├── .envrc ├── .github ├── ISSUE_TEMPLATE │ └── bug_report.md └── workflows │ ├── bot-automerge.yaml │ ├── cleanup-after-pr-closed.yaml │ └── fmt.yml ├── .gitignore ├── LICENSE ├── README.md ├── charts ├── admin-panel │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ └── service.yaml │ └── values.yaml ├── api-dashboard │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ └── service.yaml │ └── values.yaml ├── bitcoind │ ├── .helmignore │ ├── Chart.yaml │ ├── regtest-values.yaml │ ├── signet-values.yml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── ingress.yaml │ │ ├── network-secret.yaml │ │ ├── pvc.yaml │ │ ├── secrets.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── statefulset.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ ├── testnet-values.yaml │ └── values.yaml ├── bria │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── bria-admin-svc.yaml │ │ ├── bria-api-svc.yaml │ │ ├── bria-cm.yaml │ │ ├── bria-deployment.yaml │ │ └── bria-secrets.yaml │ └── values.yaml ├── fulcrum │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── configmap.yaml │ │ ├── ingress.yaml │ │ ├── pvc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── statefulset.yaml │ └── values.yaml ├── galoy-deps │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ └── kafka-cluster.yaml │ └── values.yaml ├── galoy-pay │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── charts │ │ └── galoy-nostr │ │ │ ├── Chart.lock │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── _helpers.tpl │ │ │ ├── deployment.yaml │ │ │ └── secret.yaml │ │ │ └── values.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ └── service.yaml │ └── values.yaml ├── galoy │ ├── Chart.lock │ ├── Chart.yaml │ ├── apollo-router │ │ ├── api-keys-schema.graphql │ │ ├── notifications-schema.graphql │ │ ├── public-schema.graphql │ │ └── supergraph.graphql │ ├── charts │ │ └── price │ │ │ ├── .helmignore │ │ │ ├── Chart.yaml │ │ │ ├── templates │ │ │ ├── NOTES.txt │ │ │ ├── _helpers.tpl │ │ │ ├── history-config-secret.yaml │ │ │ ├── history-cronjob.yaml │ │ │ ├── history-deployment.yaml │ │ │ ├── history-migration-job.yaml │ │ │ ├── history-service.yaml │ │ │ ├── realtime-config-secret.yaml │ │ │ ├── realtime-deployment.yaml │ │ │ └── realtime-service.yaml │ │ │ └── values.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── admin-ingress.yaml │ │ ├── admin-service.yaml │ │ ├── api-deployment.yaml │ │ ├── api-ingress.yaml │ │ ├── api-keys-cm.yaml │ │ ├── api-keys-deployment.yaml │ │ ├── api-keys-service.yaml │ │ ├── api-service.yaml │ │ ├── consent-deployment.yaml │ │ ├── consent-ingress.yaml │ │ ├── consent-service.yaml │ │ ├── exporter-deployment.yaml │ │ ├── galoy-cronjob.yaml │ │ ├── galoy-custom-config-secret.yaml │ │ ├── galoy-migration-job.yaml │ │ ├── galoy-role.yaml │ │ ├── galoy-rolebinding.yaml │ │ ├── galoy-secrets.yaml │ │ ├── galoy-serviceaccount.yaml │ │ ├── mongo-backup-configmap.yaml │ │ ├── mongo-backup-cronjob.yaml │ │ ├── notification-jobs-deployment.yaml │ │ ├── notifications-cm.yaml │ │ ├── notifications-deployment.yaml │ │ ├── notifications-jobs-cm.yaml │ │ ├── notifications-service.yaml │ │ ├── required-checks.yaml │ │ ├── router-supergraph-cm.yaml │ │ ├── trigger-deployment.yaml │ │ ├── trigger-service.yaml │ │ ├── websocket-deployment.yaml │ │ ├── websocket-ingress.yaml │ │ └── websocket-service.yaml │ └── values.yaml ├── kafka-connect │ ├── Chart.yaml │ ├── templates │ │ ├── helpers.tpl │ │ ├── kafka-connect.yaml │ │ └── network-policy-allow-from-smoketest-namespace.yaml │ └── values.yaml ├── lnd │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── api-service.yaml │ │ ├── configmap.yaml │ │ ├── export-secrets-configmap.yaml │ │ ├── lnd-pass-secret.yaml │ │ ├── pvc.yaml │ │ ├── role.yaml │ │ ├── rolebinding.yaml │ │ ├── service-p2p.yml │ │ ├── serviceaccount.yaml │ │ ├── statefulset.yaml │ │ └── wallet-init-configmap.yaml │ └── values.yaml ├── map │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── secrets.yaml │ │ └── service.yaml │ └── values.yaml ├── mempool │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── pvc.yaml │ │ ├── service.yaml │ │ └── statefulset.yaml │ └── values.yaml ├── monitoring │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ └── values.yaml ├── specter │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── ingress.yaml │ │ ├── nginx-ingress-networkpolicy.yaml │ │ ├── pvc.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ ├── statefulset.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── stablesats │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── stablesats-dealer-cm.yaml │ │ ├── stablesats-dealer-deployment.yaml │ │ ├── stablesats-price-cm.yaml │ │ ├── stablesats-price-deployment.yaml │ │ ├── stablesats-price-svc.yaml │ │ └── stablesats-secrets.yaml │ └── values.yaml └── voucher │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── templates │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ ├── secrets.yaml │ └── service.yaml │ └── values.yaml ├── ci ├── pipeline-fragments.lib.yml ├── pipeline.yml ├── repipe ├── tasks │ ├── admin-panel-smoketest.sh │ ├── api-dashboard-smoketest.sh │ ├── bitcoind-smoketest.sh │ ├── bria-smoketest.sh │ ├── bump-chart.sh │ ├── bump-image-digest.sh │ ├── dev-smoketest-settings.sh │ ├── fulcrum-smoketest.sh │ ├── galoy-deps-smoketest.sh │ ├── galoy-pay-smoketest.sh │ ├── galoy-smoketest.sh │ ├── get-smoketest-settings.sh │ ├── kafka-connect-smoketest.sh │ ├── lnd-smoketest.sh │ ├── map-smoketest.sh │ ├── mempool-smoketest.sh │ ├── monitoring-smoketest.sh │ ├── open-image-bump-pr.sh │ ├── open-update-helm-deps-pr.sh │ ├── prepare-testflight.sh │ ├── specter-smoketest.sh │ ├── stablesats-smoketest.sh │ ├── update-helm-dep.sh │ └── voucher-smoketest.sh ├── testflight │ ├── .gitignore │ ├── admin-panel │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── api-dashboard │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── bitcoind │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── bria │ │ ├── main.tf │ │ └── testflight-values.yml.tmpl │ ├── fulcrum │ │ ├── bitcoind-values.yml │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── galoy-auth │ │ ├── galoy-auth-testflight-values.yml.tmpl │ │ ├── main.tf │ │ └── postgres-testflight-values.yml.tmpl │ ├── galoy-deps │ │ ├── main.tf │ │ └── testflight-values.yml.tmpl │ ├── galoy-pay │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── galoy │ │ ├── api-keys-postgresql-values.yml │ │ ├── fake-firebase-service-account.json │ │ ├── main.tf │ │ ├── notifications-postgresql-values.yml │ │ ├── postgresql-values.yml │ │ ├── testflight-values.yml │ │ └── testflight-values.yml.tmpl │ ├── kafka-connect │ │ ├── main.tf │ │ └── testflight-values.yml.tmpl │ ├── lnd │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── map │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── mempool │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── monitoring │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── specter │ │ ├── main.tf │ │ └── testflight-values.yml │ ├── stablesats │ │ ├── main.tf │ │ └── testflight-values.yml.tmpl │ └── voucher │ │ ├── main.tf │ │ └── testflight-values.yml └── values.yml ├── dev ├── .gitignore ├── Makefile ├── README.md ├── Tiltfile ├── addons │ ├── Tiltfile │ ├── admin-panel-values.yml │ ├── api-dashboard-values.yml │ ├── galoy-pay-values.yml │ ├── map-values.yml │ └── voucher-values.yml ├── bitcoin │ ├── Tiltfile │ ├── bitcoind-onchain-values.yml │ ├── bitcoind-regtest-values.yml │ ├── bitcoind-signet-values.yml │ ├── bitcoind_signers_descriptors.json │ ├── bria-values.yml │ ├── fulcrum-regtest-values.yml │ ├── fulcrum-signet-values.yml │ ├── generateBlock.sh │ ├── lnd-regtest-values.yml │ ├── lnd-signet-values.yml │ ├── loop-values.yml │ ├── mempool-regtest-values.yml │ └── mempool-signet-values.yml ├── common │ ├── Tiltfile │ └── add-helm-repos.sh ├── galoy-deps │ ├── Tiltfile │ ├── cert-manager-values.yml │ ├── ingress-nginx-values.yml │ ├── ingress.tf │ ├── kafka-values.yml │ ├── kubemonkey-values.yml.tmpl │ └── otel-values.yml ├── galoy │ ├── Tiltfile │ ├── galoy-regtest-values.yml │ ├── galoy-signet-values.yml │ ├── galoy-values.yml │ ├── oathkeeper_mutator_id_token_jwks.json │ └── postgresql-values.yml ├── kafka-connect │ ├── Tiltfile │ └── kafka-values.yml.tmpl ├── monitoring │ └── Tiltfile ├── smoketest │ └── Tiltfile └── stablesats │ ├── Tiltfile │ └── stablesats-values.yml ├── flake.lock ├── flake.nix └── images ├── chain-dl └── Dockerfile ├── kafka-connect └── Dockerfile ├── lnd-sidecar └── Dockerfile └── mongo-backup └── Dockerfile /.envrc: -------------------------------------------------------------------------------- 1 | use flake . 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Environment (please complete the following information):** 27 | - OS: [e.g. Ubuntu/Windows/MacOS] 28 | - Environment type [e.g. AWS/GCP/Minikube] 29 | - k8s version [e.g. v1.21] 30 | 31 | **Additional context** 32 | Add any other context about the problem here. 33 | -------------------------------------------------------------------------------- /.github/workflows/bot-automerge.yaml: -------------------------------------------------------------------------------- 1 | name: automerge 2 | on: 3 | pull_request_review: 4 | types: 5 | - submitted 6 | jobs: 7 | automerge: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: automerge 11 | uses: "pascalgn/automerge-action@v0.15.6" 12 | env: 13 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" 14 | MERGE_LABELS: blinkbitcoinbot 15 | MERGE_FORKS: false 16 | MERGE_METHOD: squash 17 | MERGE_REQUIRED_APPROVALS: 1 18 | -------------------------------------------------------------------------------- /.github/workflows/cleanup-after-pr-closed.yaml: -------------------------------------------------------------------------------- 1 | name: cleanup-after-pr-closed 2 | on: 3 | pull_request: 4 | types: [closed] 5 | jobs: 6 | cancel-runs: 7 | name: Cleanup after PR closed 8 | runs-on: ubuntu-latest 9 | timeout-minutes: 3 10 | steps: 11 | - name: Checkout 12 | uses: actions/checkout@v2 13 | - name: Cancel build runs 14 | uses: styfle/cancel-workflow-action@0.12.0 15 | with: 16 | ignore_sha: true 17 | workflow_id: tilt.yaml 18 | -------------------------------------------------------------------------------- /.github/workflows/fmt.yml: -------------------------------------------------------------------------------- 1 | name: Check formatting 2 | on: 3 | pull_request: 4 | branches: [main] 5 | 6 | jobs: 7 | fmt: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout code into workspace directory 11 | uses: actions/checkout@v2 12 | - name: Terraform fmt 13 | uses: hashicorp/setup-terraform@v2 14 | - run: terraform fmt -recursive . 15 | - run: git diff --exit-code 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.tgz 2 | .direnv 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 GaloyMoney 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Galoy Kubernetes Helm Charts 2 | 3 | Galoy community banking application, launchable on Kubernetes using [Kubernetes Helm](https://github.com/helm/helm). 4 | 5 | ## Before you begin 6 | 7 | ### Setup a Kubernetes Cluster 8 | 9 | These charts have been tested on top of the galoy infrastructure ([`galoy-infra`](https://github.com/GaloyMoney/galoy-infra)). 10 | 11 | ### Install Helm 12 | [Helm](https://helm.sh) must be installed to use the charts. 13 | Please refer to Helm's [documentation](https://helm.sh/docs/) to get started. 14 | 15 | ## What's included 16 | 17 | This repo includes charts for: 18 | - [`galoy`](https://github.com/GaloyMoney/galoy) Our bitcoin banking application 19 | - [`galoy-pay`](https://github.com/GaloyMoney/galoy-pay) 20 | - [`admin-panel`](https://github.com/GaloyMoney/admin-panel) 21 | - [`price`](https://github.com/GaloyMoney/price) 22 | 23 | - [`bitcoind`](https://github.com/bitcoin/bitcoin) Bitcoin full node 24 | 25 | - [`lnd`](https://github.com/lightningnetwork/lnd) Lightning Network daemon & client 26 | 27 | - [`specter`](https://github.com/cryptoadvance/specter-desktop) On-chain wallet and multisig co-ordinator 28 | 29 | - `monitoring` Metrics dashboard 30 | - [`grafana`](https://github.com/grafana/grafana) 31 | - [`prometheus`](https://github.com/prometheus/prometheus) 32 | -------------------------------------------------------------------------------- /charts/admin-panel/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/admin-panel/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: admin-panel 3 | description: A Helm chart for the admin panel addon to Galoy 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.13.35-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.7.6 21 | -------------------------------------------------------------------------------- /charts/admin-panel/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "adminPanel.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/admin-panel/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "adminPanel.fullname" . }} 6 | labels: 7 | app: {{ include "adminPanel.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | annotations: 11 | cert-manager.io/cluster-issuer: letsencrypt-issuer 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | {{- if .Values.ingress.rulesOverride }} 16 | {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} 17 | {{- else }} 18 | {{- range .Values.ingress.hosts }} 19 | - host: {{ . }} 20 | http: 21 | paths: 22 | - pathType: Prefix 23 | path: "/" 24 | backend: 25 | service: 26 | name: {{ include "adminPanel.fullname" $ }} 27 | port: 28 | number: {{ $.Values.service.port }} 29 | {{- end -}} 30 | {{- end }} 31 | tls: 32 | {{- range .Values.ingress.hosts }} 33 | - hosts: 34 | - {{ . }} 35 | secretName: {{ printf "%s-tls" . }} 36 | {{- end }} 37 | {{- if .Values.ingress.extraTls }} 38 | {{- toYaml .Values.ingress.extraTls | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/admin-panel/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "adminPanel.fullname" . }} 6 | labels: 7 | app: {{ template "adminPanel.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | google-oauth-client-id: {{ .Values.secrets.googleOauthClientId | b64enc | quote }} 13 | google-oauth-client-secret: {{ .Values.secrets.googleOauthClientSecret | b64enc | quote }} 14 | next-auth-secret: {{ .Values.secrets.nextAuthSecret | b64enc | quote }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /charts/admin-panel/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "adminPanel.fullname" . }} 5 | labels: 6 | app: {{ template "adminPanel.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: {{ .Values.service.port }} 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "adminPanel.fullname" . }} 18 | -------------------------------------------------------------------------------- /charts/admin-panel/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: us.gcr.io/galoy-org/galoy-admin-panel 3 | digest: "sha256:a88c31a1e9d17fc9bafc79ef7eb8b171657a46a5d3f70b1840a6a5185ed18f9c" # METADATA:: repository=https://github.com/blinkbitcoin/blink;commit_ref=d5c8414;app=admin-panel;monorepo_subdir=apps/admin-panel; 4 | git_ref: "ef99dc0" # Not used by helm 5 | ingress: 6 | enabled: false 7 | service: 8 | port: 3000 9 | type: ClusterIP 10 | adminPanel: 11 | adminCoreApi: http://admin-api.galoy-dev-galoy.svc.cluster.local:4001/admin/graphql 12 | nextAuthUrl: http://localhost:3000 13 | authorizedEmails: "satoshi@blink.sv,nakamoto@blink.sv" 14 | resources: {} 15 | secrets: 16 | create: true 17 | googleOauthClientId: "" 18 | googleOauthClientSecret: "" 19 | nextAuthSecret: "" 20 | otelExporterOtlpEndpoint: http://localhost:4318 21 | tracingServiceName: "admin-panel" 22 | -------------------------------------------------------------------------------- /charts/api-dashboard/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/api-dashboard/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: api-dashboard 3 | description: A Helm chart for the api dashboard addon to Galoy 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.1.0-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.15.3 21 | -------------------------------------------------------------------------------- /charts/api-dashboard/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "apiDashboard.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/api-dashboard/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "apiDashboard.fullname" . }} 6 | labels: 7 | app: {{ include "apiDashboard.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | annotations: 11 | cert-manager.io/cluster-issuer: letsencrypt-issuer 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | {{- if .Values.ingress.rulesOverride }} 16 | {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} 17 | {{- else }} 18 | {{- range .Values.ingress.hosts }} 19 | - host: {{ . }} 20 | http: 21 | paths: 22 | - pathType: Prefix 23 | path: "/" 24 | backend: 25 | service: 26 | name: {{ include "apiDashboard.fullname" $ }} 27 | port: 28 | number: {{ $.Values.service.port }} 29 | {{- end -}} 30 | {{- end }} 31 | tls: 32 | {{- range .Values.ingress.hosts }} 33 | - hosts: 34 | - {{ . }} 35 | secretName: {{ printf "%s-tls" . }} 36 | {{- end }} 37 | {{- if .Values.ingress.extraTls }} 38 | {{- toYaml .Values.ingress.extraTls | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/api-dashboard/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "apiDashboard.fullname" . }} 6 | labels: 7 | app: {{ template "apiDashboard.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | next-auth-secret: {{ .Values.secrets.nextAuthSecret }} 13 | client-secret: {{ .Values.secrets.clientSecret }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/api-dashboard/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "apiDashboard.fullname" . }} 5 | labels: 6 | app: {{ template "apiDashboard.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: {{ .Values.service.port }} 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "apiDashboard.fullname" . }} 18 | -------------------------------------------------------------------------------- /charts/api-dashboard/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: true 3 | nextAuthSecret: "" 4 | clientSecret: "" 5 | apiDashboard: 6 | hydraPublic: "http://galoy-hydra-public.galoy-dev-galoy.svc.cluster.local:4444" 7 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-dev-galoy.svc.cluster.local:4455/graphql" 8 | nextAuthUrl: "" 9 | clientId: "" 10 | otelExporterOtlpEndpoint: http://localhost:4318 11 | tracingServiceName: "dashboard" 12 | image: 13 | repository: us.gcr.io/galoy-org/galoy-dashboard 14 | digest: "sha256:a4464745554f68add067bcc8a164aa8f066947e59ced5b17b3cad5f218cf98e8" # METADATA:: repository=https://github.com/blinkbitcoin/blink;commit_ref=62cd3f3;app=dashboard;monorepo_subdir=apps/dashboard; 15 | ingress: 16 | enabled: false 17 | service: 18 | port: 3000 19 | type: ClusterIP 20 | resources: {} 21 | -------------------------------------------------------------------------------- /charts/bitcoind/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/bitcoind/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: bitcoind 3 | description: A Helm chart for Kubernetes 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.5.1-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.21.0 21 | -------------------------------------------------------------------------------- /charts/bitcoind/regtest-values.yaml: -------------------------------------------------------------------------------- 1 | # Example of values for regtest bitcoind. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | global: 5 | network: regtest 6 | service: 7 | ports: 8 | rpc: 18443 9 | 10 | secrets: 11 | create: false 12 | 13 | persistence: 14 | enabled: false 15 | 16 | service: 17 | type: ClusterIP 18 | ports: 19 | zmqpubrawtx: 28333 20 | zmqpubrawblock: 28332 21 | p2p: 18444 22 | 23 | # these flags need to be here and not in bitcoindGenericConfig because they have to be present under a separate section inside bitcoind.conf when in testnet/regtest mode 24 | bitcoindCustomConfig: 25 | bind: 0.0.0.0 26 | rpcbind: 0.0.0.0 27 | rpcallowip: 0.0.0.0/0 28 | fallbackfee: 0.0002 29 | -------------------------------------------------------------------------------- /charts/bitcoind/signet-values.yml: -------------------------------------------------------------------------------- 1 | # Example of values for signet bitcoind. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | global: 5 | network: signet 6 | service: 7 | ports: 8 | rpc: 38332 9 | 10 | secrets: 11 | create: false 12 | 13 | persistence: 14 | enabled: true 15 | size: 2Gi 16 | 17 | service: 18 | type: ClusterIP 19 | ports: 20 | zmqpubrawtx: 28333 21 | zmqpubrawblock: 28332 22 | p2p: 38333 23 | 24 | # these flags need to be here and not in bitcoindGenericConfig because they have to be present under a separate section inside bitcoind.conf when in testnet/regtest mode 25 | bitcoindCustomConfig: 26 | bind: 0.0.0.0 27 | rpcbind: 0.0.0.0 28 | rpcallowip: 0.0.0.0/0 29 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | bitcoind RPC can be accessed via port {{ .Values.service.rpcPort }} on the following DNS name from within your cluster: 2 | {{ template "bitcoind.