clightning: use onionServices for address announcing
This commit is contained in:
parent
bd2a46cb73
commit
3980cd5a41
@ -37,11 +37,12 @@
|
|||||||
# Enable this module to use clightning, a Lightning Network implementation
|
# Enable this module to use clightning, a Lightning Network implementation
|
||||||
# in C.
|
# in C.
|
||||||
services.clightning.enable = true;
|
services.clightning.enable = true;
|
||||||
# == TOR
|
#
|
||||||
# Enable this option to announce our Tor Hidden Service. By default clightning
|
# Set this to create an onion service by which clightning can accept incoming connections
|
||||||
# offers outgoing functionality, but doesn't announce the Tor Hidden Service
|
# via Tor.
|
||||||
# under which peers can reach us.
|
# The onion service is automatically announced to peers.
|
||||||
# services.clightning.announce-tor = true;
|
# nix-bitcoin.onionServices.clightning.public = true;
|
||||||
|
#
|
||||||
# == Plugins
|
# == Plugins
|
||||||
# See ../docs/usage.md for the list of available plugins.
|
# See ../docs/usage.md for the list of available plugins.
|
||||||
# services.clightning.plugins.prometheus.enable = true;
|
# services.clightning.plugins.prometheus.enable = true;
|
||||||
|
@ -6,7 +6,6 @@ let
|
|||||||
cfg = config.services.clightning;
|
cfg = config.services.clightning;
|
||||||
inherit (config) nix-bitcoin-services;
|
inherit (config) nix-bitcoin-services;
|
||||||
nbPkgs = config.nix-bitcoin.pkgs;
|
nbPkgs = config.nix-bitcoin.pkgs;
|
||||||
onionAddressesService = (if cfg.announce-tor then [ "onion-addresses.service" ] else []);
|
|
||||||
network = config.services.bitcoind.makeNetworkName "bitcoin" "regtest";
|
network = config.services.bitcoind.makeNetworkName "bitcoin" "regtest";
|
||||||
configFile = pkgs.writeText "config" ''
|
configFile = pkgs.writeText "config" ''
|
||||||
network=${network}
|
network=${network}
|
||||||
@ -51,11 +50,6 @@ in {
|
|||||||
Always use the *proxy*, even to connect to normal IP addresses (you can still connect to Unix domain sockets manually). This also disables all DNS lookups, to avoid leaking information.
|
Always use the *proxy*, even to connect to normal IP addresses (you can still connect to Unix domain sockets manually). This also disables all DNS lookups, to avoid leaking information.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
announce-tor = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Announce clightning Tor Hidden Service";
|
|
||||||
};
|
|
||||||
dataDir = mkOption {
|
dataDir = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = "/var/lib/clightning";
|
default = "/var/lib/clightning";
|
||||||
@ -89,7 +83,15 @@ in {
|
|||||||
'';
|
'';
|
||||||
description = "Binary to connect with the clightning instance.";
|
description = "Binary to connect with the clightning instance.";
|
||||||
};
|
};
|
||||||
enforceTor = nix-bitcoin-services.enforceTor;
|
getPublicAddressCmd = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Bash expression which outputs the public service address to announce to peers.
|
||||||
|
If left empty, no address is announced.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
inherit (nix-bitcoin-services) enforceTor;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
@ -108,21 +110,25 @@ in {
|
|||||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
];
|
];
|
||||||
|
|
||||||
nix-bitcoin.onionAddresses.access.clightning = if cfg.announce-tor then [ "clightning" ] else [];
|
|
||||||
systemd.services.clightning = {
|
systemd.services.clightning = {
|
||||||
description = "Run clightningd";
|
description = "Run clightningd";
|
||||||
path = [ nbPkgs.bitcoind ];
|
path = [ nbPkgs.bitcoind ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "bitcoind.service" ] ++ onionAddressesService;
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ] ++ onionAddressesService;
|
after = [ "bitcoind.service" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
cp ${configFile} ${cfg.dataDir}/config
|
cp ${configFile} ${cfg.dataDir}/config
|
||||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
||||||
# The RPC socket has to be removed otherwise we might have stale sockets
|
# The RPC socket has to be removed otherwise we might have stale sockets
|
||||||
rm -f ${cfg.networkDir}/lightning-rpc
|
rm -f ${cfg.networkDir}/lightning-rpc
|
||||||
chmod 640 ${cfg.dataDir}/config
|
chmod 640 ${cfg.dataDir}/config
|
||||||
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" >> '${cfg.dataDir}/config'
|
{
|
||||||
${optionalString cfg.announce-tor "echo announce-addr=$(cat /var/lib/onion-addresses/clightning/clightning) >> '${cfg.dataDir}/config'"}
|
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)"
|
||||||
|
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||||
|
echo "announce-addr=$(${cfg.getPublicAddressCmd})"
|
||||||
|
''}
|
||||||
|
} >> '${cfg.dataDir}/config'
|
||||||
|
|
||||||
'';
|
'';
|
||||||
serviceConfig = nix-bitcoin-services.defaultHardening // {
|
serviceConfig = nix-bitcoin-services.defaultHardening // {
|
||||||
ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
|
ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
|
||||||
|
Loading…
Reference in New Issue
Block a user