From e2fee4bf1af66b70ab4a3d279b5eb0a2f7e6a85f Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 5 May 2022 21:56:17 +0200 Subject: [PATCH] lnd-rest-onion-service.nix: move to lndconnect-onion.nix, add clightning support Option `services.lnd.restOnionService.package` has been removed. There's not much use in overriding the [lndconnect pkg](https://github.com/LN-Zap/lndconnect). --- README.md | 2 +- examples/configuration.nix | 19 ++++- modules/lnd-rest-onion-service.nix | 54 ------------- modules/lndconnect-onion.nix | 124 +++++++++++++++++++++++++++++ modules/modules.nix | 2 +- modules/obsolete-options.nix | 1 + modules/versioning.nix | 7 ++ test/tests.nix | 6 +- test/tests.py | 10 ++- 9 files changed, 161 insertions(+), 64 deletions(-) delete mode 100644 modules/lnd-rest-onion-service.nix create mode 100644 modules/lndconnect-onion.nix diff --git a/README.md b/README.md index 6808fb4..bcbc6c6 100644 --- a/README.md +++ b/README.md @@ -78,7 +78,7 @@ NixOS modules ([src](modules/modules.nix)) * [Lightning Loop](https://github.com/lightninglabs/loop) * [Lightning Pool](https://github.com/lightninglabs/pool) * [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager - * [lndconnect](https://github.com/LN-Zap/lndconnect) via a REST onion service + * [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service * [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning` * [spark-wallet](https://github.com/shesek/spark-wallet) * [electrs](https://github.com/romanz/electrs) diff --git a/examples/configuration.nix b/examples/configuration.nix index 93b9f14..bc1c990 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -53,6 +53,17 @@ # == Plugins # See ../README.md (Features → clightning) for the list of available plugins. # services.clightning.plugins.prometheus.enable = true; + # + # == REST server + # Set this to create a clightning REST onion service. + # This also adds binary `lndconnect-onion-clightning` to the system environment. + # This binary creates QR codes or URLs for connecting applications to clightning + # via the REST onion service (see ../docs/services.md). + # + # services.clightning-rest = { + # enable = true; + # lndconnectOnion.enable = true; + # }; ### LND # Set this to enable lnd, a lightning implementation written in Go. @@ -68,10 +79,10 @@ # nix-bitcoin.onionServices.lnd.public = true; # # Set this to create an lnd REST onion service. - # Adds binary `lndconnect-rest-onion` to the system environment. - # This binary generates QR codes or URIs for connecting applications to lnd via the - # REST onion service. - # services.lnd.restOnionService.enable = true; + # This also adds binary `lndconnect-onion` to the system environment. + # This binary generates QR codes or URLs for connecting applications to lnd via the + # REST onion service (see ../docs/services.md). + # services.lnd.lndconnectOnion.enable = true; # ## WARNING # If you use lnd, you should manually backup your wallet mnemonic diff --git a/modules/lnd-rest-onion-service.nix b/modules/lnd-rest-onion-service.nix deleted file mode 100644 index f2c94d5..0000000 --- a/modules/lnd-rest-onion-service.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - options.services.lnd.restOnionService = { - enable = mkOption { - default = false; - type = types.bool; - description = '' - Create an onion service for the lnd REST service. - Add a `lndconnect-rest-onion` binary (https://github.com/LN-Zap/lndconnect) to the system environment. - This binary generates QR codes or URIs for connecting applications to lnd via the REST onion service. - ''; - }; - package = mkOption { - type = types.package; - default = config.nix-bitcoin.pkgs.lndconnect; - defaultText = "config.nix-bitcoin.pkgs.lndconnect"; - description = "The package providing lndconnect binaries."; - }; - }; - - cfg = config.services.lnd.restOnionService; - nbLib = config.nix-bitcoin.lib; - runAsUser = config.nix-bitcoin.runAsUserCmd; - - lnd = config.services.lnd; - - bin = pkgs.writeScriptBin "lndconnect-rest-onion" '' - #!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash - - exec ${cfg.package}/bin/lndconnect \ - --host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/lnd/lnd-rest) \ - --port=${toString lnd.restPort} \ - --lnddir=${lnd.dataDir} \ - --tlscertpath=${lnd.certPath} "$@" - ''; -in { - inherit options; - - config = mkIf cfg.enable { - services.tor = { - enable = true; - relay.onionServices.lnd-rest = nbLib.mkOnionService { - target.addr = nbLib.address lnd.restAddress; - target.port = lnd.restPort; - port = lnd.restPort; - }; - }; - nix-bitcoin.onionAddresses.access.lnd = [ "lnd-rest" ]; - - environment.systemPackages = [ bin ]; - }; -} diff --git a/modules/lndconnect-onion.nix b/modules/lndconnect-onion.nix new file mode 100644 index 0000000..740d4b2 --- /dev/null +++ b/modules/lndconnect-onion.nix @@ -0,0 +1,124 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + options = { + services.lnd.lndconnectOnion.enable = mkOption { + type = types.bool; + default = false; + description = '' + Create an onion service for the lnd REST server. + Add a `lndconnect-onion` binary to the system environment. + See: https://github.com/LN-Zap/lndconnect + + Usage: + ``` + # Print QR code + lndconnect-onion + + # Print URL + lndconnect-onion --url + ``` + ''; + }; + + services.clightning-rest.lndconnectOnion.enable = mkOption { + type = types.bool; + default = false; + description = '' + Create an onion service for clightning-rest. + Add a `lndconnect-onion-clightning` binary to the system environment. + See: https://github.com/LN-Zap/lndconnect + + Usage: + ``` + # Print QR code + lndconnect-onion-clightning + + # Print URL + lndconnect-onion-clightning --url + ``` + ''; + }; + }; + + nbLib = config.nix-bitcoin.lib; + runAsUser = config.nix-bitcoin.runAsUserCmd; + + inherit (config.services) + lnd + clightning + clightning-rest; + + mkLndconnect = { + name, + shebang ? "#!