bitcoind: add consistent address options
This commit is contained in:
parent
0c6579b942
commit
5b7e0d09b2
@ -22,16 +22,18 @@ let
|
|||||||
${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
|
${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
|
||||||
|
|
||||||
# Connection options
|
# Connection options
|
||||||
${optionalString cfg.listen "bind=${cfg.bind}"}
|
${optionalString cfg.listen "bind=${cfg.address}"}
|
||||||
${optionalString (cfg.port != null) "port=${toString cfg.port}"}
|
port=${toString cfg.port}
|
||||||
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
||||||
listen=${if cfg.listen then "1" else "0"}
|
listen=${if cfg.listen then "1" else "0"}
|
||||||
${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"}
|
${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"}
|
||||||
${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes}
|
${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes}
|
||||||
|
|
||||||
# RPC server options
|
# RPC server options
|
||||||
${optionalString (cfg.rpcthreads != null) "rpcthreads=${toString cfg.rpcthreads}"}
|
rpcbind=${cfg.rpc.address}
|
||||||
rpcport=${toString cfg.rpc.port}
|
rpcport=${toString cfg.rpc.port}
|
||||||
|
rpcconnect=${cfg.rpc.address}
|
||||||
|
${optionalString (cfg.rpc.threads != null) "rpcthreads=${toString cfg.rpcthreads}"}
|
||||||
rpcwhitelistdefault=0
|
rpcwhitelistdefault=0
|
||||||
${concatMapStrings (user: ''
|
${concatMapStrings (user: ''
|
||||||
${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"}
|
${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"}
|
||||||
@ -39,8 +41,6 @@ let
|
|||||||
"rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"}
|
"rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"}
|
||||||
'') (builtins.attrValues cfg.rpc.users)
|
'') (builtins.attrValues cfg.rpc.users)
|
||||||
}
|
}
|
||||||
rpcbind=${cfg.rpcbind}
|
|
||||||
rpcconnect=${cfg.rpcbind}
|
|
||||||
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
|
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
|
||||||
|
|
||||||
# Wallet options
|
# Wallet options
|
||||||
@ -57,6 +57,16 @@ in {
|
|||||||
options = {
|
options = {
|
||||||
services.bitcoind = {
|
services.bitcoind = {
|
||||||
enable = mkEnableOption "Bitcoin daemon";
|
enable = mkEnableOption "Bitcoin daemon";
|
||||||
|
address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "127.0.0.1";
|
||||||
|
description = "Address to listen for peer connections.";
|
||||||
|
};
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = 8333;
|
||||||
|
description = "Port to listen for peer connections.";
|
||||||
|
};
|
||||||
package = mkOption {
|
package = mkOption {
|
||||||
type = types.package;
|
type = types.package;
|
||||||
default = config.nix-bitcoin.pkgs.bitcoind;
|
default = config.nix-bitcoin.pkgs.bitcoind;
|
||||||
@ -77,13 +87,6 @@ in {
|
|||||||
default = "/var/lib/bitcoind";
|
default = "/var/lib/bitcoind";
|
||||||
description = "The data directory for bitcoind.";
|
description = "The data directory for bitcoind.";
|
||||||
};
|
};
|
||||||
bind = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "127.0.0.1";
|
|
||||||
description = ''
|
|
||||||
Bind to given address and always listen on it.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "bitcoin";
|
default = "bitcoin";
|
||||||
@ -95,10 +98,17 @@ in {
|
|||||||
description = "The group as which to run bitcoind.";
|
description = "The group as which to run bitcoind.";
|
||||||
};
|
};
|
||||||
rpc = {
|
rpc = {
|
||||||
|
address = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "127.0.0.1";
|
||||||
|
description = ''
|
||||||
|
Address to listen for JSON-RPC connections.
