nodeinfo: Convert to module and allow alternative operator username
currently, nodeinfo has presets/secure-node.nix as a strict dependency as it requires onion-chef and the 'operatorName' option. and nix-bitcoin-webindex.nix has nodeinfo as a dependecy. so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
This commit is contained in:
parent
95d230d1d6
commit
5d01ea7101
@ -6,7 +6,6 @@
|
||||
./clightning.nix
|
||||
./lightning-charge.nix
|
||||
./nanopos.nix
|
||||
./nix-bitcoin-webindex.nix
|
||||
./liquid.nix
|
||||
./spark-wallet.nix
|
||||
./electrs.nix
|
||||
|
@ -75,7 +75,7 @@ in {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "nodeinfo.service" ];
|
||||
path = with pkgs; [
|
||||
nix-bitcoin.nodeinfo
|
||||
config.programs.nodeinfo
|
||||
config.services.clightning.cli
|
||||
config.services.lnd.cli
|
||||
jq
|
||||
|
68
modules/nodeinfo.nix
Normal file
68
modules/nodeinfo.nix
Normal file
@ -0,0 +1,68 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
operatorName = config.nix-bitcoin.operatorName;
|
||||
script = pkgs.writeScriptBin "nodeinfo" ''
|
||||
set -eo pipefail
|
||||
|
||||
BITCOIND_ONION="$(cat /var/lib/onion-chef/${operatorName}/bitcoind)"
|
||||
echo BITCOIND_ONION="$BITCOIND_ONION"
|
||||
|
||||
if systemctl is-active --quiet clightning; then
|
||||
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
||||
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/${operatorName}/clightning)"
|
||||
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
||||
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
||||
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
||||
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet lnd; then
|
||||
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
||||
echo LND_NODEID="$LND_NODEID"
|
||||
fi
|
||||
|
||||
NGINX_ONION_FILE=/var/lib/onion-chef/${operatorName}/nginx
|
||||
if [ -e "$NGINX_ONION_FILE" ]; then
|
||||
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
||||
echo NGINX_ONION="$NGINX_ONION"
|
||||
fi
|
||||
|
||||
LIQUIDD_ONION_FILE=/var/lib/onion-chef/${operatorName}/liquidd
|
||||
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
||||
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
||||
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
||||
fi
|
||||
|
||||
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/${operatorName}/spark-wallet
|
||||
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
||||
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
||||
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
||||
fi
|
||||
|
||||
ELECTRS_ONION_FILE=/var/lib/onion-chef/${operatorName}/electrs
|
||||
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
||||
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
||||
echo ELECTRS_ONION="$ELECTRS_ONION"
|
||||
fi
|
||||
|
||||
SSHD_ONION_FILE=/var/lib/onion-chef/${operatorName}/sshd
|
||||
if [ -e "$SSHD_ONION_FILE" ]; then
|
||||
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
||||
echo SSHD_ONION="$SSHD_ONION"
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
programs.nodeinfo = mkOption {
|
||||
readOnly = true;
|
||||
default = script;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
environment.systemPackages = [ script ];
|
||||
};
|
||||
}
|
@ -5,12 +5,18 @@ with lib;
|
||||
let
|
||||
cfg = config.services;
|
||||
|
||||
operatorName = config.nix-bitcoin.operatorName;
|
||||
|
||||
mkHiddenService = map: {
|
||||
map = [ map ];
|
||||
version = 3;
|
||||
};
|
||||
in {
|
||||
imports = [ ../modules.nix ];
|
||||
imports = [
|
||||
../modules.nix
|
||||
../nodeinfo.nix
|
||||
../nix-bitcoin-webindex.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
services.clightning.onionport = mkOption {
|
||||
@ -18,12 +24,16 @@ in {
|
||||
default = 9735;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
|
||||
services.electrs.onionport = mkOption {
|
||||
type = types.ints.u16;
|
||||
default = 50002;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
nix-bitcoin.operatorName = mkOption {
|
||||
type = types.str;
|
||||