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local 3 | 4 | To connect to bitcoind RPC: 5 | 6 | 1. Forward the port for the node: 7 | 8 | $ kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ .Chart.Name }},release={{ .Release.Name }}" -o jsonpath="{ .items[0].metadata.name }") {{ .Values.service.rpcPort }} 9 | 10 | 2. Test connection with user and password provided in configuration file: 11 | 12 | $ curl --user rpcuser:rpcpassword -k http://127.0.0.1:{{ .Values.service.rpcPort }} --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' 13 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "bitcoind.fullname" . }} 5 | labels: 6 | {{- include "bitcoind.labels" . | nindent 4 }} 7 | data: 8 | bitcoin.conf: |- 9 | {{- range .Values.bitcoindGenericConfig }} 10 | {{ . }} 11 | {{- end }} 12 | {{- range $k, $v := $.Values.bitcoindCustomConfig }} 13 | {{ printf "%s=%v" $k $v }} 14 | {{- end }} 15 | {{ .Values.global.network | indent 2 }}=1 16 | {{- $sections := splitList "," "test,regtest,signet" }} 17 | {{- range $sections }} 18 | {{printf "[%s]" . }} 19 | {{- range $k, $v := $.Values.bitcoindCustomConfig }} 20 | {{ printf "%s=%v" $k $v }} 21 | {{- end }} 22 | {{- end}} 23 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "bitcoind.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1 6 | {{- else -}} 7 | apiVersion: extensions/v1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "bitcoind.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | ingressClassName: nginx 20 | {{- if .Values.ingress.tls }} 21 | tls: 22 | {{- range .Values.ingress.tls }} 23 | - hosts: 24 | {{- range .hosts }} 25 | - {{ . | quote }} 26 | {{- end }} 27 | secretName: {{ .secretName }} 28 | {{- end }} 29 | {{- end }} 30 | rules: 31 | {{- range .Values.ingress.hosts }} 32 | - host: {{ .host | quote }} 33 | http: 34 | paths: 35 | {{- range .paths }} 36 | - path: {{ . }} 37 | pathType: ImplementationSpecific 38 | backend: 39 | service: 40 | name: {{ $fullName }} 41 | port: 42 | number: {{ $svcPort }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/network-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if eq (include "bitcoind.fullname" .) "bitcoind" }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: network 6 | labels: 7 | {{- include "bitcoind.labels" . | nindent 4 }} 8 | stringData: 9 | network: {{.Values.global.network}} 10 | {{- end }} 11 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ template "bitcoind.fullname" . }} 6 | annotations: 7 | "helm.sh/resource-policy": keep 8 | labels: 9 | app: "{{ .Chart.Name }}" 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | release: "{{ .Release.Name }}" 12 | heritage: "{{ .Release.Service }}" 13 | spec: 14 | accessModes: 15 | - {{ .Values.persistence.accessMode | quote }} 16 | resources: 17 | requests: 18 | storage: {{ .Values.persistence.size | quote }} 19 | {{- if .Values.persistence.storageClass }} 20 | {{- if (eq "-" .Values.persistence.storageClass) }} 21 | storageClassName: "" 22 | {{- else }} 23 | storageClassName: "{{ .Values.persistence.storageClass }}" 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{ $rpcpassword := include "rpcpassword" . }} 2 | {{- if .Values.secrets.create }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ printf "%s-rpcpassword" (include "bitcoind.fullname" .) }} 7 | labels: 8 | {{- include "bitcoind.labels" . | nindent 4 }} 9 | stringData: 10 | password: {{ $rpcpassword }} 11 | {{- end }} 12 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "bitcoind.fullname" . }} 5 | labels: 6 | {{- include "bitcoind.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - name: rpc 11 | port: {{ .Values.global.service.ports.rpc }} 12 | - name: p2p 13 | port: {{ .Values.service.ports.p2p }} 14 | - name: zmqpubrawtx 15 | port: {{ .Values.service.ports.zmqpubrawtx }} 16 | - name: zmqpubrawblock 17 | port: {{ .Values.service.ports.zmqpubrawblock }} 18 | - name: metrics 19 | port: {{ .Values.service.ports.metrics }} 20 | selector: 21 | {{- include "bitcoind.selectorLabels" . | nindent 4 }} 22 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "bitcoind.serviceAccountName" . }} 6 | labels: 7 | {{- include "bitcoind.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/bitcoind/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "bitcoind.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "bitcoind.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "bitcoind.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/bitcoind/testnet-values.yaml: -------------------------------------------------------------------------------- 1 | # Example of values for testnet bitcoind. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | global: 5 | network: testnet 6 | service: 7 | ports: 8 | rpc: 18332 9 | 10 | persistence: 11 | enabled: true 12 | size: 50Gi 13 | 14 | service: 15 | type: ClusterIP 16 | ports: 17 | zmqpubrawtx: 28333 18 | zmqpubrawblock: 28332 19 | p2p: 18333 20 | 21 | # these flags need to be here and not in bitcoindGenericConfig because they have to be present under a separate section inside bitcoind.conf when in testnet/regtest mode 22 | bitcoindCustomConfig: 23 | bind: 0.0.0.0 24 | rpcbind: 0.0.0.0 25 | rpcallowip: 0.0.0.0/0 26 | -------------------------------------------------------------------------------- /charts/bria/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/bria/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 14.0.1 5 | digest: sha256:d85b78232b9cbaef3bba6d971c8af4ec26e013941fadfcb177eec1bb8e46e718 6 | generated: "2024-10-08T14:14:03.297141114+05:30" 7 | -------------------------------------------------------------------------------- /charts/bria/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: bria 3 | description: Helm chart for deploying GaloyMoney/Bria 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.10.17-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | # It is recommended to use it with quotes. 21 | appVersion: 0.1.114 22 | dependencies: 23 | - name: postgresql 24 | version: 14.0.1 25 | repository: https://charts.bitnami.com/bitnami 26 | condition: postgresql.enabled 27 | -------------------------------------------------------------------------------- /charts/bria/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "bria.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/bria/templates/bria-admin-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "bria.fullname" . }}-admin 5 | labels: 6 | app: {{ template "bria.fullname" . }}-admin 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | {{ with .Values.bria.admin.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 -}} 12 | {{ end }} 13 | spec: 14 | type: {{ .Values.bria.admin.service.type }} 15 | {{ if and (eq .Values.bria.admin.service.type "LoadBalancer") .Values.bria.admin.service.staticIP }} 16 | loadBalancerIP: {{ .Values.bria.admin.service.staticIP }} 17 | {{ end }} 18 | ports: 19 | - port: {{ .Values.bria.admin.service.port }} 20 | targetPort: {{ .Values.bria.admin.service.port }} 21 | protocol: TCP 22 | name: http 23 | selector: 24 | app: {{ template "bria.fullname" . }} 25 | -------------------------------------------------------------------------------- /charts/bria/templates/bria-api-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "bria.fullname" . }}-api 5 | labels: 6 | app: {{ template "bria.fullname" . }}-api 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | {{ with .Values.bria.api.service.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 -}} 12 | {{ end }} 13 | spec: 14 | type: {{ .Values.bria.api.service.type }} 15 | {{ if and (eq .Values.bria.api.service.type "LoadBalancer") .Values.bria.api.service.staticIP }} 16 | loadBalancerIP: {{ .Values.bria.api.service.staticIP }} 17 | {{ end }} 18 | ports: 19 | - port: {{ .Values.bria.api.service.port }} 20 | targetPort: {{ .Values.bria.api.service.port }} 21 | protocol: TCP 22 | name: http 23 | selector: 24 | app: {{ template "bria.fullname" . }} 25 | -------------------------------------------------------------------------------- /charts/bria/templates/bria-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "bria.fullname" . }}-config 5 | data: 6 | bria.yml: |- 7 | app: 8 | blockchain: 9 | network: {{ .Values.bria.app.blockchain.network }} 10 | electrum_url: {{ .Values.bria.app.blockchain.electrumUrl }} 11 | fees: 12 | mempool_space: 13 | url: {{ .Values.bria.app.fees.mempoolSpace.url }} 14 | number_of_retries: {{ .Values.bria.app.fees.mempoolSpace.numberOfRetries }} 15 | {{- if gt (len .Values.bria.app.security.blockedAddresses) 0 }} 16 | security: 17 | blocked_addresses: {{ toYaml .Values.bria.app.security.blockedAddresses | nindent 8 }} 18 | {{- end }} 19 | {{- if and .Values.bria.app.deprecatedEncryptionKey.nonce .Values.bria.app.deprecatedEncryptionKey.key }} 20 | deprecated_encryption_key: 21 | nonce: {{ .Values.bria.app.deprecatedEncryptionKey.nonce }} 22 | key: {{ .Values.bria.app.deprecatedEncryptionKey.key }} 23 | {{- end }} 24 | db: 25 | migrate_on_start: true 26 | pool_size: {{ .Values.bria.db.poolSize }} 27 | tracing: 28 | host: {{ .Values.bria.tracing.host }} 29 | port: {{ .Values.bria.tracing.port }} 30 | service_name: {{ .Values.bria.tracing.serviceName }} 31 | admin: 32 | listen_port: {{ .Values.bria.admin.service.port }} 33 | api: 34 | listen_port: {{ .Values.bria.api.service.port }} 35 | -------------------------------------------------------------------------------- /charts/bria/templates/bria-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.bria.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "bria.fullname" . }} 6 | labels: 7 | app: {{ template "bria.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | {{- if .Values.bria.secrets.annotations }} 11 | annotations: 12 | {{ toYaml .Values.bria.secrets.annotations | indent 4 }} 13 | {{- end }} 14 | type: Opaque 15 | data: 16 | pg-con: {{ .Values.bria.secrets.pgCon | trim | b64enc | trim }} 17 | signer-encryption-key: {{ .Values.bria.secrets.signerEncryptionKey | trim | b64enc | trim }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/bria/values.yaml: -------------------------------------------------------------------------------- 1 | fullnameOverride: "" 2 | nameOverride: "" 3 | bria: 4 | devDaemon: 5 | enabled: false 6 | bitcoindSignerEndpoint: https://bitcoind-onchain.default.svc.cluster.local:18543 7 | resources: {} 8 | tracing: 9 | host: localhost 10 | port: 4317 11 | serviceName: bria-dev 12 | app: 13 | blockchain: 14 | network: regtest 15 | electrumUrl: fulcrum.default.svc.cluster.local 16 | fees: 17 | mempoolSpace: 18 | url: https://mempool.space 19 | numberOfRetries: 3 20 | security: 21 | blockedAddresses: [] 22 | deprecatedEncryptionKey: 23 | nonce: null 24 | key: null 25 | db: 26 | poolSize: 20 27 | admin: 28 | service: 29 | type: ClusterIP 30 | port: 2743 31 | api: 32 | service: 33 | type: ClusterIP 34 | port: 2742 35 | staticIP: "" 36 | annotations: {} 37 | labels: {} 38 | image: 39 | repository: us.gcr.io/galoy-org/bria 40 | digest: "sha256:5af6686ec9da17461d0b300ff5b4563f77d326a1fee8c44d3433c977f60356cf" # METADATA:: repository=https://github.com/blinkbitcoin/bria;commit_ref=b3fe8fa;app=bria; 41 | git_ref: "55654e2" 42 | replicas: 2 43 | annotations: 44 | secrets: 45 | create: true 46 | pgCon: "" 47 | signerEncryptionKey: "" 48 | annotations: 49 | postgresql: 50 | enabled: true 51 | auth: 52 | enablePostgresUser: false 53 | username: bria 54 | password: bria 55 | database: bria 56 | resources: {} 57 | -------------------------------------------------------------------------------- /charts/fulcrum/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/fulcrum/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: fulcrum 3 | description: Fulcrum Electrum Server 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.5.18-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 1.11.1 21 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "fulcrum.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "fulcrum.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "fulcrum.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "fulcrum.labels" -}} 37 | helm.sh/chart: {{ include "fulcrum.chart" . }} 38 | {{ include "fulcrum.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "fulcrum.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ .Chart.Name }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "fulcrum.fullname" . }} 5 | labels: 6 | {{- include "fulcrum.labels" . | nindent 4 }} 7 | data: 8 | fulcrum.conf: | 9 | tcp = 0.0.0.0:{{ .Values.service.ports.tcp }} 10 | ssl = 0.0.0.0:{{ .Values.service.ports.ssl }} 11 | ws = 0.0.0.0:{{ .Values.service.ports.ws }} 12 | wss = 0.0.0.0:{{ .Values.service.ports.wss }} 13 | stats = 0.0.0.0:{{ .Values.service.ports.stats }} 14 | admin = 0.0.0.0:{{ .Values.service.ports.admin }} 15 | bitcoind = {{ .Values.bitcoindRpcHost }}:{{ .Values.bitcoindRpcPort }} 16 | key = /.fulcrum/tls.key 17 | cert = /.fulcrum/tls.cert 18 | {{- if .Values.fulcrumGenericConfig }} 19 | {{- range .Values.fulcrumGenericConfig }} 20 | {{ . }} 21 | {{- end }} 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "fulcrum.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1 6 | {{- else -}} 7 | apiVersion: extensions/v1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "fulcrum.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | ingressClassName: nginx 20 | {{- if .Values.ingress.tls }} 21 | tls: 22 | {{- range .Values.ingress.tls }} 23 | - hosts: 24 | {{- range .hosts }} 25 | - {{ . | quote }} 26 | {{- end }} 27 | secretName: {{ .secretName }} 28 | {{- end }} 29 | {{- end }} 30 | rules: 31 | {{- range .Values.ingress.hosts }} 32 | - host: {{ .host | quote }} 33 | http: 34 | paths: 35 | {{- range .paths }} 36 | - path: {{ . }} 37 | pathType: ImplementationSpecific 38 | backend: 39 | service: 40 | name: {{ $fullName }} 41 | port: 42 | number: {{ $svcPort }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ template "fulcrum.fullname" . }} 6 | annotations: 7 | "helm.sh/resource-policy": keep 8 | labels: 9 | app: "{{ .Chart.Name }}" 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | release: "{{ .Release.Name }}" 12 | heritage: "{{ .Release.Service }}" 13 | spec: 14 | accessModes: 15 | - {{ .Values.persistence.accessMode | quote }} 16 | resources: 17 | requests: 18 | storage: {{ .Values.persistence.size | quote }} 19 | {{- if .Values.persistence.storageClass }} 20 | {{- if (eq "-" .Values.persistence.storageClass) }} 21 | storageClassName: "" 22 | {{- else }} 23 | storageClassName: "{{ .Values.persistence.storageClass }}" 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} 27 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ template "fulcrum.fullname" . }} 5 | labels: 6 | {{- include "fulcrum.labels" . | nindent 4 }} 7 | rules: 8 | - apiGroups: [""] 9 | resources: ["pods/exec"] 10 | verbs: ["create"] 11 | - apiGroups: [""] 12 | resources: ["pods"] 13 | verbs: [ "get"] 14 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "fulcrum.fullname" . }} 5 | roleRef: 6 | kind: Role 7 | name: {{ template "fulcrum.fullname" . }} 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ template "fulcrum.fullname" . }} 12 | namespace: {{ .Release.Namespace }} 13 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "fulcrum.fullname" . }} 5 | labels: 6 | {{- include "fulcrum.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - name: tcp 11 | port: {{ .Values.service.ports.tcp }} 12 | - name: ssl 13 | port: {{ .Values.service.ports.ssl }} 14 | - name: ws 15 | port: {{ .Values.service.ports.ws }} 16 | - name: wss 17 | port: {{ .Values.service.ports.wss }} 18 | - name: stats 19 | port: {{ .Values.service.ports.stats }} 20 | selector: 21 | {{- include "fulcrum.selectorLabels" . | nindent 4 }} 22 | -------------------------------------------------------------------------------- /charts/fulcrum/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ template "fulcrum.fullname" . }} 6 | labels: 7 | {{- include "fulcrum.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/fulcrum/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: true 3 | 4 | image: 5 | repository: cculianu/fulcrum 6 | pullPolicy: IfNotPresent 7 | tag: v1.11.1 8 | 9 | # If true, generate blocks to the bitcoind node. Will fail if bitcoind is not in regtest mode. 10 | # The bitcoind installation should be in the same namespace as the fulcrum installation. 11 | autoGenerateBlocks: false 12 | 13 | generateBlocksImage: 14 | repository: bitnami/kubectl 15 | pullPolicy: IfNotPresent 16 | tag: 1.24.12 17 | 18 | serviceAccount: 19 | create: true 20 | annotations: {} 21 | name: "" 22 | 23 | podAnnotations: {} 24 | 25 | service: 26 | type: ClusterIP 27 | ports: 28 | tcp: 50001 29 | ssl: 50002 30 | ws: 50003 31 | wss: 50004 32 | stats: 8080 33 | admin: 8000 34 | 35 | ingress: 36 | enabled: false 37 | annotations: {} 38 | hosts: 39 | - host: chart-example.local 40 | paths: [] 41 | tls: [] 42 | 43 | resources: {} 44 | 45 | terminationGracePeriodSeconds: 600 46 | 47 | persistence: 48 | enabled: true 49 | accessMode: ReadWriteOnce 50 | size: 200Gi 51 | 52 | bitcoindRpcPassSecretName: bitcoind-onchain-rpcpassword 53 | bitcoindRpcPort: 8332 54 | bitcoindRpcHost: bitcoind-onchain 55 | 56 | fulcrumGenericConfig: 57 | # https://github.com/cculianu/Fulcrum/blob/master/doc/fulcrum-example-config.conf 58 | - rpcuser = rpcuser 59 | - datadir = /.fulcrum/db 60 | - bitcoind_clients = 1 61 | - peering = false 62 | - announce = false 63 | - utxo_cache = 1024 64 | - worker_threads = 1 65 | - bitcoind_throttle = 25 10 2 66 | - max_subs_per_ip = 1000000 67 | -------------------------------------------------------------------------------- /charts/galoy-deps/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/galoy-deps/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: cert-manager 3 | repository: https://charts.jetstack.io 4 | version: v1.17.1 5 | - name: ingress-nginx 6 | repository: https://kubernetes.github.io/ingress-nginx 7 | version: 4.7.1 8 | - name: strimzi-kafka-operator 9 | repository: https://strimzi.io/charts/ 10 | version: 0.39.0 11 | - name: kube-monkey 12 | repository: https://asobti.github.io/kube-monkey/charts/repo 13 | version: 1.5.2 14 | - name: opentelemetry-collector 15 | repository: https://open-telemetry.github.io/opentelemetry-helm-charts 16 | version: 0.115.0 17 | digest: sha256:763f94e36dad5e1dd50479dd398a817a6cc155355de72255ad71243c24cbd77c 18 | generated: "2025-02-13T12:16:06.614149601Z" 19 | -------------------------------------------------------------------------------- /charts/galoy-deps/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: galoy-deps 3 | description: A Helm chart for Kubernetes 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.10.20-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | # It is recommended to use it with quotes. 21 | appVersion: "0.1.0" 22 | dependencies: 23 | - name: "cert-manager" 24 | repository: "https://charts.jetstack.io" 25 | version: v1.17.1 26 | condition: cert-manager.enabled 27 | - name: "ingress-nginx" 28 | repository: "https://kubernetes.github.io/ingress-nginx" 29 | version: 4.7.1 30 | condition: ingress-nginx.enabled 31 | - name: strimzi-kafka-operator 32 | repository: https://strimzi.io/charts/ 33 | version: 0.39.0 34 | condition: strimzi-kafka-operator.enabled 35 | - name: kube-monkey 36 | alias: kubemonkey 37 | repository: https://asobti.github.io/kube-monkey/charts/repo 38 | version: 1.5.2 39 | condition: kubemonkey.enabled 40 | - name: opentelemetry-collector 41 | repository: https://open-telemetry.github.io/opentelemetry-helm-charts 42 | version: 0.115.0 43 | condition: opentelemetry-collector.enabled 44 | -------------------------------------------------------------------------------- /charts/galoy-deps/templates/NOTES.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/blinkbitcoin/charts/e238b56753553b4a9cf7eee8293ce13fd24b37c1/charts/galoy-deps/templates/NOTES.txt -------------------------------------------------------------------------------- /charts/galoy-deps/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "galoy-deps.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "galoy-deps.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "galoy-deps.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "galoy-deps.labels" -}} 37 | helm.sh/chart: {{ include "galoy-deps.chart" . }} 38 | {{ include "galoy-deps.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "galoy-deps.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "galoy-deps.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "galoy-deps.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "galoy-deps.