|
||||||
|
'';
|
||||||
|
};
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
type = types.port;
|
type = types.port;
|
||||||
default = 8332;
|
default = 8332;
|
||||||
description = "Port on which to listen for JSON-RPC connections.";
|
description = "Port to listen for JSON-RPC connections.";
|
||||||
};
|
};
|
||||||
users = mkOption {
|
users = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
@ -149,13 +159,6 @@ in {
|
|||||||
default = null;
|
default = null;
|
||||||
description = "Set the number of threads to service RPC calls";
|
description = "Set the number of threads to service RPC calls";
|
||||||
};
|
};
|
||||||
rpcbind = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "127.0.0.1";
|
|
||||||
description = ''
|
|
||||||
Bind to given address to listen for JSON-RPC connections.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
rpcallowip = mkOption {
|
rpcallowip = mkOption {
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
default = [ "127.0.0.1" ];
|
default = [ "127.0.0.1" ];
|
||||||
@ -176,11 +179,6 @@ in {
|
|||||||
readOnly = true;
|
readOnly = true;
|
||||||
default = mainnet: regtest: if cfg.regtest then regtest else mainnet;
|
default = mainnet: regtest: if cfg.regtest then regtest else mainnet;
|
||||||
};
|
};
|
||||||
port = mkOption {
|
|
||||||
type = types.nullOr types.port;
|
|
||||||
default = null;
|
|
||||||
description = "Override the default port on which to listen for connections.";
|
|
||||||
};
|
|
||||||
proxy = mkOption {
|
proxy = mkOption {
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;
|
||||||
|
@ -117,8 +117,8 @@ in {
|
|||||||
configFile = builtins.toFile "config" ''
|
configFile = builtins.toFile "config" ''
|
||||||
network=${config.services.bitcoind.network}
|
network=${config.services.bitcoind.network}
|
||||||
btcrpcuser=${cfg.bitcoind.rpc.users.btcpayserver.name}
|
btcrpcuser=${cfg.bitcoind.rpc.users.btcpayserver.name}
|
||||||
btcrpcurl=http://${config.services.bitcoind.rpcbind}:${toString cfg.bitcoind.rpc.port}
|
btcrpcurl=http://${config.services.bitcoind.rpc.address}:${toString cfg.bitcoind.rpc.port}
|
||||||
btcnodeendpoint=${config.services.bitcoind.bind}:8333
|
btcnodeendpoint=${config.services.bitcoind.address}:${toString config.services.bitcoind.port}
|
||||||
bind=${cfg.nbxplorer.bind}
|
bind=${cfg.nbxplorer.bind}
|
||||||
port=${toString cfg.nbxplorer.port}
|
port=${toString cfg.nbxplorer.port}
|
||||||
'';
|
'';
|
||||||
|
@ -14,7 +14,7 @@ let
|
|||||||
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
||||||
always-use-proxy=${if cfg.always-use-proxy then "true" else "false"}
|
always-use-proxy=${if cfg.always-use-proxy then "true" else "false"}
|
||||||
bind-addr=${cfg.bind-addr}:${toString cfg.bindport}
|
bind-addr=${cfg.bind-addr}:${toString cfg.bindport}
|
||||||
bitcoin-rpcconnect=${config.services.bitcoind.rpcbind}
|
bitcoin-rpcconnect=${config.services.bitcoind.rpc.address}
|
||||||
bitcoin-rpcport=${toString config.services.bitcoind.rpc.port}
|
bitcoin-rpcport=${toString config.services.bitcoind.rpc.port}
|
||||||
bitcoin-rpcuser=${config.services.bitcoind.rpc.users.public.name}
|
bitcoin-rpcuser=${config.services.bitcoind.rpc.users.public.name}
|
||||||
rpc-file-mode=0660
|
rpc-file-mode=0660
|
||||||
|
@ -95,7 +95,7 @@ in {
|
|||||||
--daemon-dir='${bitcoind.dataDir}' \
|
--daemon-dir='${bitcoind.dataDir}' \
|
||||||
--electrum-rpc-addr=${cfg.address}:${toString cfg.port} \
|
--electrum-rpc-addr=${cfg.address}:${toString cfg.port} \
|
||||||
--monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \
|
--monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \
|
||||||
--daemon-rpc-addr=${bitcoind.rpcbind}:${toString bitcoind.rpc.port} \
|
