spark-wallet: add netns
- Adds spark-wallet to netns-isolation.services - Adds extraArgs option to allow using spark-wallet with network namespaces - Adds host option (defaults to localhost) as target of hidden service - Adds enforceTor option to bring in line with other services
This commit is contained in:
parent
d6296acaba
commit
c4ab73d51f
@ -105,6 +105,11 @@ in {
|
|||||||
connections = [ "bitcoind" ]
|
connections = [ "bitcoind" ]
|
||||||
++ ( optionals config.services.electrs.TLSProxy.enable [ "nginx" ]);
|
++ ( optionals config.services.electrs.TLSProxy.enable [ "nginx" ]);
|
||||||
};
|
};
|
||||||
|
spark-wallet = {
|
||||||
|
id = 17;
|
||||||
|
# communicates with clightning over lightning-rpc socket
|
||||||
|
connections = [];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services = {
|
systemd.services = {
|
||||||
@ -252,6 +257,12 @@ in {
|
|||||||
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
|
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# spark-wallet: Custom netns configs
|
||||||
|
services.spark-wallet = mkIf config.services.spark-wallet.enable {
|
||||||
|
host = netns.spark-wallet.address;
|
||||||
|
extraArgs = "--no-tls";
|
||||||
|
};
|
||||||
|
|
||||||
})
|
})
|
||||||
# Custom netns config option values if netns-isolation not enabled
|
# Custom netns config option values if netns-isolation not enabled
|
||||||
(mkIf (!cfg.enable) {
|
(mkIf (!cfg.enable) {
|
||||||
|
@ -122,7 +122,10 @@ in {
|
|||||||
toHost = cfg.electrs.host;
|
toHost = cfg.electrs.host;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.spark-wallet.onion-service = true;
|
services.spark-wallet = {
|
||||||
|
onion-service = true;
|
||||||
|
enforceTor = true;
|
||||||
|
};
|
||||||
|
|
||||||
services.nix-bitcoin-webindex.enforceTor = true;
|
services.nix-bitcoin-webindex.enforceTor = true;
|
||||||
|
|
||||||
|
@ -7,7 +7,7 @@ let
|
|||||||
inherit (config) nix-bitcoin-services;
|
inherit (config) nix-bitcoin-services;
|
||||||
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
||||||
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
||||||
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
|
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} --host ${cfg.host} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login ${cfg.extraArgs}"
|
||||||
${optionalString cfg.onion-service
|
${optionalString cfg.onion-service
|
||||||
''
|
''
|
||||||
echo Getting onion hostname
|
echo Getting onion hostname
|
||||||
@ -29,6 +29,11 @@ in {
|
|||||||
If enabled, the spark-wallet service will be installed.
|
If enabled, the spark-wallet service will be installed.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
host = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "localhost";
|
||||||
|
description = "http(s) server listen address.";
|
||||||
|
};
|
||||||
ln-path = mkOption {
|
ln-path = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
default = "${config.services.clightning.dataDir}/bitcoin";
|
default = "${config.services.clightning.dataDir}/bitcoin";
|
||||||
@ -43,6 +48,12 @@ in {
|
|||||||
"If enabled, configures spark-wallet to be reachable through an onion service.";
|
"If enabled, configures spark-wallet to be reachable through an onion service.";
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
extraArgs = mkOption {
|
||||||
|
type = types.separatedString " ";
|
||||||
|
default = "";
|
||||||
|
description = "Extra command line arguments passed to spark-wallet.";
|
||||||
|
};
|
||||||
|
enforceTor = nix-bitcoin-services.enforceTor;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
@ -65,7 +76,7 @@ in {
|
|||||||
services.tor.client.enable = true;
|
services.tor.client.enable = true;
|
||||||
services.tor.hiddenServices.spark-wallet = mkIf cfg.onion-service {
|
services.tor.hiddenServices.spark-wallet = mkIf cfg.onion-service {
|
||||||
map = [{
|
map = [{
|
||||||
port = 80; toPort = 9737;
|
port = 80; toPort = 9737; toHost = cfg.host;
|
||||||
}];
|
}];
|
||||||
version = 3;
|
version = 3;
|
||||||
};
|
};
|
||||||
@ -82,8 +93,10 @@ in {
|
|||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
RestartSec = "10s";
|
RestartSec = "10s";
|
||||||
ReadWritePaths = "/var/lib/onion-chef";
|
ReadWritePaths = "/var/lib/onion-chef";
|
||||||
} // nix-bitcoin-services.nodejs
|
} // (if cfg.enforceTor
|
||||||
// nix-bitcoin-services.allowTor;
|
then nix-bitcoin-services.allowTor
|
||||||
|
else nix-bitcoin-services.allowAnyIP)
|
||||||
|
// nix-bitcoin-services.nodejs;
|
||||||
};
|
};
|
||||||
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
|
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user