add presets/bitcoind-remote.nix

This simplifies integrating a remote bitcoind instance and makes `bitcoin-cli` work with the remote node. Add note regarding `whitelistedPort` to docs.
2021-12-07 15:28:12 +01:00 · 2021-12-07 15:28:12 +01:00 · 6b539627ee
commit 6b539627ee
parent 5915a34891
2 changed files with 44 additions and 2 deletions
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -181,9 +181,26 @@ Some services require extra steps:
 Use a bitcoind instance running on another node within a nix-bitcoin config.

 ```nix
+imports = [ <nix-bitcoin/modules/presets/bitcoind-remote.nix> ];
+
 services.bitcoind = {
+  enable = true;
+
  # Address of the other node
  address = "10.10.0.2";
+  rpc.address = "10.10.0.2";
+
+  # Some nix-bitcoin services require whitelisted bitcoind p2p connections
+  # to work reliably.
+  # Search for `whitelistedPort` in this repo to see the affected services.
+  # If you're using one of these services, either add a whitelisted p2p port
+  # on your remote node via `whitebind` and set it here:
+  whitelistedPort = <remote whitebind RPC port>;
+  #
+  # Or use the default p2p port and add `whitelist=<address of this node>` to
+  # your remote bitcoind config:
+  whitelistedPort = config.services.bitcoind.port;
+
  rpc.users = let
    # The fully privileged bitcoind RPC username of the other node
    name = "myrpcuser";
@ -196,8 +213,6 @@ services.bitcoind = {
    # joinmarket-ob-watcher.name = name;
  };
 };
-# Disable the local bitcoind service
-systemd.services.bitcoind.wantedBy = mkForce [];
 ```

 Now save the password of the RPC user to the following files on your nix-bitcoin node:
@ -211,6 +226,8 @@ $secretsDir/bitcoin-rpcpassword-public
 ```
 See: [Secrets dir](#secrets-dir)

+Restart `bitcoind` after updating the secrets: `systemctl restart bitcoind`.
+
 # Temporarily disable a service

 Sometimes you might want to disable a service without removing the service user and
--- a/modules/presets/bitcoind-remote.nix
+++ b/modules/presets/bitcoind-remote.nix
@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.bitcoind;
+  secretsDir = config.nix-bitcoin.secretsDir;
+in {
+  services.bitcoind = {
+    # Make the local bitcoin-cli work with the remote node
+    extraConfig = ''
+      rpcuser=${cfg.rpc.users.privileged.name}
+    '';
+  };
+
+  systemd.services.bitcoind = {
+    preStart = lib.mkAfter ''
+      echo "rpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-privileged)" >> '${cfg.dataDir}'/bitcoin.conf
+    '';
+    postStart = lib.mkForce "";
+    serviceConfig = {
+      Type = lib.mkForce "oneshot";
+      ExecStart = lib.mkForce "${pkgs.coreutils}/bin/true";
+      RemainAfterExit = true;
+    };
+  };
+}