Merge fort-nix/nix-bitcoin#373: Misc fixes

ed364f5932 tests: speed up stopping of clightning with clboss (Erik Arvstedt)
637a58d826 lnd: improve waiting for active RPC server (Erik Arvstedt)
adeccce06e lnd: simplify use of curl (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK ed364f5932

Tree-SHA512: 2f8ef489430cfa2316eb43b522489e08b62346f2de5fdb9e7dc27d19a377f49d00ded3f387f1f1fdd3e85d0bf2d93f5413cc490c9451f77f552af3a2f4fdae5f

modules/lnd.nix

@@ -201,7 +201,7 @@ in {
           # Retrying is necessary because it can happen that the lnd socket is
           # existing, but the RPC service isn't yet, which results in error
           # "waiting to start, RPC services not available".
-          curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10";
+          curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10 --cacert ${secretsDir}/lnd-cert";
           restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
         in [
           (nbLib.script "lnd-create-wallet" ''
@@ -216,14 +216,11 @@ in {
               if [[ ! -f "$mnemonic" ]]; then
                 echo Create lnd seed
                 umask u=r,go=
-                ${curl} \
+                ${curl} -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
-                  --cacert ${secretsDir}/lnd-cert \
-                  -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
               fi
 
               echo Create lnd wallet
               ${curl} --output /dev/null \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\", \
                 \"cipher_seed_mnemonic\": $(cat "$mnemonic" | tr -d '\n')}" \
                 ${restUrl}/initwallet
@@ -237,19 +234,12 @@ in {
               echo Unlock lnd wallet
               ${curl} \
                 -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 '${networkDir}/admin.macaroon')" \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST \
                 -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\"}" \
                 ${restUrl}/unlockwallet
             fi
-            state=""
+            # Wait until the wallet has been unlocked and RPC is fully active
-            while [ "$state" != "RPC_ACTIVE" ]; do
+            while [[ $(${curl} -d '{}' -X POST ${restUrl}/state | ${pkgs.jq}/bin/jq -r '.state') != RPC_ACTIVE ]]; do
-              state=$(${curl} \
-                --cacert ${secretsDir}/lnd-cert \
-                -d '{}' \
-                -X POST \
-                ${restUrl}/state |\
-                ${pkgs.jq}/bin/jq -r '.state')
               sleep 0.1
             done
           '')
@@ -261,7 +251,6 @@ in {
               macaroonPath="$RUNTIME_DIRECTORY/${macaroon}.macaroon"
               ${curl} \
                 -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 '${networkDir}/admin.macaroon')" \
-                --cacert ${secretsDir}/lnd-cert \
                 -X POST \
                 -d '{"permissions":[${cfg.macaroons.${macaroon}.permissions}]}' \
                 ${restUrl}/macaroon |\

test/tests.nix

@@ -52,6 +52,12 @@ let
           clboss.path = "${nbPkgs.clboss}/bin/clboss";
         };
       in map (plugin: pluginPkgs.${plugin}.path) enabled;
+      # Torified 'dig' subprocesses of clboss don't respond to SIGTERM and keep
+      # running for a long time when WAN is disabled, which prevents clightning units
+      # from stopping quickly.
+      # Set TimeoutStopSec for faster stopping.
+      systemd.services.clightning.serviceConfig.TimeoutStopSec =
+        mkIf config.services.clightning.plugins.clboss.enable "500ms";
 
       tests.spark-wallet = cfg.spark-wallet.enable;