From 63836127c9f1e022eb5a90873d75d871e5b829c6 Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Sun, 10 Oct 2021 13:14:38 +0000
Subject: [PATCH] bitcoind: one-option i2p support

---
 modules/bitcoind.nix        | 18 ++++++++++++++++++
 modules/netns-isolation.nix |  6 +++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index d2f3769..401ad3d 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -129,6 +129,14 @@ let
         default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
         description = "Connect through SOCKS5 proxy";
       };
+      i2p = mkOption {
+        type = types.enum [ false true "only-outgoing" ];
+        default = false;
+        description = ''
+          Enable peer connections via i2p.
+          With `only-outgoing`, incoming i2p connections are disabled.
+        '';
+      };
       listen = mkOption {
         type = types.bool;
         default = false;
@@ -236,6 +244,8 @@ let
   nbLib = config.nix-bitcoin.lib;
   secretsDir = config.nix-bitcoin.secretsDir;
 
+  i2pSAM = config.services.i2pd.proto.sam;
+
   configFile = builtins.toFile "bitcoin.conf" ''
     # We're already logging via journald
     nodebuglogfile=1
@@ -256,6 +266,9 @@ let
     ${optionalString cfg.listen "bind=${cfg.address}"}
     port=${toString cfg.port}
     ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
+    ${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"}
+    ${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"}
+
     listen=${if cfg.listen then "1" else "0"}
     ${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"}
     ${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes}
@@ -308,6 +321,11 @@ in {
       }
     ];
 
+    services.i2pd = mkIf (cfg.i2p != false) {
+      enable = true;
+      proto.sam.enable = true;
+    };
+
     systemd.tmpfiles.rules = [
       "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
       "d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -"
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index d0dca07..dfa44d8 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -110,7 +110,11 @@ in {
       port = 9050;
       IsolateDestAddr = true;
     };
-    networking.firewall.interfaces.nb-br.allowedTCPPorts = [ config.services.tor.client.socksListenAddress.port ];
+    services.i2pd.proto.sam.address = bridgeIp;
+    networking.firewall.interfaces.nb-br.allowedTCPPorts = [
+      config.services.tor.client.socksListenAddress.port
+      config.services.i2pd.proto.sam.port
+    ];
     boot.kernel.sysctl."net.ipv4.ip_forward" = true;
 
     security.wrappers.netns-exec = {