services: use new 'tor' options
This commit is contained in:
parent
e44f78ebb8
commit
178a0dcf8f
@ -193,7 +193,7 @@ in {
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = "Connect through SOCKS5 proxy";
|
||||
};
|
||||
listen = mkOption {
|
||||
|
@ -184,7 +184,7 @@ in {
|
||||
network=${config.services.bitcoind.network}
|
||||
bind=${cfg.btcpayserver.address}
|
||||
port=${toString cfg.btcpayserver.port}
|
||||
socksendpoint=${cfg.tor.client.socksListenAddress}
|
||||
socksendpoint=${config.nix-bitcoin.torClientAddressWithPort}
|
||||
btcexplorerurl=${nbExplorerUrl}
|
||||
btcexplorercookiefile=${nbExplorerCookie}
|
||||
postgres=User ID=${cfg.btcpayserver.user};Host=/run/postgresql;Database=btcpaydb
|
||||
|
@ -34,7 +34,7 @@ in {
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = ''
|
||||
Socks proxy for connecting to Tor nodes (or for all connections if option always-use-proxy is set).
|
||||
'';
|
||||
|
@ -5,7 +5,13 @@ let
|
||||
cfg = config.services.joinmarket-ob-watcher;
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
nbPkgs = config.nix-bitcoin.pkgs;
|
||||
torAddress = builtins.head (builtins.split ":" config.services.tor.client.socksListenAddress);
|
||||
|
||||
socks5Settings = with config.services.tor.client.socksListenAddress; ''
|
||||
socks5 = true
|
||||
socks5_host = ${addr}
|
||||
socks5_port = ${toString port}
|
||||
'';
|
||||
|
||||
configFile = builtins.toFile "config" ''
|
||||
[BLOCKCHAIN]
|
||||
blockchain_source = no-blockchain
|
||||
@ -15,18 +21,14 @@ let
|
||||
channel = joinmarket-pit
|
||||
port = 6697
|
||||
usessl = true
|
||||
socks5 = true
|
||||
socks5_host = ${torAddress}
|
||||
socks5_port = 9050
|
||||
${socks5Settings}
|
||||
|
||||
[MESSAGING:server2]
|
||||
host = ncwkrwxpq2ikcngxq3dy2xctuheniggtqeibvgofixpzvrwpa77tozqd.onion
|
||||
channel = joinmarket-pit
|
||||
port = 6667
|
||||
usessl = false
|
||||
socks5 = true
|
||||
socks5_host = ${torAddress}
|
||||
socks5_port = 9050
|
||||
${socks5Settings}
|
||||
'';
|
||||
in {
|
||||
options.services.joinmarket-ob-watcher = {
|
||||
|
@ -10,7 +10,14 @@ let
|
||||
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
||||
|
||||
inherit (config.services) bitcoind;
|
||||
torAddress = builtins.head (builtins.split ":" config.services.tor.client.socksListenAddress);
|
||||
|
||||
torAddress = config.services.tor.client.socksListenAddress;
|
||||
socks5Settings = ''
|
||||
socks5 = true
|
||||
socks5_host = ${torAddress.addr}
|
||||
socks5_port = ${toString torAddress.port}
|
||||
'';
|
||||
|
||||
# Based on https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/jmclient/jmclient/configure.py
|
||||
yg = cfg.yieldgenerator;
|
||||
configFile = builtins.toFile "config" ''
|
||||
@ -34,18 +41,14 @@ let
|
||||
channel = joinmarket-pit
|
||||
port = 6697
|
||||
usessl = true
|
||||
socks5 = true
|
||||
socks5_host = ${torAddress}
|
||||
socks5_port = 9050
|
||||
${socks5Settings}
|
||||
|
||||
[MESSAGING:server2]
|
||||
