diff --git a/configuration.nix b/configuration.nix index 1a7966f..3787556 100644 --- a/configuration.nix +++ b/configuration.nix @@ -7,6 +7,7 @@ let # custom packages nodeinfo = (import pkgs/nodeinfo.nix); lightning-charge = import pkgs/lightning-charge.nix { inherit pkgs; }; + nanopos = import pkgs/nanopos.nix { inherit pkgs; }; in { disabledModules = [ "services/security/tor.nix" ]; @@ -26,10 +27,14 @@ in { nodeinfo jq lightning-charge.package + nanopos.package + nodejs-8_x + nginx ]; nixpkgs.config.packageOverrides = pkgs: { inherit nodeinfo; inherit lightning-charge; + inherit nanopos; }; services.openssh.enable = true; @@ -38,9 +43,9 @@ in { # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILacgZRwLsiICNHGHY2TG2APeuxFsrw6Cg13ZTMQpNqA nickler@rick" ]; # }; - # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ ]; #services.bitcoin.proxy = services.tor.client.socksListenAddress; services.nixbitcoin.enable = true; diff --git a/modules/lightning-charge.nix b/modules/lightning-charge.nix index 884983a..91008f4 100644 --- a/modules/lightning-charge.nix +++ b/modules/lightning-charge.nix @@ -23,16 +23,6 @@ in { }; config = mkIf cfg.enable { - users.users.lightning-charge = - { - description = "lightning-charge User"; - group = "lightning-charge"; - extraGroups = [ "keys" ]; - }; - users.groups.lightning-charge = { - name = "lightning-charge"; - }; - systemd.services.lightning-charge = { description = "Run lightning-charge"; wantedBy = [ "multi-user.target" ]; @@ -42,7 +32,9 @@ in { { EnvironmentFile = "/secrets/lightning-charge-api-token"; ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db"; - + # Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket, + # so this must run as the clightning user + # https://github.com/ElementsProject/lightning/issues/1366 User = "clightning"; Restart = "on-failure"; RestartSec = "10s"; diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix index b25ef82..2a2e58e 100644 --- a/modules/nixbitcoin.nix +++ b/modules/nixbitcoin.nix @@ -4,6 +4,37 @@ with lib; let cfg = config.services.nixbitcoin; + indexFile = pkgs.writeText "index.html" '' + + +

+

+ nix-bitcoin +

+

+

+

+ store +

+

+

+

+ lightning node: CLIGHTNING_ID +

+

+ + + ''; + createWebIndex = pkgs.writeText "make-index.sh" '' + set -e + mkdir -p /var/www/ + cp ${indexFile} /var/www/index.html + chown -R nginx /var/www/ + nodeinfo + . <(nodeinfo) + sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html + ''; + in { imports = [ @@ -11,6 +42,7 @@ in { ./bitcoind.nix ./clightning.nix ./lightning-charge.nix + ./nanopos.nix ]; options.services.nixbitcoin = { @@ -51,10 +83,59 @@ in { services.bitcoind.prune = 2000; # clightning - services.clightning.enable = true; - services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser; + services.clightning = { + enable = true; + bitcoin-rpcuser = config.services.bitcoind.rpcuser; + }; + services.tor.hiddenServices.clightning = { + map = [{ + port = 9375; toPort = 9375; + }]; + version = 3; + }; + services.lightning-charge.enable = true; + services.nanopos.enable = true; + + services.nginx = { + enable = true; + virtualHosts."_" = { + root = "/var/www"; + extraConfig = '' + location /store/ { + proxy_pass http://127.0.0.1:${toString config.services.nanopos.port}; + rewrite /store/(.*) /$1 break; + } + ''; + }; + + + }; + services.tor.hiddenServices.nginx = { + map = [{ + port = 80; + } { + port = 443; + }]; + version = 3; + }; + + # create-web-index + systemd.services.create-web-index = { + description = "Get node info"; + wantedBy = [ "multi-user.target" ]; + after = [ "nodeinfo.service" ]; + path = [ pkgs.nodeinfo pkgs.clightning pkgs.jq pkgs.sudo ]; + serviceConfig = { + ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}"; + User = "root"; + Type = "simple"; + RemainAfterExit="yes"; + Restart = "on-failure"; + RestartSec = "10s"; + }; + }; # nodeinfo systemd.services.nodeinfo = { @@ -63,14 +144,13 @@ in { after = [ "clightning.service" "tor.service" ]; path = [ pkgs.clightning pkgs.jq pkgs.sudo ]; serviceConfig = { - ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.nix"; + ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.sh"; User = "root"; Type = "simple"; RemainAfterExit="yes"; Restart = "on-failure"; RestartSec = "10s"; }; - }; # Define a user account. Don't forget to set a password with ‘passwd’. diff --git a/network-vbox.nix b/network-vbox.nix index 62f4e2a..a914499 100644 --- a/network-vbox.nix +++ b/network-vbox.nix @@ -20,5 +20,12 @@ in deployment.keys.lightning-charge-api-token.user = "clightning"; deployment.keys.lightning-charge-api-token.group = "clightning"; deployment.keys.lightning-charge-api-token.permissions = "0440"; + + # variable is called CHARGE_TOKEN instead of API_TOKEN + deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token; + deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/"; + deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos"; + deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos"; + deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440"; }; } diff --git a/pkgs/nodeinfo.sh b/pkgs/nodeinfo.sh index 6d8033e..ed4e4cf 100644 --- a/pkgs/nodeinfo.sh +++ b/pkgs/nodeinfo.sh @@ -1,11 +1,12 @@ set -e set -o pipefail -printenv -BITCOIND_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname) -CLIGHTNING_ID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id') +BITCOIND_ONION="$(cat /var/lib/tor/onion/bitcoind/hostname)" +CLIGHTNING_NODEID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id') +CLIGHTNING_ONION="$(cat /var/lib/tor/onion/clightning/hostname)" +CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735" -echo \{ -echo " bitcoind_onion = \"$BITCOIND_ONION\";" -echo " clightning_id = \"$CLIGHTNING_ID\";" -echo \} +echo BITCOIND_ONION="$BITCOIND_ONION" +echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID" +echo CLIGHTNING_ONION="$CLIGHTNING_ONION" +echo CLIGHTNING_ID="$CLIGHTNING_ID"