default = "operator";
|
||||
description = "Less-privileged user's name.";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
@ -111,11 +121,10 @@ in {
|
||||
tor
|
||||
jq
|
||||
qrencode
|
||||
nix-bitcoin.nodeinfo
|
||||
];
|
||||
|
||||
# Create user 'operator' which can access the node's services
|
||||
users.users.operator = {
|
||||
# Create operator user which can access the node's services
|
||||
users.users.${operatorName} = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"systemd-journal"
|
||||
@ -130,18 +139,18 @@ in {
|
||||
};
|
||||
# Give operator access to onion hostnames
|
||||
services.onion-chef.enable = true;
|
||||
services.onion-chef.access.operator = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
||||
services.onion-chef.access.${operatorName} = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
||||
|
||||
security.sudo.configFile =
|
||||
(optionalString cfg.lnd.enable ''
|
||||
operator ALL=(lnd) NOPASSWD: ALL
|
||||
${operatorName} ALL=(lnd) NOPASSWD: ALL
|
||||
'');
|
||||
|
||||
# Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
|
||||
systemd.services.get-vbox-nixops-client-key =
|
||||
mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
|
||||
postStart = ''
|
||||
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.operator.home}"
|
||||
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.${operatorName}.home}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
@ -1,6 +1,5 @@
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
{
|
||||
nodeinfo = pkgs.callPackage ./nodeinfo { };
|
||||
lightning-charge = pkgs.callPackage ./lightning-charge { };
|
||||
nanopos = pkgs.callPackage ./nanopos { };
|
||||
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
||||
|
@ -1,15 +0,0 @@
|
||||
{pkgs}:
|
||||
|
||||
with pkgs;
|
||||
stdenv.mkDerivation {
|
||||
name = "nodeinfo";
|
||||
src = ./nodeinfo.sh;
|
||||
|
||||
unpackPhase = "true";
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
mkdir -p $out/bin
|
||||
cp $src $out/bin/nodeinfo
|
||||
chmod +x $out/bin/nodeinfo
|
||||
'';
|
||||
}
|
@ -1,49 +0,0 @@
|
||||
set -e
|
||||
set -o pipefail
|
||||
|
||||
BITCOIND_ONION="$(cat /var/lib/onion-chef/operator/bitcoind)"
|
||||
echo BITCOIND_ONION="$BITCOIND_ONION"
|
||||
|
||||
if systemctl is-active --quiet clightning; then
|
||||
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
||||
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/operator/clightning)"
|
||||
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
||||
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
||||
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
||||
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet lnd; then
|
||||
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
||||
echo LND_NODEID="$LND_NODEID"
|
||||
fi
|
||||
|
||||
NGINX_ONION_FILE=/var/lib/onion-chef/operator/nginx
|
||||
if [ -e "$NGINX_ONION_FILE" ]; then
|
||||
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
||||
echo NGINX_ONION="$NGINX_ONION"
|
||||
fi
|
||||
|
||||
LIQUIDD_ONION_FILE=/var/lib/onion-chef/operator/liquidd
|
||||
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
||||
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
||||
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
||||
fi
|
||||
|
||||
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/operator/spark-wallet
|
||||
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
||||
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
||||
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
||||
fi
|
||||
|
||||
ELECTRS_ONION_FILE=/var/lib/onion-chef/operator/electrs
|
||||
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
||||
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
||||
echo ELECTRS_ONION="$ELECTRS_ONION"
|
||||
fi
|
||||
|
||||
SSHD_ONION_FILE=/var/lib/onion-chef/operator/sshd
|
||||
if [ -e "$SSHD_ONION_FILE" ]; then
|
||||
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
||||
echo SSHD_ONION="$SSHD_ONION"
|
||||
fi
|
Loading…
Reference in New Issue
Block a user