diff --git a/modules/clightning.nix b/modules/clightning.nix index 14574c9..16b94b3 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -12,6 +12,7 @@ let ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} always-use-proxy=${if cfg.always-use-proxy then "true" else "false"} ${optionalString (cfg.bind-addr != null) "bind-addr=${cfg.bind-addr}"} + ${optionalString (cfg.bitcoin-rpcconnect != null) "bitcoin-rpcconnect=${cfg.bitcoin-rpcconnect}"} bitcoin-rpcuser=${config.services.bitcoind.rpcuser} rpc-file-mode=0660 ''; @@ -54,6 +55,11 @@ in { default = false; description = "Announce clightning Tor Hidden Service"; }; + bitcoin-rpcconnect = mkOption { + type = types.nullOr types.str; + default = null; + description = "The bitcoind RPC host to connect to."; + }; dataDir = mkOption { type = types.path; default = "/var/lib/clightning"; diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index 9c9757e..8d1bce9 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -88,6 +88,10 @@ in { bitcoind = { id = 12; }; + clightning = { + id = 13; + connections = [ "bitcoind" ]; + }; }; systemd.services = { @@ -181,9 +185,17 @@ in { ''; }; + # clightning: Custom netns configs + services.clightning = mkIf config.services.clightning.enable { + bitcoin-rpcconnect = netns.bitcoind.address; + bind-addr = "${netns.clightning.address}:${toString config.services.clightning.onionport}"; + }; + }) # Custom netns config option values if netns-isolation not enabled (mkIf (!cfg.enable) { + # clightning + services.clightning.bind-addr = "127.0.0.1:${toString config.services.clightning.onionport}"; }) ]; } diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index 0f5c634..7e452ce 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -78,9 +78,8 @@ in { proxy = cfg.tor.client.socksListenAddress; enforceTor = true; always-use-proxy = true; - bind-addr = "127.0.0.1:${toString cfg.clightning.onionport}"; }; - services.tor.hiddenServices.clightning = mkHiddenService { port = cfg.clightning.onionport; }; + services.tor.hiddenServices.clightning = mkHiddenService { port = cfg.clightning.onionport; toHost = (builtins.head (builtins.split ":" cfg.clightning.bind-addr)); }; # lnd services.lnd.enforceTor = true;