Add lightning charge module

generate_secrets.sh

@@ -9,8 +9,11 @@ fi
 
 echo Installing apg through nix-env
 nix-env -i apg
-echo Creating bitcoin RPC password
-echo \{ >> $SECRETSFILE
-echo "  bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" >> $SECRETSFILE
-echo \} >> $SECRETSFILE
+echo Write secrets to $SECRETSFILE
+{
+    echo \{
+    echo "  bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
+    echo "  lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
+    echo \}
+} >> $SECRETSFILE
 echo Done

modules/lightning-charge.nix

@@ -0,0 +1,56 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.lightning-charge;
+in {
+  options.services.lightning-charge = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If enabled, the lightning-charge service will be installed.
+      '';
+    };
+    clightning-datadir = mkOption {
+      type = types.string;
+      default = "/var/lib/clighting/";
+      description = ''
+        Data directory of the clightning service
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+      users.users.lightning-charge =
+        {
+          description = "lightning-charge User";
+          group = "lightning-charge";
+          extraGroups = [ "keys" ];
+      };
+      users.groups.lightning-charge = {
+        name = "lightning-charge";
+      };
+
+      systemd.services.lightning-charge =
+        { description = "Run lightning-charge";
+          wantedBy = [ "multi-user.target" ];
+          requires = [ "clightning.service" ];
+          after = [ "clightning.service" ];
+          serviceConfig =
+            {
+              EnvironmentFile = "/secrets/lightning-charge-api-token";
+              ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
+
+              User = "clightning";
+              Restart = "on-failure";
+              RestartSec = "10s";
+              PrivateTmp = "true";
+              ProtectSystem = "full";
+              NoNewPrivileges = "true";
+              PrivateDevices = "true";
+            };
+        };
+    };
+}

modules/nixbitcoin.nix

@@ -7,9 +7,10 @@ let
 in {
   imports =
     [
-      ./bitcoind.nix
       ./tor.nix
+      ./bitcoind.nix
       ./clightning.nix
+      ./lightning-charge.nix
     ];
 
   options.services.nixbitcoin = {
@@ -53,6 +54,8 @@ in {
     services.clightning.enable = true;
     services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser;
 
+    services.lightning-charge.enable = true;
+
     # nodeinfo
     systemd.services.nodeinfo = {
       description = "Get node info";

network-vbox.nix

@@ -14,5 +14,11 @@ in
       deployment.keys.bitcoin-rpcpassword.user = "bitcoin";
       deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc";
       deployment.keys.bitcoin-rpcpassword.permissions = "0440";
+
+      deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token;
+      deployment.keys.lightning-charge-api-token.destDir = "/secrets/";
+      deployment.keys.lightning-charge-api-token.user = "clightning";
+      deployment.keys.lightning-charge-api-token.group = "clightning";
+      deployment.keys.lightning-charge-api-token.permissions = "0440";
     };
 }