From aada35fc7b5a0a38f56792f8986577a0b19f2e3f Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Sat, 30 Oct 2021 14:55:55 +0200
Subject: [PATCH] minor improvements

- README: add matrix room

- examples/configuration.nix: explain why bitcoind is enabled by default

- btcpayserver: group lnd service settings

- clightning:
  Use public onion port only when the onion service is public

  This allows users to enable the onion service while announcing a
  non-onion public address.

- netns-isolation: move `readOnly` attr to the top

- tests: use mkDefault to allow for easier overriding

- tests/btcpayserver: test web server response
---
 README.md                   |  5 +++--
 examples/configuration.nix  |  2 +-
 modules/btcpayserver.nix    | 14 +++++++-------
 modules/clightning.nix      |  6 ++++--
 modules/netns-isolation.nix |  4 ++--
 test/tests.nix              |  4 ++--
 test/tests.py               |  2 ++
 7 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index 1402e8d..2956de9 100644
--- a/README.md
+++ b/README.md
@@ -101,6 +101,7 @@ Docs
 
 Troubleshooting
 ---
-If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.
-There's also a `#nix-bitcoin` IRC channel on [libera](https://libera.chat).
+If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.\
+There's also a Matrix room at [#general:nixbitcoin.org](https://matrix.to/#/#general:nixbitcoin.org)
+and a `#nix-bitcoin` IRC channel on [libera](https://libera.chat).\
 We are always happy to help.
diff --git a/examples/configuration.nix b/examples/configuration.nix
index 7f47bc7..dae5a53 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -24,7 +24,7 @@
   # modules by commenting out their respective line.
 
   ### BITCOIND
-  # Bitcoind is enabled by default.
+  # Bitcoind is enabled by default via secure-node.nix.
   #
   # Set this option to enable pruning with a specified MiB value.
   # clightning is compatible with pruning. See
diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix
index 15bbfe8..daa9f16 100644
--- a/modules/btcpayserver.nix
+++ b/modules/btcpayserver.nix
@@ -119,17 +119,17 @@ in {
       listenWhitelisted = true;
     };
     services.clightning.enable = mkIf (cfg.btcpayserver.lightningBackend == "clightning") true;
-    services.lnd.enable = mkIf (cfg.btcpayserver.lightningBackend == "lnd") true;
+    services.lnd = mkIf (cfg.btcpayserver.lightningBackend == "lnd") {
+      enable = true;
+      macaroons.btcpayserver = {
+        inherit (cfg.btcpayserver) user;
+        permissions = ''{"entity":"info","action":"read"},{"entity":"onchain","action":"read"},{"entity":"offchain","action":"read"},{"entity":"address","action":"read"},{"entity":"message","action":"read"},{"entity":"peers","action":"read"},{"entity":"signer","action":"read"},{"entity":"invoices","action":"read"},{"entity":"invoices","action":"write"},{"entity":"address","action":"write"}'';
+      };
+    };
     services.liquidd = mkIf cfg.btcpayserver.lbtc {
       enable = true;
       listenWhitelisted = true;
     };
-
-    services.lnd.macaroons.btcpayserver = mkIf (cfg.btcpayserver.lightningBackend == "lnd") {
-      inherit (cfg.btcpayserver) user;
-      permissions = ''{"entity":"info","action":"read"},{"entity":"onchain","action":"read"},{"entity":"offchain","action":"read"},{"entity":"address","action":"read"},{"entity":"message","action":"read"},{"entity":"peers","action":"read"},{"entity":"signer","action":"read"},{"entity":"invoices","action":"read"},{"entity":"invoices","action":"write"},{"entity":"address","action":"write"}'';
-    };
-
     services.postgresql = {
       enable = true;
       ensureDatabases = [ "btcpaydb" ];
diff --git a/modules/clightning.nix b/modules/clightning.nix
index 8220ad8..c380e2c 100644
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@@ -91,8 +91,10 @@ let
     ${cfg.extraConfig}
   '';
 
-  # If the clightning onion service is enabled, use the onion port as the public port
-  publicPort = if config.nix-bitcoin.onionServices.clightning.enable or false then
+  # If a public clightning onion service is enabled, use the onion port as the public port
+  publicPort = if (config.nix-bitcoin.onionServices.clightning.enable or false)
+                  && config.nix-bitcoin.onionServices.clightning.public
+               then
                  (builtins.elemAt config.services.tor.relay.onionServices.clightning.map 0).port
                else
                  cfg.port;
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 4b612f5..49484e8 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -43,14 +43,14 @@ let
     };
 
     netns = mkOption {
-      default = netns;
       readOnly = true;
+      default = netns;
       description = "Exposes netns parameters.";
     };
 
     bridgeIp = mkOption {
-      default = bridgeIp;
       readOnly = true;
+      default = bridgeIp;
       description = "IP of the netns bridge interface.";
     };
   };
diff --git a/test/tests.nix b/test/tests.nix
index 5ac16fc..1e13ad3 100644
--- a/test/tests.nix
+++ b/test/tests.nix
@@ -80,8 +80,8 @@ let
 
       tests.btcpayserver = cfg.btcpayserver.enable;
       services.btcpayserver = {
-        lightningBackend = "lnd";
-        lbtc = true;
+        lightningBackend = mkDefault "lnd";
+        lbtc = mkDefault true;
       };
       # Needed to test macaroon creation
       environment.systemPackages = mkIfTest "btcpayserver" (with pkgs; [ openssl xxd ]);
diff --git a/test/tests.py b/test/tests.py
index 163e147..99d0682 100644
--- a/test/tests.py
+++ b/test/tests.py
@@ -201,6 +201,8 @@ def _():
         f"-X GET https://{ip('lnd')}:8080/v1/getinfo | jq",
         '"version"',
     )
+    # Test web server response
+    assert_matches(f"curl -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay&nbsp;Server")
 
 @test("spark-wallet")
 def _():