greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

lnd: add consistent address options 

Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
This commit is contained in:
Erik Arvstedt 2021-01-14 13:24:03 +01:00
parent dd4a0238f9
commit b41a720c28
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
8 changed files with 33 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/configuration.nix
View File

@ -50,7 +50,7 @@
# Uncomment the following line in order to enable lnd, a lightning # Uncomment the following line in order to enable lnd, a lightning
# implementation written in Go. In order to avoid collisions with clightning # implementation written in Go. In order to avoid collisions with clightning
# you must disable clightning or change the services.clightning.bindport or # you must disable clightning or change the services.clightning.bindport or
# services.lnd.listenPort to a port other than 9735. # services.lnd.port to a port other than 9735.
# services.lnd.enable = true; # services.lnd.enable = true;
# Enable this option to announce our Tor Hidden Service. By default lnd # Enable this option to announce our Tor Hidden Service. By default lnd
# offers outgoing functionality, but doesn't announce the Tor Hidden Service # offers outgoing functionality, but doesn't announce the Tor Hidden Service

2
modules/btcpayserver.nix
View File

@ -163,7 +163,7 @@ in {
''); '');
lndConfig = lndConfig =
"btclightning=type=lnd-rest;" + "btclightning=type=lnd-rest;" +
"server=https://${toString cfg.lnd.listen}:${toString cfg.lnd.restPort}/;" + "server=https://${cfg.lnd.restAddress}:${toString cfg.lnd.restPort}/;" +
"macaroonfilepath=/run/lnd/btcpayserver.macaroon;" + "macaroonfilepath=/run/lnd/btcpayserver.macaroon;" +
"certthumbprint="; "certthumbprint=";
in let self = { in let self = {

2
modules/lightning-loop.nix
View File

@ -17,7 +17,7 @@ let
tlscertpath=${secretsDir}/loop-cert tlscertpath=${secretsDir}/loop-cert
tlskeypath=${secretsDir}/loop-key tlskeypath=${secretsDir}/loop-key
lnd.host=${config.services.lnd.rpclisten}:${toString config.services.lnd.rpcPort} lnd.host=${config.services.lnd.rpcAddress}:${toString config.services.lnd.rpcPort}
lnd.macaroondir=${config.services.lnd.networkDir} lnd.macaroondir=${config.services.lnd.networkDir}
lnd.tlspath=${secretsDir}/lnd-cert lnd.tlspath=${secretsDir}/lnd-cert

48
modules/lnd.nix
View File

@ -17,9 +17,9 @@ let
tlscertpath=${secretsDir}/lnd-cert tlscertpath=${secretsDir}/lnd-cert
tlskeypath=${secretsDir}/lnd-key tlskeypath=${secretsDir}/lnd-key
listen=${toString cfg.listen}:${toString cfg.listenPort} listen=${toString cfg.address}:${toString cfg.port}
rpclisten=${cfg.rpclisten}:${toString cfg.rpcPort} rpclisten=${cfg.rpcAddress}:${toString cfg.rpcPort}
restlisten=${cfg.restlisten}:${toString cfg.restPort} restlisten=${cfg.restAddress}:${toString cfg.restPort}
bitcoin.${bitcoind.network}=1 bitcoin.${bitcoind.network}=1
bitcoin.active=1 bitcoin.active=1
@ -55,39 +55,37 @@ in {
default = networkDir; default = networkDir;
description = "The network data directory."; description = "The network data directory.";
}; };
listen = mkOption { address = mkOption {
type = config.nix-bitcoin.pkgs.lib.ipv4Address; type = types.str;
default = "localhost"; default = "localhost";
description = "Bind to given address to listen to peer connections"; description = "Address to listen for peer connections";
}; };
listenPort = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 9735; default = 9735;
description = "Bind to given port to listen to peer connections"; description = "Port to listen for peer connections";
}; };
rpclisten = mkOption { rpcAddress = mkOption {
type = types.str; type = types.str;
default = "localhost"; default = "localhost";
description = '' description = "Address to listen for RPC connections.";
Bind to given address to listen to RPC connections.
'';
};
restlisten = mkOption {
type = types.str;
default = "localhost";
description = ''
Bind to given address to listen to REST connections.
'';
}; };
rpcPort = mkOption { rpcPort = mkOption {
type = types.port; type = types.port;
default = 10009; default = 10009;
description = "Port on which to listen for gRPC connections."; description = "Port to listen for gRPC connections.";
};
restAddress = mkOption {
type = types.str;
default = "localhost";
description = ''
Address to listen for REST connections.
'';
}; };
restPort = mkOption { restPort = mkOption {
type = types.port; type = types.port;
default = 8080; default = 8080;
description = "Port on which to listen for REST connections."; description = "Port to listen for REST connections.";
}; };
tor-socks = mkOption { tor-socks = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
@ -138,7 +136,7 @@ in {
# Switch user because lnd makes datadir contents readable by user only # Switch user because lnd makes datadir contents readable by user only
'' ''
sudo -u lnd ${cfg.package}/bin/lncli \ sudo -u lnd ${cfg.package}/bin/lncli \
--rpcserver ${cfg.rpclisten}:${toString cfg.rpcPort} \ --rpcserver ${cfg.rpcAddress}:${toString cfg.rpcPort} \
--tlscertpath '${secretsDir}/lnd-cert' \ --tlscertpath '${secretsDir}/lnd-cert' \
--macaroonpath '${networkDir}/admin.macaroon' "$@" --macaroonpath '${networkDir}/admin.macaroon' "$@"
''; '';
@ -187,12 +185,12 @@ in {
RestartSec = "10s"; RestartSec = "10s";
ReadWritePaths = "${cfg.dataDir}"; ReadWritePaths = "${cfg.dataDir}";
ExecStartPost = let ExecStartPost = let
restUrl = "https://${cfg.restlisten}:${toString cfg.restPort}/v1"; restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
in [ in [
# Run fully privileged for secrets dir write access # Run fully privileged for secrets dir write access
"+${nix-bitcoin-services.script '' "+${nix-bitcoin-services.script ''
attempts=250 attempts=250
while ! { exec 3>/dev/tcp/${cfg.restlisten}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do while ! { exec 3>/dev/tcp/${cfg.restAddress}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do
((attempts-- == 0)) && { echo "lnd REST service unreachable"; exit 1; } ((attempts-- == 0)) && { echo "lnd REST service unreachable"; exit 1; }
sleep 0.1 sleep 0.1
done done
@ -234,7 +232,7 @@ in {
fi fi
# Wait until the RPC port is open # Wait until the RPC port is open
while ! { exec 3>/dev/tcp/${cfg.rpclisten}/${toString cfg.rpcPort}; } &>/dev/null; do while ! { exec 3>/dev/tcp/${cfg.rpcAddress}/${toString cfg.rpcPort}; } &>/dev/null; do
sleep 0.1 sleep 0.1
done done

