From 5d01ea7101a94a4ceb8bdcaabe60f66652253a5a Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Sun, 3 May 2020 16:42:53 +0200
Subject: [PATCH] nodeinfo: Convert to module and allow alternative operator
 username

currently, nodeinfo has presets/secure-node.nix as a strict
dependency as it requires onion-chef and the 'operatorName' option.
and nix-bitcoin-webindex.nix has nodeinfo as a dependecy.

so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
---
 modules/modules.nix              |  1 -
 modules/nix-bitcoin-webindex.nix |  2 +-
 modules/nodeinfo.nix             | 68 ++++++++++++++++++++++++++++++++
 modules/presets/secure-node.nix  | 25 ++++++++----
 pkgs/default.nix                 |  1 -
 pkgs/nodeinfo/default.nix        | 15 -------
 pkgs/nodeinfo/nodeinfo.sh        | 49 -----------------------
 7 files changed, 86 insertions(+), 75 deletions(-)
 create mode 100644 modules/nodeinfo.nix
 delete mode 100644 pkgs/nodeinfo/default.nix
 delete mode 100644 pkgs/nodeinfo/nodeinfo.sh

diff --git a/modules/modules.nix b/modules/modules.nix
index 7ab9e99..4c6d291 100644
--- a/modules/modules.nix
+++ b/modules/modules.nix
@@ -6,7 +6,6 @@
     ./clightning.nix
     ./lightning-charge.nix
     ./nanopos.nix
-    ./nix-bitcoin-webindex.nix
     ./liquid.nix
     ./spark-wallet.nix
     ./electrs.nix
diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix
index 3371438..6eb8a02 100644
--- a/modules/nix-bitcoin-webindex.nix
+++ b/modules/nix-bitcoin-webindex.nix
@@ -75,7 +75,7 @@ in {
       wantedBy = [ "multi-user.target" ];
       after = [ "nodeinfo.service" ];
       path  = with pkgs; [
-        nix-bitcoin.nodeinfo
+        config.programs.nodeinfo
         config.services.clightning.cli
         config.services.lnd.cli
         jq
diff --git a/modules/nodeinfo.nix b/modules/nodeinfo.nix
new file mode 100644
index 0000000..a677620
--- /dev/null
+++ b/modules/nodeinfo.nix
@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  operatorName = config.nix-bitcoin.operatorName;
+  script = pkgs.writeScriptBin "nodeinfo" ''
+    set -eo pipefail
+
+    BITCOIND_ONION="$(cat /var/lib/onion-chef/${operatorName}/bitcoind)"
+    echo BITCOIND_ONION="$BITCOIND_ONION"
+
+    if systemctl is-active --quiet clightning; then
+      CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
+      CLIGHTNING_ONION="$(cat /var/lib/onion-chef/${operatorName}/clightning)"
+      CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
+      echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
+      echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
+      echo CLIGHTNING_ID="$CLIGHTNING_ID"
+    fi
+
+    if systemctl is-active --quiet lnd; then
+      LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
+      echo LND_NODEID="$LND_NODEID"
+    fi
+
+    NGINX_ONION_FILE=/var/lib/onion-chef/${operatorName}/nginx
+    if [ -e "$NGINX_ONION_FILE" ]; then
+      NGINX_ONION="$(cat $NGINX_ONION_FILE)"
+      echo NGINX_ONION="$NGINX_ONION"
+    fi
+
+    LIQUIDD_ONION_FILE=/var/lib/onion-chef/${operatorName}/liquidd
+    if [ -e "$LIQUIDD_ONION_FILE" ]; then
+      LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
+      echo LIQUIDD_ONION="$LIQUIDD_ONION"
+    fi
+
+    SPARKWALLET_ONION_FILE=/var/lib/onion-chef/${operatorName}/spark-wallet
+    if [ -e "$SPARKWALLET_ONION_FILE" ]; then
+      SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
+      echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
+    fi
+
+    ELECTRS_ONION_FILE=/var/lib/onion-chef/${operatorName}/electrs
+    if [ -e "$ELECTRS_ONION_FILE" ]; then
+      ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
+      echo ELECTRS_ONION="$ELECTRS_ONION"
+    fi
+
+    SSHD_ONION_FILE=/var/lib/onion-chef/${operatorName}/sshd
+    if [ -e "$SSHD_ONION_FILE" ]; then
+    SSHD_ONION="$(cat $SSHD_ONION_FILE)"
+    echo SSHD_ONION="$SSHD_ONION"
+    fi
+  '';
+in {
+  options = {
+    programs.nodeinfo = mkOption {
+      readOnly = true;
+      default = script;
+    };
+  };
+
+  config = {
+    environment.systemPackages = [ script ];
+  };
+}
diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix
index ebde6a9..d010c0f 100644
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -5,12 +5,18 @@ with lib;
 let
   cfg = config.services;
 