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/galoy-deps/templates/kafka-cluster.yaml: -------------------------------------------------------------------------------- 1 | {{- if (index .Values "strimzi-kafka-operator").enabled -}} 2 | apiVersion: kafka.strimzi.io/v1beta2 3 | kind: Kafka 4 | metadata: 5 | name: kafka 6 | spec: 7 | kafka: 8 | version: 3.6.0 9 | replicas: 3 10 | listeners: 11 | - name: plain 12 | port: 9092 13 | type: {{ index .Values "strimzi-kafka-operator" "kafka" "listener" "type" }} 14 | tls: false 15 | config: 16 | # https://github.com/strimzi/strimzi-kafka-operator/blob/main/documentation/api/io.strimzi.api.kafka.model.KafkaClusterSpec.adoc 17 | # https://github.com/strimzi/strimzi-kafka-operator/blob/main/documentation/modules/managing/con-broker-config-properties.adoc 18 | auto.create.topics.enable: false 19 | offsets.topic.replication.factor: 3 20 | transaction.state.log.replication.factor: 3 21 | transaction.state.log.min.isr: 1 22 | default.replication.factor: 3 23 | min.insync.replicas: 2 24 | log.retention.hours: 72 # 3 days 25 | log.segment.bytes: 100000000 # 100 MB 26 | log.retention.check.interval.ms: 300000 # 5 minutes 27 | storage: 28 | type: ephemeral 29 | resources: 30 | {{ toYaml (index .Values "strimzi-kafka-operator" "kafka" "resources") | nindent 6 }} 31 | zookeeper: 32 | replicas: 3 33 | storage: 34 | type: ephemeral 35 | resources: 36 | {{ toYaml (index .Values "strimzi-kafka-operator" "zookeeper" "resources") | nindent 6 }} 37 | entityOperator: 38 | userOperator: {} 39 | {{- end -}} 40 | -------------------------------------------------------------------------------- /charts/galoy-pay/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/galoy-pay/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: galoy-nostr 3 | repository: "" 4 | version: x.x.x 5 | digest: sha256:c54c9ef1570fa82b0a3a6e2a1eafcbb607aae27f9bbaff1d94edc45a2f8144b5 6 | generated: "2023-02-17T17:04:16.247458642+05:30" 7 | -------------------------------------------------------------------------------- /charts/galoy-pay/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: galoy-pay 3 | description: A Helm chart for the admin panel addon to Galoy 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.11.48-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.6.23 21 | dependencies: 22 | - name: galoy-nostr 23 | condition: galoy-nostr.enabled 24 | version: x.x.x 25 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 17.7.2 5 | digest: sha256:6872b4d757b2373f49af488dc6670da3d76f7600e28327b203d66733940b1fc4 6 | generated: "2023-02-17T17:04:35.37136005+05:30" 7 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: galoy-nostr 3 | description: A Helm chart for the galoy-nostr addon to galoy-pay 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 0.1.0 24 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "galoyNostr.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "galoyNostr.fullname" . }} 5 | labels: 6 | app: {{ template "galoyNostr.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | selector: 11 | matchLabels: 12 | app: {{ template "galoyNostr.fullname" . }} 13 | release: {{ .Release.Name }} 14 | replicas: 1 15 | template: 16 | metadata: 17 | labels: 18 | app: {{ template "galoyNostr.fullname" . }} 19 | release: "{{ .Release.Name }}" 20 | {{- with .Values.labels }} 21 | {{ toYaml . | trim | indent 8 }} 22 | {{- end }} 23 | spec: 24 | containers: 25 | - name: galoy-nostr 26 | image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" 27 | ports: 28 | - containerPort: 3000 29 | env: 30 | - name: NOSTR_PRIVATE_KEY 31 | valueFrom: 32 | secretKeyRef: 33 | name: {{ .Values.nostr.existingSecret }} 34 | key: key 35 | - name: LND1_DNS 36 | value: "{{ .Values.lnd1.dns }}" 37 | - name: LND1_MACAROON 38 | valueFrom: 39 | secretKeyRef: 40 | name: lnd-credentials 41 | key: readonly_macaroon_base64 42 | - name: LND1_TLS 43 | valueFrom: 44 | secretKeyRef: 45 | name: lnd-credentials 46 | key: tls_base64 47 | 48 | - name: REDIS_MASTER_NAME 49 | value: "mymaster" 50 | - name: REDIS_PASSWORD 51 | valueFrom: 52 | secretKeyRef: 53 | name: galoy-redis-pw 54 | key: "redis-password" 55 | - name: REDIS_0_DNS 56 | value: {{.Values.redis.redis0Dns}} 57 | - name: REDIS_1_DNS 58 | value: {{.Values.redis.redis1Dns}} 59 | - name: REDIS_2_DNS 60 | value: {{.Values.redis.redis2Dns}} 61 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create -}} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ .Values.redis.auth.existingSecret }} 6 | labels: 7 | app: {{ template "galoyNostr.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | {{ .Values.redis.auth.existingSecretPasswordKey }}: {{ .Values.secrets.redisPassword | toString | b64enc }} 13 | 14 | --- 15 | 16 | apiVersion: v1 17 | kind: Secret 18 | metadata: 19 | name: {{ .Values.nostr.existingSecret }} 20 | labels: 21 | app: {{ template "galoyNostr.fullname" . }} 22 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 23 | release: "{{ .Release.Name }}" 24 | type: Opaque 25 | data: 26 | key: {{ .Values.secrets.nostrPrivateKey | toString | b64enc }} 27 | 28 | {{- end }} 29 | -------------------------------------------------------------------------------- /charts/galoy-pay/charts/galoy-nostr/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: krtk6160/galoy-nostr 3 | digest: "sha256:cc82a694f81870c0becdc1b243ea9d4fca8b4ce497e70f4733d7b0539b462f19" 4 | git_ref: "01c8066" # Not used by helm 5 | ingress: 6 | enabled: false 7 | lnd1: 8 | dns: "lnd1.galoy-dev-bitcoin.svc.cluster.local" 9 | redis: 10 | ## Redis replica config params 11 | redis0Dns: "galoy-redis-node-0.galoy-redis-headless" 12 | redis1Dns: "galoy-redis-node-1.galoy-redis-headless" 13 | redis2Dns: "galoy-redis-node-2.galoy-redis-headless" 14 | auth: 15 | existingSecret: galoy-redis-pw 16 | existingSecretPasswordKey: redis-password 17 | nostr: 18 | existingSecret: galoy-nostr-private-key 19 | secrets: 20 | create: false 21 | redisPassword: password 22 | nostrPrivateKey: private-key 23 | -------------------------------------------------------------------------------- /charts/galoy-pay/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "galoyPay.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/galoy-pay/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "galoyPay.fullname" . }} 6 | labels: 7 | app: {{ include "galoyPay.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | annotations: 11 | cert-manager.io/cluster-issuer: letsencrypt-issuer 12 | nginx.ingress.kubernetes.io/enable-cors: "true" 13 | spec: 14 | ingressClassName: nginx 15 | rules: 16 | {{- if .Values.ingress.rulesOverride }} 17 | {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} 18 | {{- else }} 19 | {{- range .Values.ingress.hosts }} 20 | - host: {{ . }} 21 | http: 22 | paths: 23 | - pathType: Prefix 24 | path: "/" 25 | backend: 26 | service: 27 | name: {{ include "galoyPay.fullname" $ }} 28 | port: 29 | number: {{ $.Values.service.port }} 30 | {{- end -}} 31 | {{- end }} 32 | tls: 33 | {{- range .Values.ingress.hosts }} 34 | - hosts: 35 | - {{ . }} 36 | secretName: {{ printf "%s-tls" . }} 37 | {{- end }} 38 | {{- if .Values.ingress.extraTls }} 39 | {{- toYaml .Values.ingress.extraTls | nindent 4 }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/galoy-pay/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "galoyPay.fullname" . }} 6 | labels: 7 | app: {{ template "galoyPay.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | next-auth-secret: {{ .Values.secrets.nextAuthSecret }} 13 | client-secret: {{ .Values.secrets.clientSecret }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /charts/galoy-pay/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "galoyPay.fullname" . }} 5 | labels: 6 | app: {{ template "galoyPay.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: 3000 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "galoyPay.fullname" . }} 18 | -------------------------------------------------------------------------------- /charts/galoy-pay/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: us.gcr.io/galoy-org/galoy-pay 3 | digest: "sha256:606c74a9da5925f62d961075bd2b5a140d1b45616dc7b42554f37ab718f85233" # METADATA:: repository=https://github.com/blinkbitcoin/blink;commit_ref=41666a5;app=pay;monorepo_subdir=apps/pay; 4 | ingress: 5 | enabled: false 6 | service: 7 | port: 80 8 | type: ClusterIP 9 | payUrl: https://pay.domain.com 10 | payDomain: domain.com 11 | coreGqlUrlIntranet: http://service-name.namespace.svc.cluster.local 12 | nostrPubkey: "pubkey" 13 | clientId: "dummyValue" 14 | hydraPublicUrl: "http://galoy-hydra-public.galoy-dev-galoy.svc.cluster.local:4444" 15 | nextAuthUrl: "https://pay.domain.com" 16 | otelExporterOtlpEndpoint: http://localhost:4318 17 | tracingServiceName: "pay" 18 | secrets: 19 | create: true 20 | nextAuthSecret: "dummy" 21 | clientSecret: "dummy" 22 | galoy-nostr: 23 | enabled: true 24 | fullnameOverride: galoy-nostr 25 | image: 26 | repository: us.gcr.io/galoy-org/blink-nostr 27 | digest: "sha256:f2b642e234fdb5ebe2d4492aab370c12e6088291e82ac425ce77fa9489afbc15" 28 | redis: 29 | redis0Dns: "galoy-redis-node-0.galoy-redis-headless" 30 | redis1Dns: "galoy-redis-node-1.galoy-redis-headless" 31 | redis2Dns: "galoy-redis-node-2.galoy-redis-headless" 32 | auth: 33 | existingSecret: galoy-redis-pw 34 | existingSecretPasswordKey: redis-password 35 | resources: {} 36 | -------------------------------------------------------------------------------- /charts/galoy/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: redis 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 20.11.3 5 | - name: mongodb 6 | repository: https://charts.bitnami.com/bitnami 7 | version: 15.6.26 8 | - name: postgresql 9 | repository: https://charts.bitnami.com/bitnami 10 | version: 16.4.16 11 | - name: oathkeeper 12 | repository: https://k8s.ory.sh/helm/charts 13 | version: 0.39.1 14 | - name: kratos 15 | repository: https://k8s.ory.sh/helm/charts 16 | version: 0.39.1 17 | - name: hydra 18 | repository: https://k8s.ory.sh/helm/charts 19 | version: 0.47.0 20 | - name: router 21 | repository: oci://ghcr.io/apollographql/helm-charts 22 | version: 1.25.0 23 | digest: sha256:cf00de4a1b9dd265c94ce1776ec621d5817897ea84d568d348830a679f26dcd6 24 | generated: "2025-03-10T11:18:54.256664605Z" 25 | -------------------------------------------------------------------------------- /charts/galoy/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: galoy 3 | description: A Helm chart for galoy servers 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # Application charts are a collection of templates that can be packaged into versioned archives 6 | # to be deployed. 7 | # 8 | # Library charts provide useful utilities or functions for the chart developer. They're included as 9 | # a dependency of application charts to inject those utilities and functions into the rendering 10 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 11 | type: application 12 | # This is the chart version. This version number should be incremented each time you make changes 13 | # to the chart and its templates, including the app version. 14 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 15 | version: 0.34.7-dev 16 | # This is the version number of the application being deployed. This version number should be 17 | # incremented each time you make changes to the application. Versions are not expected to 18 | # follow Semantic Versioning. They should reflect the version the application is using. 19 | appVersion: 0.21.47 20 | dependencies: 21 | - name: redis 22 | repository: https://charts.bitnami.com/bitnami 23 | version: 20.11.3 24 | - name: mongodb 25 | repository: https://charts.bitnami.com/bitnami 26 | version: 15.6.26 27 | - name: postgresql 28 | repository: https://charts.bitnami.com/bitnami 29 | version: 16.4.16 30 | condition: postgresql.enabled 31 | - name: oathkeeper 32 | repository: https://k8s.ory.sh/helm/charts 33 | version: 0.39.1 34 | - name: kratos 35 | repository: https://k8s.ory.sh/helm/charts 36 | version: 0.39.1 37 | - name: hydra 38 | repository: https://k8s.ory.sh/helm/charts 39 | version: 0.47.0 40 | condition: hydra.enabled 41 | - name: router 42 | repository: oci://ghcr.io/apollographql/helm-charts 43 | version: 1.25.0 44 | -------------------------------------------------------------------------------- /charts/galoy/apollo-router/api-keys-schema.graphql: -------------------------------------------------------------------------------- 1 | type ApiKey { 2 | id: ID! 3 | name: String! 4 | createdAt: Timestamp! 5 | revoked: Boolean! 6 | expired: Boolean! 7 | lastUsedAt: Timestamp 8 | expiresAt: Timestamp 9 | readOnly: Boolean! 10 | scopes: [Scope!]! 11 | } 12 | 13 | input ApiKeyCreateInput { 14 | name: String! 15 | expireInDays: Int 16 | scopes: [Scope!]! = [READ, WRITE] 17 | } 18 | 19 | type ApiKeyCreatePayload { 20 | apiKey: ApiKey! 21 | apiKeySecret: String! 22 | } 23 | 24 | input ApiKeyRevokeInput { 25 | id: ID! 26 | } 27 | 28 | type ApiKeyRevokePayload { 29 | apiKey: ApiKey! 30 | } 31 | 32 | 33 | 34 | 35 | 36 | type Mutation { 37 | apiKeyCreate(input: ApiKeyCreateInput!): ApiKeyCreatePayload! 38 | apiKeyRevoke(input: ApiKeyRevokeInput!): ApiKeyRevokePayload! 39 | } 40 | 41 | 42 | enum Scope { 43 | READ 44 | WRITE 45 | RECEIVE 46 | } 47 | 48 | 49 | scalar Timestamp 50 | 51 | extend type User @key(fields: "id") { 52 | id: ID! @external 53 | apiKeys: [ApiKey!]! 54 | } 55 | 56 | directive @include(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT 57 | directive @skip(if: Boolean!) on FIELD | FRAGMENT_SPREAD | INLINE_FRAGMENT 58 | extend schema @link( 59 | url: "https://specs.apollo.dev/federation/v2.3", 60 | import: ["@key", "@tag", "@shareable", "@inaccessible", "@override", "@external", "@provides", "@requires", "@composeDirective", "@interfaceObject"] 61 | ) 62 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: price 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: 0.1.0 25 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | export REALTIME_POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name=price-realtime,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 2 | export HISTORY_POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name=price-history,app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 3 | export REALTIME_CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $REALTIME_POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 4 | export HISTORY_CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $HISTORY_POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 5 | echo "Realtime price server rpc url: http://127.0.0.1:50051" 6 | echo "History price server rpc url: http://127.0.0.1:50052" 7 | kubectl --namespace {{ .Release.Namespace }} port-forward $REALTIME_POD_NAME 50051:$REALTIME_CONTAINER_PORT 8 | kubectl --namespace {{ .Release.Namespace }} port-forward $HISTORY_POD_NAME 50052:$HISTORY_CONTAINER_PORT 9 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/history-config-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "price.history.fullname" . }}-config 5 | labels: 6 | {{- include "price.history.labels" . | nindent 4 }} 7 | stringData: 8 | custom.yaml: |- 9 | {{- toYaml .Values.history.valuesOverride | nindent 4 }} 10 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/history-migration-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ include "price.history.fullname" . }}-postgres-migrate-{{ .Release.Revision }} 5 | spec: 6 | backoffLimit: 3 7 | template: 8 | spec: 9 | containers: 10 | - name: migrate 11 | image: "{{ .Values.history.migrateImage.repository }}@{{ .Values.history.migrateImage.digest }}" 12 | resources: 13 | {{ toYaml .Values.history.migrationJob.resources | nindent 10 }} 14 | env: 15 | - name: DB_HOST 16 | value: {{ .Values.history.postgresqlHost }} 17 | - name: DB_PWD 18 | valueFrom: 19 | secretKeyRef: 20 | name: {{ include "price.history.fullname" . }}-postgres-creds 21 | key: password 22 | - name: DB_USER 23 | valueFrom: 24 | secretKeyRef: 25 | name: {{ include "price.history.fullname" . }}-postgres-creds 26 | key: username 27 | - name: DB_DB 28 | valueFrom: 29 | secretKeyRef: 30 | name: {{ include "price.history.fullname" . }}-postgres-creds 31 | key: database 32 | restartPolicy: Never 33 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/history-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "price.history.fullname" . }} 5 | labels: 6 | {{- include "price.history.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.history.service.type }} 9 | ports: 10 | - port: {{ .Values.history.service.grpc }} 11 | targetPort: grpc 12 | protocol: TCP 13 | name: grpc 14 | - port: {{ .Values.history.service.prometheus }} 15 | targetPort: prometheus 16 | protocol: TCP 17 | name: prometheus 18 | selector: 19 | {{- include "price.history.selectorLabels" . | nindent 4 }} 20 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/realtime-config-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "price.realtime.fullname" . }}-config 5 | labels: 6 | {{- include "price.realtime.labels" . | nindent 4 }} 7 | stringData: 8 | custom.yaml: |- 9 | {{- toYaml .Values.realtime.config | nindent 4 }} 10 | -------------------------------------------------------------------------------- /charts/galoy/charts/price/templates/realtime-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "price.realtime.fullname" . }} 5 | labels: 6 | {{- include "price.realtime.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.realtime.service.type }} 9 | ports: 10 | - port: {{ .Values.realtime.service.grpc }} 11 | targetPort: grpc 12 | protocol: TCP 13 | name: grpc 14 | - port: {{ .Values.realtime.service.prometheus }} 15 | targetPort: prometheus 16 | protocol: TCP 17 | name: prometheus 18 | selector: 19 | {{- include "price.realtime.selectorLabels" . | nindent 4 }} 20 | -------------------------------------------------------------------------------- /charts/galoy/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing Galoy Backend. 2 | Your installation is successful! 🥳 3 | 4 | {{ if .Values.secrets.create }} 5 | All secrets that have been provisined are the defaults, 6 | which runs a risk of being vulnerable to attacks. This option 7 | must be disabled in production and secrets must be created via 8 | Terraform which does a better job at handling secrets. 9 | 10 | For information about how this works, look at the dev environment here: 11 | https://github.com/GaloyMoney/charts/tree/main/dev/galoy 12 | {{ end }} 13 | -------------------------------------------------------------------------------- /charts/galoy/templates/admin-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | 4 | metadata: 5 | name: {{ template "galoy.admin.fullname" . }} 6 | labels: 7 | app: {{ template "galoy.admin.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | 12 | spec: 13 | type: {{ .Values.galoy.admin.serviceType }} 14 | ports: 15 | - port: {{ .Values.galoy.admin.port }} 16 | targetPort: {{ .Values.galoy.admin.port }} 17 | protocol: TCP 18 | name: http 19 | selector: 20 | app: {{ template "galoy.api.fullname" . }} 21 | -------------------------------------------------------------------------------- /charts/galoy/templates/api-keys-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "galoy.apiKeys.fullname" . }} 5 | data: 6 | api-keys.yml: |- 7 | app: 8 | key_prefix: {{ .Values.galoy.apiKeys.config.keyPrefix }} 9 | default_expiry_days: 90 10 | db: 11 | pool_size: 20 12 | server: 13 | port: {{ .Values.galoy.apiKeys.port }} 14 | jwks_url: "http://galoy-oathkeeper-api:4456/.well-known/jwks.json" 15 | api_key_auth_header: "X-API-KEY" 16 | tracing: 17 | endpoint: {{ .Values.tracing.otelExporterOtlpEndpoint }} 18 | service_name: "{{ .Values.tracing.prefix }}-{{ template "galoy.apiKeys.fullname" . }}" 19 | -------------------------------------------------------------------------------- /charts/galoy/templates/api-keys-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "galoy.apiKeys.fullname" . }} 5 | labels: 6 | app: {{ template "galoy.apiKeys.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | spec: 11 | type: {{ .Values.galoy.apiKeys.serviceType }} 12 | ports: 13 | - port: {{ .Values.galoy.apiKeys.port }} 14 | targetPort: {{ .Values.galoy.apiKeys.port }} 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: {{ template "galoy.apiKeys.fullname" . }} 19 | -------------------------------------------------------------------------------- /charts/galoy/templates/api-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | 4 | metadata: 5 | name: {{ template "galoy.api.fullname" . }} 6 | labels: 7 | app: {{ template "galoy.api.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | 12 | spec: 13 | type: {{ .Values.galoy.api.serviceType }} 14 | ports: 15 | - port: {{ .Values.galoy.api.port }} 16 | targetPort: {{ .Values.galoy.api.port }} 17 | protocol: TCP 18 | name: http 19 | selector: 20 | app: {{ template "galoy.api.fullname" . }} 21 | -------------------------------------------------------------------------------- /charts/galoy/templates/consent-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "galoy.consent.fullname" . }} 5 | labels: 6 | app: {{ template "galoy.consent.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | 11 | kube-monkey/enabled: enabled 12 | kube-monkey/identifier: {{ template "galoy.consent.fullname" . }} 13 | kube-monkey/kill-mode: fixed 14 | kube-monkey/kill-value: "1" 15 | kube-monkey/mtbf: "3" 16 | spec: 17 | selector: 18 | matchLabels: 19 | app: {{ template "galoy.consent.fullname" . }} 20 | release: {{ .Release.Name }} 21 | replicas: {{ .Values.galoy.consent.replicas }} 22 | template: 23 | metadata: 24 | labels: 25 | app: {{ template "galoy.consent.fullname" . }} 26 | release: "{{ .Release.Name }}" 27 | kube-monkey/enabled: enabled 28 | kube-monkey/identifier: {{ template "galoy.consent.fullname" . }} 29 | spec: 30 | serviceAccountName: {{ template "galoy.name" . }} 31 | containers: 32 | - name: consent 33 | image: "{{ .Values.galoy.images.consent.repository }}@{{ .Values.galoy.images.consent.digest }}" 34 | resources: 35 | {{- toYaml .Values.resources | nindent 10 }} 36 | ports: 37 | - name: http 38 | containerPort: {{ .Values.galoy.consent.port }} 39 | protocol: TCP 40 | env: 41 | - name: PORT 42 | value: "{{ .Values.galoy.consent.containerPort }}" 43 | - name: GRAPHQL_ENDPOINT 44 | value: {{ .Values.galoy.consent.graphqlPublicApi }} 45 | - name: CORE_AUTH_URL 46 | value: {{ .Values.galoy.consent.coreAuthUrl }} 47 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 48 | value: {{ .Values.tracing.otelExporterOtlpEndpoint }} 49 | - name: TRACING_SERVICE_NAME 50 | value: "{{ .Values.tracing.prefix }}-{{ template "galoy.consent.fullname" . }}" 51 | - name: HYDRA_ADMIN_URL 52 | value: {{ .Values.galoy.consent.hydraAdminUrl }} 53 | -------------------------------------------------------------------------------- /charts/galoy/templates/consent-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.galoy.consent.