================================================ FILE: kubernetes/bitcoin-core-pvc.yaml ================================================ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: bitcoin-core-pv-claim spec: storageClassName: default accessModes: - ReadWriteOnce resources: requests: storage: 700Gi ================================================ FILE: kubernetes/bitcoin-core.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: bitcoin-core-deployment labels: app: bitcoin-core-app tier: bitcoin spec: replicas: 1 selector: matchLabels: app: bitcoin-core-app template: metadata: labels: app: bitcoin-core-app tier: bitcoin spec: hostname: bitcoin-core-mainnet volumes: - name: bitcoin-core-pv-storage persistentVolumeClaim: claimName: bitcoin-core-pv-claim containers: - name: bitcoin-core image: "ruimarinho/bitcoin-core:latest" imagePullPolicy: IfNotPresent resources: requests: memory: "10G" args: - -printtoconsole - -rpcauth= - -disablewallet=1 - -nopeerbloomfilters=1 - -txindex=1 - -rpcbind=0.0.0.0 - -rpcbind=bitcoin-core-mainnet - -rpcport=8332 - -rpcallowip=0.0.0.0/0 - -server=1 - -maxmempool=100 - -peerbloomfilters=0 - -dbcache=3000 - -maxuploadtarget=1000 - -permitbaremultisig=0 - -zmqpubrawblock=tcp://0.0.0.0:28332 - -zmqpubrawtx=tcp://0.0.0.0:28333 volumeMounts: - name: bitcoin-core-pv-storage mountPath: "/home/bitcoin/.bitcoin" --- apiVersion: v1 kind: Service metadata: name: bitcoin-core-service labels: tier: bitcoin spec: selector: app: bitcoin-core-app tier: bitcoin ports: - port: 28332 name: bitcoin-core-zmq-block - port: 28333 name: bitcoin-core-zmq-tx - port: 8332 name: bitcoin-core-rpc ================================================ FILE: kubernetes/cluster-issuer.yaml ================================================ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: privateKeySecretRef: name: letsencrypt solvers: - http01: ingress: class: nginx podTemplate: spec: nodeSelector: "kubernetes.io/os": linux ================================================ FILE: kubernetes/lnd-postgres-configmap.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: lnd-postgres-config labels: app: lnd-postgres data: POSTGRES_DB: "lndpostgresdb" POSTGRES_USER: "" POSTGRES_PASSWORD: "" PGDATA: "/var/lib/postgresql/data/pgdata" ================================================ FILE: kubernetes/lnd-postgres-pvc.yaml ================================================ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: lnd-postgres-pv-claim spec: storageClassName: default accessModes: - ReadWriteOnce resources: requests: storage: 10Gi ================================================ FILE: kubernetes/lnd-postgres.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: lnd-postgres-deployment spec: replicas: 1 selector: matchLabels: app: lnd-postgres-app template: metadata: labels: app: lnd-postgres-app spec: containers: - name: lnd-postgres image: postgres:15 imagePullPolicy: "IfNotPresent" ports: - containerPort: 5432 envFrom: - configMapRef: name: lnd-postgres-config volumeMounts: - mountPath: /var/lib/postgresql/data name: lndpostgresdb volumes: - name: lndpostgresdb persistentVolumeClaim: claimName: lnd-postgres-pv-claim --- apiVersion: v1 kind: Service metadata: name: lnd-postgres-service spec: selector: app: lnd-postgres-app ports: - port: 5432 ================================================ FILE: kubernetes/lnd-pvc.yaml ================================================ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: lnd-pv-claim spec: storageClassName: default accessModes: - ReadWriteOnce resources: requests: storage: 10Gi ================================================ FILE: kubernetes/lnd.