host = ncwkrwxpq2ikcngxq3dy2xctuheniggtqeibvgofixpzvrwpa77tozqd.onion
|
||||
channel = joinmarket-pit
|
||||
port = 6667
|
||||
usessl = false
|
||||
socks5 = true
|
||||
socks5_host = ${torAddress}
|
||||
socks5_port = 9050
|
||||
${socks5Settings}
|
||||
|
||||
[LOGGING]
|
||||
console_log_level = INFO
|
||||
@ -72,8 +75,8 @@ let
|
||||
disable_output_substitution = 0
|
||||
max_additional_fee_contribution = default
|
||||
min_fee_rate = 1.1
|
||||
onion_socks5_host = ${torAddress}
|
||||
onion_socks5_port = 9050
|
||||
onion_socks5_host = ${torAddress.addr}
|
||||
onion_socks5_port = ${toString torAddress.port}
|
||||
tor_control_host = unix:/run/tor/control
|
||||
hidden_service_ssl = false
|
||||
|
||||
|
@ -60,7 +60,7 @@ in {
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = "host:port of SOCKS5 proxy for connnecting to the loop server.";
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
|
@ -54,7 +54,7 @@ in {
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = "host:port of SOCKS5 proxy for connnecting to the pool auction server.";
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
|
@ -144,7 +144,7 @@ in {
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = "Connect through SOCKS5 proxy";
|
||||
};
|
||||
listen = mkOption {
|
||||
|
@ -40,8 +40,9 @@ in {
|
||||
config = mkIf cfg.enable {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
hiddenServices.lnd-rest = nbLib.mkHiddenService {
|
||||
toHost = lnd.restAddress;
|
||||
relay.onionServices.lnd-rest = nbLib.mkOnionService {
|
||||
target.addr = lnd.restAddress;
|
||||
target.port = lnd.restPort;
|
||||
port = lnd.restPort;
|
||||
};
|
||||
};
|
||||
|
@ -83,7 +83,7 @@ in {
|
||||
};
|
||||
tor-socks = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
|
||||
description = "Socks proxy for connecting to Tor nodes";
|
||||
};
|
||||
macaroons = mkOption {
|
||||
|
@ -49,13 +49,19 @@ with lib;
|
||||
default = import ../pkgs/lib.nix lib pkgs;
|
||||
};
|
||||
|
||||
torClientAddressWithPort = mkOption {
|
||||
readOnly = true;
|
||||
default = with config.services.tor.client.socksListenAddress;
|
||||
"${addr}:${toString port}";
|
||||
};
|
||||
|
||||
# Torify binary that works with custom Tor SOCKS addresses
|
||||
# Related issue: https://github.com/NixOS/nixpkgs/issues/94236
|
||||
torify = mkOption {
|
||||
readOnly = true;
|
||||
default = pkgs.writeScriptBin "torify" ''
|
||||
${pkgs.tor}/bin/torify \
|
||||
--address ${head (splitString ":" config.services.tor.client.socksListenAddress)} \
|
||||
--address ${config.services.tor.client.socksListenAddress.addr} \
|
||||
"$@"
|
||||
'';
|
||||
};
|
||||
|
@ -97,8 +97,13 @@ in {
|
||||
# Base infrastructure
|
||||
{
|
||||
networking.dhcpcd.denyInterfaces = [ "nb-br" "nb-veth*" ];
|
||||
services.tor.client.socksListenAddress = "${bridgeIp}:9050";
|
||||
networking.firewall.interfaces.nb-br.allowedTCPPorts = [ 9050 ];
|
||||
services.tor.client.socksListenAddress = {
|
||||
addr = bridgeIp;