--daemon-rpc-addr=${bitcoind.rpc.address}:${toString bitcoind.rpc.port} \
|
||||||
${cfg.extraArgs}
|
${cfg.extraArgs}
|
||||||
'';
|
'';
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
|
@ -21,7 +21,7 @@ let
|
|||||||
[BLOCKCHAIN]
|
[BLOCKCHAIN]
|
||||||
blockchain_source = bitcoin-rpc
|
blockchain_source = bitcoin-rpc
|
||||||
network = ${bitcoind.network}
|
network = ${bitcoind.network}
|
||||||
rpc_host = ${bitcoind.rpcbind}
|
rpc_host = ${bitcoind.rpc.address}
|
||||||
rpc_port = ${toString bitcoind.rpc.port}
|
rpc_port = ${toString bitcoind.rpc.port}
|
||||||
rpc_user = ${bitcoind.rpc.users.privileged.name}
|
rpc_user = ${bitcoind.rpc.users.privileged.name}
|
||||||
@@RPC_PASSWORD@@
|
@@RPC_PASSWORD@@
|
||||||
|
@ -32,7 +32,7 @@ let
|
|||||||
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
|
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
|
||||||
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
|
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
|
||||||
${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
|
${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
|
||||||
mainchainrpchost=${config.services.bitcoind.rpcbind}
|
mainchainrpchost=${config.services.bitcoind.rpc.address}
|
||||||
mainchainrpcport=${toString config.services.bitcoind.rpc.port}
|
mainchainrpcport=${toString config.services.bitcoind.rpc.port}
|
||||||
mainchainrpcuser=${config.services.bitcoind.rpc.users.public.name}
|
mainchainrpcuser=${config.services.bitcoind.rpc.users.public.name}
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ let
|
|||||||
secretsDir = config.nix-bitcoin.secretsDir;
|
secretsDir = config.nix-bitcoin.secretsDir;
|
||||||
|
|
||||||
bitcoind = config.services.bitcoind;
|
bitcoind = config.services.bitcoind;
|
||||||
bitcoindRpcAddress = bitcoind.rpcbind;
|
bitcoindRpcAddress = bitcoind.rpc.address;
|
||||||
onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []);
|
onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []);
|
||||||
networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}";
|
networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}";
|
||||||
configFile = pkgs.writeText "lnd.conf" ''
|
configFile = pkgs.writeText "lnd.conf" ''
|
||||||
|
@ -245,8 +245,8 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
services.bitcoind = {
|
services.bitcoind = {
|
||||||
bind = netns.bitcoind.address;
|
address = netns.bitcoind.address;
|
||||||
rpcbind = netns.bitcoind.address;
|
rpc.address = netns.bitcoind.address;
|
||||||
rpcallowip = [
|
rpcallowip = [
|
||||||
bridgeIp # For operator user
|
bridgeIp # For operator user
|
||||||
netns.bitcoind.address
|
netns.bitcoind.address
|
||||||
|
@ -53,7 +53,6 @@ in {
|
|||||||
listen = true;
|
listen = true;
|
||||||
dataDirReadableByGroup = mkIf cfg.electrs.high-memory true;
|
dataDirReadableByGroup = mkIf cfg.electrs.high-memory true;
|
||||||
enforceTor = true;
|
enforceTor = true;
|
||||||
port = 8333;
|
|
||||||
assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6";
|
assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6";
|
||||||
addnodes = [ "ecoc5q34tmbq54wl.onion" ];
|
addnodes = [ "ecoc5q34tmbq54wl.onion" ];
|
||||||
discover = false;
|
discover = false;
|
||||||
@ -63,7 +62,7 @@ in {
|
|||||||
# under high bitcoind rpc load
|
# under high bitcoind rpc load
|
||||||
rpcthreads = 16;
|
rpcthreads = 16;
|
||||||
};
|
};
|
||||||
services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.bind; };
|
services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.address; };
|
||||||
|
|
||||||
# clightning
|
# clightning
|
||||||
services.clightning.enforceTor = true;
|
services.clightning.enforceTor = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user