add deploy-container.sh

examples/deploy-container.sh

@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script demonstrates how to setup a nix-bitcoin node in a NixOS container.
+# Running this script leaves no traces on your host system.
+
+# This demo is a template for your own experiments.
+# Feel free to modify or to run nix-shell and execute individual statements of this
+# script in the interactive shell.
+
+if [[ $(sysctl -n net.ipv4.ip_forward) != 1 ]]; then
+    echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled"
+    exit 1
+fi
+if [[ ! -e /run/current-system/nixos-version ]]; then
+    echo "Error: This script needs NixOS to run"
+    exit 1
+fi
+
+if [[ ! -v IN_NIX_SHELL ]]; then
+    echo "Running script in nix shell env..."
+    exec nix-shell --run "${BASH_SOURCE[0]}"
+fi
+
+# Cleanup on exit
+cleanup() {
+    echo
+    echo "Deleting container..."
+    sudo extra-container destroy demo-node
+}
+trap "cleanup" EXIT
+
+# Build container.
+# You can re-run this command with a changed container config.
+# The running container is then switched to the new config.
+# Learn more: https://github.com/erikarvstedt/extra-container
+#
+sudo extra-container create --start <<'EOF'
+{ pkgs, lib, ... }: let
+    containerName = "demo-node"; # container name length is limited to 11 chars
+    localAddress = "10.250.0.2"; # container address
+    hostAddress = "10.250.0.1";
+in {
+  containers.${containerName} = {
+    privateNetwork = true;
+    inherit localAddress hostAddress;
+    config = { pkgs, config, lib, ... }: {
+      imports = [
+        <nix-bitcoin/examples/configuration.nix>
+        <nix-bitcoin/modules/secrets/generate-secrets.nix>
+      ];
+      # Speed up evaluation
+      documentation.nixos.enable = false;
+    };
+  };
+  # Allow WAN access
+  systemd.services."container@${containerName}" = {
+    preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE";
+    # Delete rule
+    postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE || true";
+  };
+}
+EOF
+# Run command in container
+c() { sudo extra-container run demo-node -- "$@" | cat; }
+
+echo
+echo "Bitcoind service:"
+c systemctl status bitcoind
+echo
+echo "Bitcoind network:"
+c bitcoin-cli getnetworkinfo
+echo
+echo "lightning-cli state:"
+c lightning-cli getinfo
+echo
+echo "Node info:"
+c nodeinfo
+echo
+echo "Bitcoind data dir:"
+sudo ls -al /var/lib/containers/demo-node/var/lib/bitcoind
+
+# Cleanup happens at exit (see above)

examples/shell.nix

@@ -8,21 +8,28 @@ let
   nixpkgs-path = (import "${toString nix-bitcoin-path}/pkgs/nixpkgs-pinned.nix").nixpkgs;
   nixpkgs = import nixpkgs-path {};
   nix-bitcoin = nixpkgs.callPackage nix-bitcoin-path {};
+
+  extraContainer = nixpkgs.callPackage (builtins.fetchTarball {
+    url = "https://github.com/erikarvstedt/extra-container/archive/6cced2c26212cc1c8cc7cac3547660642eb87e71.tar.gz";
+    sha256 = "0qr41mma2iwxckdhqfabw3vjcbp2ffvshnc3k11kwriwj14b766v";
+  }) {};
 in
 with nixpkgs;
 
 stdenv.mkDerivation rec {
   name = "nix-bitcoin-environment";
 
-  buildInputs = [ nix-bitcoin.nixops19_09 figlet ];
+  buildInputs = [ nix-bitcoin.nixops19_09 figlet extraContainer ];
 
   shellHook = ''
     export NIX_PATH="nixpkgs=${nixpkgs-path}:nix-bitcoin=${toString nix-bitcoin-path}:."
+
     # ssh-agent and nixops don't play well together (see
     # https://github.com/NixOS/nixops/issues/256). I'm getting `Received disconnect
     # from 10.1.1.200 port 22:2: Too many authentication failures` if I have a few
     # keys already added to my ssh-agent.
     export SSH_AUTH_SOCK=""
+
     figlet "nix-bitcoin"
     (mkdir -p secrets; cd secrets; ${nix-bitcoin.generate-secrets})
   '';