lnd, clightning-rest: remove lndconnectOnion, add generic option lndconnect

For both lnd and clightning-rest, `lndconnectOnion` is replaced by
options `lndconnect.enable` and `lndconnect.onion`.

This allows using lndconnect without Tor.
This commit is contained in:
Erik Arvstedt 2023-01-22 16:18:03 +01:00 committed by Greg Shuflin
parent 992946f20e
commit 64304b6d66
7 changed files with 180 additions and 100 deletions

View File

@ -150,17 +150,23 @@ See: [Secrets dir](./configuration.md#secrets-dir)
##### For lnd
Add the following config:
```
services.lnd.lndconnectOnion.enable = true;
```nix
services.lnd.lndconnect = {
enable = true;
onion = true;
};
```
##### For clightning
Add the following config:
```
```nix
services.clightning-rest = {
enable = true;
lndconnectOnion.enable = true;
lndconnect = {
enable = true;
onion = true;
};
};
```
@ -171,12 +177,12 @@ See: [Secrets dir](./configuration.md#secrets-dir)
##### For lnd
```
lndconnect-onion
lndconnect
```
##### For clightning
```
lndconnect-onion-clightning
lndconnect-clightning
```
5. Configure Zeus
@ -187,15 +193,15 @@ See: [Secrets dir](./configuration.md#secrets-dir)
- Start sending and stacking sats privately
### Additional lndconnect features
Create plain text URLs or QR code images:
```
lndconnect-onion --url
lndconnect-onion --image
``````
Create a QR code for a custom hostname:
```
lndconnect-onion --host=mynode.org
```
- Create plain text URLs or QR code images
```bash
lndconnect --url
lndconnect --image
```
- Set a custom host. By default, `lndconnect` detects the system's external IP and uses it as the host.
```bash
lndconnect --host myhost
```
# Connect to spark-wallet
### Requirements

View File

@ -56,13 +56,16 @@
#
# == REST server
# Set this to create a clightning REST onion service.
# This also adds binary `lndconnect-onion-clightning` to the system environment.
# This also adds binary `lndconnect-clightning` to the system environment.
# This binary creates QR codes or URLs for connecting applications to clightning
# via the REST onion service (see ../docs/services.md).
#
# services.clightning-rest = {
# enable = true;
# lndconnectOnion.enable = true;
# lndconnect = {
# enable = true;
# onion = true;
# };
# };
### LND
@ -78,11 +81,14 @@
# The onion service is automatically announced to peers.
# nix-bitcoin.onionServices.lnd.public = true;
#
# Set this to create an lnd REST onion service.
# This also adds binary `lndconnect-onion` to the system environment.
# Set this to create a lnd REST onion service.
# This also adds binary `lndconnect` to the system environment.
# This binary generates QR codes or URLs for connecting applications to lnd via the
# REST onion service (see ../docs/services.md).
# services.lnd.lndconnectOnion.enable = true;
# services.lnd.lndconnect = {
# enable = true;
# onion = true;
# };
#
## WARNING
# If you use lnd, you should manually backup your wallet mnemonic

