add presets/bitcoind-remote.nix

This simplifies integrating a remote bitcoind instance and
makes `bitcoin-cli` work with the remote node.

Add note regarding `whitelistedPort` to docs.
This commit is contained in:
Erik Arvstedt 2021-12-07 15:28:12 +01:00
parent 5915a34891
commit 6b539627ee
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 44 additions and 2 deletions

View File

@ -181,9 +181,26 @@ Some services require extra steps:
Use a bitcoind instance running on another node within a nix-bitcoin config. Use a bitcoind instance running on another node within a nix-bitcoin config.
```nix ```nix
imports = [ <nix-bitcoin/modules/presets/bitcoind-remote.nix> ];
services.bitcoind = { services.bitcoind = {
enable = true;
# Address of the other node # Address of the other node
address = "10.10.0.2"; address = "10.10.0.2";
rpc.address = "10.10.0.2";
# Some nix-bitcoin services require whitelisted bitcoind p2p connections
# to work reliably.
# Search for `whitelistedPort` in this repo to see the affected services.
# If you're using one of these services, either add a whitelisted p2p port
# on your remote node via `whitebind` and set it here:
whitelistedPort = <remote whitebind RPC port>;
#
# Or use the default p2p port and add `whitelist=<address of this node>` to
# your remote bitcoind config:
whitelistedPort = config.services.bitcoind.port;
rpc.users = let rpc.users = let
# The fully privileged bitcoind RPC username of the other node # The fully privileged bitcoind RPC username of the other node
name = "myrpcuser"; name = "myrpcuser";
@ -196,8 +213,6 @@ services.bitcoind = {
# joinmarket-ob-watcher.name = name; # joinmarket-ob-watcher.name = name;
}; };
}; };
# Disable the local bitcoind service
systemd.services.bitcoind.wantedBy = mkForce [];
``` ```
Now save the password of the RPC user to the following files on your nix-bitcoin node: Now save the password of the RPC user to the following files on your nix-bitcoin node:
@ -211,6 +226,8 @@ $secretsDir/bitcoin-rpcpassword-public
``` ```
See: [Secrets dir](#secrets-dir) See: [Secrets dir](#secrets-dir)
Restart `bitcoind` after updating the secrets: `systemctl restart bitcoind`.
# Temporarily disable a service # Temporarily disable a service
Sometimes you might want to disable a service without removing the service user and Sometimes you might want to disable a service without removing the service user and

View File

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.bitcoind;
secretsDir = config.nix-bitcoin.secretsDir;
in {
services.bitcoind = {
# Make the local bitcoin-cli work with the remote node
extraConfig = ''
rpcuser=${cfg.rpc.users.privileged.name}
'';
};
systemd.services.bitcoind = {
preStart = lib.mkAfter ''
echo "rpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-privileged)" >> '${cfg.dataDir}'/bitcoin.conf
'';
postStart = lib.mkForce "";
serviceConfig = {
Type = lib.mkForce "oneshot";
ExecStart = lib.mkForce "${pkgs.coreutils}/bin/true";
RemainAfterExit = true;
};
};
}