From 5b7e0d09b2e85386c16d40ad624e824f88f3c015 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 14 Jan 2021 13:24:01 +0100 Subject: [PATCH] bitcoind: add consistent address options --- modules/bitcoind.nix | 48 ++++++++++++++++----------------- modules/btcpayserver.nix | 4 +-- modules/clightning.nix | 2 +- modules/electrs.nix | 2 +- modules/joinmarket.nix | 2 +- modules/liquid.nix | 2 +- modules/lnd.nix | 2 +- modules/netns-isolation.nix | 4 +-- modules/presets/secure-node.nix | 3 +-- 9 files changed, 33 insertions(+), 36 deletions(-) diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index c8650eb..f7ba15e 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -22,16 +22,18 @@ let ${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"} # Connection options - ${optionalString cfg.listen "bind=${cfg.bind}"} - ${optionalString (cfg.port != null) "port=${toString cfg.port}"} + ${optionalString cfg.listen "bind=${cfg.address}"} + port=${toString cfg.port} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} listen=${if cfg.listen then "1" else "0"} ${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"} ${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes} # RPC server options - ${optionalString (cfg.rpcthreads != null) "rpcthreads=${toString cfg.rpcthreads}"} + rpcbind=${cfg.rpc.address} rpcport=${toString cfg.rpc.port} + rpcconnect=${cfg.rpc.address} + ${optionalString (cfg.rpc.threads != null) "rpcthreads=${toString cfg.rpcthreads}"} rpcwhitelistdefault=0 ${concatMapStrings (user: '' ${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"} @@ -39,8 +41,6 @@ let "rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"} '') (builtins.attrValues cfg.rpc.users) } - rpcbind=${cfg.rpcbind} - rpcconnect=${cfg.rpcbind} ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip} # Wallet options @@ -57,6 +57,16 @@ in { options = { services.bitcoind = { enable = mkEnableOption "Bitcoin daemon"; + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Address to listen for peer connections."; + }; + port = mkOption { + type = types.port; + default = 8333; + description = "Port to listen for peer connections."; + }; package = mkOption { type = types.package; default = config.nix-bitcoin.pkgs.bitcoind; @@ -77,13 +87,6 @@ in { default = "/var/lib/bitcoind"; description = "The data directory for bitcoind."; }; - bind = mkOption { - type = types.str; - default = "127.0.0.1"; - description = '' - Bind to given address and always listen on it. - ''; - }; user = mkOption { type = types.str; default = "bitcoin"; @@ -95,10 +98,17 @@ in { description = "The group as which to run bitcoind."; }; rpc = { + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = '' + Address to listen for JSON-RPC connections. + ''; + }; port = mkOption { type = types.port; default = 8332; - description = "Port on which to listen for JSON-RPC connections."; + description = "Port to listen for JSON-RPC connections."; }; users = mkOption { default = {}; @@ -149,13 +159,6 @@ in { default = null; description = "Set the number of threads to service RPC calls"; }; - rpcbind = mkOption { - type = types.str; - default = "127.0.0.1"; - description = '' - Bind to given address to listen for JSON-RPC connections. - ''; - }; rpcallowip = mkOption { type = types.listOf types.str; default = [ "127.0.0.1" ]; @@ -176,11 +179,6 @@ in { readOnly = true; default = mainnet: regtest: if cfg.regtest then regtest else mainnet; }; - port = mkOption { - type = types.nullOr types.port; - default = null; - description = "Override the default port on which to listen for connections."; - }; proxy = mkOption { type = types.nullOr types.str; default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null; diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index 427a08a..7756605 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -117,8 +117,8 @@ in { configFile = builtins.toFile "config" '' network=${config.services.bitcoind.network} btcrpcuser=${cfg.bitcoind.rpc.users.btcpayserver.name} - btcrpcurl=http://${config.services.bitcoind.rpcbind}:${toString