Merge fort-nix/nix-bitcoin#469: lnd: Use lndinit
for wallet creation
a4a5c72b01
lnd: use `lndinit` for wallet creation (Erik Arvstedt)e793a3470c
lndinit: init at 0.1.3-beta (Erik Arvstedt) Pull request description: ACKs for top commit: nixbitcoin: ACKa4a5c72b01
jonasnick: utACKa4a5c72b01
Tree-SHA512: 5295c1014a5b7bed4b7347b2d671fd877fd719323ea5156bd3bcff6ec94004949f22a9d0698fcc1de925855d36d81d9ea0148dbf0c079ab77e5437a9f53b2bb8
This commit is contained in:
commit
06d4a22902
@ -126,6 +126,7 @@ let
|
|||||||
nbLib = config.nix-bitcoin.lib;
|
nbLib = config.nix-bitcoin.lib;
|
||||||
secretsDir = config.nix-bitcoin.secretsDir;
|
secretsDir = config.nix-bitcoin.secretsDir;
|
||||||
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
||||||
|
lndinit = "${config.nix-bitcoin.pkgs.lndinit}/bin/lndinit";
|
||||||
|
|
||||||
bitcoind = config.services.bitcoind;
|
bitcoind = config.services.bitcoind;
|
||||||
|
|
||||||
@ -202,6 +203,21 @@ in {
|
|||||||
echo "externalip=$(${cfg.getPublicAddressCmd})"
|
echo "externalip=$(${cfg.getPublicAddressCmd})"
|
||||||
''}
|
''}
|
||||||
} >> '${cfg.dataDir}/lnd.conf'
|
} >> '${cfg.dataDir}/lnd.conf'
|
||||||
|
|
||||||
|
if [[ ! -f ${networkDir}/wallet.db ]]; then
|
||||||
|
mnemonic='${cfg.dataDir}/lnd-seed-mnemonic'
|
||||||
|
|
||||||
|
if [[ ! -f "$mnemonic" ]]; then
|
||||||
|
echo "Create lnd seed"
|
||||||
|
(umask u=r,go=; ${lndinit} gen-seed > "$mnemonic")
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Create lnd wallet"
|
||||||
|
${lndinit} -v init-wallet \
|
||||||
|
--file.seed="$mnemonic" \
|
||||||
|
--file.wallet-password='${secretsDir}/lnd-wallet-password' \
|
||||||
|
--init-file.output-wallet-dir='${cfg.networkDir}'
|
||||||
|
fi
|
||||||
'';
|
'';
|
||||||
serviceConfig = nbLib.defaultHardening // {
|
serviceConfig = nbLib.defaultHardening // {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
@ -210,8 +226,7 @@ in {
|
|||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/lnd \
|
${cfg.package}/bin/lnd \
|
||||||
--configfile="${cfg.dataDir}/lnd.conf" \
|
--configfile="${cfg.dataDir}/lnd.conf" \
|
||||||
--wallet-unlock-password-file="${secretsDir}/lnd-wallet-password" \
|
--wallet-unlock-password-file="${secretsDir}/lnd-wallet-password"
|
||||||
--wallet-unlock-allow-create
|
|
||||||
'';
|
'';
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
TimeoutSec = "15min";
|
TimeoutSec = "15min";
|
||||||
@ -221,33 +236,9 @@ in {
|
|||||||
ExecStartPost = let
|
ExecStartPost = let
|
||||||
curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}";
|
curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}";
|
||||||
restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1";
|
restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1";
|
||||||
in [
|
in
|
||||||
(nbLib.script "lnd-create-wallet" ''
|
|
||||||
if [[ ! -f ${networkDir}/wallet.db ]]; then
|
|
||||||
mnemonic="${cfg.dataDir}/lnd-seed-mnemonic"
|
|
||||||
if [[ ! -f "$mnemonic" ]]; then
|
|
||||||
echo "Create lnd seed"
|
|
||||||
umask u=r,go=
|
|
||||||
${curl} -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "Create lnd wallet"
|
|
||||||
${curl} --output /dev/null \
|
|
||||||
-X POST -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\", \
|
|
||||||
\"cipher_seed_mnemonic\": $(cat "$mnemonic" | tr -d '\n')}" \
|
|
||||||
${restUrl}/initwallet
|
|
||||||
|
|
||||||
echo "Wait until wallet is created"
|
|
||||||
getStatus() {
|
|
||||||
/run/current-system/systemd/bin/systemctl show -p StatusText lnd | cut -f 2 -d=
|
|
||||||
}
|
|
||||||
while [[ $(getStatus) == "Wallet locked" ]]; do
|
|
||||||
sleep 0.1
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
'')
