greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

improve grouping of suboptions

This commit is contained in:
Erik Arvstedt 2020-04-07 22:47:35 +02:00
parent 1a63f0ca6a
commit 85e52a06cb
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 52 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
modules/presets/secure-node.nix
View File

@ -23,35 +23,36 @@ in {
networking.firewall.enable = true; networking.firewall.enable = true;
# Tor # Tor
services.tor.enable = true; services.tor = {
services.tor.client.enable = true; enable = true;
# LND uses ControlPort to create onion services client.enable = true;
services.tor.controlPort = if config.services.lnd.enable then 9051 else null; # LND uses ControlPort to create onion services
controlPort = if config.services.lnd.enable then 9051 else null;
# Tor SSH service hiddenServices.sshd = {
services.tor.hiddenServices.sshd = { map = [ { port = 22; } ];
map = [{ version = 3;
port = 22; };
}];
version = 3;
}; };
# bitcoind # bitcoind
services.bitcoind.enable = true; services.bitcoind = {
services.bitcoind.listen = true; enable = true;
services.bitcoind.sysperms = if config.services.electrs.enable then true else null; listen = true;
services.bitcoind.disablewallet = if config.services.electrs.enable then true else null; sysperms = if config.services.electrs.enable then true else null;
services.bitcoind.proxy = config.services.tor.client.socksListenAddress; disablewallet = if config.services.electrs.enable then true else null;
services.bitcoind.enforceTor = true; proxy = config.services.tor.client.socksListenAddress;
services.bitcoind.port = 8333; enforceTor = true;
services.bitcoind.zmqpubrawblock = "tcp://127.0.0.1:28332"; port = 8333;
services.bitcoind.zmqpubrawtx = "tcp://127.0.0.1:28333"; zmqpubrawblock = "tcp://127.0.0.1:28332";
services.bitcoind.assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6"; zmqpubrawtx = "tcp://127.0.0.1:28333";
services.bitcoind.addnodes = [ "ecoc5q34tmbq54wl.onion" ]; assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6";
services.bitcoind.discover = false; addnodes = [ "ecoc5q34tmbq54wl.onion" ];
services.bitcoind.addresstype = "bech32"; discover = false;
services.bitcoind.prune = 0; addresstype = "bech32";
services.bitcoind.dbCache = 1000; prune = 0;
dbCache = 1000;
};
services.tor.hiddenServices.bitcoind = { services.tor.hiddenServices.bitcoind = {
map = [{ map = [{
port = config.services.bitcoind.port; port = config.services.bitcoind.port;
@ -60,11 +61,13 @@ in {
}; };
# clightning # clightning
services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser; services.clightning = {
services.clightning.proxy = config.services.tor.client.socksListenAddress; bitcoin-rpcuser = config.services.bitcoind.rpcuser;
services.clightning.enforceTor = true; proxy = config.services.tor.client.socksListenAddress;
services.clightning.always-use-proxy = true; enforceTor = true;
services.clightning.bind-addr = "127.0.0.1:9735"; always-use-proxy = true;
bind-addr = "127.0.0.1:9735";
};
services.tor.hiddenServices.clightning = { services.tor.hiddenServices.clightning = {
map = [{ map = [{
port = 9735; toPort = 9735; port = 9735; toPort = 9735;
@ -112,17 +115,19 @@ in {
services.nix-bitcoin-webindex.enforceTor = true; services.nix-bitcoin-webindex.enforceTor = true;
services.liquidd.rpcuser = "liquidrpc"; services.liquidd = {
services.liquidd.prune = 1000; rpcuser = "liquidrpc";
services.liquidd.extraConfig = " prune = 1000;
extraConfig = "
mainchainrpcuser=${config.services.bitcoind.rpcuser} mainchainrpcuser=${config.services.bitcoind.rpcuser}
mainchainrpcport=8332 mainchainrpcport=8332
"; ";
services.liquidd.validatepegin = true; validatepegin = true;
services.liquidd.listen = true; listen = true;
services.liquidd.proxy = config.services.tor.client.socksListenAddress; proxy = config.services.tor.client.socksListenAddress;
services.liquidd.enforceTor = true; enforceTor = true;
services.liquidd.port = 7042; port = 7042;
};
services.tor.hiddenServices.liquidd = { services.tor.hiddenServices.liquidd = {
map = [{ map = [{
port = config.services.liquidd.port; toPort = config.services.liquidd.port; port = config.services.liquidd.port; toPort = config.services.liquidd.port;
@ -131,17 +136,21 @@ in {
}; };
services.spark-wallet.onion-service = true; services.spark-wallet.onion-service = true;
services.electrs.port = 50001;
services.electrs.enforceTor = true; services.electrs = {
services.electrs.onionport = 50002; port = 50001;
services.electrs.TLSProxy.enable = true; enforceTor = true;
services.electrs.TLSProxy.port = 50003; onionport = 50002;
TLSProxy.enable = true;
TLSProxy.port = 50003;
};
services.tor.hiddenServices.electrs = { services.tor.hiddenServices.electrs = {
map = [{ map = [{
port = config.services.electrs.onionport; toPort = config.services.electrs.TLSProxy.port; port = config.services.electrs.onionport; toPort = config.services.electrs.TLSProxy.port;
}]; }];
version = 3; version = 3;
}; };
environment.systemPackages = with pkgs; with nix-bitcoin; let environment.systemPackages = with pkgs; with nix-bitcoin; let
s = config.services; s = config.services;
in in