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "galoy.consent.fullname" . }} 6 | labels: 7 | app: {{ template "galoy.consent.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | annotations: 12 | cert-manager.io/cluster-issuer: {{ .Values.galoy.consent.ingress.clusterIssuer }} 13 | {{- with .Values.galoy.consent.ingress.annotations }} 14 | {{- toYaml . | nindent 4 }} 15 | {{- end }} 16 | spec: 17 | ingressClassName: nginx 18 | tls: 19 | {{- range .Values.galoy.consent.ingress.hosts }} 20 | - hosts: 21 | - {{ . }} 22 | secretName: {{ printf "%s-tls" . }} 23 | {{- end }} 24 | rules: 25 | {{- range .Values.galoy.consent.ingress.hosts }} 26 | - host: {{ . }} 27 | http: 28 | paths: 29 | {{- if $.Values.galoy.consent.ingress.extraPaths }} 30 | {{- toYaml $.Values.galoy.consent.ingress.extraPaths | nindent 10 }} 31 | {{- end }} 32 | - pathType: ImplementationSpecific 33 | path: / 34 | backend: 35 | service: 36 | name: {{ template "galoy.consent.fullname" $ }} 37 | port: 38 | number: {{ $.Values.galoy.consent.port }} 39 | {{- end -}} 40 | {{- end -}} 41 | -------------------------------------------------------------------------------- /charts/galoy/templates/consent-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "galoy.consent.fullname" . }} 5 | labels: 6 | app: {{ template "galoy.consent.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | spec: 11 | type: {{ .Values.galoy.consent.serviceType }} 12 | ports: 13 | - port: {{ .Values.galoy.consent.port }} 14 | targetPort: {{ .Values.galoy.consent.containerPort }} 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: {{ template "galoy.consent.fullname" . }} 19 | -------------------------------------------------------------------------------- /charts/galoy/templates/galoy-custom-config-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | 4 | metadata: 5 | name: {{ template "galoy.config.name" . }} 6 | labels: 7 | app: {{ template "galoy.name" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | 12 | stringData: 13 | custom.yaml: |- 14 | {{- toYaml .Values.galoy.config | nindent 4 }} 15 | -------------------------------------------------------------------------------- /charts/galoy/templates/galoy-migration-job.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch/v1 2 | kind: Job 3 | metadata: 4 | name: {{ template "galoy.migration.jobname" . }} 5 | labels: 6 | app: {{ template "galoy.migration.jobname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | spec: 11 | backoffLimit: 1 12 | template: 13 | spec: 14 | {{ if or .Values.galoy.trigger.backups.gcs.enabled .Values.galoy.trigger.backups.s3.enabled }} 15 | serviceAccountName: {{ template "galoy.name" . }} 16 | initContainers: 17 | - name: trigger-mongodb-backup 18 | image: "groundnuty/k8s-wait-for:v2.0" 19 | command: 20 | - "/bin/sh" 21 | - "-c" 22 | - | 23 | job_name="{{ template "galoy.preMigration.jobname" . }}" 24 | echo "Executing ${job_name}" 25 | kubectl delete job "${job_name}" || true 26 | kubectl create job --from=cronjob/{{ template "galoy.mongoBackupCron.jobname" . }} "${job_name}" 27 | sleep 1 28 | wait_for.sh job "${job_name}" 29 | sleep 1 30 | status="$(kubectl get job ${job_name} -o jsonpath='{.status.succeeded}')" 31 | if [[ "${status}" != "1" ]]; then 32 | echo "Backup failed!" 33 | exit 1 34 | else 35 | echo "Backup succeeded!" 36 | fi 37 | kubectl delete job "${job_name}" 38 | {{ end }} 39 | containers: 40 | - name: mongodb-migrate 41 | image: "{{ .Values.galoy.images.mongodbMigrate.repository }}@{{ .Values.galoy.images.mongodbMigrate.digest }}" 42 | resources: 43 | {{ toYaml .Values.galoy.mongoMigrationJob.resources | nindent 10 }} 44 | env: 45 | {{ include "galoy.mongodb.env" . | indent 8 }} 46 | restartPolicy: Never 47 | -------------------------------------------------------------------------------- /charts/galoy/templates/galoy-role.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: Role 3 | metadata: 4 | name: {{ template "galoy.name" . }} 5 | labels: 6 | app: {{ template "galoy.name" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | rules: 10 | - apiGroups: ["batch"] 11 | resources: ["cronjobs"] 12 | verbs: ["get"] 13 | - apiGroups: ["batch"] 14 | resources: ["jobs"] 15 | verbs: ["create", "delete", "get", "list"] 16 | -------------------------------------------------------------------------------- /charts/galoy/templates/galoy-rolebinding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: {{ template "galoy.name" . }} 5 | roleRef: 6 | kind: Role 7 | name: {{ template "galoy.name" . }} 8 | apiGroup: rbac.authorization.k8s.io 9 | subjects: 10 | - kind: ServiceAccount 11 | name: {{ template "galoy.name" . }} 12 | namespace: {{ .Release.Namespace }} 13 | -------------------------------------------------------------------------------- /charts/galoy/templates/galoy-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ template "galoy.name" . }} 5 | labels: 6 | app: {{ template "galoy.name" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | -------------------------------------------------------------------------------- /charts/galoy/templates/mongo-backup-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | 4 | metadata: 5 | name: mongo-backup-configmap 6 | labels: 7 | app: {{ template "galoy.mongoBackupCron.jobname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | 12 | data: 13 | backup.sh: | 14 | {{ if or .Values.galoy.trigger.backups.gcs.enabled .Values.galoy.trigger.backups.s3.enabled }} 15 | echo "Backup script starts" 16 | set -e 17 | LOG_TIME=$(date +%s) 18 | BACKUP_NAME="$NETWORK-$LOG_TIME.gz" 19 | echo "Backing up mongodb" 20 | mongodump --host=$MONGODB_ADDRESS --port=$MONGODB_PORT --username=$MONGODB_USER --password=$MONGODB_PASSWORD --gzip --archive=$BACKUP_NAME -d=$MONGODB_DB --readPreference=secondary --numParallelCollections=4 21 | 22 | {{ if .Values.galoy.trigger.backups.s3.enabled }} 23 | export S3_BUCKET="{{ .Values.galoy.trigger.backups.s3.bucketName }}" 24 | echo "Uploading backup $BACKUP_NAME to s3" 25 | aws s3 cp $BACKUP_NAME s3://$S3_BUCKET/mongodb/$BACKUP_NAME 26 | {{ end }} 27 | 28 | {{ if .Values.galoy.trigger.backups.gcs.enabled }} 29 | export GCS_BUCKET="{{ .Values.galoy.trigger.backups.gcs.bucketName }}" 30 | echo "Activating service account" 31 | gcloud auth activate-service-account --key-file=$GOOGLE_APPLICATION_CREDENTIALS 32 | echo "Uploading backup $BACKUP_NAME to gcs" 33 | gsutil -m cp $BACKUP_NAME gs://$GCS_BUCKET/mongodb/$BACKUP_NAME 2>&1 34 | echo "Uploaded backup successfully" 35 | {{ end }} 36 | 37 | {{ else }} 38 | echo "Warning: Automatic MongoDB backups are disabled" 39 | exit 0 40 | {{ end }} 41 | -------------------------------------------------------------------------------- /charts/galoy/templates/notifications-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "galoy.notifications.fullname" . }} 5 | data: 6 | notifications.yml: |- 7 | db: 8 | pool_size: {{ .Values.galoy.notifications.config.db.poolSize }} 9 | subgraph_server: 10 | port: {{ .Values.galoy.notifications.graphqlPort }} 11 | jwks_url: "http://galoy-oathkeeper-api:4456/.well-known/jwks.json" 12 | grpc_server: 13 | port: {{ .Values.galoy.notifications.grpcPort }} 14 | kratos_import: 15 | execute_import: {{ .Values.galoy.notifications.config.importFromKratos }} 16 | tracing: 17 | endpoint: {{ .Values.tracing.otelExporterOtlpEndpoint }} 18 | service_name: "{{ .Values.tracing.prefix }}-{{ template "galoy.notifications.fullname" . }}" 19 | app: 20 | push_executor: 21 | fcm: 22 | google_application_credentials_path: "/tmp/firebase-service-account/service-account.json" 23 | email_executor: 24 | enabled: {{ .Values.galoy.notifications.config.smtp.enabled }} 25 | smtp: 26 | username: {{ .Values.galoy.notifications.config.smtp.username }} 27 | from_email: {{ .Values.galoy.notifications.config.smtp.fromEmail }} 28 | from_name: {{ .Values.galoy.notifications.config.smtp.fromName }} 29 | relay: {{ .Values.galoy.notifications.config.smtp.relayHost }} 30 | port: {{ .Values.galoy.notifications.config.smtp.relayPort }} 31 | jobs: 32 | enabled: false 33 | link_email_reminder: 34 | account_liveness_threshold_minutes: {{ .Values.galoy.notifications.config.linkEmailReminder.accountLivenessThresholdMinutes }} 35 | account_age_threshold_minutes: {{ .Values.galoy.notifications.config.linkEmailReminder.accountAgeThresholdMinutes }} 36 | notification_cool_off_threshold_minutes: {{ .Values.galoy.notifications.config.linkEmailReminder.notificationCoolOffThresholdMinutes }} 37 | -------------------------------------------------------------------------------- /charts/galoy/templates/notifications-jobs-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "galoy.notifications.fullname" . }}-jobs 5 | data: 6 | notifications.yml: |- 7 | db: 8 | pool_size: {{ .Values.galoy.notifications.config.db.poolSize }} 9 | tracing: 10 | endpoint: {{ .Values.tracing.otelExporterOtlpEndpoint }} 11 | service_name: "{{ .Values.tracing.prefix }}-{{ template "galoy.notifications.fullname" . }}-jobs" 12 | app: 13 | push_executor: 14 | fcm: 15 | google_application_credentials_path: "/tmp/firebase-service-account/service-account.json" 16 | email_executor: 17 | enabled: {{ .Values.galoy.notifications.config.smtp.enabled }} 18 | smtp: 19 | username: {{ .Values.galoy.notifications.config.smtp.username }} 20 | from_email: {{ .Values.galoy.notifications.config.smtp.fromEmail }} 21 | from_name: {{ .Values.galoy.notifications.config.smtp.fromName }} 22 | relay: {{ .Values.galoy.notifications.config.smtp.relayHost }} 23 | port: {{ .Values.galoy.notifications.config.smtp.relayPort }} 24 | jobs: 25 | enabled: true 26 | kickoff_link_email_reminder_delay: {{ .Values.galoy.notifications.config.jobs.kickoffLinkEmailReminderDelay }} 27 | -------------------------------------------------------------------------------- /charts/galoy/templates/notifications-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "galoy.notifications.fullname" . }} 5 | labels: 6 | app: {{ template "galoy.notifications.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | spec: 11 | type: {{ .Values.galoy.notifications.serviceType }} 12 | ports: 13 | - port: {{ .Values.galoy.notifications.graphqlPort }} 14 | targetPort: {{ .Values.galoy.notifications.graphqlPort }} 15 | protocol: TCP 16 | name: graphql 17 | - port: {{ .Values.galoy.notifications.grpcPort }} 18 | targetPort: {{ .Values.galoy.notifications.grpcPort }} 19 | protocol: TCP 20 | name: grpc 21 | selector: 22 | app: {{ template "galoy.notifications.fullname" . }} 23 | -------------------------------------------------------------------------------- /charts/galoy/templates/required-checks.yaml: -------------------------------------------------------------------------------- 1 | {{ if or (not (eq (len .Values.mongodb.auth.databases) 1)) (not (eq (len .Values.mongodb.auth.usernames) 1)) }} 2 | {{- required "There should be only one username/database for Galoy" "" -}} 3 | {{ end }} 4 | -------------------------------------------------------------------------------- /charts/galoy/templates/router-supergraph-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ template "galoy.name" . }}-supergraph 5 | labels: 6 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 7 | release: "{{ .Release.Name }}" 8 | app.kubernetes.io/managed-by: Helm 9 | data: 10 | supergraph-schema.graphql: |- 11 | {{ .Files.Get .Values.router.supergraphFilePath | indent 4 }} 12 | -------------------------------------------------------------------------------- /charts/galoy/templates/trigger-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | 4 | metadata: 5 | name: {{ template "galoy.trigger.fullname" . }} 6 | labels: 7 | app: {{ template "galoy.trigger.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | 12 | spec: 13 | type: {{ .Values.galoy.trigger.serviceType }} 14 | ports: 15 | - port: {{ .Values.galoy.trigger.port }} 16 | targetPort: {{ .Values.galoy.trigger.port }} 17 | protocol: TCP 18 | name: http 19 | selector: 20 | app: {{ template "galoy.trigger.fullname" . }} 21 | -------------------------------------------------------------------------------- /charts/galoy/templates/websocket-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.galoy.websocket.ingress.enabled -}} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ template "galoy.websocket.fullname" . }} 6 | labels: 7 | app: {{ template "galoy.websocket.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | app.kubernetes.io/managed-by: Helm 11 | annotations: 12 | cert-manager.io/cluster-issuer: {{ .Values.galoy.websocket.ingress.clusterIssuer }} 13 | nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" # 1 hour 14 | nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" # 1 hour 15 | nginx.ingress.kubernetes.io/proxy-connect-timeout: "5s" 16 | nginx.ingress.kubernetes.io/proxy-next-upstream: "error timeout" 17 | nginx.ingress.kubernetes.io/proxy-next-upstream-tries: "3" 18 | nginx.ingress.kubernetes.io/limit-rpm: "10" 19 | nginx.ingress.kubernetes.io/limit-burst-multiplier: "2" 20 | nginx.ingress.kubernetes.io/limit-connections: "10" 21 | {{- with .Values.galoy.websocket.ingress.annotations }} 22 | {{- toYaml . | nindent 4 }} 23 | {{- end }} 24 | spec: 25 | ingressClassName: nginx 26 | tls: 27 | {{- range .Values.galoy.websocket.ingress.hosts }} 28 | - hosts: 29 | - {{ . }} 30 | secretName: {{ printf "%s-tls" . }} 31 | {{- end }} 32 | rules: 33 | {{- range .Values.galoy.websocket.ingress.hosts }} 34 | - host: {{ . }} 35 | http: 36 | paths: 37 | {{- if $.Values.galoy.websocket.ingress.extraPaths }} 38 | {{- toYaml $.Values.galoy.websocket.ingress.extraPaths | nindent 10 }} 39 | {{- end }} 40 | - pathType: ImplementationSpecific 41 | path: / 42 | backend: 43 | service: 44 | name: {{ template "galoy.websocket.fullname" $ }} 45 | port: 46 | number: {{ $.Values.galoy.websocket.port }} 47 | {{- end -}} 48 | {{- end -}} 49 | -------------------------------------------------------------------------------- /charts/galoy/templates/websocket-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "galoy.websocket.fullname" . }} 5 | labels: 6 | app: {{ template "galoy.websocket.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | app.kubernetes.io/managed-by: Helm 10 | spec: 11 | type: {{ .Values.galoy.websocket.serviceType }} 12 | ports: 13 | - port: {{ .Values.galoy.websocket.port }} 14 | targetPort: {{ .Values.galoy.websocket.port }} 15 | protocol: TCP 16 | name: http 17 | selector: 18 | app: {{ template "galoy.websocket.fullname" . }} 19 | -------------------------------------------------------------------------------- /charts/kafka-connect/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: kafka-connect 3 | description: A Helm chart for Kafka Connect 4 | type: application 5 | version: 0.1.0 6 | appVersion: 3.4.0 7 | -------------------------------------------------------------------------------- /charts/kafka-connect/templates/helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "kafka-connect.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "kafka-connect.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "kafka-connect.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "kafka-connect.labels" -}} 37 | helm.sh/chart: {{ include "kafka-connect.chart" . }} 38 | {{ include "kafka-connect.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "kafka-connect.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ .Chart.Name }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/kafka-connect/templates/kafka-connect.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kafka.strimzi.io/v1beta2 2 | kind: KafkaConnect 3 | metadata: 4 | name: {{ .Values.kafkaConnectInstanceName }} 5 | annotations: 6 | strimzi.io/use-connector-resources: "true" 7 | spec: 8 | version: 3.4.0 9 | image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" 10 | replicas: 1 11 | bootstrapServers: "kafka-kafka-plain-bootstrap:9092" 12 | config: 13 | group.id: connect-cluster 14 | config.providers: file 15 | config.providers.file.class: org.apache.kafka.common.config.provider.FileConfigProvider 16 | offset.storage.topic: connect-cluster-offsets 17 | config.storage.topic: connect-cluster-configs 18 | status.storage.topic: connect-cluster-status 19 | config.storage.replication.factor: -1 20 | offset.storage.replication.factor: -1 21 | status.storage.replication.factor: -1 22 | resources: 23 | {{ toYaml .Values.resources | nindent 6 }} 24 | {{- if .Values.secretMounts }} 25 | externalConfiguration: 26 | volumes: 27 | {{- range .Values.secretMounts }} 28 | - name: {{ . }} 29 | secret: 30 | secretName: {{ . }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /charts/kafka-connect/templates/network-policy-allow-from-smoketest-namespace.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.allowedNamespace }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: NetworkPolicy 4 | metadata: 5 | name: "{{ .Values.kafkaConnectInstanceName }}-connect-allow-from-smoketest-namespace" 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | podSelector: 9 | matchLabels: 10 | strimzi.io/kind: KafkaConnect 11 | strimzi.io/name: {{ .Values.kafkaConnectInstanceName }}-connect 12 | policyTypes: 13 | - Ingress 14 | ingress: 15 | - from: 16 | - namespaceSelector: 17 | matchLabels: 18 | kubernetes.io/metadata.name: {{ .Values.allowedNamespace }} 19 | ports: 20 | - protocol: TCP 21 | port: 8083 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/kafka-connect/values.yaml: -------------------------------------------------------------------------------- 1 | ## The image is built with the Dockerfile in /images/kafka-connect 2 | image: 3 | repository: us.gcr.io/galoy-org/kafka-connect 4 | digest: sha256:bd3ab2452b33b02514f7f02fc250edc9e94f4f3d23c26a48dc6ab8d0c61b6191 5 | git_ref: 45a6987 6 | # Change to allow multiple kafka-connect instances 7 | kafkaConnectInstanceName: kafka 8 | ## The pods from this namespace are allowed to access the Kafka Connect API 9 | allowedNamespace: "" 10 | ## The contents of the secrets are mounted as a file to be used by the Kafka connectors running in the pod 11 | ## mounts to: /opt/kafka/external-configuration// 12 | secretMounts: [] 13 | resources: {} 14 | -------------------------------------------------------------------------------- /charts/lnd/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/lnd/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: lnd 3 | version: 0.10.7-dev 4 | appVersion: 0.18.5 5 | description: LND helm chart 6 | keywords: 7 | - lnd 8 | maintainers: 9 | - name: krtk6160 10 | email: krtk6160@galoy.io 11 | - name: nicolasburtey 12 | email: nb@galoy.io 13 | -------------------------------------------------------------------------------- /charts/lnd/templates/api-service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "lnd.fullname" . }} 5 | labels: 6 | {{- include "lnd.labels" . | nindent 4 }} 7 | {{- with .Values.apiService.annotations }} 8 | annotations: 9 | {{- toYaml . | nindent 4 }} 10 | {{- end }} 11 | spec: 12 | type: {{ .Values.apiService.type }} 13 | {{- if and (eq .Values.apiService.type "LoadBalancer") (.Values.apiService.staticIP) }} 14 | loadBalancerIP: {{ .Values.apiService.staticIP }} 15 | {{- end }} 16 | ports: 17 | - name: rpc 18 | port: {{ .Values.apiService.ports.rpc }} 19 | - name: rest 20 | port: {{ .Values.apiService.ports.rest }} 21 | selector: 22 | {{- include "lnd.selectorLabels" . | nindent 4 }} 23 | -------------------------------------------------------------------------------- /charts/lnd/templates/configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "lnd.fullname" . }} 5 | labels: 6 | {{- include "lnd.labels" . | nindent 4 }} 7 | data: 8 | lnd.conf: |- 9 | {{- if ne .Values.global.network "regtest" }} 10 | wallet-unlock-password-file=/tmp/lnd-pass 11 | wallet-unlock-allow-create=true 12 | {{- end }} 13 | {{- range .Values.lndGeneralConfig }} 14 | {{ . }} 15 | {{- end }} 16 | {{- range .Values.configmap.customValues }} 17 | {{ . }} 18 | {{- end }} 19 | tlsextradomain={{ include "lnd.fullname" . }} 20 | {{- if .Values.apiService.staticIP }} 21 | tlsextraip={{ .Values.apiService.staticIP }} 22 | {{- end}} 23 | {{- if .Values.p2pService.staticIP }} 24 | tlsextraip={{ .Values.p2pService.staticIP }} 25 | externalip={{ .Values.p2pService.staticIP }} 26 | {{- end}} 27 | bitcoin.{{ .Values.global.network }}=true 28 | -------------------------------------------------------------------------------- /charts/lnd/templates/export-secrets-configmap.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ printf "%s-export-secrets" (include "lnd.fullname" .) }} 5 | labels: 6 | {{- include "lnd.labels" . | nindent 4 }} 7 | data: 8 | exportSecrets.sh: | 9 | #!