|
|
||||||
# Setting macaroon permissions for other users needs root permissions
|
# Setting macaroon permissions for other users needs root permissions
|
||||||
(nbLib.rootScript "lnd-create-macaroons" ''
|
nbLib.rootScript "lnd-create-macaroons" ''
|
||||||
umask ug=r,o=
|
umask ug=r,o=
|
||||||
${lib.concatMapStrings (macaroon: ''
|
${lib.concatMapStrings (macaroon: ''
|
||||||
echo "Create custom macaroon ${macaroon}"
|
echo "Create custom macaroon ${macaroon}"
|
||||||
@ -260,8 +251,7 @@ in {
|
|||||||
${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath"
|
${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath"
|
||||||
chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath"
|
chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath"
|
||||||
'') (attrNames cfg.macaroons)}
|
'') (attrNames cfg.macaroons)}
|
||||||
'')
|
'';
|
||||||
];
|
|
||||||
} // nbLib.allowedIPAddresses cfg.tor.enforce;
|
} // nbLib.allowedIPAddresses cfg.tor.enforce;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -10,6 +10,7 @@ let self = {
|
|||||||
clboss = pkgs.callPackage ./clboss { };
|
clboss = pkgs.callPackage ./clboss { };
|
||||||
clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
|
clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
|
||||||
joinmarket = pkgs.callPackage ./joinmarket { inherit (self) nbPython3Packages; };
|
joinmarket = pkgs.callPackage ./joinmarket { inherit (self) nbPython3Packages; };
|
||||||
|
lndinit = pkgs.callPackage ./lndinit { };
|
||||||
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
|
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
|
||||||
rtl = pkgs.callPackage ./rtl { };
|
rtl = pkgs.callPackage ./rtl { };
|
||||||
# The secp256k1 version used by joinmarket
|
# The secp256k1 version used by joinmarket
|
||||||
|
24
pkgs/lndinit/default.nix
Normal file
24
pkgs/lndinit/default.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{ lib, buildGoModule, fetchFromGitHub }:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "lndinit";
|
||||||
|
version = "0.1.3-beta";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "lightninglabs";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "sha256-xdxxixSabcuGzwCctHrP/RV/Z8sCQDmk2PU4j1u8MX8=";
|
||||||
|
|
||||||
|
subPackages = [ "." ];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "Wallet initializer utility for lnd";
|
||||||
|
homepage = "https://github.com/lightninglabs/lndinit";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ earvstedt ];
|
||||||
|
};
|
||||||
|
}
|
26
pkgs/lndinit/get-sha256.sh
Executable file
26
pkgs/lndinit/get-sha256.sh
Executable file
@ -0,0 +1,26 @@
|
|||||||
|
#! /usr/bin/env nix-shell
|
||||||
|
#! nix-shell -i bash -p git gnupg curl jq
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
TMPDIR="$(mktemp -d -p /tmp)"
|
||||||
|
trap "rm -rf $TMPDIR" EXIT
|
||||||
|
cd $TMPDIR
|
||||||
|
|
||||||
|
echo "Fetching latest release"
|
||||||
|
repo=lightninglabs/lndinit
|
||||||
|
latest=$(curl -s --show-error https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name)
|
||||||
|
echo "Latest release is $latest"
|
||||||
|
git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null
|
||||||
|
cd lndinit
|
||||||
|
|
||||||
|
# GPG verification
|
||||||
|
export GNUPGHOME=$TMPDIR
|
||||||
|
echo "Fetching Oliver Gugger's key"
|
||||||
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720 2> /dev/null
|
||||||
|
echo "Verifying latest release"
|
||||||
|
git verify-tag $latest
|
||||||
|
|
||||||
|
echo "tag: $latest"
|
||||||
|
git checkout -q tags/$latest
|
||||||
|
rm -rf .git
|
||||||
|
nix hash path .
|
Loading…
Reference in New Issue
Block a user