From 3197338d8138b490f5bdbea72cd6dcd26de8772a Mon Sep 17 00:00:00 2001 From: neverupdate Date: Sat, 27 Aug 2022 01:14:52 -0300 Subject: [PATCH 1/9] trustedcoin: add pkg --- pkgs/default.nix | 1 + pkgs/trustedcoin/default.nix | 23 +++++++++++++++++++++++ pkgs/trustedcoin/get-sha256.sh | 20 ++++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 pkgs/trustedcoin/default.nix create mode 100755 pkgs/trustedcoin/get-sha256.sh diff --git a/pkgs/default.nix b/pkgs/default.nix index ed7bc41..c57cfdc 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -20,6 +20,7 @@ let self = { # The secp256k1 version used by joinmarket secp256k1 = pkgs.callPackage ./secp256k1 { }; spark-wallet = pkgs.callPackage ./spark-wallet { }; + trustedcoin = pkgs.callPackage ./trustedcoin { }; pyPkgs = import ./python-packages self pkgs.python3; inherit (self.pyPkgs) diff --git a/pkgs/trustedcoin/default.nix b/pkgs/trustedcoin/default.nix new file mode 100644 index 0000000..4b4cb64 --- /dev/null +++ b/pkgs/trustedcoin/default.nix @@ -0,0 +1,23 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "trustedcoin"; + version = "0.5.2"; + src = fetchFromGitHub { + owner = "nbd-wtf"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-s8zgY+TDABK96BehY+SVl86wCMd+e8BKdxw0kGV1jAI="; + }; + + vendorSha256 = "sha256-wpK5SW9nOMO/e4DoEk8LRxLykxYt06LoBBxjeEujOiU="; + + subPackages = [ "." ]; + + meta = with lib; { + description = "Light bitcoin node implementation"; + homepage = "https://github.com/nbd-wtf/trustedcoin"; + maintainers = with maintainers; [ seberm fort-nix ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/trustedcoin/get-sha256.sh b/pkgs/trustedcoin/get-sha256.sh new file mode 100755 index 0000000..212b671 --- /dev/null +++ b/pkgs/trustedcoin/get-sha256.sh @@ -0,0 +1,20 @@ +#! /usr/bin/env nix-shell +#! nix-shell -i bash -p git gnupg curl jq +set -euo pipefail + + +TMPDIR="$(mktemp -d -p /tmp)" +trap 'rm -rf $TMPDIR' EXIT +cd "$TMPDIR" + +echo "Fetching latest release" +repo='nbd-wtf/trustedcoin' +latest=$(curl --location --silent --show-error https://api.github.com/repos/${repo}/releases/latest | jq -r .tag_name) +echo "Latest release is $latest" +git clone --depth 1 --branch "$latest" "https://github.com/${repo}" 2>/dev/null +cd trustedcoin + +echo "tag: $latest" +git checkout -q "tags/$latest" +rm -rf .git +nix --extra-experimental-features nix-command hash path . From 35fc3a2b44d00d016719fea81030c6733c5e3079 Mon Sep 17 00:00:00 2001 From: neverupdate Date: Sat, 27 Aug 2022 01:15:06 -0300 Subject: [PATCH 2/9] trustedcoin: add module --- modules/clightning-plugins/trustedcoin.nix | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 modules/clightning-plugins/trustedcoin.nix diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix new file mode 100644 index 0000000..7d057c8 --- /dev/null +++ b/modules/clightning-plugins/trustedcoin.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +with lib; +let cfg = config.services.clightning.plugins.trustedcoin; in +{ + options.services.clightning.plugins.trustedcoin = { + enable = mkEnableOption "Trustedcoin (clightning plugin)"; + package = mkOption { + type = types.package; + default = config.nix-bitcoin.pkgs.trustedcoin; + defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; + description = "The package providing trustedcoin binaries."; + }; + }; + + config = mkIf cfg.enable { + services.clightning.extraConfig = '' + plugin=${cfg.package}/bin/trustedcoin + ''; + }; +} From c747ddbf324ba52337f8c83f6ee67ee55d110cc1 Mon Sep 17 00:00:00 2001 From: neverupdate Date: Sat, 27 Aug 2022 01:15:11 -0300 Subject: [PATCH 3/9] readme: reference trustedcoin source --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 0c5f2d8..1e7150a 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,7 @@ NixOS modules ([src](modules/modules.nix)) * [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced * [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status + * [trustedcoin](https://github.com/nbd-wtf/trustedcoin): replaces bitcoind with trusted public explorers * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints * [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md) From 3d26f72b7f99ef9973560d1de7fba675199a2a31 Mon Sep 17 00:00:00 2001 From: neverupdate Date: Sat, 27 Aug 2022 01:15:22 -0300 Subject: [PATCH 4/9] clightning-plugins: add trustedcoin --- modules/clightning-plugins/default.nix | 1 + modules/clightning-plugins/trustedcoin.nix | 6 +++++- modules/clightning.nix | 14 +++++++++++++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/modules/clightning-plugins/default.nix b/modules/clightning-plugins/default.nix index 8669860..6dd61c7 100644 --- a/modules/clightning-plugins/default.nix +++ b/modules/clightning-plugins/default.nix @@ -17,6 +17,7 @@ in { ./feeadjuster.nix ./prometheus.nix ./summary.nix + ./trustedcoin.nix ./zmq.nix ]; diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix index 7d057c8..9066a52 100644 --- a/modules/clightning-plugins/trustedcoin.nix +++ b/modules/clightning-plugins/trustedcoin.nix @@ -9,7 +9,11 @@ let cfg = config.services.clightning.plugins.trustedcoin; in type = types.package; default = config.nix-bitcoin.pkgs.trustedcoin; defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; - description = "The package providing trustedcoin binaries."; + description = '' + The package providing trustedcoin binaries. Trustedcoin will try to + use a bitcoind as a trusted source for getting block data. If this + fails, it will use a trustedcoin providers instead. + ''; }; }; diff --git a/modules/clightning.nix b/modules/clightning.nix index 7c552be..c30f31d 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -30,6 +30,15 @@ let This also disables all DNS lookups, to avoid leaking address information. ''; }; + useBcli = mkOption { + type = types.bool; + default = true; + description = '' + If clightning should use the bitcoind as a main source for getting + on-chain block data. Disable this to use a trustedcoin provider (the + trustedcoin plugin will be automatically enabled). + ''; + }; dataDir = mkOption { type = types.path; default = "/var/lib/clightning"; @@ -107,13 +116,16 @@ let network = bitcoind.makeNetworkName "bitcoin" "regtest"; configFile = pkgs.writeText "config" '' network=${network} - bitcoin-datadir=${bitcoind.dataDir} + ${optionalString (!cfg.useBcli) "disable-plugin=bcli"} + ${optionalString (cfg.useBcli) "bitcoin-datadir=${bitcoind.dataDir}"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} always-use-proxy=${boolToString cfg.always-use-proxy} bind-addr=${cfg.address}:${toString cfg.port} + bitcoin-rpcconnect=${nbLib.address bitcoind.rpc.address} bitcoin-rpcport=${toString bitcoind.rpc.port} bitcoin-rpcuser=${bitcoind.rpc.users.public.name} + rpc-file-mode=0660 log-timestamps=false ${optionalString (cfg.wallet != null) "wallet=${cfg.wallet}"} From 5b5e76931dd986db686938b58d1c0bbf7c337995 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Fri, 3 Mar 2023 21:00:00 +0100 Subject: [PATCH 5/9] trustedcoin: fix shellcheck --- modules/clightning-plugins/trustedcoin.nix | 2 +- modules/clightning.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix index 9066a52..6199c61 100644 --- a/modules/clightning-plugins/trustedcoin.nix +++ b/modules/clightning-plugins/trustedcoin.nix @@ -9,7 +9,7 @@ let cfg = config.services.clightning.plugins.trustedcoin; in type = types.package; default = config.nix-bitcoin.pkgs.trustedcoin; defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; - description = '' + description = mdDoc '' The package providing trustedcoin binaries. Trustedcoin will try to use a bitcoind as a trusted source for getting block data. If this fails, it will use a trustedcoin providers instead. diff --git a/modules/clightning.nix b/modules/clightning.nix index c30f31d..bf9b098 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -33,7 +33,7 @@ let useBcli = mkOption { type = types.bool; default = true; - description = '' + description = mdDoc '' If clightning should use the bitcoind as a main source for getting on-chain block data. Disable this to use a trustedcoin provider (the trustedcoin plugin will be automatically enabled). From 