/bin/sh 10 | 11 | PUBKEY=$(lncli -n {{.Values.global.network}} getinfo | jq -r .identity_pubkey) 12 | kubectl create secret generic {{ include "lnd.fullname" . }}-pubkey --from-literal=pubkey=$PUBKEY --dry-run=client -o yaml | kubectl apply -f - 13 | 14 | export TLS=$(base64 /root/.lnd/tls.cert | tr -d '\n\r') 15 | export MACAROON=$(base64 /root/.lnd/data/chain/bitcoin/$NETWORK/admin.macaroon | tr -d '\n\r') 16 | export READONLY_MACAROON=$(base64 /root/.lnd/data/chain/bitcoin/$NETWORK/readonly.macaroon | tr -d '\n\r') 17 | export XPUB=$(lncli -n {{.Values.global.network}} wallet accounts list --name default | jq -c -r '.accounts[] | select(.derivation_path | contains("m/84")) | .extended_public_key') 18 | 19 | mkdir macaroons 20 | cp /root/.lnd/data/chain/bitcoin/$NETWORK/*.macaroon macaroons 21 | 22 | kubectl create secret generic {{ include "lnd.fullname" . }}-credentials \ 23 | --from-literal=tls_base64=$TLS --from-file=/root/.lnd/tls.cert \ 24 | --from-literal=readonly_macaroon_base64=$READONLY_MACAROON \ 25 | --from-literal=xpub=$XPUB \ 26 | --from-literal=admin_macaroon_base64=$MACAROON --from-file=macaroons \ 27 | --dry-run=client -o yaml | kubectl apply -f - 28 | -------------------------------------------------------------------------------- /charts/lnd/templates/lnd-pass-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if ne .Values.global.network "regtest" }} 2 | {{- if .Values.secrets.create }} 3 | apiVersion: v1 4 | kind: Secret 5 | metadata: 6 | name: {{ printf "%s-pass" (include "lnd.fullname" .) }} 7 | labels: 8 | {{- include "lnd.labels" . | nindent 4 }} 9 | data: 10 | password: {{ ( .Values.walletPassword | b64enc ) | default (include "walletPassword" . ) }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/lnd/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ template "lnd.fullname" $ }} 6 | annotations: 7 | "helm.sh/resource-policy": keep 8 | labels: 9 | {{- include "lnd.labels" . | nindent 4 }} 10 | spec: 11 | accessModes: 12 | - {{ .Values.persistence.accessMode | quote }} 13 | resources: 14 | requests: 15 | storage: {{ .Values.persistence.size | quote }} 16 | {{- if .Values.persistence.storageClass }} 17 | {{- if (eq "-" .Values.persistence.storageClass) }} 18 | storageClassName: "" 19 | {{- else }} 20 | storageClassName: "{{ .Values.persistence.storageClass }}" 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/lnd/templates/role.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: {{ include "lnd.fullname" . }} 6 | labels: 7 | {{- include "lnd.labels" . | nindent 4 }} 8 | rules: 9 | - apiGroups: [""] 10 | resources: ["secrets"] 11 | verbs: ["create", "get", "patch", "delete"] 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/lnd/templates/rolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.serviceAccount.create .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: RoleBinding 4 | metadata: 5 | name: {{ include "lnd.fullname" . }} 6 | labels: 7 | {{- include "lnd.labels" . | nindent 4 }} 8 | roleRef: 9 | kind: Role 10 | name: {{ include "lnd.fullname" . }} 11 | apiGroup: rbac.authorization.k8s.io 12 | subjects: 13 | - kind: ServiceAccount 14 | name: {{ include "lnd.serviceAccountName" . }} 15 | namespace: {{ .Release.Namespace }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/lnd/templates/service-p2p.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "lnd.fullname" . }}-p2p 5 | labels: 6 | {{- include "lnd.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.p2pService.type }} 9 | {{- if and (eq .Values.p2pService.type "LoadBalancer") (.Values.p2pService.staticIP) }} 10 | loadBalancerIP: {{ .Values.p2pService.staticIP }} 11 | {{- end }} 12 | ports: 13 | - name: p2p 14 | port: {{ .Values.p2pService.port }} 15 | selector: 16 | {{- include "lnd.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/lnd/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "lnd.serviceAccountName" . }} 6 | labels: 7 | {{- include "lnd.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/map/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/map/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: map 3 | description: A Helm chart for the map addon to Galoy 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.1.0-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.1.0 21 | -------------------------------------------------------------------------------- /charts/map/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "map.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/map/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "map.fullname" . }} 5 | labels: 6 | app: {{ template "map.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | kube-monkey/identifier: {{ template "map.fullname" . }} 10 | kube-monkey/enabled: enabled 11 | kube-monkey/kill-mode: fixed 12 | kube-monkey/kill-value: "1" 13 | kube-monkey/mtbf: "3" 14 | spec: 15 | selector: 16 | matchLabels: 17 | app: {{ template "map.fullname" . }} 18 | release: {{ .Release.Name }} 19 | replicas: 1 20 | template: 21 | metadata: 22 | labels: 23 | app: {{ template "map.fullname" . }} 24 | release: "{{ .Release.Name }}" 25 | kube-monkey/identifier: {{ template "map.fullname" . }} 26 | kube-monkey/enabled: enabled 27 | {{- with .Values.labels }} 28 | {{ toYaml . | trim | indent 8 }} 29 | {{- end }} 30 | spec: 31 | containers: 32 | - name: map 33 | image: "{{ .Values.image.repository }}@{{ .Values.image.digest }}" 34 | ports: 35 | - containerPort: {{ .Values.service.port }} 36 | env: 37 | - name: CORE_URL 38 | value: {{ .Values.map.coreUrl }} 39 | - name: NEXT_PUBLIC_MAP_API_KEY 40 | valueFrom: 41 | secretKeyRef: 42 | name: {{ template "map.fullname" . }} 43 | key: "map-api-key" 44 | - name: OTEL_EXPORTER_OTLP_ENDPOINT 45 | value: {{ .Values.map.otelExporterOtlpEndpoint }} 46 | - name: TRACING_SERVICE_NAME 47 | value: {{ .Values.map.tracingServiceName }} 48 | resources: 49 | {{ toYaml .Values.resources | nindent 10 }} 50 | -------------------------------------------------------------------------------- /charts/map/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "map.fullname" . }} 6 | labels: 7 | app: {{ include "map.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | annotations: 11 | cert-manager.io/cluster-issuer: letsencrypt-issuer 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | {{- if .Values.ingress.rulesOverride }} 16 | {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} 17 | {{- else }} 18 | {{- range .Values.ingress.hosts }} 19 | - host: {{ . }} 20 | http: 21 | paths: 22 | - pathType: Prefix 23 | path: "/" 24 | backend: 25 | service: 26 | name: {{ include "map.fullname" $ }} 27 | port: 28 | number: {{ $.Values.service.port }} 29 | {{- end -}} 30 | {{- end }} 31 | tls: 32 | {{- range .Values.ingress.hosts }} 33 | - hosts: 34 | - {{ . }} 35 | secretName: {{ printf "%s-tls" . }} 36 | {{- end }} 37 | {{- if .Values.ingress.extraTls }} 38 | {{- toYaml .Values.ingress.extraTls | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/map/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "map.fullname" . }} 6 | labels: 7 | app: {{ template "map.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | map-api-key: {{ .Values.secrets.mapApiKey | b64enc | quote }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/map/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "map.fullname" . }} 5 | labels: 6 | app: {{ template "map.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: {{ .Values.service.port }} 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "map.fullname" . }} 18 | -------------------------------------------------------------------------------- /charts/map/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: true 3 | mapApiKey: "" 4 | map: 5 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-dev-galoy.svc.cluster.local:4455/graphql" 6 | otelExporterOtlpEndpoint: http://localhost:4318 7 | tracingServiceName: "map" 8 | image: 9 | repository: us.gcr.io/galoy-org/galoy-map 10 | digest: "sha256:80976b175ca2632884b4959945b16f8b57bae2b754b074bf99857ea7b87e7069" # METADATA:: repository=https://github.com/blinkbitcoin/blink;commit_ref=62cd3f3;app=map;monorepo_subdir=apps/map; 11 | ingress: 12 | enabled: false 13 | service: 14 | port: 3000 15 | type: ClusterIP 16 | resources: {} 17 | -------------------------------------------------------------------------------- /charts/mempool/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/mempool/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mempool 3 | description: Mempool Backend for internal fee estimation 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.1.0 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 1.9.1 21 | -------------------------------------------------------------------------------- /charts/mempool/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "mempool.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "mempool.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "mempool.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "mempool.labels" -}} 37 | helm.sh/chart: {{ include "mempool.chart" . }} 38 | {{ include "mempool.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "mempool.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ .Chart.Name }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | -------------------------------------------------------------------------------- /charts/mempool/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ template "mempool.fullname" . }} 6 | annotations: 7 | "helm.sh/resource-policy": keep 8 | labels: 9 | {{- include "mempool.labels" . | nindent 4 }} 10 | spec: 11 | accessModes: 12 | - {{ .Values.persistence.accessMode | quote }} 13 | resources: 14 | requests: 15 | storage: {{ .Values.persistence.size | quote }} 16 | {{- if .Values.persistence.storageClass }} 17 | {{- if (eq "-" .Values.persistence.storageClass) }} 18 | storageClassName: "" 19 | {{- else }} 20 | storageClassName: "{{ .Values.persistence.storageClass }}" 21 | {{- end }} 22 | {{- end }} 23 | {{- end }} 24 | -------------------------------------------------------------------------------- /charts/mempool/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "mempool.fullname" . }} 5 | labels: 6 | {{- include "mempool.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - name: http 11 | port: {{ .Values.service.ports.http }} 12 | selector: 13 | {{- include "mempool.selectorLabels" . | nindent 4 }} 14 | -------------------------------------------------------------------------------- /charts/mempool/values.yaml: -------------------------------------------------------------------------------- 1 | image: 2 | repository: mempool/backend 3 | pullPolicy: IfNotPresent 4 | tag: v3.0.0-dev1 5 | 6 | service: 7 | type: ClusterIP 8 | ports: 9 | http: 8999 10 | 11 | persistence: 12 | enabled: true 13 | accessMode: ReadWriteOnce 14 | size: 1Gi 15 | 16 | bitcoindRpcHost: bitcoind-onchain 17 | bitcoindRpcPort: 8332 18 | bitcoindRpcUser: rpcuser 19 | bitcoindRpcPassSecretName: bitcoind-onchain-rpcpassword 20 | -------------------------------------------------------------------------------- /charts/monitoring/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/monitoring/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: grafana 3 | repository: https://grafana.github.io/helm-charts 4 | version: 8.14.2 5 | - name: prometheus 6 | repository: https://prometheus-community.github.io/helm-charts 7 | version: 25.29.0 8 | digest: sha256:1f7ef65fd39c940478ab929ccfa7462b6f7892d279a00dc23454ebd30103357e 9 | generated: "2025-05-05T09:07:45.344579557Z" 10 | -------------------------------------------------------------------------------- /charts/monitoring/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: monitoring 3 | description: A Helm chart for Kubernetes 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.12.21-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.1.0 21 | dependencies: 22 | - name: grafana 23 | repository: https://grafana.github.io/helm-charts 24 | version: 8.14.2 25 | - name: prometheus 26 | repository: https://prometheus-community.github.io/helm-charts 27 | version: 25.29.0 28 | -------------------------------------------------------------------------------- /charts/specter/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/specter/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: specter 3 | description: A Helm chart for Kubernetes 4 | maintainers: 5 | - name: Galoy 6 | email: dev@galoy.io 7 | # A chart can be either an 'application' or a 'library' chart. 8 | # 9 | # Application charts are a collection of templates that can be packaged into versioned archives 10 | # to be deployed. 11 | # 12 | # Library charts provide useful utilities or functions for the chart developer. They're included as 13 | # a dependency of application charts to inject those utilities and functions into the rendering 14 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 15 | type: application 16 | # This is the chart version. This version number should be incremented each time you make changes 17 | # to the chart and its templates, including the app version. 18 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 19 | version: 0.3.1-dev 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 1.10.5 24 | -------------------------------------------------------------------------------- /charts/specter/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "specter.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "specter.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "specter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "specter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | echo "Visit http://127.0.0.1:8080 to use your application" 20 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/specter/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "specter.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "specter.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "specter.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "specter.labels" -}} 37 | helm.sh/chart: {{ include "specter.chart" . }} 38 | {{ include "specter.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "specter.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "specter.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "specter.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "specter.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/specter/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "specter.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1 6 | {{- else -}} 7 | apiVersion: extensions/v1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "specter.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | ingressClassName: nginx 20 | {{- if .Values.ingress.tls }} 21 | tls: 22 | {{- range .Values.ingress.tls }} 23 | - hosts: 24 | {{- range .hosts }} 25 | - {{ . | quote }} 26 | {{- end }} 27 | secretName: {{ .secretName }} 28 | {{- end }} 29 | {{- end }} 30 | rules: 31 | {{- range .Values.ingress.hosts }} 32 | - host: {{ .host | quote }} 33 | http: 34 | paths: 35 | {{- range .paths }} 36 | - path: {{ . }} 37 | pathType: ImplementationSpecific 38 | backend: 39 | service: 40 | name: {{ $fullName }} 41 | port: 42 | number: {{ $svcPort }} 43 | {{- end }} 44 | {{- end }} 45 | {{- end }} 46 | -------------------------------------------------------------------------------- /charts/specter/templates/nginx-ingress-networkpolicy.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.networkPolicy.enabled -}} 2 | kind: NetworkPolicy 3 | apiVersion: networking.k8s.io/v1 4 | metadata: 5 | name: allow-nginx-ingress 6 | spec: 7 | podSelector: 8 | matchLabels: 9 | network/allow-nginx-ingress: "true" 10 | ingress: 11 | - from: 12 | - podSelector: 13 | matchLabels: 14 | app.kubernetes.io/name: {{.Values.networkPolicy.podSelectorLabelAppName}} 15 | namespaceSelector: 16 | matchLabels: 17 | type: {{.Values.networkPolicy.namespaceSelectorLabelType}} 18 | {{- end -}} 19 | -------------------------------------------------------------------------------- /charts/specter/templates/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} 2 | kind: PersistentVolumeClaim 3 | apiVersion: v1 4 | metadata: 5 | name: {{ template "specter.fullname" . }} 6 | annotations: 7 | "helm.sh/resource-policy": keep 8 | labels: 9 | app: {{ template "specter.name" . }} 10 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 11 | release: "{{ .Release.Name }}" 12 | heritage: "{{ .Release.Service }}" 13 | spec: 14 | accessModes: 15 | - {{ .Values.persistence.accessMode | quote }} 16 | resources: 17 | requests: 18 | storage: {{ .Values.persistence.size | quote }} 19 | {{- if .Values.persistence.storageClass }} 20 | {{- if (eq "-" .Values.persistence.storageClass) }} 21 | storageClassName: "" 22 | {{- else }} 23 | storageClassName: "{{ .Values.persistence.storageClass }}" 24 | {{- end }} 25 | {{- end }} 26 | {{- end }} -------------------------------------------------------------------------------- /charts/specter/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "specter.fullname" . }} 5 | labels: 6 | {{- include "specter.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | protocol: TCP 12 | name: http 13 | selector: 14 | {{- include "specter.selectorLabels" . | nindent 4 }} 15 | -------------------------------------------------------------------------------- /charts/specter/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "specter.serviceAccountName" . }} 6 | labels: 7 | {{- include "specter.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/specter/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "specter.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "specter.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test-success 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "specter.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/stablesats/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/stablesats/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 14.1.0 5 | digest: sha256:526d286ca7143959104d8a7f9b196706efdbd89dcc37943a1b54016f224d4b4d 6 | generated: "2024-10-08T13:27:50.47981699+05:30" 7 | -------------------------------------------------------------------------------- /charts/stablesats/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: stablesats 3 | description: A Helm chart for Kubernetes 4 | type: application 5 | version: 0.18.6-dev 6 | appVersion: 0.12.8 7 | dependencies: 8 | - name: postgresql 9 | version: 14.1.0 10 | repository: https://charts.bitnami.com/bitnami 11 | condition: postgresql.enabled 12 | -------------------------------------------------------------------------------- /charts/stablesats/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "stablesats.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/stablesats/templates/stablesats-dealer-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "stablesats.fullname" . }}-dealer 5 | data: 6 | stablesats.yml: |- 7 | db: 8 | pool_size: {{ .Values.stablesats.db.poolSize }} 9 | migrate_on_startup: true 10 | exchanges: 11 | okex: 12 | weight: 1.0 13 | config: 14 | poll_frequency: {{ .Values.stablesats.exchanges.okex.pollFrequency }} 15 | client: 16 | api_key: {{ .Values.stablesats.exchanges.okex.client.apiKey }} 17 | simulated: {{ .Values.stablesats.exchanges.okex.client.simulated }} 18 | price_server: 19 | enabled: false 20 | user_trades: 21 | enabled: {{ .Values.stablesats.userTrades.enabled }} 22 | config: 23 | balance_publish_frequency: {{ .Values.stablesats.userTrades.balancePublishFrequency }} 24 | galoy_poll_frequency: {{ .Values.stablesats.userTrades.galoyPollFrequency }} 25 | hedging: 26 | enabled: {{ .Values.stablesats.hedging.enabled }} 27 | config: 28 | health: 29 | unhealthy_msg_interval_position: {{ .Values.stablesats.hedging.health.unhealthyMsgIntervalPosition }} 30 | unhealthy_msg_interval_liability: {{ .Values.stablesats.hedging.health.unhealthyMsgIntervalLiability }} 31 | unhealthy_msg_interval_price: {{ .Values.stablesats.hedging.health.unhealthyMsgIntervalPrice }} 32 | galoy: 33 | api: {{ .Values.stablesats.galoy.api }} 34 | phone_number: {{ .Values.stablesats.galoy.phoneNumber }} 35 | tracing: 36 | service_name: {{ .Values.stablesats.tracing.dealerServiceName }} 37 | host: {{ .Values.stablesats.tracing.host }} 38 | port: {{ .Values.stablesats.tracing.port }} 39 | bria: 40 | url: {{ .Values.stablesats.bria.url }} 41 | wallet_name: {{ .Values.stablesats.bria.walletName }} 42 | payout_queue_name: {{ .Values.stablesats.bria.payoutQueueName }} 43 | onchain_address_external_id: {{ .Values.stablesats.bria.onchainAddressExternalId }} 44 | -------------------------------------------------------------------------------- /charts/stablesats/templates/stablesats-price-cm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ConfigMap 3 | metadata: 4 | name: {{ include "stablesats.fullname" . }}-price 5 | data: 6 | stablesats.yml: |- 7 | exchanges: 8 | okex: 9 | weight: 1.0 10 | price_server: 11 | enabled: true 12 | server: 13 | listen_port: {{ .Values.stablesats.priceServer.port }} 14 | fees: 15 | base_fee_rate: {{ .Values.stablesats.priceServer.fees.baseFeeRate }} 16 | immediate_fee_rate: {{ .Values.stablesats.priceServer.fees.immediateFeeRate }} 17 | delayed_fee_rate: {{ .Values.stablesats.priceServer.fees.delayedFeeRate }} 18 | price_cache: 19 | stale_after: {{ .Values.stablesats.priceServer.priceCache.staleAfter }} 20 | health: 21 | unhealthy_msg_interval_price: {{ .Values.stablesats.priceServer.health.unhealthyMsgIntervalPrice }} 22 | user_trades: 23 | enabled: false 24 | hedging: 25 | enabled: false 26 | tracing: 27 | service_name: {{ .Values.stablesats.tracing.priceServiceName }} 28 | host: {{ .Values.stablesats.tracing.host }} 29 | port: {{ .Values.stablesats.tracing.port }} 30 | -------------------------------------------------------------------------------- /charts/stablesats/templates/stablesats-price-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "stablesats.fullname" . }}-price 5 | labels: 6 | app: {{ template "stablesats.fullname" . }}-price 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: ClusterIP 11 | ports: 12 | - port: {{ .Values.stablesats.priceServer.port }} 13 | targetPort: {{ .Values.stablesats.priceServer.port }} 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "stablesats.fullname" . }}-price 18 | -------------------------------------------------------------------------------- /charts/stablesats/templates/stablesats-secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "stablesats.fullname" . }} 6 | labels: 7 | app: {{ template "stablesats.