electrs: remove TLSProxy
https://github.com/spesmilo/electrum/issues/5278 was resolved
This commit is contained in:
parent
6856b8cb42
commit
4dbc348921
@ -63,7 +63,7 @@ Connect to electrs
|
||||
### Requirements Android
|
||||
* Android phone
|
||||
* [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en)
|
||||
* [Electrum mobile app](https://electrum.org/#home) installed from [direct download](https://electrum.org/#download) or [Google Play](https://play.google.com/store/apps/details?id=org.electrum.electrum)
|
||||
* [Electrum mobile app](https://electrum.org/#home) 4.0.1 and newer installed from [direct download](https://electrum.org/#download) or [Google Play](https://play.google.com/store/apps/details?id=org.electrum.electrum)
|
||||
|
||||
### Requirements Desktop
|
||||
* [Tor](https://www.torproject.org/) installed from [source](https://www.torproject.org/docs/tor-doc-unix.html.en) or [repository](https://www.torproject.org/docs/debian.html.en)
|
||||
@ -94,22 +94,20 @@ Connect to electrs
|
||||
|
||||
4. Connect to electrs
|
||||
|
||||
On electrum wallet laptop
|
||||
Make sure Tor is running on Desktop or as Orbot on Android.
|
||||
|
||||
On Desktop
|
||||
```
|
||||
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
|
||||
electrum --oneserver -1 -s "<ELECTRS_ONION>:50001:t" -p socks5:localhost:9050
|
||||
```
|
||||
|
||||
On electrum android phone
|
||||
On Android
|
||||
```
|
||||
Three dots in the upper-right-hand corner
|
||||
Network
|
||||
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
||||
Ok
|
||||
Server
|
||||
Host: <ELECTRS_ONION>, Port: 50002
|
||||
Ok
|
||||
Auto-connect: OFF
|
||||
One-server mode: ON
|
||||
Network > Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
||||
Network > Auto-connect: OFF
|
||||
Network > One-server mode: ON
|
||||
Network > Server: <ELECTRS_ONION>:50001:t
|
||||
```
|
||||
|
||||
Connect to nix-bitcoin node through ssh Tor Hidden Service
|
||||
|
@ -6,10 +6,6 @@ let
|
||||
inherit (config) nix-bitcoin-services;
|
||||
secretsDir = config.nix-bitcoin.secretsDir;
|
||||
in {
|
||||
imports = [
|
||||
(mkRenamedOptionModule [ "services" "electrs" "nginxport" ] [ "services" "electrs" "TLSProxy" "port" ])
|
||||
];
|
||||
|
||||
options.services.electrs = {
|
||||
enable = mkEnableOption "electrs";
|
||||
dataDir = mkOption {
|
||||
@ -17,14 +13,6 @@ in {
|
||||
default = "/var/lib/electrs";
|
||||
description = "The data directory for electrs.";
|
||||
};
|
||||
# Needed until electrs tls proxy is removed
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = ''
|
||||
The host on which incoming connections arrive.
|
||||
'';
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "electrs";
|
||||
@ -64,18 +52,10 @@ in {
|
||||
default = "";
|
||||
description = "Extra command line arguments passed to electrs.";
|
||||
};
|
||||
TLSProxy = {
|
||||
enable = mkEnableOption "Nginx TLS proxy";
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 50003;
|
||||
description = "Port on which to listen for TLS client connections.";
|
||||
};
|
||||
};
|
||||
enforceTor = nix-bitcoin-services.enforceTor;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable (mkMerge [{
|
||||
config = mkIf cfg.enable {
|
||||
assertions = [
|
||||
{ assertion = config.services.bitcoind.prune == 0;
|
||||
message = "electrs does not support bitcoind pruning.";
|
||||
@ -132,53 +112,5 @@ in {
|
||||
extraGroups = [ "bitcoinrpc" ] ++ optionals cfg.high-memory [ "bitcoin" ];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
}
|
||||
|
||||
(mkIf cfg.TLSProxy.enable {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
appendConfig = let
|
||||
address =
|
||||
if cfg.address == "0.0.0.0" then
|
||||
"127.0.0.1"
