greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bitcoind: one-option i2p support

Browse Source
This commit is contained in:
nixbitcoin 2021-10-10 13:14:38 +00:00
parent 06a971dfa9
commit 63836127c9
No known key found for this signature in database
GPG Key ID: B6044ECBA2DAE5D0
2 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
modules/bitcoind.nix
View File

@ -129,6 +129,14 @@ let
default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null; default = if cfg.enforceTor then config.nix-bitcoin.torClientAddressWithPort else null;
description = "Connect through SOCKS5 proxy"; description = "Connect through SOCKS5 proxy";
}; };
i2p = mkOption {
type = types.enum [ false true "only-outgoing" ];
default = false;
description = ''
Enable peer connections via i2p.
With `only-outgoing`, incoming i2p connections are disabled.
'';
};
listen = mkOption { listen = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -236,6 +244,8 @@ let
nbLib = config.nix-bitcoin.lib; nbLib = config.nix-bitcoin.lib;
secretsDir = config.nix-bitcoin.secretsDir; secretsDir = config.nix-bitcoin.secretsDir;
i2pSAM = config.services.i2pd.proto.sam;
configFile = builtins.toFile "bitcoin.conf" '' configFile = builtins.toFile "bitcoin.conf" ''
# We're already logging via journald # We're already logging via journald
nodebuglogfile=1 nodebuglogfile=1
@ -256,6 +266,9 @@ let
${optionalString cfg.listen "bind=${cfg.address}"} ${optionalString cfg.listen "bind=${cfg.address}"}
port=${toString cfg.port} port=${toString cfg.port}
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"}
${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"}
listen=${if cfg.listen then "1" else "0"} listen=${if cfg.listen then "1" else "0"}
${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"} ${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"}
${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes} ${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes}
@ -308,6 +321,11 @@ in {
} }
]; ];
services.i2pd = mkIf (cfg.i2p != false) {
enable = true;
proto.sam.enable = true;
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -" "d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -"

6
modules/netns-isolation.nix
View File

@ -110,7 +110,11 @@ in {
port = 9050; port = 9050;
IsolateDestAddr = true; IsolateDestAddr = true;
}; };
networking.firewall.interfaces.nb-br.allowedTCPPorts = [ config.services.tor.client.socksListenAddress.port ]; services.i2pd.proto.sam.address = bridgeIp;
networking.firewall.interfaces.nb-br.allowedTCPPorts = [
config.services.tor.client.socksListenAddress.port
config.services.i2pd.proto.sam.port
];
boot.kernel.sysctl."net.ipv4.ip_forward" = true; boot.kernel.sysctl."net.ipv4.ip_forward" = true;
security.wrappers.netns-exec = { security.wrappers.netns-exec = {