8c00c26fa1a11044cef8268acb592b80d9e3ffa7 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Fri, 3 Mar 2023 21:00:00 +0100 Subject: [PATCH 6/9] trustedcoin: update to v0.6.1 --- modules/clightning-plugins/trustedcoin.nix | 7 ++----- modules/clightning.nix | 13 ++----------- pkgs/trustedcoin/default.nix | 6 +++--- 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix index 6199c61..a4f330a 100644 --- a/modules/clightning-plugins/trustedcoin.nix +++ b/modules/clightning-plugins/trustedcoin.nix @@ -9,17 +9,14 @@ let cfg = config.services.clightning.plugins.trustedcoin; in type = types.package; default = config.nix-bitcoin.pkgs.trustedcoin; defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; - description = mdDoc '' - The package providing trustedcoin binaries. Trustedcoin will try to - use a bitcoind as a trusted source for getting block data. If this - fails, it will use a trustedcoin providers instead. - ''; + description = mdDoc "The package providing trustedcoin binaries."; }; }; config = mkIf cfg.enable { services.clightning.extraConfig = '' plugin=${cfg.package}/bin/trustedcoin + disable-plugin=bcli ''; }; } diff --git a/modules/clightning.nix b/modules/clightning.nix index bf9b098..cda95e4 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -30,15 +30,6 @@ let This also disables all DNS lookups, to avoid leaking address information. ''; }; - useBcli = mkOption { - type = types.bool; - default = true; - description = mdDoc '' - If clightning should use the bitcoind as a main source for getting - on-chain block data. Disable this to use a trustedcoin provider (the - trustedcoin plugin will be automatically enabled). - ''; - }; dataDir = mkOption { type = types.path; default = "/var/lib/clightning"; @@ -116,8 +107,7 @@ let network = bitcoind.makeNetworkName "bitcoin" "regtest"; configFile = pkgs.writeText "config" '' network=${network} - ${optionalString (!cfg.useBcli) "disable-plugin=bcli"} - ${optionalString (cfg.useBcli) "bitcoin-datadir=${bitcoind.dataDir}"} + ${optionalString (!cfg.plugins.trustedcoin.enable) "bitcoin-datadir=${bitcoind.dataDir}"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} always-use-proxy=${boolToString cfg.always-use-proxy} bind-addr=${cfg.address}:${toString cfg.port} @@ -173,6 +163,7 @@ in { { cat ${configFile} echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" + ${optionalString (cfg.getPublicAddressCmd != "") '' echo "announce-addr=$(${cfg.getPublicAddressCmd}):${toString publicPort}" ''} diff --git a/pkgs/trustedcoin/default.nix b/pkgs/trustedcoin/default.nix index 4b4cb64..47c93f6 100644 --- a/pkgs/trustedcoin/default.nix +++ b/pkgs/trustedcoin/default.nix @@ -2,15 +2,15 @@ buildGoModule rec { pname = "trustedcoin"; - version = "0.5.2"; + version = "0.6.1"; src = fetchFromGitHub { owner = "nbd-wtf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-s8zgY+TDABK96BehY+SVl86wCMd+e8BKdxw0kGV1jAI="; + sha256 = "sha256-UNQjxhAT0mK1In7vUtIoMoMNBV+0wkrwbDmm7m+0R3o="; }; - vendorSha256 = "sha256-wpK5SW9nOMO/e4DoEk8LRxLykxYt06LoBBxjeEujOiU="; + vendorSha256 = "sha256-xvkK9rMQlXTnNyOMd79qxVSvhgPobcBk9cq4/YWbupY="; subPackages = [ "." ]; From 4942130abef3e348208105cf171be72f35604c33 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Fri, 3 Mar 2023 21:00:00 +0100 Subject: [PATCH 7/9] tests: add tests for trustedcoin clightning plugin --- .cirrus.yml | 1 + test/tests.nix | 11 ++++++++++- test/tests.py | 12 ++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/.cirrus.yml b/.cirrus.yml index fbbf47e..2e3bf31 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -27,6 +27,7 @@ task: - scenario: default - scenario: netns - scenario: netnsRegtest + - scenario: trustedcoin # This script is run as root build_script: - echo "sandbox = true" >> /etc/nix/nix.conf diff --git a/test/tests.nix b/test/tests.nix index 2501ef6..ba4fa4c 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -45,7 +45,7 @@ let services.clightning.extraConfig = mkIf config.test.noConnections "disable-dns"; test.data.clightning-plugins = let plugins = config.services.clightning.plugins; - removed = [ "commando" ]; + removed = [ "commando" "trustedcoin" ]; enabled = builtins.filter (plugin: plugins.