greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

spark-wallet: add netns 

- Adds spark-wallet to netns-isolation.services
- Adds extraArgs option to allow using spark-wallet with network
  namespaces
- Adds host option (defaults to localhost) as target of hidden service
- Adds enforceTor option to bring in line with other services
This commit is contained in:
nixbitcoin 2020-06-10 14:41:13 +00:00
parent d6296acaba
commit c4ab73d51f
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
3 changed files with 32 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/netns-isolation.nix
View File

@ -105,6 +105,11 @@ in {
connections = [ "bitcoind" ]
++ ( optionals config.services.electrs.TLSProxy.enable [ "nginx" ]);
};
spark-wallet = {
id = 17;
# communicates with clightning over lightning-rpc socket
connections = [];
};
};
systemd.services = {
@ -252,6 +257,12 @@ in {
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
};
# spark-wallet: Custom netns configs
services.spark-wallet = mkIf config.services.spark-wallet.enable {
host = netns.spark-wallet.address;
extraArgs = "--no-tls";
};
})
# Custom netns config option values if netns-isolation not enabled
(mkIf (!cfg.enable) {

5
modules/presets/secure-node.nix
View File

@ -122,7 +122,10 @@ in {
toHost = cfg.electrs.host;
};
services.spark-wallet.onion-service = true;
services.spark-wallet = {
onion-service = true;
enforceTor = true;
};
services.nix-bitcoin-webindex.enforceTor = true;

21
modules/spark-wallet.nix
View File

@ -7,7 +7,7 @@ let
inherit (config) nix-bitcoin-services;
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} --host ${cfg.host} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login ${cfg.extraArgs}"
${optionalString cfg.onion-service
''
echo Getting onion hostname
@ -29,6 +29,11 @@ in {
If enabled, the spark-wallet service will be installed.
'';
};
host = mkOption {
type = types.str;
default = "localhost";
description = "http(s) server listen address.";
};
ln-path = mkOption {
type = types.path;
default = "${config.services.clightning.dataDir}/bitcoin";
@ -43,6 +48,12 @@ in {
"If enabled, configures spark-wallet to be reachable through an onion service.";
'';
};
extraArgs = mkOption {
type = types.separatedString " ";
default = "";
description = "Extra command line arguments passed to spark-wallet.";
};
enforceTor = nix-bitcoin-services.enforceTor;
};
config = mkIf cfg.enable {
@ -65,7 +76,7 @@ in {
services.tor.client.enable = true;
services.tor.hiddenServices.spark-wallet = mkIf cfg.onion-service {
map = [{
port = 80; toPort = 9737;
port = 80; toPort = 9737; toHost = cfg.host;
}];
version = 3;
};
@ -82,8 +93,10 @@ in {
Restart = "on-failure";
RestartSec = "10s";
ReadWritePaths = "/var/lib/onion-chef";
} // nix-bitcoin-services.nodejs
// nix-bitcoin-services.allowTor;
} // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP)
// nix-bitcoin-services.nodejs;
};
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
};