From 65b5dab3d4a453525e4d9e6a54a631c2644004b3 Mon Sep 17 00:00:00 2001 From: nixbitcoin Date: Thu, 4 Jun 2020 08:23:02 +0000 Subject: [PATCH] clightning: add announce-tor From the clightning manpage: autolisten=BOOL By default, we bind (and maybe announce) on IPv4 and IPv6 interfaces if no addr, bind-addr or announce-addr options are specified. Setting this to false disables that. We already set bind-addr by default, so autolisten had no effect. Therefore, this commit replaces autolisten with the more granular announce-addr option. For now we are Tor-only, so we only need to announce our hidden service to accept incoming connections. In the future, we can add clearnet connectivity with `addr` and route connections into our netns with NAT. --- examples/configuration.nix | 7 ++++--- modules/clightning.nix | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/examples/configuration.nix b/examples/configuration.nix index 6ed2300..62f9312 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -38,9 +38,10 @@ # Enable this module to use clightning, a Lightning Network implementation # in C. services.clightning.enable = true; - # Enable this option to listen for incoming lightning connections. By - # default nix-bitcoin nodes offer outgoing connectivity. - # services.clightning.autolisten = true; + # Enable this option to announce our Tor Hidden Service. By default clightning + # offers outgoing functionality, but doesn't announce the Tor Hidden Service + # under which peers can reach us. + # services.clightning.announce-tor = true; ### LND # Disable clightning and uncomment the following line in order to enable lnd, diff --git a/modules/clightning.nix b/modules/clightning.nix index 1b6ffff..3bb516f 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -5,8 +5,8 @@ with lib; let cfg = config.services.clightning; inherit (config) nix-bitcoin-services; + onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []); configFile = pkgs.writeText "config" '' - autolisten=${if cfg.autolisten then "true" else "false"} network=bitcoin bitcoin-datadir=${config.services.bitcoind.dataDir} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} @@ -28,7 +28,8 @@ in { type = types.bool; default = false; description = '' - If enabled, the clightning service will listen. + Bind (and maybe announce) on IPv4 and IPv6 interfaces if no addr, + bind-addr or announce-addr options are specified. ''; }; proxy = mkOption { @@ -48,6 +49,11 @@ in { default = null; description = "Set an IP address or UNIX domain socket to listen to"; }; + announce-tor = mkOption { + type = types.bool; + default = false; + description = "Announce clightning Tor Hidden Service"; + }; bitcoin-rpcuser = mkOption { type = types.str; description = '' @@ -93,12 +99,13 @@ in { "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" ]; + services.onion-chef.access.clightning = if cfg.announce-tor then [ "clightning" ] else []; systemd.services.clightning = { description = "Run clightningd"; path = [ pkgs.nix-bitcoin.bitcoind ]; wantedBy = [ "multi-user.target" ]; - requires = [ "bitcoind.service" ]; - after = [ "bitcoind.service" ]; + requires = [ "bitcoind.service" ] ++ onion-chef-service; + after = [ "bitcoind.service" ] ++ onion-chef-service; preStart = '' cp ${configFile} ${cfg.dataDir}/config chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' @@ -106,6 +113,7 @@ in { rm -f ${cfg.dataDir}/bitcoin/lightning-rpc chmod 600 ${cfg.dataDir}/config echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config' + ${optionalString cfg.announce-tor "echo announce-addr=$(cat /var/lib/onion-chef/clightning/clightning) >> '${cfg.dataDir}/config'"} ''; serviceConfig = nix-bitcoin-services.defaultHardening // { ExecStart = "${pkgs.nix-bitcoin.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";