lnd: use onionServices for address announcing
This commit is contained in:
parent
3980cd5a41
commit
bed00fe937
@ -53,10 +53,12 @@
|
|||||||
# you must disable clightning or change the services.clightning.port or
|
# you must disable clightning or change the services.clightning.port or
|
||||||
# services.lnd.port to a port other than 9735.
|
# services.lnd.port to a port other than 9735.
|
||||||
# services.lnd.enable = true;
|
# services.lnd.enable = true;
|
||||||
# Enable this option to announce our Tor Hidden Service. By default lnd
|
#
|
||||||
# offers outgoing functionality, but doesn't announce the Tor Hidden Service
|
# Set this to create an onion service by which lnd can accept incoming connections
|
||||||
# under which peers can reach us.
|
# via Tor.
|
||||||
# services.lnd.announce-tor = true;
|
# The onion service is automatically announced to peers.
|
||||||
|
# nix-bitcoin.onionServices.lnd.public = true;
|
||||||
|
#
|
||||||
## WARNING
|
## WARNING
|
||||||
# If you use lnd, you should manually backup your wallet mnemonic
|
# If you use lnd, you should manually backup your wallet mnemonic
|
||||||
# seed. This will allow you to recover on-chain funds. You can run the
|
# seed. This will allow you to recover on-chain funds. You can run the
|
||||||
|
@ -9,7 +9,6 @@ let
|
|||||||
|
|
||||||
bitcoind = config.services.bitcoind;
|
bitcoind = config.services.bitcoind;
|
||||||
bitcoindRpcAddress = bitcoind.rpc.address;
|
bitcoindRpcAddress = bitcoind.rpc.address;
|
||||||
onionAddressesService = (if cfg.announce-tor then [ "onion-addresses.service" ] else []);
|
|
||||||
networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}";
|
networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}";
|
||||||
configFile = pkgs.writeText "lnd.conf" ''
|
configFile = pkgs.writeText "lnd.conf" ''
|
||||||
datadir=${cfg.dataDir}
|
datadir=${cfg.dataDir}
|
||||||
@ -92,11 +91,6 @@ in {
|
|||||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||||
description = "Set a socks proxy to use to connect to Tor nodes";
|
description = "Set a socks proxy to use to connect to Tor nodes";
|
||||||
};
|
};
|
||||||
announce-tor = mkOption {
|
|
||||||
type = types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Announce LND Tor Hidden Service";
|
|
||||||
};
|
|
||||||
macaroons = mkOption {
|
macaroons = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
type = with types; attrsOf (submodule {
|
type = with types; attrsOf (submodule {
|
||||||
@ -142,7 +136,15 @@ in {
|
|||||||
'';
|
'';
|
||||||
description = "Binary to connect with the lnd instance.";
|
description = "Binary to connect with the lnd instance.";
|
||||||
};
|
};
|
||||||
enforceTor = nix-bitcoin-services.enforceTor;
|
getPublicAddressCmd = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "";
|
||||||
|
description = ''
|
||||||
|
Bash expression which outputs the public service address to announce to peers.
|
||||||
|
If left empty, no address is announced.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
inherit (nix-bitcoin-services) enforceTor;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
@ -165,16 +167,19 @@ in {
|
|||||||
zmqpubrawtx = "tcp://${bitcoindRpcAddress}:28333";
|
zmqpubrawtx = "tcp://${bitcoindRpcAddress}:28333";
|
||||||
};
|
};
|
||||||
|
|
||||||
nix-bitcoin.onionAddresses.access.lnd = if cfg.announce-tor then [ "lnd" ] else [];
|
|
||||||
systemd.services.lnd = {
|
systemd.services.lnd = {
|
||||||
description = "Run LND";
|
description = "Run LND";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "bitcoind.service" ] ++ onionAddressesService;
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ] ++ onionAddressesService;
|
after = [ "bitcoind.service" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
|
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
|
||||||
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" >> '${cfg.dataDir}/lnd.conf'
|
{
|
||||||
${optionalString cfg.announce-tor "echo externalip=$(cat /var/lib/onion-addresses/lnd/lnd) >> '${cfg.dataDir}/lnd.conf'"}
|
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)"
|
||||||
|
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||||
|
echo "externalip=$(${cfg.getPublicAddressCmd})"
|
||||||
|
''}
|
||||||
|
} >> '${cfg.dataDir}/lnd.conf'
|
||||||
'';
|
'';
|
||||||
serviceConfig = nix-bitcoin-services.defaultHardening // {
|
serviceConfig = nix-bitcoin-services.defaultHardening // {
|
||||||
RuntimeDirectory = "lnd"; # Only used to store custom macaroons
|
RuntimeDirectory = "lnd"; # Only used to store custom macaroons
|
||||||
|
Loading…
Reference in New Issue
Block a user