From 21f946265102756c922e09d831c8681722554cf0 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sat, 1 Dec 2018 16:36:07 +0000 Subject: [PATCH] Add lightning charge module --- generate_secrets.sh | 11 ++++--- modules/lightning-charge.nix | 56 ++++++++++++++++++++++++++++++++++++ modules/nixbitcoin.nix | 5 +++- network-vbox.nix | 6 ++++ 4 files changed, 73 insertions(+), 5 deletions(-) create mode 100644 modules/lightning-charge.nix diff --git a/generate_secrets.sh b/generate_secrets.sh index dce6e40..5cf6eec 100755 --- a/generate_secrets.sh +++ b/generate_secrets.sh @@ -9,8 +9,11 @@ fi echo Installing apg through nix-env nix-env -i apg -echo Creating bitcoin RPC password -echo \{ >> $SECRETSFILE -echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" >> $SECRETSFILE -echo \} >> $SECRETSFILE +echo Write secrets to $SECRETSFILE +{ + echo \{ + echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" + echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" + echo \} +} >> $SECRETSFILE echo Done diff --git a/modules/lightning-charge.nix b/modules/lightning-charge.nix new file mode 100644 index 0000000..884983a --- /dev/null +++ b/modules/lightning-charge.nix @@ -0,0 +1,56 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.lightning-charge; +in { + options.services.lightning-charge = { + enable = mkOption { + type = types.bool; + default = false; + description = '' + If enabled, the lightning-charge service will be installed. + ''; + }; + clightning-datadir = mkOption { + type = types.string; + default = "/var/lib/clighting/"; + description = '' + Data directory of the clightning service + ''; + }; + }; + + config = mkIf cfg.enable { + users.users.lightning-charge = + { + description = "lightning-charge User"; + group = "lightning-charge"; + extraGroups = [ "keys" ]; + }; + users.groups.lightning-charge = { + name = "lightning-charge"; + }; + + systemd.services.lightning-charge = + { description = "Run lightning-charge"; + wantedBy = [ "multi-user.target" ]; + requires = [ "clightning.service" ]; + after = [ "clightning.service" ]; + serviceConfig = + { + EnvironmentFile = "/secrets/lightning-charge-api-token"; + ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db"; + + User = "clightning"; + Restart = "on-failure"; + RestartSec = "10s"; + PrivateTmp = "true"; + ProtectSystem = "full"; + NoNewPrivileges = "true"; + PrivateDevices = "true"; + }; + }; + }; +} diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix index 57640d2..b25ef82 100644 --- a/modules/nixbitcoin.nix +++ b/modules/nixbitcoin.nix @@ -7,9 +7,10 @@ let in { imports = [ - ./bitcoind.nix ./tor.nix + ./bitcoind.nix ./clightning.nix + ./lightning-charge.nix ]; options.services.nixbitcoin = { @@ -53,6 +54,8 @@ in { services.clightning.enable = true; services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser; + services.lightning-charge.enable = true; + # nodeinfo systemd.services.nodeinfo = { description = "Get node info"; diff --git a/network-vbox.nix b/network-vbox.nix index ba1b5fb..62f4e2a 100644 --- a/network-vbox.nix +++ b/network-vbox.nix @@ -14,5 +14,11 @@ in deployment.keys.bitcoin-rpcpassword.user = "bitcoin"; deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc"; deployment.keys.bitcoin-rpcpassword.permissions = "0440"; + + deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token; + deployment.keys.lightning-charge-api-token.destDir = "/secrets/"; + deployment.keys.lightning-charge-api-token.user = "clightning"; + deployment.keys.lightning-charge-api-token.group = "clightning"; + deployment.keys.lightning-charge-api-token.permissions = "0440"; }; }