View File

@ -3,42 +3,72 @@
with lib;
let
options = {
services.lnd.lndconnectOnion.enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for the lnd REST server.
Add a `lndconnect-onion` binary to the system environment.
See: https://github.com/LN-Zap/lndconnect
services.lnd.lndconnect = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add a `lndconnect` binary to the system environment which prints
connection info for lnd clients.
See: https://github.com/LN-Zap/lndconnect
Usage:
```bash
# Print QR code
lndconnect-onion
Usage:
```bash
# Print QR code
lndconnect
# Print URL
lndconnect-onion --url
```
'';
# Print URL
lndconnect --url
```
'';
};
onion = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for the lnd REST server,
which is used by lndconnect.
'';
};
};
services.clightning-rest.lndconnectOnion.enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for clightning-rest.
Add a `lndconnect-onion-clightning` binary to the system environment.
services.clightning-rest.lndconnect = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add a `lndconnect-clightning` binary to the system environment which prints
connection info for clightning clients.
See: https://github.com/LN-Zap/lndconnect
Usage:
```bash
# Print QR code
lndconnect-onion-clightning
lndconnect-clightning
# Print URL
lndconnect-onion-clightning --url
lndconnect-clightning --url
```
'';
};
onion = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for the clightning REST server,
which is used by lndconnect.
'';
};
};
nix-bitcoin.mkLndconnect = mkOption {
readOnly = true;
default = mkLndconnect;
description = mdDoc ''
A function to create a lndconnect binary.
See the source for further details.
'';
};
};
@ -47,80 +77,97 @@ let
inherit (config.services)
lnd
clightning
clightning-rest;
mkLndconnect = {
name,
shebang ? "#!${pkgs.stdenv.shell} -e",
onionService,
port,
certPath,
macaroonPath
macaroonPath,
enableOnion,
onionService ? null,
certPath ? null
}:
# TODO-EXTERNAL:
# lndconnect requires a --configfile argument, although it's unused
# https://github.com/LN-Zap/lndconnect/issues/25
pkgs.writeScriptBin name ''
pkgs.hiPrio (pkgs.writeScriptBin name ''
${shebang}
exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \
--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
--port=${toString port} \
--tlscertpath='${certPath}' \
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
--adminmacaroonpath='${macaroonPath}' \
--configfile=/dev/null "$@"
'';
'');
operatorName = config.nix-bitcoin.operator.name;
in {
inherit options;
config = mkMerge [
(mkIf (lnd.enable && lnd.lndconnectOnion.enable) {
services.tor = {
enable = true;
relay.onionServices.lnd-rest = nbLib.mkOnionService {
target.addr = nbLib.address lnd.restAddress;
target.port = lnd.restPort;
port = lnd.restPort;
};
};
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
(mkIf (lnd.enable && lnd.lndconnect.enable)
(mkMerge [
{
environment.systemPackages = [(
mkLndconnect {
name = "lndconnect";
# Run as lnd user because the macaroon and cert are not group-readable
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
enableOnion = lnd.lndconnect.onion;
onionService = "${lnd.user}/lnd-rest";
port = lnd.restPort;
certPath = lnd.certPath;
macaroonPath = "${lnd.networkDir}/admin.macaroon";
}
)];
environment.systemPackages = [(
mkLndconnect {
name = "lndconnect-onion";
# Run as lnd user because the macaroon and cert are not group-readable
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
onionService = "${lnd.user}/lnd-rest";
port = lnd.restPort;
certPath = lnd.certPath;
macaroonPath = "${lnd.networkDir}/admin.macaroon";
services.lnd.restAddress = mkIf (!lnd.lndconnect.onion) "0.0.0.0";
}
)];
})
(mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) {
services.tor = {
enable = true;
relay.onionServices.clightning-rest = nbLib.mkOnionService {
target.addr = nbLib.address clightning-rest.address;
target.port = clightning-rest.port;
port = clightning-rest.port;
};
};
# This also allows nodeinfo to show the clightning-rest onion address
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
(mkIf lnd.lndconnect.onion {
services.tor = {
enable = true;
relay.onionServices.lnd-rest = nbLib.mkOnionService {
target.addr = nbLib.address lnd.restAddress;
target.port = lnd.restPort;
port = lnd.restPort;
};
};
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
})
]))
environment.systemPackages = [(
mkLndconnect {
name = "lndconnect-onion-clightning";
onionService = "${operatorName}/clightning-rest";
port = clightning-rest.port;
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
(mkIf (clightning-rest.enable && clightning-rest.lndconnect.enable)
(mkMerge [
{
environment.systemPackages = [(
mkLndconnect {
name = "lndconnect-clightning";
enableOnion = clightning-rest.lndconnect.onion;
onionService = "${operatorName}/clightning-rest";
port = clightning-rest.port;
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
}
)];
# clightning-rest always binds to all interfaces
}
)];
})
(mkIf clightning-rest.lndconnect.onion {
services.tor = {
enable = true;
relay.onionServices.clightning-rest = nbLib.mkOnionService {
target.addr = nbLib.address clightning-rest.address;
target.port = clightning-rest.port;
port = clightning-rest.port;
};
};
# This also allows nodeinfo to show the clightning-rest onion address
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
})
])
)
];
}

View File

@ -33,7 +33,6 @@ in {
(mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ])
# 0.0.70
(mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ])
(mkRenamedOptionModule [ "services" "lnd" "restOnionService" "enable" ] [ "services" "lnd" "lndconnectOnion" "enable" ])
(mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ])
@ -46,6 +45,28 @@ in {
bitcoin peer connections for syncing blocks. This performs well on low and high
memory systems.
'')
# 0.0.86
(mkRemovedOptionModule [ "services" "lnd" "restOnionService" "enable" ] ''
Set the following options instead:
services.lnd.lndconnect = {
enable = true;
onion = true;
}
'')
(mkRemovedOptionModule [ "services" "lnd" "lndconnect-onion" ] ''
Set the following options instead:
services.lnd.lndconnect = {
enable = true;
onion = true;
}
'')
(mkRemovedOptionModule [ "services" "clightning-rest" "lndconnect-onion" ] ''
Set the following options instead:
services.clightning-rest.lndconnect = {
enable = true;
onion = true;
}
'')
] ++
# 0.0.59
(map mkSplitEnforceTorOption [

View File

@ -228,7 +228,7 @@ let
version = "0.0.70";
condition = config.services.lnd.lndconnectOnion.enable;
message = ''
The `lndconnect-rest-onion` binary has been renamed to `lndconnect-onion`.
The `lndconnect-rest-onion` binary has been renamed to `lndconnect`.
'';
}
{

View File

@ -86,8 +86,8 @@ let
nix-bitcoin.onionServices.lnd.public = true;
tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable;
tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable;
tests.lndconnect-onion-lnd = with cfg.lnd.lndconnect; enable && onion;
tests.lndconnect-onion-clightning = with cfg.clightning-rest.lndconnect; enable && onion;
tests.lightning-loop = cfg.lightning-loop.enable;
services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ];
@ -187,9 +187,9 @@ let
services.rtl.enable = true;
services.spark-wallet.enable = true;
services.clightning-rest.enable = true;
services.clightning-rest.lndconnectOnion.enable = true;
services.clightning-rest.lndconnect = { enable = true; onion = true; };
services.lnd.enable = true;
services.lnd.lndconnectOnion.enable = true;
services.lnd.lndconnect = { enable = true; onion = true; };
services.lightning-loop.enable = true;
services.lightning-pool.enable = true;
services.charge-lnd.enable = true;

View File

@ -177,12 +177,12 @@ def _():
@test("lndconnect-onion-lnd")
def _():
assert_running("lnd")
assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion")
assert_matches("runuser -u operator -- lndconnect --url", ".onion")
@test("lndconnect-onion-clightning")
def _():
assert_running("clightning-rest")
assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion")
assert_matches("runuser -u operator -- lndconnect-clightning --url", ".onion")
@test("lightning-loop")
def _():