|
||||
else if cfg.address == "::" then
|
||||
"::1"
|
||||
else
|
||||
cfg.address;
|
||||
in ''
|
||||
stream {
|
||||
upstream electrs {
|
||||
server ${address}:${toString cfg.port};
|
||||
}
|
||||
|
||||
server {
|
||||
listen ${toString cfg.TLSProxy.port} ssl;
|
||||
proxy_pass electrs;
|
||||
|
||||
ssl_certificate ${secretsDir}/nginx-cert;
|
||||
ssl_certificate_key ${secretsDir}/nginx-key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 4h;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
systemd.services = {
|
||||
electrs.wants = [ "nginx.service" ];
|
||||
nginx = {
|
||||
requires = [ "nix-bitcoin-secrets.target" ];
|
||||
after = [ "nix-bitcoin-secrets.target" ];
|
||||
};
|
||||
};
|
||||
nix-bitcoin.secrets = rec {
|
||||
nginx-key = {
|
||||
user = "nginx";
|
||||
group = "root";
|
||||
};
|
||||
nginx-cert = nginx-key;
|
||||
};
|
||||
})
|
||||
]);
|
||||
}
|
||||
|
@ -102,8 +102,7 @@ in {
|
||||
};
|
||||
electrs = {
|
||||
id = 16;
|
||||
connections = [ "bitcoind" ]
|
||||
++ ( optionals config.services.electrs.TLSProxy.enable [ "nginx" ]);
|
||||
connections = [ "bitcoind" ];
|
||||
};
|
||||
spark-wallet = {
|
||||
id = 17;
|
||||
@ -270,7 +269,6 @@ in {
|
||||
|
||||
# electrs: Custom netns configs
|
||||
services.electrs = mkIf config.services.electrs.enable {
|
||||
host = if config.services.electrs.TLSProxy.enable then netns.nginx.address else netns.electrs.address;
|
||||
address = netns.electrs.address;
|
||||
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
|
||||
};
|
||||
|
@ -29,11 +29,6 @@ in {
|
||||
default = 9735;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
services.electrs.onionport = mkOption {
|
||||
type = types.port;
|
||||
default = 50002;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
nix-bitcoin.operatorName = mkOption {
|
||||
type = types.str;
|
||||
default = "operator";
|
||||
@ -113,14 +108,8 @@ in {
|
||||
services.electrs = {
|
||||
port = 50001;
|
||||
enforceTor = true;
|
||||
TLSProxy.enable = true;
|
||||
TLSProxy.port = 50003;
|
||||
};
|
||||
services.tor.hiddenServices.electrs = mkIf cfg.electrs.enable (mkHiddenService {
|
||||
port = cfg.electrs.onionport;
|
||||
toPort = if cfg.electrs.TLSProxy.enable then cfg.electrs.TLSProxy.port else cfg.electrs.port;
|
||||
toHost = cfg.electrs.host;
|
||||
});
|
||||
services.tor.hiddenServices.electrs = mkHiddenService { port = cfg.electrs.port; toHost = cfg.electrs.address; };
|
||||
|
||||
services.spark-wallet = {
|
||||
onion-service = true;
|
||||
|
@ -16,13 +16,6 @@ makePasswordSecret spark-wallet-password
|
||||
[[ -e nanopos-env ]] || echo "CHARGE_TOKEN=$(cat lightning-charge-token)" > nanopos-env
|
||||
[[ -e spark-wallet-login ]] || echo "login=spark-wallet:$(cat spark-wallet-password)" > spark-wallet-login
|
||||
|
||||
if [[ ! -e nginx-key || ! -e nginx-cert ]]; then
|
||||
openssl genrsa -out nginx-key 2048
|
||||
openssl req -new -key nginx-key -out nginx.csr -subj '/CN=localhost/O=electrs'
|
||||
openssl x509 -req -days 1825 -in nginx.csr -signkey nginx-key -out nginx-cert
|
||||
rm nginx.csr
|
||||
fi
|
||||
|
||||
if [[ ! -e lnd-key || ! -e lnd-cert ]]; then
|
||||
openssl ecparam -genkey -name prime256v1 -out lnd-key
|
||||
openssl req -config $opensslConf -new -sha256 -key lnd-key -out lnd.csr -subj '/CN=localhost/O=lnd'
|
||||
|
@ -40,8 +40,6 @@ extractPassword liquidrpcpassword liquid-rpcpassword
|
||||
extractPassword lightning-charge-api-token lightning-charge-token
|
||||
extractPassword spark-wallet-password
|
||||
|
||||
rename nginx.key nginx-key
|
||||
rename nginx.cert nginx-cert
|
||||
rename lnd.key lnd-key
|
||||
rename lnd.cert lnd-cert
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user