lnd, clightning-rest: remove lndconnectOnion
, add generic option lndconnect
For both lnd and clightning-rest, `lndconnectOnion` is replaced by options `lndconnect.enable` and `lndconnect.onion`. This allows using lndconnect without Tor.
This commit is contained in:
parent
992946f20e
commit
64304b6d66
@ -150,17 +150,23 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
||||
##### For lnd
|
||||
|
||||
Add the following config:
|
||||
```
|
||||
services.lnd.lndconnectOnion.enable = true;
|
||||
```nix
|
||||
services.lnd.lndconnect = {
|
||||
enable = true;
|
||||
onion = true;
|
||||
};
|
||||
```
|
||||
|
||||
##### For clightning
|
||||
|
||||
Add the following config:
|
||||
```
|
||||
```nix
|
||||
services.clightning-rest = {
|
||||
enable = true;
|
||||
lndconnectOnion.enable = true;
|
||||
lndconnect = {
|
||||
enable = true;
|
||||
onion = true;
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
@ -171,12 +177,12 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
||||
|
||||
##### For lnd
|
||||
```
|
||||
lndconnect-onion
|
||||
lndconnect
|
||||
```
|
||||
|
||||
##### For clightning
|
||||
```
|
||||
lndconnect-onion-clightning
|
||||
lndconnect-clightning
|
||||
```
|
||||
|
||||
5. Configure Zeus
|
||||
@ -187,15 +193,15 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
||||
- Start sending and stacking sats privately
|
||||
|
||||
### Additional lndconnect features
|
||||
Create plain text URLs or QR code images:
|
||||
```
|
||||
lndconnect-onion --url
|
||||
lndconnect-onion --image
|
||||
``````
|
||||
Create a QR code for a custom hostname:
|
||||
```
|
||||
lndconnect-onion --host=mynode.org
|
||||
```
|
||||
- Create plain text URLs or QR code images
|
||||
```bash
|
||||
lndconnect --url
|
||||
lndconnect --image
|
||||
```
|
||||
- Set a custom host. By default, `lndconnect` detects the system's external IP and uses it as the host.
|
||||
```bash
|
||||
lndconnect --host myhost
|
||||
```
|
||||
|
||||
# Connect to spark-wallet
|
||||
### Requirements
|
||||
|
@ -56,13 +56,16 @@
|
||||
#
|
||||
# == REST server
|
||||
# Set this to create a clightning REST onion service.
|
||||
# This also adds binary `lndconnect-onion-clightning` to the system environment.
|
||||
# This also adds binary `lndconnect-clightning` to the system environment.
|
||||
# This binary creates QR codes or URLs for connecting applications to clightning
|
||||
# via the REST onion service (see ../docs/services.md).
|
||||
#
|
||||
# services.clightning-rest = {
|
||||
# enable = true;
|
||||
# lndconnectOnion.enable = true;
|
||||
# lndconnect = {
|
||||
# enable = true;
|
||||
# onion = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
### LND
|
||||
@ -78,11 +81,14 @@
|
||||
# The onion service is automatically announced to peers.
|
||||
# nix-bitcoin.onionServices.lnd.public = true;
|
||||
#
|
||||
# Set this to create an lnd REST onion service.
|
||||
# This also adds binary `lndconnect-onion` to the system environment.
|
||||
# Set this to create a lnd REST onion service.
|
||||
# This also adds binary `lndconnect` to the system environment.
|
||||
# This binary generates QR codes or URLs for connecting applications to lnd via the
|
||||
# REST onion service (see ../docs/services.md).
|
||||
# services.lnd.lndconnectOnion.enable = true;
|
||||
# services.lnd.lndconnect = {
|
||||
# enable = true;
|
||||
# onion = true;
|
||||
# };
|
||||
#
|
||||
## WARNING
|
||||
# If you use lnd, you should manually backup your wallet mnemonic
|
||||
|
@ -3,42 +3,72 @@
|
||||
with lib;
|
||||
let
|
||||
options = {
|
||||
services.lnd.lndconnectOnion.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Create an onion service for the lnd REST server.
|
||||
Add a `lndconnect-onion` binary to the system environment.
|
||||
See: https://github.com/LN-Zap/lndconnect
|
||||
services.lnd.lndconnect = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Add a `lndconnect` binary to the system environment which prints
|
||||
connection info for lnd clients.
|
||||
See: https://github.com/LN-Zap/lndconnect
|
||||
|
||||
Usage:
|
||||
```bash
|
||||
# Print QR code
|
||||
lndconnect-onion
|
||||
Usage:
|
||||
```bash
|
||||
# Print QR code
|
||||
lndconnect
|
||||
|
||||
# Print URL
|
||||
lndconnect-onion --url
|
||||
```
|
||||
'';
|
||||
# Print URL
|
||||
lndconnect --url
|
||||
```
|
||||
'';
|
||||
};
|
||||
onion = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Create an onion service for the lnd REST server,
|
||||
which is used by lndconnect.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.clightning-rest.lndconnectOnion.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Create an onion service for clightning-rest.
|
||||
Add a `lndconnect-onion-clightning` binary to the system environment.
|
||||
|
||||
services.clightning-rest.lndconnect = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Add a `lndconnect-clightning` binary to the system environment which prints
|
||||
connection info for clightning clients.
|
||||
See: https://github.com/LN-Zap/lndconnect
|
||||
|
||||
Usage:
|
||||
```bash
|
||||
# Print QR code
|
||||
lndconnect-onion-clightning
|
||||
lndconnect-clightning
|
||||
|
||||
# Print URL
|
||||
lndconnect-onion-clightning --url
|
||||
lndconnect-clightning --url
|
||||
```
|
||||
'';
|
||||
};
|
||||
onion = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Create an onion service for the clightning REST server,
|
||||
which is used by lndconnect.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nix-bitcoin.mkLndconnect = mkOption {
|
||||
readOnly = true;
|
||||
default = mkLndconnect;
|
||||
description = mdDoc ''
|
||||
A function to create a lndconnect binary.
|
||||
See the source for further details.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
@ -47,80 +77,97 @@ let
|
||||
|
||||
inherit (config.services)
|
||||
lnd
|
||||
clightning
|
||||
clightning-rest;
|
||||
|
||||
mkLndconnect = {
|
||||
name,
|
||||
shebang ? "#!${pkgs.stdenv.shell} -e",
|
||||
onionService,
|
||||
port,
|
||||
certPath,
|
||||
macaroonPath
|
||||
macaroonPath,
|
||||
enableOnion,
|
||||
onionService ? null,
|
||||
certPath ? null
|
||||
}:
|
||||
# TODO-EXTERNAL:
|
||||
# lndconnect requires a --configfile argument, although it's unused
|
||||
# https://github.com/LN-Zap/lndconnect/issues/25
|
||||
pkgs.writeScriptBin name ''
|
||||
pkgs.hiPrio (pkgs.writeScriptBin name ''
|
||||
${shebang}
|
||||
exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \
|
||||
--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \
|
||||
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
|
||||
--port=${toString port} \
|
||||
--tlscertpath='${certPath}' \
|
||||
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
|
||||
--adminmacaroonpath='${macaroonPath}' \
|
||||
--configfile=/dev/null "$@"
|
||||
'';
|
||||
'');
|
||||
|
||||
operatorName = config.nix-bitcoin.operator.name;
|
||||
in {
|
||||
inherit options;
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (lnd.enable && lnd.lndconnectOnion.enable) {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.lnd-rest = nbLib.mkOnionService {
|
||||
target.addr = nbLib.address lnd.restAddress;
|
||||
target.port = lnd.restPort;
|
||||
port = lnd.restPort;
|
||||
};
|
||||
};
|
||||
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
|
||||
(mkIf (lnd.enable && lnd.lndconnect.enable)
|
||||
(mkMerge [
|
||||
{
|
||||
environment.systemPackages = [(
|
||||
mkLndconnect {
|
||||
name = "lndconnect";
|
||||
# Run as lnd user because the macaroon and cert are not group-readable
|
||||
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
||||
enableOnion = lnd.lndconnect.onion;
|
||||
onionService = "${lnd.user}/lnd-rest";
|
||||
port = lnd.restPort;
|
||||
certPath = lnd.certPath;
|
||||
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
||||
}
|
||||
)];
|
||||
|
||||
environment.systemPackages = [(
|
||||
mkLndconnect {
|
||||
name = "lndconnect-onion";
|
||||
# Run as lnd user because the macaroon and cert are not group-readable
|
||||
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
||||
onionService = "${lnd.user}/lnd-rest";
|
||||
port = lnd.restPort;
|
||||
certPath = lnd.certPath;
|
||||
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
||||
services.lnd.restAddress = mkIf (!lnd.lndconnect.onion) "0.0.0.0";
|
||||
}
|
||||
)];
|
||||
})
|
||||
|
||||
(mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.clightning-rest = nbLib.mkOnionService {
|
||||
target.addr = nbLib.address clightning-rest.address;
|
||||
target.port = clightning-rest.port;
|
||||
port = clightning-rest.port;
|
||||
};
|
||||
};
|
||||
# This also allows nodeinfo to show the clightning-rest onion address
|
||||
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
|
||||
(mkIf lnd.lndconnect.onion {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.lnd-rest = nbLib.mkOnionService {
|
||||
target.addr = nbLib.address lnd.restAddress;
|
||||
target.port = lnd.restPort;
|
||||
port = lnd.restPort;
|
||||
};
|
||||
};
|
||||
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
|
||||
})
|
||||
]))
|
||||
|
||||
environment.systemPackages = [(
|
||||
mkLndconnect {
|
||||
name = "lndconnect-onion-clightning";
|
||||
onionService = "${operatorName}/clightning-rest";
|
||||
port = clightning-rest.port;
|
||||
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
|
||||
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
|
||||
(mkIf (clightning-rest.enable && clightning-rest.lndconnect.enable)
|
||||
(mkMerge [
|
||||
{
|
||||
environment.systemPackages = [(
|
||||
mkLndconnect {
|
||||
name = "lndconnect-clightning";
|
||||
enableOnion = clightning-rest.lndconnect.onion;
|
||||
onionService = "${operatorName}/clightning-rest";
|
||||
port = clightning-rest.port;
|
||||
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
|
||||
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
|
||||
}
|
||||
)];
|
||||
|
||||
# clightning-rest always binds to all interfaces
|
||||
}
|
||||
)];
|
||||
})
|
||||
|
||||
(mkIf clightning-rest.lndconnect.onion {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.clightning-rest = nbLib.mkOnionService {
|
||||
target.addr = nbLib.address clightning-rest.address;
|
||||
target.port = clightning-rest.port;
|
||||
port = clightning-rest.port;
|
||||
};
|
||||
};
|
||||
# This also allows nodeinfo to show the clightning-rest onion address
|
||||
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
|
||||
})
|
||||
])
|
||||
)
|
||||
];
|
||||
}
|
||||
|
@ -33,7 +33,6 @@ in {
|
||||
(mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ])
|
||||
# 0.0.70
|
||||
(mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ])
|
||||
(mkRenamedOptionModule [ "services" "lnd" "restOnionService" "enable" ] [ "services" "lnd" "lndconnectOnion" "enable" ])
|
||||
|
||||
(mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ])
|
||||
|
||||
@ -46,6 +45,28 @@ in {
|
||||
bitcoin peer connections for syncing blocks. This performs well on low and high
|
||||
memory systems.
|
||||
'')
|
||||
# 0.0.86
|
||||
(mkRemovedOptionModule [ "services" "lnd" "restOnionService" "enable" ] ''
|
||||
Set the following options instead:
|
||||
services.lnd.lndconnect = {
|
||||
enable = true;
|
||||
onion = true;
|
||||
}
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "lnd" "lndconnect-onion" ] ''
|
||||
Set the following options instead:
|
||||
services.lnd.lndconnect = {
|
||||
enable = true;
|
||||
onion = true;
|
||||
}
|
||||
'')
|
||||
(mkRemovedOptionModule [ "services" "clightning-rest" "lndconnect-onion" ] ''
|
||||
Set the following options instead:
|
||||
services.clightning-rest.lndconnect = {
|
||||
enable = true;
|
||||
onion = true;
|
||||
}
|
||||
'')
|
||||
] ++
|
||||
# 0.0.59
|
||||
(map mkSplitEnforceTorOption [
|
||||
|
@ -228,7 +228,7 @@ let
|
||||
version = "0.0.70";
|
||||
condition = config.services.lnd.lndconnectOnion.enable;
|
||||
message = ''
|
||||
The `lndconnect-rest-onion` binary has been renamed to `lndconnect-onion`.
|
||||
The `lndconnect-rest-onion` binary has been renamed to `lndconnect`.
|
||||
'';
|
||||
}
|
||||
{
|
||||
|
@ -86,8 +86,8 @@ let
|
||||
|
||||
nix-bitcoin.onionServices.lnd.public = true;
|
||||
|
||||
tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable;
|
||||
tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable;
|
||||
tests.lndconnect-onion-lnd = with cfg.lnd.lndconnect; enable && onion;
|
||||
tests.lndconnect-onion-clightning = with cfg.clightning-rest.lndconnect; enable && onion;
|
||||
|
||||
tests.lightning-loop = cfg.lightning-loop.enable;
|
||||
services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ];
|
||||
@ -187,9 +187,9 @@ let
|
||||
services.rtl.enable = true;
|
||||
services.spark-wallet.enable = true;
|
||||
services.clightning-rest.enable = true;
|
||||
services.clightning-rest.lndconnectOnion.enable = true;
|
||||
services.clightning-rest.lndconnect = { enable = true; onion = true; };
|
||||
services.lnd.enable = true;
|
||||
services.lnd.lndconnectOnion.enable = true;
|
||||
services.lnd.lndconnect = { enable = true; onion = true; };
|
||||
services.lightning-loop.enable = true;
|
||||
services.lightning-pool.enable = true;
|
||||
services.charge-lnd.enable = true;
|
||||
|
@ -177,12 +177,12 @@ def _():
|
||||
@test("lndconnect-onion-lnd")
|
||||
def _():
|
||||
assert_running("lnd")
|
||||
assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion")
|
||||
assert_matches("runuser -u operator -- lndconnect --url", ".onion")
|
||||
|
||||
@test("lndconnect-onion-clightning")
|
||||
def _():
|
||||
assert_running("clightning-rest")
|
||||
assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion")
|
||||
assert_matches("runuser -u operator -- lndconnect-clightning --url", ".onion")
|
||||
|
||||
@test("lightning-loop")
|
||||
def _():
|
||||
|
Loading…
Reference in New Issue
Block a user