greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lnd: fix missing RPC permissions when bitcoind is pruned

Browse Source
This commit is contained in:
Erik Arvstedt 2022-10-25 22:35:31 +02:00 committed by Greg Shuflin
parent 29d1a6b8a8
commit b3c134c01d
3 changed files with 33 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
modules/lnd.nix
View File

@ -174,7 +174,7 @@ let
${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"} ${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"}
bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port} bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port}
bitcoind.rpcuser=${bitcoind.rpc.users.public.name} bitcoind.rpcuser=${bitcoind.rpc.users.${rpcUser}.name}
bitcoind.zmqpubrawblock=${bitcoind.zmqpubrawblock} bitcoind.zmqpubrawblock=${bitcoind.zmqpubrawblock}
bitcoind.zmqpubrawtx=${bitcoind.zmqpubrawtx} bitcoind.zmqpubrawtx=${bitcoind.zmqpubrawtx}
@ -182,11 +182,16 @@ let
${cfg.extraConfig} ${cfg.extraConfig}
''; '';
isPruned = bitcoind.prune > 0;
# When bitcoind pruning is enabled, lnd requires non-public RPC commands `getpeerinfo`, `getnodeaddresses`
# to fetch missing blocks from peers (implemented in btcsuite/btcwallet/chain/pruned_block_dispatcher.go)
rpcUser = if isPruned then "lnd" else "public";
in { in {
inherit options; inherit options;
config = mkIf cfg.enable { config = mkIf cfg.enable (mkMerge [ {
assertions = [ assertions = [
{ assertion = { assertion =
!(config.services ? clightning) !(config.services ? clightning)
@ -226,7 +231,7 @@ in {
preStart = '' preStart = ''
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf' install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
{ {
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-${rpcUser})"
${optionalString (cfg.getPublicAddressCmd != "") '' ${optionalString (cfg.getPublicAddressCmd != "") ''
echo "externalip=$(${cfg.getPublicAddressCmd})" echo "externalip=$(${cfg.getPublicAddressCmd})"
''} ''}
@ -304,5 +309,22 @@ in {
makePasswordSecret lnd-wallet-password makePasswordSecret lnd-wallet-password
makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}' makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}'
''; '';
}; }
(mkIf isPruned {
services.bitcoind.rpc.users.lnd = {
passwordHMACFromFile = true;
rpcwhitelist = bitcoind.rpc.users.public.rpcwhitelist ++ [
"getpeerinfo"
"getnodeaddresses"
];
};
nix-bitcoin.secrets = {
bitcoin-rpcpassword-lnd.user = cfg.user;
bitcoin-HMAC-lnd.user = bitcoind.user;
};
nix-bitcoin.generateSecretsCmds.lndBitcoinRPC = ''
makeBitcoinRPCPassword lnd
'';
}) ]);
} }

1
test/run-tests.sh
View File

@ -306,6 +306,7 @@ buildable() {
scenario=regtest buildTest "$@" scenario=regtest buildTest "$@"
scenario=hardened buildTest "$@" scenario=hardened buildTest "$@"
scenario=clightningReplication buildTest "$@" scenario=clightningReplication buildTest "$@"
scenario=lndPruned buildTest "$@"
} }
examples() { examples() {

6
test/tests.nix
View File

@ -318,6 +318,12 @@ let
services.btcpayserver.lbtc = mkForce false; services.btcpayserver.lbtc = mkForce false;
}; };
# Test the special bitcoin RPC setup that lnd uses when bitcoin is pruned
lndPruned = {
services.lnd.enable = true;
services.bitcoind.prune = 1000;
};
## Examples / debug helper ## Examples / debug helper
# Run a selection of tests in scenario 'netns' # Run a selection of tests in scenario 'netns'