From 3980cd5a4191e96d8cf1a942b89149a8c034b31c Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 14 Jan 2021 13:24:20 +0100 Subject: [PATCH] clightning: use onionServices for address announcing --- examples/configuration.nix | 11 ++++++----- modules/clightning.nix | 30 ++++++++++++++++++------------ 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/examples/configuration.nix b/examples/configuration.nix index c16e31e..7259787 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -37,11 +37,12 @@ # Enable this module to use clightning, a Lightning Network implementation # in C. services.clightning.enable = true; - # == TOR - # Enable this option to announce our Tor Hidden Service. By default clightning - # offers outgoing functionality, but doesn't announce the Tor Hidden Service - # under which peers can reach us. - # services.clightning.announce-tor = true; + # + # Set this to create an onion service by which clightning can accept incoming connections + # via Tor. + # The onion service is automatically announced to peers. + # nix-bitcoin.onionServices.clightning.public = true; + # # == Plugins # See ../docs/usage.md for the list of available plugins. # services.clightning.plugins.prometheus.enable = true; diff --git a/modules/clightning.nix b/modules/clightning.nix index fa621c4..04af32b 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -6,7 +6,6 @@ let cfg = config.services.clightning; inherit (config) nix-bitcoin-services; nbPkgs = config.nix-bitcoin.pkgs; - onionAddressesService = (if cfg.announce-tor then [ "onion-addresses.service" ] else []); network = config.services.bitcoind.makeNetworkName "bitcoin" "regtest"; configFile = pkgs.writeText "config" '' network=${network} @@ -51,11 +50,6 @@ in { Always use the *proxy*, even to connect to normal IP addresses (you can still connect to Unix domain sockets manually). This also disables all DNS lookups, to avoid leaking information. ''; }; - announce-tor = mkOption { - type = types.bool; - default = false; - description = "Announce clightning Tor Hidden Service"; - }; dataDir = mkOption { type = types.path; default = "/var/lib/clightning"; @@ -89,7 +83,15 @@ in { ''; description = "Binary to connect with the clightning instance."; }; - enforceTor = nix-bitcoin-services.enforceTor; + getPublicAddressCmd = mkOption { + type = types.str; + default = ""; + description = '' + Bash expression which outputs the public service address to announce to peers. + If left empty, no address is announced. + ''; + }; + inherit (nix-bitcoin-services) enforceTor; }; config = mkIf cfg.enable { @@ -108,21 +110,25 @@ in { "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" ]; - nix-bitcoin.onionAddresses.access.clightning = if cfg.announce-tor then [ "clightning" ] else []; systemd.services.clightning = { description = "Run clightningd"; path = [ nbPkgs.bitcoind ]; wantedBy = [ "multi-user.target" ]; - requires = [ "bitcoind.service" ] ++ onionAddressesService; - after = [ "bitcoind.service" ] ++ onionAddressesService; + requires = [ "bitcoind.service" ]; + after = [ "bitcoind.service" ]; preStart = '' cp ${configFile} ${cfg.dataDir}/config chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' # The RPC socket has to be removed otherwise we might have stale sockets rm -f ${cfg.networkDir}/lightning-rpc chmod 640 ${cfg.dataDir}/config - echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" >> '${cfg.dataDir}/config' - ${optionalString cfg.announce-tor "echo announce-addr=$(cat /var/lib/onion-addresses/clightning/clightning) >> '${cfg.dataDir}/config'"} + { + echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" + ${optionalString (cfg.getPublicAddressCmd != "") '' + echo "announce-addr=$(${cfg.getPublicAddressCmd})" + ''} + } >> '${cfg.dataDir}/config' + ''; serviceConfig = nix-bitcoin-services.defaultHardening // { ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";