4
modules/modules.nix
View File

@ -58,11 +58,11 @@ with lib;
config = { config = {
assertions = [ assertions = [
{ assertion = (config.services.lnd.enable -> ( !config.services.clightning.enable || config.services.clightning.bindport != config.services.lnd.listenPort)); { assertion = (config.services.lnd.enable -> ( !config.services.clightning.enable || config.services.clightning.bindport != config.services.lnd.port));
message = '' message = ''
LND and clightning can't both bind to lightning port 9735. Either LND and clightning can't both bind to lightning port 9735. Either
disable LND/clightning or change services.clightning.bindPort or disable LND/clightning or change services.clightning.bindPort or
services.lnd.listenPort to a port other than 9735. services.lnd.port to a port other than 9735.
''; '';
} }
]; ];

6
modules/netns-isolation.nix
View File

@ -257,9 +257,9 @@ in {
services.clightning.bind-addr = netns.clightning.address; services.clightning.bind-addr = netns.clightning.address;
services.lnd = { services.lnd = {
listen = netns.lnd.address; address = netns.lnd.address;
rpclisten = netns.lnd.address; rpcAddress = netns.lnd.address;
restlisten = netns.lnd.address; restAddress = netns.lnd.address;
}; };
services.liquidd = { services.liquidd = {

2
modules/presets/secure-node.nix
View File

@ -74,7 +74,7 @@ in {
# lnd # lnd
services.lnd.enforceTor = true; services.lnd.enforceTor = true;
services.tor.hiddenServices.lnd = mkIf cfg.lnd.enable (mkHiddenService { port = cfg.lnd.onionport; toHost = cfg.lnd.listen; toPort = cfg.lnd.listenPort; }); services.tor.hiddenServices.lnd = mkIf cfg.lnd.enable (mkHiddenService { port = cfg.lnd.onionport; toHost = cfg.lnd.address; toPort = cfg.lnd.port; });
# lightning-loop # lightning-loop
services.lightning-loop.enforceTor = true; services.lightning-loop.enforceTor = true;

2
test/tests.nix
View File

@ -44,7 +44,7 @@ let testEnv = rec {
tests.spark-wallet = cfg.spark-wallet.enable; tests.spark-wallet = cfg.spark-wallet.enable;
tests.lnd = cfg.lnd.enable; tests.lnd = cfg.lnd.enable;
services.lnd.listenPort = 9736; services.lnd.port = 9736;
tests.lightning-loop = cfg.lightning-loop.enable; tests.lightning-loop = cfg.lightning-loop.enable;