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | {{- if .Values.secrets.annotations }} 11 | annotations: 12 | {{ toYaml .Values.secrets.annotations | indent 4 }} 13 | {{- end }} 14 | type: Opaque 15 | data: 16 | pg-con: {{ .Values.secrets.pgCon | trim | b64enc | trim }} 17 | okex-secret-key: {{ .Values.secrets.okexSecretKey | trim | b64enc | trim }} 18 | okex-passphrase: {{ .Values.secrets.okexPassphrase | trim | b64enc | trim }} 19 | galoy-phone-code: {{ .Values.secrets.galoyPhoneCode | trim | b64enc | trim }} 20 | bria-profile-api-key: {{ .Values.secrets.briaProfileApiKey | trim | b64enc | trim }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/stablesats/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: true 3 | pgCon: "" 4 | okexSecretKey: "" 5 | okexPassphrase: "" 6 | galoyPhoneCode: "" 7 | briaProfileApiKey: "" 8 | stablesats: 9 | priceDeployment: 10 | replicas: 2 11 | resources: {} 12 | dealerDeployment: 13 | replicas: 1 14 | resources: {} 15 | image: 16 | repository: us.gcr.io/galoy-org/stablesats-rs 17 | digest: "sha256:2e1fc621f41a3e7b7df6682df82538bb78fb3b6ed36f4c06f2ce898f3b10c6a1" # METADATA:: repository=https://github.com/GaloyMoney/stablesats-rs;commit_ref=eb4bf8d;app=stablesats; 18 | crash_report_config_danger: false 19 | db: 20 | poolSize: 20 21 | userTrades: 22 | enabled: true 23 | balancePublishFrequency: 5 24 | galoyPollFrequency: 10 25 | hedging: 26 | enabled: true 27 | health: 28 | unhealthyMsgIntervalPosition: 30 29 | unhealthyMsgIntervalLiability: 30 30 | unhealthyMsgIntervalPrice: 30 31 | priceServer: 32 | port: 3325 33 | fees: 34 | baseFeeRate: 0.0010 35 | immediateFeeRate: 0.0015 36 | delayedFeeRate: 0.0010 37 | priceCache: 38 | staleAfter: 40 39 | health: 40 | unhealthyMsgIntervalPrice: 30 41 | galoy: 42 | api: "https://api.staging.blink.sv/graphql" 43 | phoneNumber: "+50365055530" 44 | exchanges: 45 | okex: 46 | pollFrequency: 10 47 | client: 48 | apiKey: "" 49 | simulated: true 50 | tracing: 51 | host: "localhost" 52 | port: 4318 53 | priceServiceName: "stablesats-price" 54 | dealerServiceName: "stablesats-dealer" 55 | bria: 56 | url: "http://bria-api.default.svc.cluster.local:2742" 57 | walletName: "dev-wallet" 58 | payoutQueueName: "dev-queue" 59 | onchainAddressExternalId: "dev-onchain-address" 60 | postgresql: 61 | enabled: true 62 | auth: 63 | enablePostgresUser: false 64 | username: stablesats 65 | password: stablesats 66 | database: stablesats 67 | -------------------------------------------------------------------------------- /charts/voucher/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/voucher/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: postgresql 3 | repository: https://charts.bitnami.com/bitnami 4 | version: 16.5.0 5 | digest: sha256:5373c798723e4bae61ecad80eb196375a02d8fde0881959d639c46d4e40be58b 6 | generated: "2025-03-10T12:28:20.843314987Z" 7 | -------------------------------------------------------------------------------- /charts/voucher/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: voucher 3 | description: A Helm chart for the voucher addon to Galoy 4 | # A chart can be either an 'application' or a 'library' chart. 5 | # 6 | # Application charts are a collection of templates that can be packaged into versioned archives 7 | # to be deployed. 8 | # 9 | # Library charts provide useful utilities or functions for the chart developer. They're included as 10 | # a dependency of application charts to inject those utilities and functions into the rendering 11 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 12 | type: application 13 | # This is the chart version. This version number should be incremented each time you make changes 14 | # to the chart and its templates, including the app version. 15 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 16 | version: 0.1.0-dev 17 | # This is the version number of the application being deployed. This version number should be 18 | # incremented each time you make changes to the application. Versions are not expected to 19 | # follow Semantic Versioning. They should reflect the version the application is using. 20 | appVersion: 0.1.0 21 | dependencies: 22 | - name: postgresql 23 | version: 16.5.0 24 | repository: https://charts.bitnami.com/bitnami 25 | condition: postgresql.enabled 26 | -------------------------------------------------------------------------------- /charts/voucher/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Create a default fully qualified app name. 3 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 4 | If release name contains chart name it will be used as a full name. 5 | */}} 6 | {{- define "voucher.fullname" -}} 7 | {{- if .Values.fullnameOverride }} 8 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 9 | {{- else }} 10 | {{- $name := default .Chart.Name .Values.nameOverride }} 11 | {{- if contains $name .Release.Name }} 12 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 13 | {{- else }} 14 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 15 | {{- end }} 16 | {{- end }} 17 | {{- end }} 18 | -------------------------------------------------------------------------------- /charts/voucher/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled }} 2 | apiVersion: networking.k8s.io/v1 3 | kind: Ingress 4 | metadata: 5 | name: {{ include "voucher.fullname" . }} 6 | labels: 7 | app: {{ include "voucher.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | annotations: 11 | cert-manager.io/cluster-issuer: letsencrypt-issuer 12 | spec: 13 | ingressClassName: nginx 14 | rules: 15 | {{- if .Values.ingress.rulesOverride }} 16 | {{- toYaml .Values.ingress.rulesOverride | nindent 4 }} 17 | {{- else }} 18 | {{- range .Values.ingress.hosts }} 19 | - host: {{ . }} 20 | http: 21 | paths: 22 | - pathType: Prefix 23 | path: "/" 24 | backend: 25 | service: 26 | name: {{ include "voucher.fullname" $ }} 27 | port: 28 | number: {{ $.Values.service.port }} 29 | {{- end -}} 30 | {{- end }} 31 | tls: 32 | {{- range .Values.ingress.hosts }} 33 | - hosts: 34 | - {{ . }} 35 | secretName: {{ printf "%s-tls" . }} 36 | {{- end }} 37 | {{- if .Values.ingress.extraTls }} 38 | {{- toYaml .Values.ingress.extraTls | nindent 4 }} 39 | {{- end }} 40 | {{- end }} 41 | -------------------------------------------------------------------------------- /charts/voucher/templates/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.secrets.create }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "voucher.fullname" . }} 6 | labels: 7 | app: {{ template "voucher.fullname" . }} 8 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 9 | release: "{{ .Release.Name }}" 10 | type: Opaque 11 | data: 12 | next-auth-secret: {{ .Values.secrets.nextAuthSecret | b64enc | quote }} 13 | client-secret: {{ .Values.secrets.clientSecret | b64enc | quote }} 14 | escrow-api-key: {{ .Values.secrets.escrowApiKey | b64enc | quote }} 15 | pg-con: {{ .Values.secrets.pgCon | b64enc | quote }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /charts/voucher/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "voucher.fullname" . }} 5 | labels: 6 | app: {{ template "voucher.fullname" . }} 7 | chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" 8 | release: "{{ .Release.Name }}" 9 | spec: 10 | type: {{ .Values.service.type }} 11 | ports: 12 | - port: {{ .Values.service.port }} 13 | targetPort: {{ .Values.service.port }} 14 | protocol: TCP 15 | name: http 16 | selector: 17 | app: {{ template "voucher.fullname" . }} 18 | -------------------------------------------------------------------------------- /charts/voucher/values.yaml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: true 3 | nextAuthSecret: "" 4 | clientSecret: "" 5 | escrowApiKey: "" 6 | pgCon: "" 7 | voucher: 8 | hydraPublic: "http://galoy-hydra-public.galoy-dev-galoy.svc.cluster.local:4444" 9 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-dev-galoy.svc.cluster.local:4455/graphql" 10 | voucherUrl: "http://localhost:3000" 11 | nextAuthUrl: "" 12 | clientId: "" 13 | otelExporterOtlpEndpoint: http://localhost:4318 14 | tracingServiceName: "voucher" 15 | platformFeesInPpm: 2000 16 | image: 17 | repository: us.gcr.io/galoy-org/galoy-voucher 18 | digest: "sha256:132efc02e22b1ddcad684e6ae76fb56b13eefd008d859f807b21aa85396fc843" # METADATA:: repository=https://github.com/blinkbitcoin/blink;commit_ref=62cd3f3;app=voucher;monorepo_subdir=apps/voucher; 19 | ingress: 20 | enabled: false 21 | service: 22 | port: 3000 23 | type: ClusterIP 24 | postgresql: 25 | enabled: true 26 | auth: 27 | enablePostgresUser: false 28 | username: voucher 29 | password: voucher 30 | database: voucher 31 | resources: {} 32 | -------------------------------------------------------------------------------- /ci/tasks/admin-panel-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "admin_panel_endpoint"` 8 | port=`setting "admin_panel_port"` 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl admin panel" 13 | curl --location -f ${host}:${port} 14 | if [[ $? == 0 ]]; then success="true"; break; fi; 15 | sleep 1 16 | done 17 | set -e 18 | 19 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 20 | -------------------------------------------------------------------------------- /ci/tasks/api-dashboard-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "api_dashboard_endpoint"` 8 | port=`setting "api_dashboard_port"` 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl api dashboard" 13 | curl --location -f ${host}:${port} 14 | if [[ $? == 0 ]]; then success="true"; break; fi; 15 | sleep 1 16 | done 17 | set -e 18 | 19 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 20 | -------------------------------------------------------------------------------- /ci/tasks/bitcoind-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "bitcoind_endpoint"` 8 | bitcoin-cli -version 9 | bitcoin-cli -${1:-signet} \ 10 | -rpcuser=`setting "bitcoind_user"` \ 11 | -rpcpassword=`setting "bitcoind_rpcpassword"` \ 12 | -rpcport=`setting "bitcoind_port"` \ 13 | -rpcconnect=${host}\ 14 | -getinfo 15 | 16 | curl ${host}:3000/metrics 17 | -------------------------------------------------------------------------------- /ci/tasks/bria-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | -------------------------------------------------------------------------------- /ci/tasks/bump-chart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | cd blink-deployments 6 | 7 | cat > github.key < smoketest-settings/data.json 4 | 5 | cat < smoketest-settings/helpers.sh 6 | function setting() { 7 | cat smoketest-settings/data.json | jq -r ".\$1" | base64 --decode 8 | } 9 | function setting_exists() { 10 | cat smoketest-settings/data.json | jq -r ".\$1 // null" 11 | } 12 | EOF 13 | 14 | chmod -R 777 smoketest-settings 15 | -------------------------------------------------------------------------------- /ci/tasks/fulcrum-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | fulcrum_api_host=$(setting "fulcrum_endpoint") 8 | fulcrum_stats_port=$(setting "fulcrum_stats_port") 9 | 10 | if [ "${fulcrum_api_host}" != "" ]; then 11 | set +e 12 | for i in {1..60}; do 13 | echo "Attempt ${i} to connect to the fulcrum_stats_port" 14 | curl -f ${fulcrum_api_host}:${fulcrum_stats_port}/stats 15 | if [ $? = 0 ]; then success="true"; break; fi; 16 | sleep 1 17 | done 18 | set -e 19 | 20 | if [ "$success" != "true" ]; then echo "Could not connect to the fulcrum_stats_port" && exit 1; fi; 21 | fi 22 | -------------------------------------------------------------------------------- /ci/tasks/galoy-deps-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | kafka_broker_host=$(setting "kafka_broker_endpoint") 8 | kafka_broker_port=$(setting "kafka_broker_port") 9 | kafka_topic=$(setting "smoketest_topic") 10 | kafka_service_name_prefix="kafka-kafka-plain" 11 | kafka_namespace=$(setting "kafka_namespace") 12 | setting "smoketest_kubeconfig" | base64 --decode >kubeconfig.json 13 | export KUBECONFIG=$(pwd)/kubeconfig.json 14 | 15 | cat <topic.tf 16 | provider "kafka" { 17 | bootstrap_servers = [ 18 | "${kafka_service_name_prefix}-0.${kafka_namespace}:9092", 19 | "${kafka_service_name_prefix}-1.${kafka_namespace}:9092", 20 | "${kafka_service_name_prefix}-2.${kafka_namespace}:9092" 21 | ] 22 | tls_enabled = false 23 | } 24 | 25 | terraform { 26 | required_providers { 27 | kafka = { 28 | source = "Mongey/kafka" 29 | version = "0.5.2" 30 | } 31 | } 32 | } 33 | 34 | resource "kafka_topic" "smoketest_topic" { 35 | name = "${kafka_topic}" 36 | replication_factor = 3 37 | partitions = 3 38 | } 39 | EOF 40 | 41 | set +e 42 | for i in 1 2 3; do 43 | kubectl -n $kafka_namespace wait --for=condition=Ready pod -l strimzi.io/component-type=kafka && break 44 | sleep 5 45 | done 46 | set -e 47 | 48 | tofu init 49 | 50 | set +e 51 | for i in 1 2 3; do 52 | tofu apply -auto-approve && break 53 | sleep 5 54 | done 55 | 56 | msg="kafka message" 57 | for i in {1..15}; do 58 | echo "Attempt ${i} to produce and consume from kafka" 59 | echo $msg | kcat -P -b $kafka_broker_host:$kafka_broker_port -t $kafka_topic 60 | consumed_message=$(kcat -C -b $kafka_broker_host:$kafka_broker_port -t $kafka_topic -e) 61 | if [[ "$consumed_message" == "$msg" ]]; then 62 | success="true" 63 | break 64 | fi 65 | sleep 1 66 | done 67 | 68 | tofu destroy -auto-approve 69 | 70 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi 71 | 72 | set -e 73 | -------------------------------------------------------------------------------- /ci/tasks/get-smoketest-settings.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | mkdir -p .kube 6 | export KUBECONFIG=$(pwd)/.kube/config 7 | echo ${SMOKETEST_KUBECONFIG} | base64 --decode > ${KUBECONFIG} 8 | 9 | kubectl get secret ${SMOKETEST_SECRET:-$(cat testflight/env_name)} -o json \ 10 | | jq -r '.data' > ${OUT}/data.json 11 | 12 | cat < ${OUT}/helpers.sh 13 | function setting() { 14 | cat smoketest-settings/data.json | jq -r ".\$1" | base64 --decode 15 | } 16 | function setting_exists() { 17 | cat smoketest-settings/data.json | jq -r ".\$1 // null" 18 | } 19 | EOF 20 | -------------------------------------------------------------------------------- /ci/tasks/kafka-connect-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | kafka_connect_api_host=$(setting "kafka_connect_api_host") 8 | kafka_connect_api_port=$(setting "kafka_connect_api_port") 9 | 10 | if [ "${kafka_connect_api_host}" != "" ]; then 11 | set +e 12 | for i in {1..60}; do 13 | echo "Attempt ${i} to connect to http://${kafka_connect_api_host}:${kafka_connect_api_port}" 14 | curl -sSf http://${kafka_connect_api_host}:${kafka_connect_api_port}/connector-plugins 15 | if [ $? = 0 ]; then 16 | success="true" 17 | break 18 | fi 19 | sleep 3 20 | done 21 | set -e 22 | 23 | if [ "$success" != "true" ]; then echo "Could not connect to http://${kafka_connect_api_host}:${kafka_connect_api_port}" && exit 1; fi 24 | fi 25 | -------------------------------------------------------------------------------- /ci/tasks/lnd-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | lnd_api_host=$(setting "lnd_api_endpoint") 8 | lnd_p2p_host=$(setting "lnd_p2p_endpoint") 9 | 10 | if [ "${lnd_api_host}" != "" ]; then 11 | set +e 12 | for i in {1..60}; do 13 | echo "Attempt ${i} to connect the lnd_api_endpoint" 14 | nc -zv ${lnd_api_host} 10009 15 | if [ $? = 0 ]; then success="true"; break; fi; 16 | sleep 1 17 | done 18 | set -e 19 | 20 | if [ "$success" != "true" ]; then echo "Could not connect to the lnd_api_endpoint" && exit 1; fi; 21 | fi 22 | 23 | if [ "${lnd_p2p_host}" != "" ]; then 24 | set +e 25 | for i in {1..60}; do 26 | echo "Attempt ${i} to connect the lnd_p2p_endpoint" 27 | nc -zv ${lnd_p2p_host} 9735 28 | if [ $? = 0 ]; then success="true"; break; fi; 29 | sleep 1 30 | done 31 | set -e 32 | 33 | if [ "$success" != "true" ]; then echo "Could not connect to the lnd_p2p_endpoint" && exit 1; fi; 34 | fi 35 | -------------------------------------------------------------------------------- /ci/tasks/map-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "map_endpoint"` 8 | port=`setting "map_port"` 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl map" 13 | curl --location -f ${host}:${port} 14 | if [[ $? == 0 ]]; then success="true"; break; fi; 15 | sleep 1 16 | done 17 | set -e 18 | 19 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 20 | -------------------------------------------------------------------------------- /ci/tasks/mempool-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=$(setting "mempool_endpoint") 8 | port=$(setting "mempool_port") 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl mempool" 13 | curl -sSf ${host}:${port}/api/v1/fees/recommended | grep -P '"fastestFee":.*"halfHourFee":.*"hourFee":.*"economyFee":.*"minimumFee":' 14 | if [[ $? == 0 ]]; then 15 | success="true" 16 | break 17 | fi 18 | sleep 1 19 | done 20 | set -e 21 | 22 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi 23 | -------------------------------------------------------------------------------- /ci/tasks/monitoring-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | grafana_host=`setting "grafana_host"` 8 | 9 | curl --location ${grafana_host} 10 | -------------------------------------------------------------------------------- /ci/tasks/open-image-bump-pr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | digest=$(cat ./image/digest) 6 | 7 | pushd charts-repo 8 | 9 | ref=$(yq e ".${IMAGE_KEY_PATH}.git_ref" charts/${CHART}/values.yaml) 10 | git checkout ${BRANCH} 11 | old_ref=$(yq e ".${IMAGE_KEY_PATH}.git_ref" charts/${CHART}/values.yaml) 12 | 13 | cat <> ../body.md 14 | # Bump ${IMAGE} image 15 | 16 | The ${IMAGE} image will be bumped to digest: 17 | \`\`\` 18 | ${digest} 19 | \`\`\` 20 | 21 | Code diff contained in this image: 22 | 23 | https://github.com/blinkbitcoin/charts/compare/${old_ref}...${ref} 24 | EOF 25 | 26 | gh pr close ${BOT_BRANCH} || true 27 | gh pr create \ 28 | --title "chore(deps): bump-${IMAGE}-image-${ref}" \ 29 | --body-file ../body.md \ 30 | --base ${BRANCH} \ 31 | --head ${BOT_BRANCH} \ 32 | --label blinkbitcoinbot \ 33 | --label ${CHART} 34 | -------------------------------------------------------------------------------- /ci/tasks/open-update-helm-deps-pr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | pushd charts-repo 6 | 7 | cat <> ../body.md 8 | This PR updates Helm Chart Dependencies. 9 | EOF 10 | 11 | export GH_TOKEN="$(ghtoken generate -b "${GH_APP_PRIVATE_KEY}" -i "${GH_APP_ID}" | jq -r '.token')" 12 | 13 | gh pr close ${BOT_BRANCH} || true 14 | gh pr create \ 15 | --title "chore(deps): update $DEP helm chart in $DIR" \ 16 | --body-file ../body.md \ 17 | --base ${BRANCH} \ 18 | --head ${BOT_BRANCH} \ 19 | --label blinkbitcoinbot \ 20 | --label helm || true 21 | -------------------------------------------------------------------------------- /ci/tasks/prepare-testflight.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | echo "Preparing testflight" 6 | 7 | cp -r pipeline-tasks/ci/testflight/${CHART} testflight/tf 8 | cp -r repo/charts/${CHART} testflight/tf/chart 9 | 10 | cat < testflight/tf/terraform.tfvars 11 | testflight_namespace = "${CHART}-testflight-$(cat repo/.git/short_ref)" 12 | EOF 13 | 14 | cat < testflight/env_name 15 | ${CHART}-testflight-$(cat repo/.git/short_ref) 16 | EOF 17 | -------------------------------------------------------------------------------- /ci/tasks/specter-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "specter_endpoint"` 8 | port=`setting "specter_port"` 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl specter" 13 | curl -f ${host}:${port} | grep direct # Check if we are being redirected 14 | if [[ $? == 0 ]]; then success="true"; break; fi; 15 | sleep 1 16 | done 17 | set -e 18 | 19 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 20 | -------------------------------------------------------------------------------- /ci/tasks/stablesats-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | price_host=`setting "price_server_grpc_host"` 8 | price_port=`setting "price_server_grpc_port"` 9 | export PRICE_SERVER_URL="http://${price_host}:${price_port}" 10 | 11 | set +e 12 | for i in {1..15}; do 13 | echo "Attempt ${i} to get a quote" 14 | stablesats price 100000000 15 | if [[ $? == 0 ]]; then success="true"; break; fi; 16 | sleep 1 17 | done 18 | set -e 19 | 20 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 21 | -------------------------------------------------------------------------------- /ci/tasks/update-helm-dep.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | VERSION=$(cat helm-resource/version) 6 | 7 | pushd charts-repo/charts/$DIR 8 | 9 | yq -i "(.dependencies[] | select(.name == \"$DEP\") | .version) = \"$VERSION\"" Chart.yaml 10 | 11 | helm dependency update 12 | 13 | if [[ -z $(git config --global user.email) ]]; then 14 | git config --global user.email "202112752+blinkbitcoinbot@users.noreply.github.com" 15 | fi 16 | if [[ -z $(git config --global user.name) ]]; then 17 | git config --global user.name "blinkbitcoinbot" 18 | fi 19 | 20 | cd $(git rev-parse --show-toplevel) 21 | git add -A 22 | git status 23 | 24 | # Only commit if there are uncommitted staged files 25 | if ! git diff --cached --exit-code; then 26 | git commit -m "chore(deps): update $DEP helm chart in $DIR" 27 | fi 28 | -------------------------------------------------------------------------------- /ci/tasks/voucher-smoketest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -eu 4 | 5 | source smoketest-settings/helpers.sh 6 | 7 | host=`setting "voucher_endpoint"` 8 | port=`setting "voucher_port"` 9 | 10 | set +e 11 | for i in {1..15}; do 12 | echo "Attempt ${i} to curl voucher" 13 | curl --location -f ${host}:${port} 14 | if [[ $? == 0 ]]; then success="true"; break; fi; 15 | sleep 1 16 | done 17 | set -e 18 | 19 | if [[ "$success" != "true" ]]; then echo "Smoke test failed" && exit 1; fi; 20 | -------------------------------------------------------------------------------- /ci/testflight/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | .terraform.lock.hcl 3 | .terraform.tfstate* 4 | terraform.tfstate* 5 | -------------------------------------------------------------------------------- /ci/testflight/admin-panel/testflight-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | -------------------------------------------------------------------------------- /ci/testflight/api-dashboard/testflight-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | 4 | apiDashboard: 5 | hydraPublic: "http://galoy-hydra-public.galoy-staging-galoy.svc.cluster.local:4444" 6 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-staging-galoy.svc.cluster.local:4455/graphql" 7 | nextAuthUrl: "http://api-dashboard:3000" 8 | -------------------------------------------------------------------------------- /ci/testflight/bitcoind/testflight-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: signet 3 | service: 4 | ports: 5 | rpc: 38332 6 | 7 | secrets: 8 | create: false 9 | 10 | persistence: 11 | enabled: true 12 | size: 50Gi 13 | 14 | service: 15 | type: ClusterIP 16 | ports: 17 | zmqpubrawtx: 28333 18 | zmqpubrawblock: 28332 19 | p2p: 38333 20 | 21 | bitcoindCustomConfig: 22 | bind: 0.0.0.0 23 | rpcbind: 0.0.0.0 24 | rpcallowip: 0.0.0.0/0 25 | -------------------------------------------------------------------------------- /ci/testflight/bria/testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | bria: 2 | blockchain: 3 | electrumUrl: fulcrum.${bitcoin_namespace}.svc.cluster.local 4 | 5 | secrets: 6 | create: false 7 | 8 | postgresql: 9 | auth: 10 | existingSecret: bria 11 | secretKeys: 12 | userPasswordKey: "pg-user-pw" 13 | -------------------------------------------------------------------------------- /ci/testflight/fulcrum/bitcoind-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: regtest 3 | service: 4 | ports: 5 | rpc: 18443 6 | 7 | secrets: 8 | create: false 9 | 10 | persistence: 11 | enabled: false 12 | 13 | service: 14 | type: ClusterIP 15 | ports: 16 | zmqpubrawtx: 28333 17 | zmqpubrawblock: 28332 18 | p2p: 18444 19 | 20 | bitcoindCustomConfig: 21 | bind: 0.0.0.0 22 | rpcbind: 0.0.0.0 23 | rpcallowip: 0.0.0.0/0 24 | -------------------------------------------------------------------------------- /ci/testflight/fulcrum/testflight-values.yml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: false 3 | 4 | bitcoindRpcPassSecretName: bitcoind-rpcpassword 5 | bitcoindRpcPort: 18443 6 | bitcoindRpcHost: bitcoind 7 | 8 | autoGenerateBlocks: true 9 | -------------------------------------------------------------------------------- /ci/testflight/galoy-auth/galoy-auth-testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | kratos: 2 | kratos: 3 | config: 4 | dsn: "postgres://postgres:${postgres_password}@postgresql:5432/${postgres_database}?sslmode=disable" 5 | -------------------------------------------------------------------------------- /ci/testflight/galoy-auth/postgres-testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | auth: 2 | postgresPassword: ${postgres_password} 3 | database: ${postgres_database} 4 | primary: 5 | persistence: 6 | enabled: false 7 | -------------------------------------------------------------------------------- /ci/testflight/galoy-deps/testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | strimzi-kafka-operator: 2 | createGlobalResources: false 3 | kubemonkey: 4 | fullnameOverride: ${kubemonkey_fullname_override} 5 | cert-manager: 6 | installCRDs: false 7 | ingress-nginx: 8 | controller: 9 | ingressClassResource: 10 | enabled: false 11 | config: 12 | jaeger-service-name: ${service_name} 13 | jaeger-collector-host: ${jaeger_host} 14 | opentelemetry-collector: 15 | clusterRole: 16 | create: false 17 | mode: deployment 18 | -------------------------------------------------------------------------------- /ci/testflight/galoy-pay/testflight-values.yml: -------------------------------------------------------------------------------- 1 | galoy-nostr: 2 | lnd1: 3 | dns: lnd1.galoy-staging-bitcoin.svc.cluster.local 4 | redis: 5 | redis0Dns: galoy-redis-node-0.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 6 | redis1Dns: galoy-redis-node-1.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 7 | redis2Dns: galoy-redis-node-2.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 8 | redis: 9 | redis0Dns: galoy-redis-node-0.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 10 | redis1Dns: galoy-redis-node-1.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 11 | redis2Dns: galoy-redis-node-2.galoy-redis-headless.galoy-staging-galoy.svc.cluster.local 12 | coreGqlUrlIntranet: http://api.galoy-staging-galoy.svc.cluster.local/graphql 13 | payUrl: http://pay.galoy-staging-galoy.svc.cluster.local/graphql 14 | payDomain: galoy-staging-galoy.svc.cluster.local 15 | nextAuthUrl: "http://galoy-pay:3000" 16 | secrets: 17 | create: false 18 | -------------------------------------------------------------------------------- /ci/testflight/galoy/api-keys-postgresql-values.yml: -------------------------------------------------------------------------------- 1 | # Settings from: 2 | # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml 3 | 4 | auth: 5 | username: api-keys 6 | password: api-keys 7 | database: api-keys 8 | 9 | primary: 10 | persistence: 11 | enabled: false 12 | -------------------------------------------------------------------------------- /ci/testflight/galoy/fake-firebase-service-account.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": "service_account", 3 | "project_id": "abc_app", 4 | "private_key_id": "abc", 5 | "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDY3E8o1NEFcjMM\nHW/5ZfFJw29/8NEqpViNjQIx95Xx5KDtJ+nWn9+OW0uqsSqKlKGhAdAo+Q6bjx2c\nuXVsXTu7XrZUY5Kltvj94DvUa1wjNXs606r/RxWTJ58bfdC+gLLxBfGnB6CwK0YQ\nxnfpjNbkUfVVzO0MQD7UP0Hl5ZcY0Puvxd/yHuONQn/rIAieTHH1pqgW+zrH/y3c\n59IGThC9PPtugI9ea8RSnVj3PWz1bX2UkCDpy9IRh9LzJLaYYX9RUd7++dULUlat\nAaXBh1U6emUDzhrIsgApjDVtimOPbmQWmX1S60mqQikRpVYZ8u+NDD+LNw+/Eovn\nxCj2Y3z1AgMBAAECggEAWDBzoqO1IvVXjBA2lqId10T6hXmN3j1ifyH+aAqK+FVl\nGjyWjDj0xWQcJ9ync7bQ6fSeTeNGzP0M6kzDU1+w6FgyZqwdmXWI2VmEizRjwk+/\n/uLQUcL7I55Dxn7KUoZs/rZPmQDxmGLoue60Gg6z3yLzVcKiDc7cnhzhdBgDc8vd\nQorNAlqGPRnm3EqKQ6VQp6fyQmCAxrr45kspRXNLddat3AMsuqImDkqGKBmF3Q1y\nxWGe81LphUiRqvqbyUlh6cdSZ8pLBpc9m0c3qWPKs9paqBIvgUPlvOZMqec6x4S6\nChbdkkTRLnbsRr0Yg/nDeEPlkhRBhasXpxpMUBgPywKBgQDs2axNkFjbU94uXvd5\nznUhDVxPFBuxyUHtsJNqW4p/ujLNimGet5E/YthCnQeC2P3Ym7c3fiz68amM6hiA\nOnW7HYPZ+jKFnefpAtjyOOs46AkftEg07T9XjwWNPt8+8l0DYawPoJgbM5iE0L2O\nx8TU1Vs4mXc+ql9F90GzI0x3VwKBgQDqZOOqWw3hTnNT07Ixqnmd3dugV9S7eW6o\nU9OoUgJB4rYTpG+yFqNqbRT8bkx37iKBMEReppqonOqGm4wtuRR6LSLlgcIU9Iwx\nyfH12UWqVmFSHsgZFqM/cK3wGev38h1WBIOx3/djKn7BdlKVh8kWyx6uC8bmV+E6\nOoK0vJD6kwKBgHAySOnROBZlqzkiKW8c+uU2VATtzJSydrWm0J4wUPJifNBa/hVW\ndcqmAzXC9xznt5AVa3wxHBOfyKaE+ig8CSsjNyNZ3vbmr0X04FoV1m91k2TeXNod\njMTobkPThaNm4eLJMN2SQJuaHGTGERWC0l3T18t+/zrDMDCPiSLX1NAvAoGBAN1T\nVLJYdjvIMxf1bm59VYcepbK7HLHFkRq6xMJMZbtG0ryraZjUzYvB4q4VjHk2UDiC\nlhx13tXWDZH7MJtABzjyg+AI7XWSEQs2cBXACos0M4Myc6lU+eL+iA+OuoUOhmrh\nqmT8YYGu76/IBWUSqWuvcpHPpwl7871i4Ga/I3qnAoGBANNkKAcMoeAbJQK7a/Rn\nwPEJB+dPgNDIaboAsh1nZhVhN5cvdvCWuEYgOGCPQLYQF0zmTLcM+sVxOYgfy8mV\nfbNgPgsP5xmu6dw2COBKdtozw0HrWSRjACd1N4yGu75+wPCcX/gQarcjRcXXZeEa\nNtBLSfcqPULqD+h7br9lEJio\n-----END PRIVATE KEY-----\n", 6 | "client_email": "123-abc@developer.gserviceaccount.com", 7 | "client_id": "123-abc.apps.googleusercontent.com", 8 | "auth_uri": "https://accounts.google.com/o/oauth2/auth", 9 | "token_uri": "http://localhost:8081/token" 10 | } 11 | 12 | -------------------------------------------------------------------------------- /ci/testflight/galoy/notifications-postgresql-values.yml: -------------------------------------------------------------------------------- 1 | # Settings from: 2 | # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml 3 | 4 | auth: 5 | username: notifications 6 | password: notifications 7 | database: notifications 8 | 9 | primary: 10 | persistence: 11 | enabled: false 12 | -------------------------------------------------------------------------------- /ci/testflight/galoy/postgresql-values.yml: -------------------------------------------------------------------------------- 1 | # Settings from: 2 | # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml 3 | 4 | auth: 5 | username: kratos-pg 6 | password: kratos-pg 7 | database: kratos-pg 8 | 9 | primary: 10 | persistence: 11 | enabled: false 12 | -------------------------------------------------------------------------------- /ci/testflight/galoy/testflight-values.yml: -------------------------------------------------------------------------------- 1 | galoy: 2 | network: signet 3 | 4 | trigger: 5 | backups: 6 | gcs: 7 | enabled: true 8 | bucketName: blink-staging-backups 9 | api: 10 | replicas: 1 11 | 12 | config: 13 | funder: "GaloyFunder" 14 | bria: 15 | hotWalletName: galoy-staging-hot 16 | 17 | lnd1: 18 | dns: lnd1.galoy-staging-bitcoin.svc.cluster.local 19 | 20 | lnd2: 21 | dns: lnd2.galoy-staging-bitcoin.svc.cluster.local 22 | 23 | bria: 24 | host: bria-api.galoy-staging-bitcoin.svc.cluster.local 25 | 26 | dealer: 27 | host: dealer-price.galoy-staging-addons.svc.cluster.local 28 | 29 | price: 30 | postgresql: 31 | primary: 32 | persistence: 33 | enabled: false 34 | 35 | redis: 36 | master: 37 | persistence: 38 | enabled: false 39 | auth: 40 | existingSecret: "galoy-redis" 41 | existingSecretPasswordKey: "redis-password" 42 | 43 | mongodb: 44 | persistence: 45 | enabled: false 46 | 47 | oathkeeper: 48 | replicaCount: 1 49 | secret: 50 | enabled: false 51 | 52 | kratos: 53 | replicaCount: 1 54 | 55 | secrets: 56 | create: false 57 | -------------------------------------------------------------------------------- /ci/testflight/galoy/testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | kratos: 2 | kratos: 3 | config: 4 | dsn: postgresql://kratos-pg:kratos-pg@${kratos_pg_host}/kratos-pg 5 | selfservice: 6 | flows: 7 | settings: 8 | after: 9 | profile: 10 | hooks: 11 | - hook: web_hook 12 | config: 13 | url: http://invalid-because-we-dont-want-profile-to-be-updated 14 | method: POST 15 | body: base64://ZnVuY3Rpb24oY3R4KSB7CiAgICBpZGVudGl0eV9pZDogaWYgc3RkLm9iamVjdEhhcyhjdHgsICJpZGVudGl0eSIpIHRoZW4gY3R4LmlkZW50aXR5LmlkIGVsc2UgbnVsbCwKICAgIHBob25lOiBpZiBzdGQub2JqZWN0SGFzKGN0eC5pZGVudGl0eS50cmFpdHMsICJwaG9uZSIpIHRoZW4gY3R4LmlkZW50aXR5LnRyYWl0cy5waG9uZSBlbHNlIG51bGwsCiAgICB0cmFuc2llbnRfcGF5bG9hZDogaWYgc3RkLm9iamVjdEhhcyhjdHguZmxvdywgInRyYW5zaWVudF9wYXlsb2FkIikgdGhlbiBjdHguZmxvdy50cmFuc2llbnRfcGF5bG9hZCBlbHNlIG51bGwsCiAgICBzY2hlbWFfaWQ6IGN0eC5pZGVudGl0eS5zY2hlbWFfaWQsCiAgICBmbG93X2lkOiBjdHguZmxvdy5pZCwKICAgIGZsb3dfdHlwZTogY3R4LmZsb3cudHlwZQp9Cg== 16 | auth: 17 | type: api_key 18 | config: 19 | name: Authorization 20 | value: ${kratos_callback_api_key} 21 | in: header 22 | registration: 23 | after: 24 | password: 25 | hooks: 26 | - hook: session 27 | -------------------------------------------------------------------------------- /ci/testflight/kafka-connect/testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | kafkaConnectInstanceName: ${kafka_connect_instance_name} 2 | allowedNamespace: galoy-staging-concourse 3 | -------------------------------------------------------------------------------- /ci/testflight/lnd/testflight-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: signet 3 | 4 | p2pService: 5 | type: ClusterIP 6 | port: 9735 7 | 8 | apiService: 9 | type: ClusterIP 10 | ports: 11 | rpc: 10009 12 | rest: 8080 13 | 14 | terminationGracePeriodSeconds: 0 15 | 16 | persistence: 17 | enabled: true 18 | 19 | configmap: 20 | customValues: 21 | - bitcoind.rpchost=bitcoind.galoy-staging-bitcoin.svc.cluster.local:38332 22 | - bitcoind.zmqpubrawblock=tcp://bitcoind.galoy-staging-bitcoin.svc.cluster.local:28332 23 | - bitcoind.zmqpubrawtx=tcp://bitcoind.galoy-staging-bitcoin.svc.cluster.local:28333 24 | - minchansize=50000 25 | - db.bolt.auto-compact=true 26 | 27 | resources: 28 | requests: 29 | cpu: 100m 30 | limits: 31 | cpu: 1000m 32 | 33 | rbac: 34 | create: true 35 | 36 | serviceAccount: 37 | create: true 38 | 39 | walletPassword: lndtestflight 40 | 41 | autoGenerateSeed: 42 | enabled: true 43 | 44 | autoGenerateTls: 45 | enabled: false 46 | -------------------------------------------------------------------------------- /ci/testflight/map/testflight-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | 4 | map: 5 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-staging-galoy.svc.cluster.local:4455/graphql" 6 | -------------------------------------------------------------------------------- /ci/testflight/mempool/testflight-values.yml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: false 3 | 4 | bitcoindRpcHost: bitcoind-onchain.galoy-staging-bitcoin.svc.cluster.local 5 | bitcoindRpcPort: 38332 6 | -------------------------------------------------------------------------------- /ci/testflight/monitoring/testflight-values.yml: -------------------------------------------------------------------------------- 1 | grafana: 2 | ingress: 3 | enabled: false 4 | prometheus: 5 | prometheus-node-exporter: 6 | service: 7 | port: 9101 8 | -------------------------------------------------------------------------------- /ci/testflight/specter/testflight-values.yml: -------------------------------------------------------------------------------- 1 | # empty 2 | networkPolicy: 3 | namespaceSelectorLabelType: concourse-workers 4 | podSelectorLabelAppName: galoy-staging-concourse-worker 5 | -------------------------------------------------------------------------------- /ci/testflight/stablesats/testflight-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | stablesats: 4 | priceDeployment: 5 | replicas: 1 6 | galoy: 7 | phoneNumber: '"${galoy_phone_number}"' 8 | exchanges: 9 | okex: 10 | client: 11 | apiKey: "${okex_api_key}" 12 | simulated: true 13 | crash_report_config_danger: true 14 | bria: 15 | url: "http://bria-api.galoy-staging-bitcoin.svc.cluster.local:2742" 16 | walletName: galoy-staging-hot 17 | postgresql: 18 | primary: 19 | resources: 20 | limits: {} 21 | requests: 22 | memory: 256Mi 23 | cpu: 100m 24 | auth: 25 | existingSecret: stablesats 26 | secretKeys: 27 | userPasswordKey: "pg-user-pw" 28 | -------------------------------------------------------------------------------- /ci/testflight/voucher/testflight-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | 4 | voucher: 5 | hydraPublic: "http://galoy-hydra-public.galoy-staging-galoy.svc.cluster.local:4444" 6 | coreUrl: "http://galoy-oathkeeper-proxy.galoy-staging-galoy.svc.cluster.local:4455/graphql" 7 | voucherUrl: "http://localhost:3000" 8 | nextAuthUrl: "http://voucher:3000" 9 | 10 | postgresql: 11 | auth: 12 | existingSecret: voucher 13 | secretKeys: 14 | userPasswordKey: "pg-user-pw" 15 | -------------------------------------------------------------------------------- /ci/values.yml: -------------------------------------------------------------------------------- 1 | #@data/values 2 | --- 3 | deployments_git_uri: git@github.com:blinkbitcoin/blink-deployments.git 4 | deployments_git_branch: main 5 | git_lnd_sidecar_bot_branch: bot-bump-lnd-sidecar-image 6 | git_mongo_backup_bot_branch: bot-bump-mongo-backup-image 7 | git_kafka_connect_bot_branch: bot-bump-kafka-connect-image 8 | git_org_uri: git@github.com:blinkbitcoin 9 | git_uri: git@github.com:blinkbitcoin/charts.git 10 | git_branch: main 11 | gates_branch: cepler-gates 12 | github_private_key: ((github-blinkbitcoin.private_key)) 13 | github_token: ((github-blinkbitcoin.api_token)) 14 | github_app_id: ((github-blinkbitcoin.github_app_id)) 15 | github_app_private_key: ((github-blinkbitcoin.github_app_private_key)) 16 | docker_registry: us.gcr.io/galoy-org 17 | docker_registry_user: ((docker-creds.username)) 18 | docker_registry_password: ((docker-creds.password)) 19 | testflight_backups_creds: ((testflight-backups-bucket.creds_json)) 20 | testflight_okex_secret_key: ((testflight-okex.secret_key)) 21 | testflight_okex_passphrase: ((testflight-okex.passphrase)) 22 | testflight_okex_api_key: ((testflight-okex.api_key)) 23 | staging_worker_tag: galoy-staging 24 | staging_smoketest_kubeconfig: ((staging-smoketest.kubeconfig)) 25 | staging_state_bucket: "galoy-staging-tf-state" 26 | staging_creds: ((staging-gcp-creds.creds_json)) 27 | 28 | galoy_slack_webhook_url: ((galoy-main-slack.api_url)) 29 | monitoring_slack_webhook_url: ((monitoring-slack.api_url)) 30 | bitcoin_slack_webhook_url: ((bitcoin-slack.api_url)) 31 | addons_slack_webhook_url: ((addons-slack.api_url)) 32 | auth_slack_webhook_url: ((auth-slack.api_url)) 33 | stablesats_slack_webhook_url: ((addons-slack.api_url)) 34 | galoy_deps_slack_webhook_url: ((galoy-deps-slack.api_url)) 35 | slack_username: concourse 36 | -------------------------------------------------------------------------------- /dev/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | .terraform.lock.hcl 3 | .terraform.tfstate* 4 | terraform.tfstate* 5 | -------------------------------------------------------------------------------- /dev/Makefile: -------------------------------------------------------------------------------- 1 | REPO:=$(shell git rev-parse --show-toplevel) 2 | 3 | create-cluster: 4 | k3d cluster create --image rancher/k3s:v1.30.4-k3s1 -v "$(REPO):/charts" \ 5 | --k3s-arg "--disable=traefik@server:0" \ 6 | --k3s-arg "--disable=servicelb@server:0" 7 | 8 | delete-cluster: 9 | k3d cluster delete 10 | 11 | all: create-cluster init deploy-services deploy 12 | 13 | run-galoy-smoketest: 14 | kubectl -n galoy-dev-smoketest exec smoketest -- bash -c "cd /charts/ci/tasks && \ 15 | CHART=galoy ./dev-smoketest-settings.sh && \ 16 | ./galoy-smoketest.sh && \ 17 | rm -rf smoketest-settings response.json" 18 | 19 | run-bitcoin-smoketest: 20 | kubectl -n galoy-dev-smoketest exec smoketest -- bash -c "cd /charts/ci/tasks && \ 21 | CHART=bitcoind ./dev-smoketest-settings.sh && \ 22 | ./bitcoind-smoketest.sh regtest && \ 23 | rm -rf smoketest-settings" 24 | 25 | run-kafka-connect-smoketest: 26 | kubectl -n galoy-dev-smoketest exec smoketest -- bash -c "cd /charts/ci/tasks && \ 27 | CHART=kafka-connect ./dev-smoketest-settings.sh && \ 28 | ./kafka-connect-smoketest.sh && \ 29 | rm -rf smoketest-settings response.json" 30 | 31 | helm-dep-updates: 32 | for dir in $$(ls ../charts); do \ 33 | cd ../charts/$$dir && helm dependency update && cd -; \ 34 | done 35 | -------------------------------------------------------------------------------- /dev/Tiltfile: -------------------------------------------------------------------------------- 1 | include('./galoy-deps/Tiltfile') 2 | include('./bitcoin/Tiltfile') 3 | include('./monitoring/Tiltfile') 4 | include('./galoy/Tiltfile') 5 | include('./addons/Tiltfile') 6 | include('./stablesats/Tiltfile') 7 | include('./kafka-connect/Tiltfile') 8 | include('./smoketest/Tiltfile') 9 | -------------------------------------------------------------------------------- /dev/addons/admin-panel-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | -------------------------------------------------------------------------------- /dev/addons/api-dashboard-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | -------------------------------------------------------------------------------- /dev/addons/galoy-pay-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | 4 | galoy-nostr: 5 | redis: 6 | redis0Dns: "galoy-redis-node-0.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 7 | redis1Dns: "galoy-redis-node-1.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 8 | redis2Dns: "galoy-redis-node-2.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 9 | redis: 10 | redis0Dns: "galoy-redis-node-0.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 11 | redis1Dns: "galoy-redis-node-1.