lnd: fix missing RPC permissions when bitcoind is pruned
This commit is contained in:
parent
29d1a6b8a8
commit
b3c134c01d
@ -174,7 +174,7 @@ let
|
|||||||
${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"}
|
${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"}
|
||||||
|
|
||||||
bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port}
|
bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port}
|
||||||
bitcoind.rpcuser=${bitcoind.rpc.users.public.name}
|
bitcoind.rpcuser=${bitcoind.rpc.users.${rpcUser}.name}
|
||||||
bitcoind.zmqpubrawblock=${bitcoind.zmqpubrawblock}
|
bitcoind.zmqpubrawblock=${bitcoind.zmqpubrawblock}
|
||||||
bitcoind.zmqpubrawtx=${bitcoind.zmqpubrawtx}
|
bitcoind.zmqpubrawtx=${bitcoind.zmqpubrawtx}
|
||||||
|
|
||||||
@ -182,11 +182,16 @@ let
|
|||||||
|
|
||||||
${cfg.extraConfig}
|
${cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
isPruned = bitcoind.prune > 0;
|
||||||
|
# When bitcoind pruning is enabled, lnd requires non-public RPC commands `getpeerinfo`, `getnodeaddresses`
|
||||||
|
# to fetch missing blocks from peers (implemented in btcsuite/btcwallet/chain/pruned_block_dispatcher.go)
|
||||||
|
rpcUser = if isPruned then "lnd" else "public";
|
||||||
in {
|
in {
|
||||||
|
|
||||||
inherit options;
|
inherit options;
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable (mkMerge [ {
|
||||||
assertions = [
|
assertions = [
|
||||||
{ assertion =
|
{ assertion =
|
||||||
!(config.services ? clightning)
|
!(config.services ? clightning)
|
||||||
@ -226,7 +231,7 @@ in {
|
|||||||
preStart = ''
|
preStart = ''
|
||||||
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
|
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
|
||||||
{
|
{
|
||||||
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)"
|
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-${rpcUser})"
|
||||||
${optionalString (cfg.getPublicAddressCmd != "") ''
|
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||||
echo "externalip=$(${cfg.getPublicAddressCmd})"
|
echo "externalip=$(${cfg.getPublicAddressCmd})"
|
||||||
''}
|
''}
|
||||||
@ -304,5 +309,22 @@ in {
|
|||||||
makePasswordSecret lnd-wallet-password
|
makePasswordSecret lnd-wallet-password
|
||||||
makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}'
|
makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}'
|
||||||
'';
|
'';
|
||||||
};
|
}
|
||||||
|
|
||||||
|
(mkIf isPruned {
|
||||||
|
services.bitcoind.rpc.users.lnd = {
|
||||||
|
passwordHMACFromFile = true;
|
||||||
|
rpcwhitelist = bitcoind.rpc.users.public.rpcwhitelist ++ [
|
||||||
|
"getpeerinfo"
|
||||||
|
"getnodeaddresses"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
nix-bitcoin.secrets = {
|
||||||
|
bitcoin-rpcpassword-lnd.user = cfg.user;
|
||||||
|
bitcoin-HMAC-lnd.user = bitcoind.user;
|
||||||
|
};
|
||||||
|
nix-bitcoin.generateSecretsCmds.lndBitcoinRPC = ''
|
||||||
|
makeBitcoinRPCPassword lnd
|
||||||
|
'';
|
||||||
|
}) ]);
|
||||||
}
|
}
|
||||||
|
@ -306,6 +306,7 @@ buildable() {
|
|||||||
scenario=regtest buildTest "$@"
|
scenario=regtest buildTest "$@"
|
||||||
scenario=hardened buildTest "$@"
|
scenario=hardened buildTest "$@"
|
||||||
scenario=clightningReplication buildTest "$@"
|
scenario=clightningReplication buildTest "$@"
|
||||||
|
scenario=lndPruned buildTest "$@"
|
||||||
}
|
}
|
||||||
|
|
||||||
examples() {
|
examples() {
|
||||||
|
@ -318,6 +318,12 @@ let
|
|||||||
services.btcpayserver.lbtc = mkForce false;
|
services.btcpayserver.lbtc = mkForce false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Test the special bitcoin RPC setup that lnd uses when bitcoin is pruned
|
||||||
|
lndPruned = {
|
||||||
|
services.lnd.enable = true;
|
||||||
|
services.bitcoind.prune = 1000;
|
||||||
|
};
|
||||||
|
|
||||||
## Examples / debug helper
|
## Examples / debug helper
|
||||||
|
|
||||||
# Run a selection of tests in scenario 'netns'
|
# Run a selection of tests in scenario 'netns'
|
||||||
|
Loading…
Reference in New Issue
Block a user