${pkgs.stdenv.shell} -e", + onionService, + port, + certPath, + macaroonPath + }: + # TODO-EXTERNAL: + # lndconnect requires a --configfile argument, although it's unused + # https://github.com/LN-Zap/lndconnect/issues/25 + pkgs.writeScriptBin name '' + ${shebang} + exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \ + --host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \ + --port=${toString port} \ + --tlscertpath='${certPath}' \ + --adminmacaroonpath='${macaroonPath}' \ + --configfile=/dev/null "$@" + ''; +in { + inherit options; + + config = mkMerge [ + (mkIf (lnd.enable && lnd.lndconnectOnion.enable) { + services.tor = { + enable = true; + relay.onionServices.lnd-rest = nbLib.mkOnionService { + target.addr = nbLib.address lnd.restAddress; + target.port = lnd.restPort; + port = lnd.restPort; + }; + }; + nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ]; + + environment.systemPackages = [( + mkLndconnect { + name = "lndconnect-onion"; + # Run as lnd user because the macaroon and cert are not group-readable + shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash"; + onionService = "${lnd.user}/lnd-rest"; + port = lnd.restPort; + certPath = lnd.certPath; + macaroonPath = "${lnd.networkDir}/admin.macaroon"; + } + )]; + }) + + (mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) { + services.tor = { + enable = true; + relay.onionServices.clightning-rest = nbLib.mkOnionService { + target.addr = nbLib.address clightning-rest.address; + target.port = clightning-rest.port; + port = clightning-rest.port; + }; + }; + # This also allows nodeinfo to show the clightning-rest onion address + nix-bitcoin.onionAddresses.access.operator = [ "clightning-rest" ]; + + environment.systemPackages = [( + mkLndconnect { + name = "lndconnect-onion-clightning"; + onionService = "operator/clightning-rest"; + port = clightning-rest.port; + certPath = "${clightning-rest.dataDir}/certs/certificate.pem"; + macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon"; + } + )]; + }) + ]; +} diff --git a/modules/modules.nix b/modules/modules.nix index 0c5fe77..bf0dbab 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -15,10 +15,10 @@ ./clightning-rest.nix ./spark-wallet.nix ./lnd.nix - ./lnd-rest-onion-service.nix # Requires onion-addresses.nix ./lightning-loop.nix ./lightning-pool.nix ./charge-lnd.nix + ./lndconnect-onion.nix # Requires onion-addresses.nix ./rtl.nix ./electrs.nix ./liquid.nix diff --git a/modules/obsolete-options.nix b/modules/obsolete-options.nix index c503c1c..e07bf30 100644 --- a/modules/obsolete-options.nix +++ b/modules/obsolete-options.nix @@ -33,6 +33,7 @@ in { (mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ]) # 0.0.70 (mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ]) + (mkRenamedOptionModule [ "services" "lnd" "restOnionService" "enable" ] [ "services" "lnd" "lndconnectOnion" "enable" ]) (mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ]) diff --git a/modules/versioning.nix b/modules/versioning.nix index 3aab682..ad3bf7d 100644 --- a/modules/versioning.nix +++ b/modules/versioning.nix @@ -224,6 +224,13 @@ let The data dir migration happens automatically after deploying. ''; } + { + version = "0.0.70"; + condition = config.services.lnd.lndconnectOnion.enable; + message = '' + The `lndconnect-rest-onion` binary has been renamed to `lndconnect-onion`. + ''; + } ]; mkOnionServiceChange = service: { diff --git a/test/tests.nix b/test/tests.nix index 0297160..dceb56d 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -76,7 +76,8 @@ let tests.lnd = cfg.lnd.enable; services.lnd.port = 9736; - tests.lnd-rest-onion-service = cfg.lnd.restOnionService.enable; + tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable; + tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable; tests.lightning-loop = cfg.lightning-loop.enable; @@ -166,8 +167,9 @@ let services.rtl.enable = true; services.spark-wallet.enable = true; services.clightning-rest.enable = true; + services.clightning-rest.lndconnectOnion.enable = true; services.lnd.enable = true; - services.lnd.restOnionService.enable = true; + services.lnd.lndconnectOnion.enable = true; services.lightning-loop.enable = true; services.lightning-pool.enable = true; services.charge-lnd.enable = true; diff --git a/test/tests.py b/test/tests.py index 68fbc34..3f56bb0 100644 --- a/test/tests.py +++ b/test/tests.py @@ -148,9 +148,15 @@ def _(): assert_matches("runuser -u operator -- lncli getinfo | jq", '"version"') assert_no_failure("lnd") -@test("lnd-rest-onion-service") +@test("lndconnect-onion-lnd") def _(): - assert_matches("runuser -u operator -- lndconnect-rest-onion -j", ".onion") + assert_running("lnd") + assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion") + +@test("lndconnect-onion-clightning") +def _(): + assert_running("clightning-rest") + assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion") @test("lightning-loop") def _():