greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add index page with nginx

Browse Source
This commit is contained in:
Jonas Nick 2018-12-01 20:48:58 +00:00
parent b0594aaacd
commit 8fae70b80a
5 changed files with 108 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
configuration.nix
View File

@ -7,6 +7,7 @@ let
# custom packages
nodeinfo = (import pkgs/nodeinfo.nix);
lightning-charge = import pkgs/lightning-charge.nix { inherit pkgs; };
nanopos = import pkgs/nanopos.nix { inherit pkgs; };
in {
disabledModules = [ "services/security/tor.nix" ];
@ -26,10 +27,14 @@ in {
nodeinfo
jq
lightning-charge.package
nanopos.package
nodejs-8_x
nginx
];
nixpkgs.config.packageOverrides = pkgs: {
inherit nodeinfo;
inherit lightning-charge;
inherit nanopos;
};
services.openssh.enable = true;
@ -38,9 +43,9 @@ in {
# openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILacgZRwLsiICNHGHY2TG2APeuxFsrw6Cg13ZTMQpNqA nickler@rick" ];
# };
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ ];
#services.bitcoin.proxy = services.tor.client.socksListenAddress;
services.nixbitcoin.enable = true;

14
modules/lightning-charge.nix
View File

@ -23,16 +23,6 @@ in {
};
config = mkIf cfg.enable {
users.users.lightning-charge =
{
description = "lightning-charge User";
group = "lightning-charge";
extraGroups = [ "keys" ];
};
users.groups.lightning-charge = {
name = "lightning-charge";
};
systemd.services.lightning-charge =
{ description = "Run lightning-charge";
wantedBy = [ "multi-user.target" ];
@ -42,7 +32,9 @@ in {
{
EnvironmentFile = "/secrets/lightning-charge-api-token";
ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
# so this must run as the clightning user
# https://github.com/ElementsProject/lightning/issues/1366
User = "clightning";
Restart = "on-failure";
RestartSec = "10s";

88
modules/nixbitcoin.nix
View File

@ -4,6 +4,37 @@ with lib;
let
cfg = config.services.nixbitcoin;
indexFile = pkgs.writeText "index.html" ''
<html>
<body>
<p>
<h1>
nix-bitcoin
</h1>
</p>
<p>
<h2>
<a href="store/">store</a>
</h2>
</p>
<p>
<h3>
lightning node: CLIGHTNING_ID
</h3>
</p>
</body>
</html>
'';
createWebIndex = pkgs.writeText "make-index.sh" ''
set -e
mkdir -p /var/www/
cp ${indexFile} /var/www/index.html
chown -R nginx /var/www/
nodeinfo
. <(nodeinfo)
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
'';
in {
imports =
[
@ -11,6 +42,7 @@ in {
./bitcoind.nix
./clightning.nix
./lightning-charge.nix
./nanopos.nix
];
options.services.nixbitcoin = {
@ -51,10 +83,59 @@ in {
services.bitcoind.prune = 2000;
# clightning
services.clightning.enable = true;
services.clightning.bitcoin-rpcuser = config.services.bitcoind.rpcuser;
services.clightning = {
enable = true;
bitcoin-rpcuser = config.services.bitcoind.rpcuser;
};
services.tor.hiddenServices.clightning = {
map = [{
port = 9375; toPort = 9375;
}];
version = 3;
};
services.lightning-charge.enable = true;
services.nanopos.enable = true;
services.nginx = {
enable = true;
virtualHosts."_" = {
root = "/var/www";
extraConfig = ''
location /store/ {
proxy_pass http://127.0.0.1:${toString config.services.nanopos.port};
rewrite /store/(.*) /$1 break;
}
'';
};
};
services.tor.hiddenServices.nginx = {
map = [{
port = 80;
} {
port = 443;
}];
version = 3;
};
# create-web-index
systemd.services.create-web-index = {
description = "Get node info";
wantedBy = [ "multi-user.target" ];
after = [ "nodeinfo.service" ];
path = [ pkgs.nodeinfo pkgs.clightning pkgs.jq pkgs.sudo ];
serviceConfig = {
ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
User = "root";
Type = "simple";
RemainAfterExit="yes";
Restart = "on-failure";
RestartSec = "10s";
};
};
# nodeinfo
systemd.services.nodeinfo = {
@ -63,14 +144,13 @@ in {
after = [ "clightning.service" "tor.service" ];
path = [ pkgs.clightning pkgs.jq pkgs.sudo ];
serviceConfig = {
ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.nix";
ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo > /var/lib/nodeinfo.sh";
User = "root";
Type = "simple";
RemainAfterExit="yes";
Restart = "on-failure";
RestartSec = "10s";
};
};
# Define a user account. Don't forget to set a password with passwd.

7
network-vbox.nix
View File

@ -20,5 +20,12 @@ in
deployment.keys.lightning-charge-api-token.user = "clightning";
deployment.keys.lightning-charge-api-token.group = "clightning";
deployment.keys.lightning-charge-api-token.permissions = "0440";
# variable is called CHARGE_TOKEN instead of API_TOKEN
deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
};
}

15
pkgs/nodeinfo.sh
View File

@ -1,11 +1,12 @@
set -e
set -o pipefail
printenv
BITCOIND_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname)
CLIGHTNING_ID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id')
BITCOIND_ONION="$(cat /var/lib/tor/onion/bitcoind/hostname)"
CLIGHTNING_NODEID=$(sudo -u clightning lightning-cli --lightning-dir=/var/lib/clightning getinfo | jq -r '.id')
CLIGHTNING_ONION="$(cat /var/lib/tor/onion/clightning/hostname)"
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
echo \{
echo " bitcoind_onion = \"$BITCOIND_ONION\";"
echo " clightning_id = \"$CLIGHTNING_ID\";"
echo \}
echo BITCOIND_ONION="$BITCOIND_ONION"
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
echo CLIGHTNING_ID="$CLIGHTNING_ID"