${plugin}.enable) (subtractLists removed (builtins.attrNames plugins)); nbPkgs = config.nix-bitcoin.pkgs; @@ -315,6 +315,15 @@ let services.lnd.enable = true; services.bitcoind.prune = 1000; }; + + # Test the special clightning setup where trustedcoin plugin is used + trustedcoin = { + tests.trustedcoin = true; + services.clightning = { + enable = true; + plugins.trustedcoin.enable = true; + }; + }; } // (import ../dev/dev-scenarios.nix { inherit lib scenarios; }); diff --git a/test/tests.py b/test/tests.py index 1959c7d..b9795dc 100644 --- a/test/tests.py +++ b/test/tests.py @@ -433,6 +433,18 @@ def _(): if enabled("btcpayserver"): machine.wait_until_succeeds(log_has_string("nbxplorer", f"At height: {num_blocks}")) +@test("trustedcoin") +def _(): + machine.wait_for_unit("bitcoind") + machine.wait_for_unit("clightning") + + # Let's check the trustedcoin plugin was correctly initialized + machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+initialized plugin")) + machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working")) + machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+tip: 0")) + machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+estimatefees error: none of the esploras returned usable responses")) + + if "netns-isolation" in enabled_tests: def ip(name): return test_data["netns"][name]["address"] From 67f2eb2feb7cd271a49349fc3385cb80a156254b Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Thu, 13 Apr 2023 21:00:00 +0200 Subject: [PATCH 8/9] trustedcoin: explicitly use the HTTPS_PROXY for external connections --- modules/clightning-plugins/trustedcoin.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix index a4f330a..624e92d 100644 --- a/modules/clightning-plugins/trustedcoin.nix +++ b/modules/clightning-plugins/trustedcoin.nix @@ -18,5 +18,11 @@ let cfg = config.services.clightning.plugins.trustedcoin; in plugin=${cfg.package}/bin/trustedcoin disable-plugin=bcli ''; + + # Trustedcoin does not honor the clightning's proxy configuration. + # Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19 + systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) { + HTTPS_PROXY = "socks5://${config.services.clightning.proxy}"; + }; }; } From a3c654768ca917a3e53a28116c30ba89d16f2838 Mon Sep 17 00:00:00 2001 From: Otto Sabart Date: Sat, 15 Apr 2023 21:00:00 +0200 Subject: [PATCH 9/9] docs: trustedcoin: add info about possible problems --- README.md | 2 +- docs/services.md | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e7150a..ba24157 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ NixOS modules ([src](modules/modules.nix)) * [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced * [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status - * [trustedcoin](https://github.com/nbd-wtf/trustedcoin): replaces bitcoind with trusted public explorers + * [trustedcoin](https://github.com/nbd-wtf/trustedcoin) [[experimental](docs/services.md#trustedcoin-hints)]: replaces bitcoind with trusted public explorers * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints * [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md) diff --git a/docs/services.md b/docs/services.md index d677b57..af692df 100644 --- a/docs/services.md +++ b/docs/services.md @@ -621,3 +621,27 @@ services.clightning = { ``` Please have a look at the module for a plugin (e.g. [prometheus.nix](../modules/clightning-plugins/prometheus.nix)) to learn its configuration options. + +### Trustedcoin hints +The [trustedcoin](https://github.com/nbd-wtf/trustedcoin) plugin use a Tor +proxy for all of its external connections by default. That's why you can +sometimes face issues with your connections to esploras getting blocked. + +An example of clightning log error output in a case your connections are getting blocked: + +``` +lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.info/api error: 403 Forbidden +``` + +``` +lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: +lightningd[4933]: