From 64304b6d661fa4b462e770a4cfa45ea6ac7e091f Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 22 Jan 2023 16:18:03 +0100 Subject: [PATCH] lnd, clightning-rest: remove `lndconnectOnion`, add generic option `lndconnect` For both lnd and clightning-rest, `lndconnectOnion` is replaced by options `lndconnect.enable` and `lndconnect.onion`. This allows using lndconnect without Tor. --- docs/services.md | 36 ++++--- examples/configuration.nix | 16 ++- modules/lndconnect.nix | 191 ++++++++++++++++++++++------------- modules/obsolete-options.nix | 23 ++++- modules/versioning.nix | 2 +- test/tests.nix | 8 +- test/tests.py | 4 +- 7 files changed, 180 insertions(+), 100 deletions(-) diff --git a/docs/services.md b/docs/services.md index 69358d8..640a162 100644 --- a/docs/services.md +++ b/docs/services.md @@ -150,17 +150,23 @@ See: [Secrets dir](./configuration.md#secrets-dir) ##### For lnd Add the following config: - ``` - services.lnd.lndconnectOnion.enable = true; + ```nix + services.lnd.lndconnect = { + enable = true; + onion = true; + }; ``` ##### For clightning Add the following config: - ``` + ```nix services.clightning-rest = { enable = true; - lndconnectOnion.enable = true; + lndconnect = { + enable = true; + onion = true; + }; }; ``` @@ -171,12 +177,12 @@ See: [Secrets dir](./configuration.md#secrets-dir) ##### For lnd ``` - lndconnect-onion + lndconnect ``` ##### For clightning ``` - lndconnect-onion-clightning + lndconnect-clightning ``` 5. Configure Zeus @@ -187,15 +193,15 @@ See: [Secrets dir](./configuration.md#secrets-dir) - Start sending and stacking sats privately ### Additional lndconnect features -Create plain text URLs or QR code images: -``` -lndconnect-onion --url -lndconnect-onion --image -`````` -Create a QR code for a custom hostname: -``` -lndconnect-onion --host=mynode.org -``` +- Create plain text URLs or QR code images + ```bash + lndconnect --url + lndconnect --image + ``` +- Set a custom host. By default, `lndconnect` detects the system's external IP and uses it as the host. + ```bash + lndconnect --host myhost + ``` # Connect to spark-wallet ### Requirements diff --git a/examples/configuration.nix b/examples/configuration.nix index 0305b1c..8cf8f93 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -56,13 +56,16 @@ # # == REST server # Set this to create a clightning REST onion service. - # This also adds binary `lndconnect-onion-clightning` to the system environment. + # This also adds binary `lndconnect-clightning` to the system environment. # This binary creates QR codes or URLs for connecting applications to clightning # via the REST onion service (see ../docs/services.md). # # services.clightning-rest = { # enable = true; - # lndconnectOnion.enable = true; + # lndconnect = { + # enable = true; + # onion = true; + # }; # }; ### LND @@ -78,11 +81,14 @@ # The onion service is automatically announced to peers. # nix-bitcoin.onionServices.lnd.public = true; # - # Set this to create an lnd REST onion service. - # This also adds binary `lndconnect-onion` to the system environment. + # Set this to create a lnd REST onion service. + # This also adds binary `lndconnect` to the system environment. # This binary generates QR codes or URLs for connecting applications to lnd via the # REST onion service (see ../docs/services.md). - # services.lnd.lndconnectOnion.enable = true; + # services.lnd.lndconnect = { + # enable = true; + # onion = true; + # }; # ## WARNING # If you use lnd, you should manually backup your wallet mnemonic diff --git a/modules/lndconnect.nix b/modules/lndconnect.nix index 43b044e..468e6ff 100644 --- a/modules/lndconnect.nix +++ b/modules/lndconnect.nix @@ -3,42 +3,72 @@ with lib; let options = { - services.lnd.lndconnectOnion.enable = mkOption { - type = types.bool; - default = false; - description = mdDoc '' - Create an onion service for the lnd REST server. - Add a `lndconnect-onion` binary to the system environment. - See: https://github.com/LN-Zap/lndconnect + services.lnd.lndconnect = { + enable = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Add a `lndconnect` binary to the system environment which prints + connection info for lnd clients. + See: https://github.com/LN-Zap/lndconnect - Usage: - ```bash - # Print QR code - lndconnect-onion + Usage: + ```bash + # Print QR code + lndconnect - # Print URL - lndconnect-onion --url - ``` - ''; + # Print URL + lndconnect --url + ``` + ''; + }; + onion = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Create an onion service for the lnd REST server, + which is used by lndconnect. + ''; + }; }; - services.clightning-rest.lndconnectOnion.enable = mkOption { - type = types.bool; - default = false; - description = mdDoc '' - Create an onion service for clightning-rest. - Add a `lndconnect-onion-clightning` binary to the system environment. + + services.clightning-rest.lndconnect = { + enable = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Add a `lndconnect-clightning` binary to the system environment which prints + connection info for clightning clients. See: https://github.com/LN-Zap/lndconnect Usage: ```bash # Print QR code - lndconnect-onion-clightning + lndconnect-clightning # Print URL - lndconnect-onion-clightning --url + lndconnect-clightning --url ``` ''; + }; + onion = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Create an onion service for the clightning REST server, + which is used by lndconnect. + ''; + }; + }; + + nix-bitcoin.mkLndconnect = mkOption { + readOnly = true; + default = mkLndconnect; + description = mdDoc '' + A function to create a lndconnect binary. + See the source for further details. + ''; }; }; @@ -47,80 +77,97 @@ let inherit (config.services) lnd - clightning clightning-rest; mkLndconnect = { name, shebang ? "#!${pkgs.stdenv.shell} -e", - onionService, port, - certPath, - macaroonPath + macaroonPath, + enableOnion, + onionService ? null, + certPath ? null }: # TODO-EXTERNAL: # lndconnect requires a --configfile argument, although it's unused # https://github.com/LN-Zap/lndconnect/issues/25 - pkgs.writeScriptBin name '' + pkgs.hiPrio (pkgs.writeScriptBin name '' ${shebang} exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \ - --host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \ + ${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \ --port=${toString port} \ - --tlscertpath='${certPath}' \ + ${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \ --adminmacaroonpath='${macaroonPath}' \ --configfile=/dev/null "$@" - ''; + ''); operatorName = config.nix-bitcoin.operator.name; in { inherit options; config = mkMerge [ - (mkIf (lnd.enable && lnd.lndconnectOnion.enable) { - services.tor = { - enable = true; - relay.onionServices.lnd-rest = nbLib.mkOnionService { - target.addr = nbLib.address lnd.restAddress; - target.port = lnd.restPort; - port = lnd.restPort; - }; - }; - nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ]; + (mkIf (lnd.enable && lnd.lndconnect.enable) + (mkMerge [ + { + environment.systemPackages = [( + mkLndconnect { + name = "lndconnect"; + # Run as lnd user because the macaroon and cert are not group-readable + shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash"; + enableOnion = lnd.lndconnect.onion; + onionService = "${lnd.user}/lnd-rest"; + port = lnd.restPort; + certPath = lnd.certPath; + macaroonPath = "${lnd.networkDir}/admin.macaroon"; + } + )]; - environment.systemPackages = [( - mkLndconnect { - name = "lndconnect-onion"; - # Run as lnd user because the macaroon and cert are not group-readable - shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash"; - onionService = "${lnd.user}/lnd-rest"; - port = lnd.restPort; - certPath = lnd.certPath; - macaroonPath = "${lnd.networkDir}/admin.macaroon"; + services.lnd.restAddress = mkIf (!lnd.lndconnect.onion) "0.0.0.0"; } - )]; - }) - (mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) { - services.tor = { - enable = true; - relay.onionServices.clightning-rest = nbLib.mkOnionService { - target.addr = nbLib.address clightning-rest.address; - target.port = clightning-rest.port; - port = clightning-rest.port; - }; - }; - # This also allows nodeinfo to show the clightning-rest onion address - nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ]; + (mkIf lnd.lndconnect.onion { + services.tor = { + enable = true; + relay.onionServices.lnd-rest = nbLib.mkOnionService { + target.addr = nbLib.address lnd.restAddress; + target.port = lnd.restPort; + port = lnd.restPort; + }; + }; + nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ]; + }) + ])) - environment.systemPackages = [( - mkLndconnect { - name = "lndconnect-onion-clightning"; - onionService = "${operatorName}/clightning-rest"; - port = clightning-rest.port; - certPath = "${clightning-rest.dataDir}/certs/certificate.pem"; - macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon"; + (mkIf (clightning-rest.enable && clightning-rest.lndconnect.enable) + (mkMerge [ + { + environment.systemPackages = [( + mkLndconnect { + name = "lndconnect-clightning"; + enableOnion = clightning-rest.lndconnect.onion; + onionService = "${operatorName}/clightning-rest"; + port = clightning-rest.port; + certPath = "${clightning-rest.dataDir}/certs/certificate.pem"; + macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon"; + } + )]; + + # clightning-rest always binds to all interfaces } - )]; - }) + + (mkIf clightning-rest.lndconnect.onion { + services.tor = { + enable = true; + relay.onionServices.clightning-rest = nbLib.mkOnionService { + target.addr = nbLib.address clightning-rest.address; + target.port = clightning-rest.port; + port = clightning-rest.port; + }; + }; + # This also allows nodeinfo to show the clightning-rest onion address + nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ]; + }) + ]) + ) ]; } diff --git a/modules/obsolete-options.nix b/modules/obsolete-options.nix index 1465963..f568e1a 100644 --- a/modules/obsolete-options.nix +++ b/modules/obsolete-options.nix @@ -33,7 +33,6 @@ in { (mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ]) # 0.0.70 (mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ]) - (mkRenamedOptionModule [ "services" "lnd" "restOnionService" "enable" ] [ "services" "lnd" "lndconnectOnion" "enable" ]) (mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ]) @@ -46,6 +45,28 @@ in { bitcoin peer connections for syncing blocks. This performs well on low and high memory systems. '') + # 0.0.86 + (mkRemovedOptionModule [ "services" "lnd" "restOnionService" "enable" ] '' + Set the following options instead: + services.lnd.lndconnect = { + enable = true; + onion = true; + } + '') + (mkRemovedOptionModule [ "services" "lnd" "lndconnect-onion" ] '' + Set the following options instead: + services.lnd.lndconnect = { + enable = true; + onion = true; + } + '') + (mkRemovedOptionModule [ "services" "clightning-rest" "lndconnect-onion" ] '' + Set the following options instead: + services.clightning-rest.lndconnect = { + enable = true; + onion = true; + } + '') ] ++ # 0.0.59 (map mkSplitEnforceTorOption [ diff --git a/modules/versioning.nix b/modules/versioning.nix index 8254132..5bd2769 100644 --- a/modules/versioning.nix +++ b/modules/versioning.nix @@ -228,7 +228,7 @@ let version = "0.0.70"; condition = config.services.lnd.lndconnectOnion.enable; message = '' - The `lndconnect-rest-onion` binary has been renamed to `lndconnect-onion`. + The `lndconnect-rest-onion` binary has been renamed to `lndconnect`. ''; } { diff --git a/test/tests.nix b/test/tests.nix index 36d192e..ed513d6 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -86,8 +86,8 @@ let nix-bitcoin.onionServices.lnd.public = true; - tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable; - tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable; + tests.lndconnect-onion-lnd = with cfg.lnd.lndconnect; enable && onion; + tests.lndconnect-onion-clightning = with cfg.clightning-rest.lndconnect; enable && onion; tests.lightning-loop = cfg.lightning-loop.enable; services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ]; @@ -187,9 +187,9 @@ let services.rtl.enable = true; services.spark-wallet.enable = true; services.clightning-rest.enable = true; - services.clightning-rest.lndconnectOnion.enable = true; + services.clightning-rest.lndconnect = { enable = true; onion = true; }; services.lnd.enable = true; - services.lnd.lndconnectOnion.enable = true; + services.lnd.lndconnect = { enable = true; onion = true; }; services.lightning-loop.enable = true; services.lightning-pool.enable = true; services.charge-lnd.enable = true; diff --git a/test/tests.py b/test/tests.py index d43f801..1959c7d 100644 --- a/test/tests.py +++ b/test/tests.py @@ -177,12 +177,12 @@ def _(): @test("lndconnect-onion-lnd") def _(): assert_running("lnd") - assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion") + assert_matches("runuser -u operator -- lndconnect --url", ".onion") @test("lndconnect-onion-clightning") def _(): assert_running("clightning-rest") - assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion") + assert_matches("runuser -u operator -- lndconnect-clightning --url", ".onion") @test("lightning-loop") def _():