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 12 | redis2Dns: "galoy-redis-node-2.galoy-redis-headless.galoy-dev-galoy.svc.cluster.local" 13 | -------------------------------------------------------------------------------- /dev/addons/map-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | -------------------------------------------------------------------------------- /dev/addons/voucher-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | 4 | postgresql: 5 | primary: 6 | persistence: 7 | enabled: false 8 | -------------------------------------------------------------------------------- /dev/bitcoin/bitcoind-onchain-values.yml: -------------------------------------------------------------------------------- 1 | descriptor: 2 | secretName: bitcoind-signer-descriptor 3 | secretKey: descriptor_json_base64 4 | -------------------------------------------------------------------------------- /dev/bitcoin/bitcoind-regtest-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: regtest 3 | service: 4 | ports: 5 | rpc: 18443 6 | 7 | secrets: 8 | create: false 9 | 10 | persistence: 11 | enabled: false 12 | 13 | service: 14 | type: ClusterIP 15 | ports: 16 | zmqpubrawtx: 28333 17 | zmqpubrawblock: 28332 18 | p2p: 18444 19 | 20 | bitcoindCustomConfig: 21 | bind: 0.0.0.0 22 | rpcbind: 0.0.0.0 23 | rpcallowip: 0.0.0.0/0 24 | dbcache: 450 25 | maxmempool: 300 26 | -------------------------------------------------------------------------------- /dev/bitcoin/bitcoind-signet-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: signet 3 | service: 4 | ports: 5 | rpc: 38332 6 | 7 | secrets: 8 | create: false 9 | 10 | persistence: 11 | enabled: true 12 | accessMode: ReadWriteOnce 13 | size: 2Gi 14 | 15 | service: 16 | type: ClusterIP 17 | ports: 18 | zmqpubrawtx: 28333 19 | zmqpubrawblock: 28332 20 | p2p: 38333 21 | 22 | bitcoindCustomConfig: 23 | bind: 0.0.0.0 24 | rpcbind: 0.0.0.0 25 | rpcallowip: 0.0.0.0/0 26 | -------------------------------------------------------------------------------- /dev/bitcoin/bitcoind_signers_descriptors.json: -------------------------------------------------------------------------------- 1 | [{"active":true,"desc":"wpkh([6f2fa1b2/84'/0'/0']tprv8gXB88g1VCScmqPp8WcetpJPRxix24fRJJ6FniYCcCUEFMREDrCfwd34zWXPiY5MW2xp8e1Z6EeBrh74zMSgfQQmTorWtE1zyBtv7yxdcoa/0/*)#88k4937c","timestamp":0},{"active":true,"desc":"wpkh([6f2fa1b2/84'/0'/0']tprv8gXB88g1VCScmqPp8WcetpJPRxix24fRJJ6FniYCcCUEFMREDrCfwd34zWXPiY5MW2xp8e1Z6EeBrh74zMSgfQQmTorWtE1zyBtv7yxdcoa/1/*)#knn5cywq","internal":true,"timestamp":0}] 2 | -------------------------------------------------------------------------------- /dev/bitcoin/bria-values.yml: -------------------------------------------------------------------------------- 1 | bria: 2 | devDaemon: 3 | enabled: true 4 | blockchain: 5 | electrumUrl: fulcrum.galoy-dev-bitcoin.svc.cluster.local 6 | replicas: 1 7 | secrets: 8 | create: false 9 | 10 | postgresql: 11 | primary: 12 | persistence: 13 | enabled: false 14 | -------------------------------------------------------------------------------- /dev/bitcoin/fulcrum-regtest-values.yml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: false 3 | 4 | bitcoindRpcPort: 18443 5 | -------------------------------------------------------------------------------- /dev/bitcoin/fulcrum-signet-values.yml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: true 3 | size: 1Gi 4 | 5 | bitcoindRpcPort: 38332 6 | -------------------------------------------------------------------------------- /dev/bitcoin/generateBlock.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | kubectl -n galoy-dev-bitcoin exec bitcoind-0 -- bitcoin-cli generatetoaddress 1 bcrt1qxcpz7ytf3nwlhjay4n04nuz8jyg3hl4ud02t9t 4 | kubectl -n galoy-dev-bitcoin exec bitcoind-onchain-0 -- bitcoin-cli generatetoaddress 1 bcrt1qxcpz7ytf3nwlhjay4n04nuz8jyg3hl4ud02t9t 5 | -------------------------------------------------------------------------------- /dev/bitcoin/lnd-regtest-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: regtest 3 | 4 | resources: 5 | limits: 6 | cpu: 200m 7 | memory: 512Mi 8 | 9 | terminationGracePeriodSeconds: 0 10 | 11 | persistence: 12 | enabled: false 13 | 14 | configmap: 15 | customValues: 16 | - bitcoin.regtest=true 17 | - bitcoin.defaultchanconfs=0 18 | - noseedbackup=1 19 | - bitcoind.rpchost=bitcoind:18443 20 | - keysend-hold-time=2s 21 | - tlsextradomain=lnd1.galoy-dev-bitcoin.svc.cluster.local 22 | -------------------------------------------------------------------------------- /dev/bitcoin/lnd-signet-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: signet 3 | 4 | resources: 5 | limits: 6 | cpu: 150m 7 | memory: 256Mi 8 | 9 | terminationGracePeriodSeconds: 60 10 | 11 | persistence: 12 | enabled: true 13 | accessMode: ReadWriteOnce 14 | size: 1Gi 15 | 16 | configmap: 17 | customValues: 18 | - bitcoin.signet=true 19 | - bitcoin.defaultchanconfs=0 20 | - bitcoind.rpchost=bitcoind:38332 21 | - keysend-hold-time=2s 22 | - tlsextradomain=lnd1.galoy-sig-bitcoin.svc.cluster.local 23 | - debuglevel=info 24 | 25 | autoGenerateSeed: 26 | enabled: true 27 | -------------------------------------------------------------------------------- /dev/bitcoin/loop-values.yml: -------------------------------------------------------------------------------- 1 | global: 2 | network: regtest 3 | 4 | persistence: 5 | enabled: false 6 | -------------------------------------------------------------------------------- /dev/bitcoin/mempool-regtest-values.yml: -------------------------------------------------------------------------------- 1 | persistence: 2 | enabled: false 3 | 4 | bitcoindRpcPort: 18443 5 | -------------------------------------------------------------------------------- /dev/bitcoin/mempool-signet-values.yml: -------------------------------------------------------------------------------- 1 | bitcoindRpcPort: 38332 2 | -------------------------------------------------------------------------------- /dev/common/Tiltfile: -------------------------------------------------------------------------------- 1 | load('ext://secret', 'secret_from_dict') 2 | 3 | def wait_for_secret_creation(waiter_name, secret_name, namespace, resource_deps, timeout_secs=30): 4 | local_resource( 5 | name=waiter_name, 6 | cmd='for i in $(seq {}); do kubectl -n {} get secret {} &>/dev/null && echo "Secret exists" && exit 0; sleep 1; done; exit 1'.format(timeout_secs, namespace, secret_name), 7 | resource_deps=resource_deps 8 | ) 9 | 10 | # TODO: Add labels for better grouping 11 | def copy_secret(source_secret_name, source_namespace, target_namespace, resource_deps, target_secret_name=None): 12 | if target_secret_name == None: 13 | target_secret_name = source_secret_name 14 | 15 | random_suffix=local('openssl rand -hex 1') 16 | waiter_name='{}-secret-copier-waiter-{}'.format(target_secret_name, random_suffix) 17 | wait_for_secret_creation(waiter_name, source_secret_name, source_namespace, resource_deps) 18 | 19 | delete_secret_cmd = 'kubectl -n {} delete secret {} --ignore-not-found=true'.format(target_namespace, target_secret_name) 20 | generate_secret_json_cmd = 'kubectl -n {} get secret {} -o json | jq "del(.metadata.namespace, .metadata.name) | .metadata.name = \\"{}\\""'.format(source_namespace, source_secret_name, target_secret_name) 21 | create_secret_cmd = 'kubectl -n {} apply -f -'.format(target_namespace) 22 | 23 | local_resource( 24 | name='{}-secret-copier'.format(target_secret_name), 25 | cmd='{} && {} | {}'.format(delete_secret_cmd, generate_secret_json_cmd, create_secret_cmd), 26 | resource_deps=['{}'.format(waiter_name)] 27 | ) 28 | 29 | def helm_release(pathToChartDir, name, namespace, values=[], dependency_build=False, add_repos=False): 30 | if add_repos and (config.tilt_subcommand == 'up' or config.tilt_subcommand == 'ci'): 31 | local('../common/add-helm-repos.sh {}/Chart.yaml'.format(pathToChartDir)) 32 | 33 | if dependency_build and (config.tilt_subcommand == 'up' or config.tilt_subcommand == 'ci'): 34 | local('helm dependency build {}'.format(pathToChartDir)) 35 | 36 | k8s_yaml(helm( 37 | pathToChartDir, 38 | name, 39 | namespace, 40 | values, 41 | kube_version='1.27.0', 42 | )) 43 | -------------------------------------------------------------------------------- /dev/common/add-helm-repos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function add_helm_repos() { 4 | yq e '.dependencies[] | select(.repository | test("^oci://") | not) | .name + " " + .repository' "$1" | while read -r name repo; do 5 | helm repo add "$name" "$repo" 6 | done 7 | } 8 | 9 | add_helm_repos "$1" 10 | -------------------------------------------------------------------------------- /dev/galoy-deps/Tiltfile: -------------------------------------------------------------------------------- 1 | load('ext://helm_resource', 'helm_resource') 2 | load('ext://namespace', 'namespace_create') 3 | load('../common/Tiltfile', 'copy_secret', 'helm_release') 4 | update_settings(k8s_upsert_timeout_secs=120) 5 | 6 | name_prefix = "galoy-dev" 7 | kafka_namespace = "{}-kafka".format(name_prefix) 8 | ingress_namespace = "{}-ingress".format(name_prefix) 9 | otel_namespace = "{}-otel".format(name_prefix) 10 | kubemonkey_namespace = "{}-kubemonkey".format(name_prefix) 11 | 12 | namespace_create(kafka_namespace) 13 | 14 | # Attaching the namespace to the workload means that the namespace will be deleted when the workload is deleted 15 | # k8s_resource(workload="kafka-operator", objects=["galoy-dev-kafka:namespace"]) 16 | 17 | helm_release( 18 | '../../charts/galoy-deps', 19 | name='kafka', 20 | namespace=kafka_namespace, 21 | values=['./kafka-values.yml'], 22 | dependency_build=True, 23 | add_repos=True 24 | ) 25 | 26 | ## cert-manager and ingress-nginx 27 | 28 | namespace_create(ingress_namespace) 29 | 30 | # TODO: decide how to label the ingress namespace 31 | # k8s_resource(workload="cert-manager?", objects=["galoy-dev-ingress:namespace"]) 32 | 33 | helm_release( 34 | '../../charts/galoy-deps', 35 | name='cert-manager', 36 | namespace=ingress_namespace, 37 | values=['./cert-manager-values.yml'], 38 | ) 39 | 40 | helm_release( 41 | '../../charts/galoy-deps', 42 | name='ingress-nginx', 43 | namespace=ingress_namespace, 44 | values=['./ingress-nginx-values.yml'], 45 | ) 46 | 47 | ## opentelemetry-collector 48 | 49 | namespace_create(otel_namespace) 50 | 51 | helm_release( 52 | '../../charts/galoy-deps', 53 | name='opentelemetry-collector', 54 | namespace=otel_namespace, 55 | values=['./otel-values.yml'], 56 | ) 57 | 58 | # do we need kubemonkey in local dev? 59 | 60 | # helm_resource( 61 | # name="kubemonkey", 62 | # chart="../../charts/galoy-deps", 63 | # namespace=kubemonkey_namespace, 64 | # flags=['--values=./kubemonkey-values.yml'], 65 | # labels="kubemonkey" 66 | # ) 67 | 68 | -------------------------------------------------------------------------------- /dev/galoy-deps/cert-manager-values.yml: -------------------------------------------------------------------------------- 1 | ingress-nginx: 2 | enabled: false 3 | kubemonkey: 4 | enabled: false 5 | opentelemetry-collector: 6 | enabled: false 7 | strimzi-kafka-operator: 8 | enabled: false 9 | cert-manager: 10 | installCRDs: true 11 | -------------------------------------------------------------------------------- /dev/galoy-deps/ingress-nginx-values.yml: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | enabled: false 3 | kubemonkey: 4 | enabled: false 5 | opentelemetry-collector: 6 | enabled: false 7 | strimzi-kafka-operator: 8 | enabled: false 9 | ingress-nginx: 10 | controller: 11 | admissionWebhooks: 12 | enabled: false 13 | config: 14 | enable-opentracing: true 15 | jaeger-service-name: galoy-dev-ingress 16 | jaeger-collector-host: opentelemetry-collector.galoy-dev-otel.svc.cluster.local 17 | service: 18 | type: NodePort 19 | -------------------------------------------------------------------------------- /dev/galoy-deps/ingress.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_manifest" "issuer" { 2 | manifest = { 3 | apiVersion = "cert-manager.io/v1" 4 | kind = "ClusterIssuer" 5 | metadata = { 6 | name = "letsencrypt-issuer" 7 | } 8 | spec = { 9 | acme = { 10 | server = "https://acme-v02.api.letsencrypt.org/directory" 11 | email = "dev@blink.sv" 12 | privateKeySecretRef = { 13 | name = "letsencrypt-issuer" 14 | } 15 | solvers = [ 16 | { http01 = { ingress = { class = "nginx" } } } 17 | ] 18 | } 19 | } 20 | } 21 | 22 | depends_on = [ 23 | helm_release.cert_manager 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /dev/galoy-deps/kafka-values.yml: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | enabled: false 3 | ingress-nginx: 4 | enabled: false 5 | kubemonkey: 6 | enabled: false 7 | opentelemetry-collector: 8 | enabled: false 9 | strimzi-kafka-operator: 10 | kafka: 11 | listener: 12 | type: nodeport 13 | -------------------------------------------------------------------------------- /dev/galoy-deps/kubemonkey-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | enabled: false 3 | ingress-nginx: 4 | enabled: false 5 | strimzi-kafka-operator: 6 | enabled: false 7 | opentelemetry-collector: 8 | enabled: false 9 | kubemonkey: 10 | fullnameOverride: kubemonkey 11 | config: 12 | timeZone: ${time_zone} 13 | whitelistedNamespaces: 14 | %{ for ns in whitelisted_namespaces ~} 15 | - ${ns} 16 | %{ endfor ~} 17 | notifications: 18 | enabled: true 19 | attacks: | 20 | endpoint = "${notification_url}" 21 | message = '{"text":"Attacked `{$name}` of `{$namespace}` on {$date} at {$time}. {$error}"}' 22 | headers = ["Content-Type:application/json"] 23 | -------------------------------------------------------------------------------- /dev/galoy-deps/otel-values.yml: -------------------------------------------------------------------------------- 1 | cert-manager: 2 | enabled: false 3 | ingress-nginx: 4 | enabled: false 5 | strimzi-kafka-operator: 6 | enabled: false 7 | kubemonkey: 8 | enabled: false 9 | -------------------------------------------------------------------------------- /dev/galoy/galoy-signet-values.yml: -------------------------------------------------------------------------------- 1 | galoy: 2 | network: signet 3 | 4 | dealer: 5 | host: dealer-price.galoy-sig-addons.svc.cluster.local 6 | 7 | api: 8 | ingress: 9 | enabled: true 10 | host: localhost 11 | 12 | mongodb: 13 | architecture: standalone 14 | volumePermissions: 15 | enabled: true 16 | persistence: 17 | enabled: true 18 | replicaCount: 1 19 | metrics: 20 | enabled: false 21 | initDbScripts: {} 22 | 23 | redis: 24 | volumePermissions: 25 | enabled: true 26 | replica: 27 | replicaCount: 1 28 | master: 29 | persistence: 30 | enabled: true 31 | metrics: 32 | enabled: false 33 | 34 | price: 35 | service: 36 | type: NodePort 37 | 38 | postgresql: 39 | primary: 40 | persistence: 41 | enabled: true 42 | 43 | secrets: 44 | create: false 45 | -------------------------------------------------------------------------------- /dev/galoy/postgresql-values.yml: -------------------------------------------------------------------------------- 1 | # Settings from: 2 | # https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml 3 | 4 | auth: 5 | username: kratos-pg 6 | password: kratos-pg 7 | database: kratos-pg 8 | 9 | persistence: 10 | enabled: false 11 | -------------------------------------------------------------------------------- /dev/kafka-connect/Tiltfile: -------------------------------------------------------------------------------- 1 | load('ext://namespace', 'namespace_create') 2 | load('ext://secret', 'secret_from_dict') 3 | 4 | name_prefix = 'galoy-dev' 5 | kafka_namespace = '{}-kafka'.format(name_prefix) 6 | smoketest_namespace = '{}-smoketest'.format(name_prefix) 7 | 8 | k8s_yaml(helm( 9 | '../../charts/kafka-connect', 10 | name='kafka-connect', 11 | namespace=kafka_namespace, 12 | )) 13 | 14 | k8s_yaml(secret_from_dict( 15 | name = 'kafka-connect-smoketest', 16 | namespace = smoketest_namespace, 17 | inputs={ 18 | 'kafka_connect_api_host' : 'kafka-connect-api.{}.svc.cluster.local'.format(kafka_namespace), 19 | 'kafka_connect_api_port' : '8083' 20 | } 21 | )) 22 | -------------------------------------------------------------------------------- /dev/kafka-connect/kafka-values.yml.tmpl: -------------------------------------------------------------------------------- 1 | allowedNamespace: ${allowed_namespace} 2 | -------------------------------------------------------------------------------- /dev/monitoring/Tiltfile: -------------------------------------------------------------------------------- 1 | load('ext://namespace', 'namespace_create') 2 | load('ext://helm_resource', 'helm_resource') 3 | load('ext://secret', 'secret_from_dict') 4 | 5 | name_prefix = 'galoy-dev' 6 | monitoring_namespace = '{}-monitoring'.format(name_prefix) 7 | smoketest_namespace = '{}-smoketest'.format(name_prefix) 8 | 9 | namespace_create(monitoring_namespace) 10 | 11 | helm_resource( 12 | name='monitoring', 13 | chart='../../charts/monitoring', 14 | namespace=monitoring_namespace, 15 | labels='monitoring', 16 | update_dependencies=True 17 | ) 18 | 19 | k8s_yaml(secret_from_dict( 20 | name = 'monitoring-smoketest', 21 | namespace = smoketest_namespace, 22 | inputs={ 23 | 'grafana_host': 'monitoring-grafana.{}.svc.cluster.local'.format(monitoring_namespace), 24 | } 25 | )) 26 | -------------------------------------------------------------------------------- /dev/stablesats/Tiltfile: -------------------------------------------------------------------------------- 1 | load('ext://namespace', 'namespace_create') 2 | load('ext://secret', 'secret_from_dict') 3 | load('ext://helm_resource', 'helm_resource') 4 | load('../common/Tiltfile', 'copy_secret', 'helm_release') 5 | 6 | name_prefix = 'galoy-dev' 7 | stablesats_namespace = '{}-stablesats'.format(name_prefix) 8 | smoketest_namespace = '{}-smoketest'.format(name_prefix) 9 | 10 | namespace_create(stablesats_namespace) 11 | 12 | k8s_yaml(secret_from_dict( 13 | name='stablesats', 14 | namespace=stablesats_namespace, 15 | inputs={ 16 | 'pg-user-pw': 'stablesats', 17 | 'pg-con': 'postgres://stablesats:stablesats@stablesats-postgresql:5432/stablesats', 18 | 'okex-secret-key': 'key', 19 | 'okex-passphrase': 'passphrase', 20 | 'galoy-phone-code': '123456', 21 | 'bria-profile-api-key': 'key' 22 | } 23 | )) 24 | 25 | # stablesats smoketest secret 26 | k8s_yaml(secret_from_dict( 27 | name='stablesats-smoketest', 28 | namespace=smoketest_namespace, 29 | inputs={ 30 | 'price_server_grpc_host': 'stablesats-price.{}.svc.cluster.local'.format(stablesats_namespace), 31 | 'price_server_grpc_port': 3325 32 | } 33 | )) 34 | 35 | helm_release( 36 | '../../charts/stablesats', 37 | name='stablesats', 38 | namespace=stablesats_namespace, 39 | values=['./stablesats-values.yml'], 40 | dependency_build=True 41 | ) 42 | 43 | 44 | k8s_resource(workload='stablesats-price', labels='stablesats') 45 | # TODO: Fix stablesats dealer, involves provisioning phone and code and injecting into both galoy and stablesats 46 | k8s_resource(workload='stablesats-dealer', pod_readiness='ignore', labels='stablesats') 47 | -------------------------------------------------------------------------------- /dev/stablesats/stablesats-values.yml: -------------------------------------------------------------------------------- 1 | secrets: 2 | create: false 3 | stablesats: 4 | galoy: 5 | phoneNumber: '+16505554350' 6 | exchanges: 7 | okex: 8 | client: 9 | apiKey: "dummy" 10 | simulated: true 11 | crash_report_config_danger: true 12 | 13 | postgresql: 14 | auth: 15 | existingSecret: stablesats 16 | secretKeys: 17 | userPasswordKey: "pg-user-pw" 18 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "flake-utils": { 4 | "inputs": { 5 | "systems": "systems" 6 | }, 7 | "locked": { 8 | "lastModified": 1726560853, 9 | "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", 10 | "owner": "numtide", 11 | "repo": "flake-utils", 12 | "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", 13 | "type": "github" 14 | }, 15 | "original": { 16 | "owner": "numtide", 17 | "repo": "flake-utils", 18 | "type": "github" 19 | } 20 | }, 21 | "nixpkgs": { 22 | "locked": { 23 | "lastModified": 1727617520, 24 | "narHash": "sha256-uNfh3aMyCekMpjtL/PZtl2Hz/YqNuUpCBEzVxt1QYck=", 25 | "owner": "nixos", 26 | "repo": "nixpkgs", 27 | "rev": "7eee17a8a5868ecf596bbb8c8beb527253ea8f4d", 28 | "type": "github" 29 | }, 30 | "original": { 31 | "owner": "nixos", 32 | "ref": "nixpkgs-unstable", 33 | "repo": "nixpkgs", 34 | "type": "github" 35 | } 36 | }, 37 | "root": { 38 | "inputs": { 39 | "flake-utils": "flake-utils", 40 | "nixpkgs": "nixpkgs" 41 | } 42 | }, 43 | "systems": { 44 | "locked": { 45 | "lastModified": 1681028828, 46 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 47 | "owner": "nix-systems", 48 | "repo": "default", 49 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 50 | "type": "github" 51 | }, 52 | "original": { 53 | "owner": "nix-systems", 54 | "repo": "default", 55 | "type": "github" 56 | } 57 | } 58 | }, 59 | "root": "root", 60 | "version": 7 61 | } 62 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "Dev shell for charts"; 3 | 4 | inputs = { 5 | nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; 6 | flake-utils.url = "github:numtide/flake-utils"; 7 | }; 8 | 9 | outputs = { 10 | self, 11 | nixpkgs, 12 | flake-utils, 13 | }: 14 | flake-utils.lib.eachDefaultSystem (system: let 15 | pkgs = import nixpkgs {inherit system;}; 16 | devEnvVars = { 17 | KUBE_CONFIG_PATH = "~/.kube/config"; 18 | KUBE_CTX = "k3d-k3s-default"; 19 | }; 20 | in 21 | with pkgs; { 22 | devShells.default = mkShell (devEnvVars 23 | // { 24 | nativeBuildInputs = [ 25 | alejandra 26 | kubectl 27 | python3 28 | tilt 29 | jq 30 | k3d 31 | vendir 32 | ytt 33 | yq-go 34 | kubernetes-helm 35 | opentofu 36 | ]; 37 | 38 | shellHook = '' 39 | alias tf=tofu 40 | alias k=kubectl 41 | ''; 42 | }); 43 | 44 | formatter = alejandra; 45 | }); 46 | } 47 | -------------------------------------------------------------------------------- /images/chain-dl/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM lncm/bitcoind:v27.0 2 | 3 | USER root 4 | 5 | RUN apk add curl python3 6 | 7 | USER bitcoind 8 | 9 | RUN cd ~ && \ 10 | curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-455.0.0-linux-x86_64.tar.gz \ 11 | && tar -xvzf ./google-cloud* \ 12 | && ./google-cloud-sdk/install.sh --quiet \ 13 | && rm *.tar.gz 14 | 15 | ENV PATH="${PATH}:/data/google-cloud-sdk/bin" 16 | 17 | ENTRYPOINT [] 18 | -------------------------------------------------------------------------------- /images/lnd-sidecar/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM lightninglabs/lnd:v0.18.5-beta as lnd 2 | 3 | FROM alpine/k8s:1.23.14 4 | 5 | COPY --from=lnd /bin/lncli /bin/lncli 6 | 7 | RUN apk --update add expect curl jq 8 | 9 | ENTRYPOINT [] 10 | -------------------------------------------------------------------------------- /images/mongo-backup/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM gcr.io/google.com/cloudsdktool/cloud-sdk:alpine 2 | 3 | RUN apk add --update --no-cache mongodb-tools=100.8.0-r2 --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community aws-cli 4 | 5 | ENTRYPOINT [] 6 | --------------------------------------------------------------------------------