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: lnd-deployment labels: app: lnd-app tier: lnd spec: replicas: 1 selector: matchLabels: app: lnd-app template: metadata: labels: app: lnd-app tier: lnd spec: volumes: - name: lnd-pv-storage persistentVolumeClaim: claimName: lnd-pv-claim containers: - name: lnd image: "lightninglabs/lnd:v0.16.0-beta" imagePullPolicy: IfNotPresent args: - --bitcoin.active - --bitcoin.mainnet - --lnddir=/root/.lnd - --bitcoin.node=bitcoind - --tlsextradomain=lnd-service - --rpclisten=0.0.0.0:10009 - --restlisten=0.0.0.0:8080 - --listen=0.0.0.0 - --bitcoind.rpchost=bitcoin-core-service - --bitcoind.rpcpass= - --bitcoind.rpcuser= - --bitcoind.zmqpubrawblock=tcp://bitcoin-core-service:28332 - --bitcoind.zmqpubrawtx=tcp://bitcoin-core-service:28333 - --db.backend=postgres - --db.postgres.dsn=postgres://:@lnd-postgres-service:5432/lndpostgresdb?sslmode=disable - --wallet-unlock-password-file=/root/.lnd/wallet_password volumeMounts: - name: lnd-pv-storage mountPath: "/root/.lnd" --- apiVersion: v1 kind: Service metadata: name: lnd-service labels: tier: lnd spec: selector: app: lnd-app tier: lnd ports: - port: 10009 name: lnd-rpc-port - port: 9735 name: lnd-peer-port - port: 8080 name: lnd-http-port ================================================ FILE: kubernetes/torq-ingress.yaml ================================================ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: torq-ingress namespace: default annotations: cert-manager.io/cluster-issuer: letsencrypt spec: ingressClassName: nginx tls: - hosts: - secretName: tls-secret rules: - host: http: paths: - path: / pathType: Prefix backend: service: name: torq-service port: number: 8080 ================================================ FILE: kubernetes/torq-postgres-configmap.yaml ================================================ apiVersion: v1 kind: ConfigMap metadata: name: torq-timescaledb-config labels: app: torq-timescaledb data: POSTGRES_DB: "torqtimescaledb" POSTGRES_USER: "" POSTGRES_PASSWORD: "" PGDATA: "/var/lib/postgresql/data/pgdata" ================================================ FILE: kubernetes/torq-postgres-pvc.yaml ================================================ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: torq-timescaledb-pv-claim spec: storageClassName: default accessModes: - ReadWriteOnce resources: requests: storage: 100Gi ================================================ FILE: kubernetes/torq-postgres.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: torq-timescaledb-deployment spec: replicas: 1 selector: matchLabels: app: torq-timescaledb-app template: metadata: labels: app: torq-timescaledb-app spec: containers: - name: torq-timescaledb image: timescale/timescaledb:latest-pg14 imagePullPolicy: "IfNotPresent" resources: requests: memory: "10G" ports: - containerPort: 5432 envFrom: - configMapRef: name: torq-timescaledb-config volumeMounts: - mountPath: /var/lib/postgresql/data name: torqtimescaledb volumes: - name: torqtimescaledb persistentVolumeClaim: claimName: torq-timescaledb-pv-claim --- apiVersion: v1 kind: Service metadata: name: torq-timescaledb-service spec: selector: app: torq-timescaledb-app ports: - port: 5432 ================================================ FILE: kubernetes/torq.yaml ================================================ apiVersion: apps/v1 kind: Deployment metadata: name: torq-deployment labels: app: torq-app tier: torq spec: replicas: 1 selector: matchLabels: app: torq-app template: metadata: labels: app: torq-app tier: torq spec: securityContext: runAsUser: 1000 fsGroup: 1000 volumes: - name: macaroonvolume configMap: name: lnd-admin.macaroon - name: tlsvolume configMap: name: lnd-tls.cert containers: - name: vector image: "lncapital/torq:latest" imagePullPolicy: IfNotPresent args: - --db.name=torqtimescaledb - --db.host=torq-timescaledb-service - --db.user= - --db.password= - --lnd.url=lnd-service:10009 - --lnd.tls-path=/app/lnd/tls/tls.cert - --lnd.macaroon-path=/app/lnd/macaroon/admin.macaroon - start volumeMounts: - name: macaroonvolume mountPath: /app/lnd/macaroon - name: tlsvolume mountPath: /app/lnd/tls --- apiVersion: v1 kind: Service metadata: name: torq-service labels: tier: torq spec: type: ClusterIP selector: app: torq-app tier: torq ports: - port: 8080 name: torq-http-port