diff --git a/configuration.nix b/configuration.nix
index 1a7966f..3787556 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -7,6 +7,7 @@ let
# custom packages
nodeinfo = (import pkgs/nodeinfo.nix);
lightning-charge = import pkgs/lightning-charge.nix { inherit pkgs; };
+ nanopos = import pkgs/nanopos.nix { inherit pkgs; };
in {
disabledModules = [ "services/security/tor.nix" ];
@@ -26,10 +27,14 @@ in {
nodeinfo
jq
lightning-charge.package
+ nanopos.package
+ nodejs-8_x
+ nginx
];
nixpkgs.config.packageOverrides = pkgs: {
inherit nodeinfo;
inherit lightning-charge;
+ inherit nanopos;
};
services.openssh.enable = true;
@@ -38,9 +43,9 @@ in {
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILacgZRwLsiICNHGHY2TG2APeuxFsrw6Cg13ZTMQpNqA nickler@rick" ];
# };
- # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.enable = true;
+ networking.firewall.allowedTCPPorts = [ ];
#services.bitcoin.proxy = services.tor.client.socksListenAddress;
services.nixbitcoin.enable = true;
diff --git a/modules/lightning-charge.nix b/modules/lightning-charge.nix
index 884983a..91008f4 100644
--- a/modules/lightning-charge.nix
+++ b/modules/lightning-charge.nix
@@ -23,16 +23,6 @@ in {
};
config = mkIf cfg.enable {
- users.users.lightning-charge =
- {
- description = "lightning-charge User";
- group = "lightning-charge";
- extraGroups = [ "keys" ];
- };
- users.groups.lightning-charge = {
- name = "lightning-charge";
- };
-
systemd.services.lightning-charge =
{ description = "Run lightning-charge";
wantedBy = [ "multi-user.target" ];
@@ -42,7 +32,9 @@ in {
{
EnvironmentFile = "/secrets/lightning-charge-api-token";
ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
-
+ # Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
+ # so this must run as the clightning user
+ # https://github.com/ElementsProject/lightning/issues/1366
User = "clightning";
Restart = "on-failure";
RestartSec = "10s";
diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix
index b25ef82..2a2e58e 100644
--- a/modules/nixbitcoin.nix
+++ b/modules/nixbitcoin.nix
@@ -4,6 +4,37 @@ with lib;
let
cfg = config.services.nixbitcoin;
+ indexFile = pkgs.writeText "index.html" ''
+
+
+
+
+ nix-bitcoin
+
+
+
+
+
+
+
+ lightning node: CLIGHTNING_ID
+
+
+
+
+ '';
+ createWebIndex = pkgs.writeText "make-index.sh" ''
+ set -e
+ mkdir -p /var/www/
+ cp ${indexFile} /var/www/index.html
+ chown -R nginx /var/www/
+ nodeinfo
+ . <(nodeinfo)
+ sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
+ '';
+
in {
imports =
[
@@ -11,6 +42,7 @@ in {
./bitcoind.nix
./clightning.nix
./lightning-charge.nix
+ ./nanopos.nix
];
options.services.nixbitcoin = {
@@ -51,10 +83,59 @@ in {
services.bitcoind.prune = 2000;
# clightning
- services.clightning.enable = true;
- services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser;
+ services.clightning = {
+ enable = true;
+ bitcoin-rpcuser = config.services.bitcoind.rpcuser;
+ };
+ services.tor.hiddenServices.clightning = {
+ map = [{
+ port = 9375; toPort = 9375;
+ }];
+ version = 3;
+ };
+
services.lightning-charge.enable = true;
+ services.nanopos.enable = true;
+
+ services.nginx = {
+ enable = true;
+ virtualHosts."_" = {
+ root = "/var/www";
+ extraConfig = ''
+ location /store/ {
+ proxy_pass http://127.0.0.1:${toString config.services.nanopos.port};
+ rewrite /store/(.*) /$1 break;
+ }
+ '';
+ };
+
+
+ };
+ services.tor.hiddenServices.nginx = {
+ map = [{
+ port = 80;
+ } {
+ port = 443;
+ }];
+ version = 3;
+ };
+
+ # create-web-index
+ systemd.services.create-web-index = {
+ description = "Get node info";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "nodeinfo.service" ];
+ path = [ pkgs.nodeinfo pkgs.clightning pkgs.jq pkgs.sudo ];
+ serviceConfig = {
+ ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
+ User = "root";
+ Type = "simple";
+ RemainAfterExit="yes";
+ Restart = "on-failure";
+ RestartSec = "10s";
+ };
+ };
# nodeinfo
systemd.services.nodeinfo = {
@@ -63,14 +144,13 @@ in {
after = [ "clightning.service" "tor.service" ];
path = [ pkgs.clightning pkgs.jq pkgs.sudo ];
serviceConfig = {
- ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.nix";
+ ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.sh";
User = "root";
Type = "simple";
RemainAfterExit="yes";
Restart = "on-failure";
RestartSec = "10s";
};
-
};
# Define a user account. Don't forget to set a password with ‘passwd’.
diff --git a/network-vbox.nix b/network-vbox.nix
index 62f4e2a..a914499 100644
--- a/network-vbox.nix
+++ b/network-vbox.nix
@@ -20,5 +20,12 @@ in
deployment.keys.lightning-charge-api-token.user = "clightning";
deployment.keys.lightning-charge-api-token.group = "clightning";
deployment.keys.lightning-charge-api-token.permissions = "0440";
+
+ # variable is called CHARGE_TOKEN instead of API_TOKEN
+ deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
+ deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
+ deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
+ deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
+ deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
};
}
diff --git a/pkgs/nodeinfo.sh b/pkgs/nodeinfo.sh
index 6d8033e..ed4e4cf 100644
--- a/pkgs/nodeinfo.sh
+++ b/pkgs/nodeinfo.sh
@@ -1,11 +1,12 @@
set -e
set -o pipefail
-printenv
-BITCOIND_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname)
-CLIGHTNING_ID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id')
+BITCOIND_ONION="$(cat /var/lib/tor/onion/bitcoind/hostname)"
+CLIGHTNING_NODEID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id')
+CLIGHTNING_ONION="$(cat /var/lib/tor/onion/clightning/hostname)"
+CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
-echo \{
-echo " bitcoind_onion = \"$BITCOIND_ONION\";"
-echo " clightning_id = \"$CLIGHTNING_ID\";"
-echo \}
+echo BITCOIND_ONION="$BITCOIND_ONION"
+echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
+echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
+echo CLIGHTNING_ID="$CLIGHTNING_ID"