Merge fort-nix/nix-bitcoin#469: lnd: Use lndinit for wallet creation

a4a5c72b01 lnd: use `lndinit` for wallet creation (Erik Arvstedt)
e793a3470c lndinit: init at 0.1.3-beta (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a4a5c72b01
  jonasnick:
    utACK a4a5c72b01

Tree-SHA512: 5295c1014a5b7bed4b7347b2d671fd877fd719323ea5156bd3bcff6ec94004949f22a9d0698fcc1de925855d36d81d9ea0148dbf0c079ab77e5437a9f53b2bb8
This commit is contained in:
Jonas Nick 2022-04-11 04:33:06 +00:00
commit 06d4a22902
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
4 changed files with 71 additions and 30 deletions

View File

@ -126,6 +126,7 @@ let
nbLib = config.nix-bitcoin.lib; nbLib = config.nix-bitcoin.lib;
secretsDir = config.nix-bitcoin.secretsDir; secretsDir = config.nix-bitcoin.secretsDir;
runAsUser = config.nix-bitcoin.runAsUserCmd; runAsUser = config.nix-bitcoin.runAsUserCmd;
lndinit = "${config.nix-bitcoin.pkgs.lndinit}/bin/lndinit";
bitcoind = config.services.bitcoind; bitcoind = config.services.bitcoind;
@ -202,6 +203,21 @@ in {
echo "externalip=$(${cfg.getPublicAddressCmd})" echo "externalip=$(${cfg.getPublicAddressCmd})"
''} ''}
} >> '${cfg.dataDir}/lnd.conf' } >> '${cfg.dataDir}/lnd.conf'
if [[ ! -f ${networkDir}/wallet.db ]]; then
mnemonic='${cfg.dataDir}/lnd-seed-mnemonic'
if [[ ! -f "$mnemonic" ]]; then
echo "Create lnd seed"
(umask u=r,go=; ${lndinit} gen-seed > "$mnemonic")
fi
echo "Create lnd wallet"
${lndinit} -v init-wallet \
--file.seed="$mnemonic" \
--file.wallet-password='${secretsDir}/lnd-wallet-password' \
--init-file.output-wallet-dir='${cfg.networkDir}'
fi
''; '';
serviceConfig = nbLib.defaultHardening // { serviceConfig = nbLib.defaultHardening // {
Type = "notify"; Type = "notify";
@ -210,8 +226,7 @@ in {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/lnd \ ${cfg.package}/bin/lnd \
--configfile="${cfg.dataDir}/lnd.conf" \ --configfile="${cfg.dataDir}/lnd.conf" \
--wallet-unlock-password-file="${secretsDir}/lnd-wallet-password" \ --wallet-unlock-password-file="${secretsDir}/lnd-wallet-password"
--wallet-unlock-allow-create
''; '';
User = cfg.user; User = cfg.user;
TimeoutSec = "15min"; TimeoutSec = "15min";
@ -221,33 +236,9 @@ in {
ExecStartPost = let ExecStartPost = let
curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}"; curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}";
restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1"; restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1";
in [ in
(nbLib.script "lnd-create-wallet" ''
if [[ ! -f ${networkDir}/wallet.db ]]; then
mnemonic="${cfg.dataDir}/lnd-seed-mnemonic"
if [[ ! -f "$mnemonic" ]]; then
echo "Create lnd seed"
umask u=r,go=
${curl} -X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
fi
echo "Create lnd wallet"
${curl} --output /dev/null \
-X POST -d "{\"wallet_password\": \"$(cat ${secretsDir}/lnd-wallet-password | tr -d '\n' | base64 -w0)\", \
\"cipher_seed_mnemonic\": $(cat "$mnemonic" | tr -d '\n')}" \
${restUrl}/initwallet
echo "Wait until wallet is created"
getStatus() {
/run/current-system/systemd/bin/systemctl show -p StatusText lnd | cut -f 2 -d=
}
while [[ $(getStatus) == "Wallet locked" ]]; do
sleep 0.1
done
fi
'')
# Setting macaroon permissions for other users needs root permissions # Setting macaroon permissions for other users needs root permissions
(nbLib.rootScript "lnd-create-macaroons" '' nbLib.rootScript "lnd-create-macaroons" ''
umask ug=r,o= umask ug=r,o=
${lib.concatMapStrings (macaroon: '' ${lib.concatMapStrings (macaroon: ''
echo "Create custom macaroon ${macaroon}" echo "Create custom macaroon ${macaroon}"
@ -260,8 +251,7 @@ in {
${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath" ${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath"
chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath" chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath"
'') (attrNames cfg.macaroons)} '') (attrNames cfg.macaroons)}
'') '';
];
} // nbLib.allowedIPAddresses cfg.tor.enforce; } // nbLib.allowedIPAddresses cfg.tor.enforce;
}; };

View File

@ -10,6 +10,7 @@ let self = {
clboss = pkgs.callPackage ./clboss { }; clboss = pkgs.callPackage ./clboss { };
clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages); clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
joinmarket = pkgs.callPackage ./joinmarket { inherit (self) nbPython3Packages; }; joinmarket = pkgs.callPackage ./joinmarket { inherit (self) nbPython3Packages; };
lndinit = pkgs.callPackage ./lndinit { };
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { }; liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
rtl = pkgs.callPackage ./rtl { }; rtl = pkgs.callPackage ./rtl { };
# The secp256k1 version used by joinmarket # The secp256k1 version used by joinmarket

24
pkgs/lndinit/default.nix Normal file
View File

@ -0,0 +1,24 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "lndinit";
version = "0.1.3-beta";
src = fetchFromGitHub {
owner = "lightninglabs";
repo = pname;
rev = "v${version}";
sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU=";
};
vendorSha256 = "sha256-xdxxixSabcuGzwCctHrP/RV/Z8sCQDmk2PU4j1u8MX8=";
subPackages = [ "." ];
meta = with lib; {
description = "Wallet initializer utility for lnd";
homepage = "https://github.com/lightninglabs/lndinit";
license = licenses.mit;
maintainers = with maintainers; [ earvstedt ];
};
}

26
pkgs/lndinit/get-sha256.sh Executable file
View File

@ -0,0 +1,26 @@
#! /usr/bin/env nix-shell
#! nix-shell -i bash -p git gnupg curl jq
set -euo pipefail
TMPDIR="$(mktemp -d -p /tmp)"
trap "rm -rf $TMPDIR" EXIT
cd $TMPDIR
echo "Fetching latest release"
repo=lightninglabs/lndinit
latest=$(curl -s --show-error https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name)
echo "Latest release is $latest"
git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null
cd lndinit
# GPG verification
export GNUPGHOME=$TMPDIR
echo "Fetching Oliver Gugger's key"
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys F4FC70F07310028424EFC20A8E4256593F177720 2> /dev/null
echo "Verifying latest release"
git verify-tag $latest
echo "tag: $latest"
git checkout -q tags/$latest
rm -rf .git
nix hash path .