Add index page with nginx

This commit is contained in:
Jonas Nick 2018-12-01 20:48:58 +00:00
parent b0594aaacd
commit 8fae70b80a
5 changed files with 108 additions and 23 deletions

View File

@ -7,6 +7,7 @@ let
# custom packages # custom packages
nodeinfo = (import pkgs/nodeinfo.nix); nodeinfo = (import pkgs/nodeinfo.nix);
lightning-charge = import pkgs/lightning-charge.nix { inherit pkgs; }; lightning-charge = import pkgs/lightning-charge.nix { inherit pkgs; };
nanopos = import pkgs/nanopos.nix { inherit pkgs; };
in { in {
disabledModules = [ "services/security/tor.nix" ]; disabledModules = [ "services/security/tor.nix" ];
@ -26,10 +27,14 @@ in {
nodeinfo nodeinfo
jq jq
lightning-charge.package lightning-charge.package
nanopos.package
nodejs-8_x
nginx
]; ];
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
inherit nodeinfo; inherit nodeinfo;
inherit lightning-charge; inherit lightning-charge;
inherit nanopos;
}; };
services.openssh.enable = true; services.openssh.enable = true;
@ -38,9 +43,9 @@ in {
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILacgZRwLsiICNHGHY2TG2APeuxFsrw6Cg13ZTMQpNqA nickler@rick" ]; # openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILacgZRwLsiICNHGHY2TG2APeuxFsrw6Cg13ZTMQpNqA nickler@rick" ];
# }; # };
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ ];
#services.bitcoin.proxy = services.tor.client.socksListenAddress; #services.bitcoin.proxy = services.tor.client.socksListenAddress;
services.nixbitcoin.enable = true; services.nixbitcoin.enable = true;

View File

@ -23,16 +23,6 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.lightning-charge =
{
description = "lightning-charge User";
group = "lightning-charge";
extraGroups = [ "keys" ];
};
users.groups.lightning-charge = {
name = "lightning-charge";
};
systemd.services.lightning-charge = systemd.services.lightning-charge =
{ description = "Run lightning-charge"; { description = "Run lightning-charge";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -42,7 +32,9 @@ in {
{ {
EnvironmentFile = "/secrets/lightning-charge-api-token"; EnvironmentFile = "/secrets/lightning-charge-api-token";
ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db"; ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
# so this must run as the clightning user
# https://github.com/ElementsProject/lightning/issues/1366
User = "clightning"; User = "clightning";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";

View File

@ -4,6 +4,37 @@ with lib;
let let
cfg = config.services.nixbitcoin; cfg = config.services.nixbitcoin;
indexFile = pkgs.writeText "index.html" ''
<html>
<body>
<p>
<h1>
nix-bitcoin
</h1>
</p>
<p>
<h2>
<a href="store/">store</a>
</h2>
</p>
<p>
<h3>
lightning node: CLIGHTNING_ID
</h3>
</p>
</body>
</html>
'';
createWebIndex = pkgs.writeText "make-index.sh" ''
set -e
mkdir -p /var/www/
cp ${indexFile} /var/www/index.html
chown -R nginx /var/www/
nodeinfo
. <(nodeinfo)
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
'';
in { in {
imports = imports =
[ [
@ -11,6 +42,7 @@ in {
./bitcoind.nix ./bitcoind.nix
./clightning.nix ./clightning.nix
./lightning-charge.nix ./lightning-charge.nix
./nanopos.nix
]; ];
options.services.nixbitcoin = { options.services.nixbitcoin = {
@ -51,10 +83,59 @@ in {
services.bitcoind.prune = 2000; services.bitcoind.prune = 2000;
# clightning # clightning
services.clightning.enable = true; services.clightning = {
services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser; enable = true;
bitcoin-rpcuser = config.services.bitcoind.rpcuser;
};
services.tor.hiddenServices.clightning = {
map = [{
port = 9375; toPort = 9375;
}];
version = 3;
};
services.lightning-charge.enable = true; services.lightning-charge.enable = true;
services.nanopos.enable = true;
services.nginx = {
enable = true;
virtualHosts."_" = {
root = "/var/www";
extraConfig = ''
location /store/ {
proxy_pass http://127.0.0.1:${toString config.services.nanopos.port};
rewrite /store/(.*) /$1 break;
}
'';
};
};
services.tor.hiddenServices.nginx = {
map = [{
port = 80;
} {
port = 443;
}];
version = 3;
};
# create-web-index
systemd.services.create-web-index = {
description = "Get node info";
wantedBy = [ "multi-user.target" ];
after = [ "nodeinfo.service" ];
path = [ pkgs.nodeinfo pkgs.clightning pkgs.jq pkgs.sudo ];
serviceConfig = {
ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
User = "root";
Type = "simple";
RemainAfterExit="yes";
Restart = "on-failure";
RestartSec = "10s";
};
};
# nodeinfo # nodeinfo
systemd.services.nodeinfo = { systemd.services.nodeinfo = {
@ -63,14 +144,13 @@ in {
after = [ "clightning.service" "tor.service" ]; after = [ "clightning.service" "tor.service" ];
path = [ pkgs.clightning pkgs.jq pkgs.sudo ]; path = [ pkgs.clightning pkgs.jq pkgs.sudo ];
serviceConfig = { serviceConfig = {
ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.nix"; ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.sh";
User = "root"; User = "root";
Type = "simple"; Type = "simple";
RemainAfterExit="yes"; RemainAfterExit="yes";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";
}; };
}; };
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.

View File

@ -20,5 +20,12 @@ in
deployment.keys.lightning-charge-api-token.user = "clightning"; deployment.keys.lightning-charge-api-token.user = "clightning";
deployment.keys.lightning-charge-api-token.group = "clightning"; deployment.keys.lightning-charge-api-token.group = "clightning";
deployment.keys.lightning-charge-api-token.permissions = "0440"; deployment.keys.lightning-charge-api-token.permissions = "0440";
# variable is called CHARGE_TOKEN instead of API_TOKEN
deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
}; };
} }

View File

@ -1,11 +1,12 @@
set -e set -e
set -o pipefail set -o pipefail
printenv BITCOIND_ONION="$(cat /var/lib/tor/onion/bitcoind/hostname)"
BITCOIND_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname) CLIGHTNING_NODEID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id')
CLIGHTNING_ID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id') CLIGHTNING_ONION="$(cat /var/lib/tor/onion/clightning/hostname)"
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
echo \{ echo BITCOIND_ONION="$BITCOIND_ONION"
echo " bitcoind_onion = \"$BITCOIND_ONION\";" echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
echo " clightning_id = \"$CLIGHTNING_ID\";" echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
echo \} echo CLIGHTNING_ID="$CLIGHTNING_ID"