cfg.bitcoind.rpc.port} - btcnodeendpoint=${config.services.bitcoind.bind}:8333 + btcrpcurl=http://${config.services.bitcoind.rpc.address}:${toString cfg.bitcoind.rpc.port} + btcnodeendpoint=${config.services.bitcoind.address}:${toString config.services.bitcoind.port} bind=${cfg.nbxplorer.bind} port=${toString cfg.nbxplorer.port} ''; diff --git a/modules/clightning.nix b/modules/clightning.nix index 38f3b9d..b5b030b 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -14,7 +14,7 @@ let ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} always-use-proxy=${if cfg.always-use-proxy then "true" else "false"} bind-addr=${cfg.bind-addr}:${toString cfg.bindport} - bitcoin-rpcconnect=${config.services.bitcoind.rpcbind} + bitcoin-rpcconnect=${config.services.bitcoind.rpc.address} bitcoin-rpcport=${toString config.services.bitcoind.rpc.port} bitcoin-rpcuser=${config.services.bitcoind.rpc.users.public.name} rpc-file-mode=0660 diff --git a/modules/electrs.nix b/modules/electrs.nix index 5258317..b503908 100644 --- a/modules/electrs.nix +++ b/modules/electrs.nix @@ -95,7 +95,7 @@ in { --daemon-dir='${bitcoind.dataDir}' \ --electrum-rpc-addr=${cfg.address}:${toString cfg.port} \ --monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \ - --daemon-rpc-addr=${bitcoind.rpcbind}:${toString bitcoind.rpc.port} \ + --daemon-rpc-addr=${bitcoind.rpc.address}:${toString bitcoind.rpc.port} \ ${cfg.extraArgs} ''; User = cfg.user; diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix index 1e1ad8b..816041f 100644 --- a/modules/joinmarket.nix +++ b/modules/joinmarket.nix @@ -21,7 +21,7 @@ let [BLOCKCHAIN] blockchain_source = bitcoin-rpc network = ${bitcoind.network} - rpc_host = ${bitcoind.rpcbind} + rpc_host = ${bitcoind.rpc.address} rpc_port = ${toString bitcoind.rpc.port} rpc_user = ${bitcoind.rpc.users.privileged.name} @@RPC_PASSWORD@@ diff --git a/modules/liquid.nix b/modules/liquid.nix index ec3ee6e..954b006 100644 --- a/modules/liquid.nix +++ b/modules/liquid.nix @@ -32,7 +32,7 @@ let ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip} ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"} ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"} - mainchainrpchost=${config.services.bitcoind.rpcbind} + mainchainrpchost=${config.services.bitcoind.rpc.address} mainchainrpcport=${toString config.services.bitcoind.rpc.port} mainchainrpcuser=${config.services.bitcoind.rpc.users.public.name} diff --git a/modules/lnd.nix b/modules/lnd.nix index 7df7934..f6225d2 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -8,7 +8,7 @@ let secretsDir = config.nix-bitcoin.secretsDir; bitcoind = config.services.bitcoind; - bitcoindRpcAddress = bitcoind.rpcbind; + bitcoindRpcAddress = bitcoind.rpc.address; onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []); networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}"; configFile = pkgs.writeText "lnd.conf" '' diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index 0d335f5..cb61410 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -245,8 +245,8 @@ in { }; services.bitcoind = { - bind = netns.bitcoind.address; - rpcbind = netns.bitcoind.address; + address = netns.bitcoind.address; + rpc.address = netns.bitcoind.address; rpcallowip = [ bridgeIp # For operator user netns.bitcoind.address diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index c4f06fa..3d40bb7 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -53,7 +53,6 @@ in { listen = true; dataDirReadableByGroup = mkIf cfg.electrs.high-memory true; enforceTor = true; - port = 8333; assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6"; addnodes = [ "ecoc5q34tmbq54wl.onion" ]; discover = false; @@ -63,7 +62,7 @@ in { # under high bitcoind rpc load rpcthreads = 16; }; - services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.bind; }; + services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.address; }; # clightning services.clightning.enforceTor = true;