|
||||
# Default NixOS values. These must be repeated when redefining this option.
|
||||
port = 9050;
|
||||
IsolateDestAddr = true;
|
||||
};
|
||||
networking.firewall.interfaces.nb-br.allowedTCPPorts = [ config.services.tor.client.socksListenAddress.port ];
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
|
||||
|
||||
security.wrappers.netns-exec = {
|
||||
|
@ -95,12 +95,12 @@ let
|
||||
'';
|
||||
|
||||
mkIfOnionPort = name: fn:
|
||||
if hiddenServices ? ${name} then
|
||||
fn (toString (builtins.elemAt hiddenServices.${name}.map 0).port)
|
||||
if onionServices ? ${name} then
|
||||
fn (toString (builtins.elemAt onionServices.${name}.map 0).port)
|
||||
else
|
||||
"";
|
||||
|
||||
inherit (config.services.tor) hiddenServices;
|
||||
inherit (config.services.tor.relay) onionServices;
|
||||
in {
|
||||
options = {
|
||||
nix-bitcoin.nodeinfo = {
|
||||
|
@ -57,14 +57,14 @@ in {
|
||||
# Define hidden services
|
||||
services.tor = {
|
||||
enable = true;
|
||||
hiddenServices = genAttrs activeServices (name:
|
||||
relay.onionServices = genAttrs activeServices (name:
|
||||
let
|
||||
service = config.services.${name};
|
||||
inherit (cfg.${name}) externalPort;
|
||||
in nbLib.mkHiddenService {
|
||||
in nbLib.mkOnionService {
|
||||
port = if externalPort != null then externalPort else service.port;
|
||||
toPort = service.port;
|
||||
toHost = if service.address == "0.0.0.0" then "127.0.0.1" else service.address;
|
||||
target.port = service.port;
|
||||
target.addr = if service.address == "0.0.0.0" then "127.0.0.1" else service.address;
|
||||
}
|
||||
);
|
||||
};
|
||||
|
@ -29,7 +29,7 @@ in {
|
||||
];
|
||||
|
||||
# sshd
|
||||
services.tor.hiddenServices.sshd = nbLib.mkHiddenService { port = 22; };
|
||||
services.tor.relay.onionServices.sshd = nbLib.mkOnionService { port = 22; };
|
||||
nix-bitcoin.onionAddresses.access.${operatorName} = [ "sshd" ];
|
||||
|
||||
services.bitcoind = {
|
||||
|
@ -11,7 +11,7 @@ let
|
||||
NAME=$1
|
||||
AMOUNT=$2
|
||||
echo Attempting to pay $AMOUNT sat to $NAME
|
||||
INVOICE=$(curl --socks5-hostname ${config.services.tor.client.socksListenAddress} -d "satoshi_amount=$AMOUNT&payment_method=ln&id=$NAME&type=profile" -X POST https://api.tallyco.in/v1/payment/request/ | jq -r '.lightning_pay_request') 2> /dev/null
|
||||
INVOICE=$(curl --socks5-hostname ${config.nix-bitcoin.torClientAddressWithPort} -d "satoshi_amount=$AMOUNT&payment_method=ln&id=$NAME&type=profile" -X POST https://api.tallyco.in/v1/payment/request/ | jq -r '.lightning_pay_request') 2> /dev/null
|
||||
if [ -z "$INVOICE" ] || [ "$INVOICE" = "null" ]; then
|
||||
echo "ERROR: did not get invoice from tallycoin"
|
||||
return
|
||||
|
@ -8,7 +8,7 @@ let
|
||||
|
||||
# Use wasabi rate provider because the default (bitstamp) doesn't accept
|
||||
# connections through Tor
|
||||
torRateProvider = "--rate-provider wasabi --proxy socks5h://${config.services.tor.client.socksListenAddress}";
|
||||
torRateProvider = "--rate-provider wasabi --proxy socks5h://${config.nix-bitcoin.torClientAddressWithPort}";
|
||||
startScript = ''
|
||||
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||
publicURL="--public-url http://$(${cfg.getPublicAddressCmd})"
|
||||
|
@ -80,7 +80,7 @@ let self = {
|
||||
default = "exec";
|
||||
};
|
||||
|
||||
mkHiddenService = map: {
|
||||
mkOnionService = map: {
|
||||
map = [ map ];
|
||||
version = 3;
|
||||
};
|
||||
|
Loading…
Reference in New Issue
Block a user