+  operatorName = config.nix-bitcoin.operatorName;
+
   mkHiddenService = map: {
     map = [ map ];
     version = 3;
   };
 in {
-  imports = [ ../modules.nix ];
+  imports = [
+    ../modules.nix
+    ../nodeinfo.nix
+    ../nix-bitcoin-webindex.nix
+  ];
 
   options = {
     services.clightning.onionport = mkOption {
@@ -18,12 +24,16 @@ in {
       default = 9735;
       description = "Port on which to listen for tor client connections.";
     };
-
     services.electrs.onionport = mkOption {
       type = types.ints.u16;
       default = 50002;
       description = "Port on which to listen for tor client connections.";
     };
+    nix-bitcoin.operatorName = mkOption {
+      type = types.str;
+      default = "operator";
+      description = "Less-privileged user's name.";
+    };
   };
 
   config =  {
@@ -111,11 +121,10 @@ in {
       tor
       jq
       qrencode
-      nix-bitcoin.nodeinfo
     ];
 
-    # Create user 'operator' which can access the node's services
-    users.users.operator = {
+    # Create operator user which can access the node's services
+    users.users.${operatorName} = {
       isNormalUser = true;
       extraGroups = [
           "systemd-journal"
@@ -130,18 +139,18 @@ in {
     };
     # Give operator access to onion hostnames
     services.onion-chef.enable = true;
-    services.onion-chef.access.operator = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
+    services.onion-chef.access.${operatorName} = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
 
     security.sudo.configFile =
      (optionalString cfg.lnd.enable ''
-       operator    ALL=(lnd) NOPASSWD: ALL
+       ${operatorName}    ALL=(lnd) NOPASSWD: ALL
      '');
 
     # Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
     systemd.services.get-vbox-nixops-client-key =
       mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
         postStart = ''
-          cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.operator.home}"
+          cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.${operatorName}.home}"
         '';
       };
   };
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 2d39c94..ee95b3e 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,6 +1,5 @@
 { pkgs ? import <nixpkgs> {} }:
 {
-  nodeinfo = pkgs.callPackage ./nodeinfo { };
   lightning-charge = pkgs.callPackage ./lightning-charge { };
   nanopos = pkgs.callPackage ./nanopos { };
   spark-wallet = pkgs.callPackage ./spark-wallet { };
diff --git a/pkgs/nodeinfo/default.nix b/pkgs/nodeinfo/default.nix
deleted file mode 100644
index 37ea75f..0000000
--- a/pkgs/nodeinfo/default.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{pkgs}:
-
-with pkgs;
-stdenv.mkDerivation {
-  name = "nodeinfo";
-  src = ./nodeinfo.sh;
-
-  unpackPhase = "true";
-  installPhase = ''
-    mkdir -p $out
-    mkdir -p $out/bin
-    cp $src $out/bin/nodeinfo
-    chmod +x $out/bin/nodeinfo
-    '';
-}
diff --git a/pkgs/nodeinfo/nodeinfo.sh b/pkgs/nodeinfo/nodeinfo.sh
deleted file mode 100644
index bb6dcdb..0000000
--- a/pkgs/nodeinfo/nodeinfo.sh
+++ /dev/null
@@ -1,49 +0,0 @@
-set -e
-set -o pipefail
-
-BITCOIND_ONION="$(cat /var/lib/onion-chef/operator/bitcoind)"
-echo BITCOIND_ONION="$BITCOIND_ONION"
-
-if systemctl is-active --quiet clightning; then
-    CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
-    CLIGHTNING_ONION="$(cat /var/lib/onion-chef/operator/clightning)"
-    CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
-    echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
-    echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
-    echo CLIGHTNING_ID="$CLIGHTNING_ID"
-fi
-
-if systemctl is-active --quiet lnd; then
-    LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
-    echo LND_NODEID="$LND_NODEID"
-fi
-
-NGINX_ONION_FILE=/var/lib/onion-chef/operator/nginx
-if [ -e "$NGINX_ONION_FILE" ]; then
-    NGINX_ONION="$(cat $NGINX_ONION_FILE)"
-    echo NGINX_ONION="$NGINX_ONION"
-fi
-
-LIQUIDD_ONION_FILE=/var/lib/onion-chef/operator/liquidd
-if [ -e "$LIQUIDD_ONION_FILE" ]; then
-    LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
-    echo LIQUIDD_ONION="$LIQUIDD_ONION"
-fi
-
-SPARKWALLET_ONION_FILE=/var/lib/onion-chef/operator/spark-wallet
-if [ -e "$SPARKWALLET_ONION_FILE" ]; then
-    SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
-    echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
-fi
-
-ELECTRS_ONION_FILE=/var/lib/onion-chef/operator/electrs
-if [ -e "$ELECTRS_ONION_FILE" ]; then
-    ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
-    echo ELECTRS_ONION="$ELECTRS_ONION"
-fi
-
-SSHD_ONION_FILE=/var/lib/onion-chef/operator/sshd
-if [ -e "$SSHD_ONION_FILE" ]; then
-    SSHD_ONION="$(cat $SSHD_ONION_FILE)"
-    echo SSHD_ONION="$SSHD_ONION"
-fi