enable-tor: disable default onion services for clightning, lnd, btcpayserver

In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.

README.md

@@ -48,7 +48,7 @@ See the [examples directory](examples/README.md).
 Features
 ---
 A [configuration preset](modules/presets/secure-node.nix) for setting up a secure node
-* All applications use Tor for outbound connections and accept inbound connections via onion services.
+* All applications use Tor for outbound connections and support accepting inbound connections via onion services.
 * Includes a [nodeinfo](modules/nodeinfo.nix) script which prints basic info about the node.
 
 NixOS modules

examples/README.md

@@ -11,7 +11,7 @@ nix-shell
 
 The following example scripts set up a nix-bitcoin node according to [`configuration.nix`](configuration.nix) and then
 shut down immediately. They leave no traces (outside of `/nix/store`) on the host system.\
-By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `clightning` (with an onion service).
+By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `clightning`.
 
 - [`./deploy-container.sh`](deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\
   This is the fastest way to set up a node.\

examples/configuration.nix

@@ -96,6 +96,12 @@
   # The lightning backend service automatically enabled.
   # Afterwards you need to go into Store > General Settings > Lightning Nodes
   # and click to use "the internal lightning node of this BTCPay Server".
+  #
+  # Set this to create an onion service to make the btcpayserver web interface
+  # accessible via Tor.
+  # Security WARNING: Create a btcpayserver administrator account before allowing
+  # public access to the web interface.
+  # nix-bitcoin.onionServices.btcpayserver.enable = true;
 
   ### LIQUIDD
   # Enable this module to use Liquid, a sidechain for an inter-exchange
@@ -206,5 +212,5 @@
   # The nix-bitcoin release version that your config is compatible with.
   # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
   # an error and provide hints for migrating your config to the new release.
-  nix-bitcoin.configVersion = "0.0.26";
+  nix-bitcoin.configVersion = "0.0.30";
 }

modules/presets/enable-tor.nix

@@ -26,11 +26,8 @@ in {
   # Add onion services for incoming connections
   nix-bitcoin.onionServices = {
     bitcoind.enable = defaultTrue;
-    clightning.enable = defaultTrue;
-    lnd.enable = defaultTrue;
     liquidd.enable = defaultTrue;
     electrs.enable = defaultTrue;
-    btcpayserver.enable = defaultTrue;
     spark-wallet.enable = defaultTrue;
   };
 }

modules/versioning.nix

@@ -5,7 +5,19 @@ let
   version = config.nix-bitcoin.configVersion;
 
   # Sorted by increasing version numbers
-  changes = [
+  changes = let
+    mkOnionServiceChange = service: {
+      version = "0.0.30";
+      condition = config.services.${service}.enable;
+      message = ''
+        The onion service for ${service} has been disabled in the default
+        configuration (`secure-node.nix`).
+
+        To enable the onion service, add the following to your configuration:
+        nix-bitcon.onionServices.${service}.enable = true;
+      '';
+    };
+  in [
     {
       version = "0.0.26";
       condition = config.services.joinmarket.enable;
@@ -54,6 +66,9 @@ let
         https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/v0.8.0/docs/NATIVE-SEGWIT-UPGRADE.md
       '';
     }
+    (mkOnionServiceChange "clightning")
+    (mkOnionServiceChange "lnd")
+    (mkOnionServiceChange "btcpayserver")
   ];
 
   incompatibleChanges = optionals