diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index 401ad3d..4997024 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -15,6 +15,14 @@ let default = 8333; description = "Port to listen for peer connections."; }; + onionPort = mkOption { + type = types.nullOr types.port; + default = null; + description = '' + Port to listen for Tor peer connections. + If set, inbound connections to this port are tagged as onion peers. + ''; + }; getPublicAddressCmd = mkOption { type = types.str; default = ""; @@ -263,8 +271,10 @@ let ${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"} # Connection options - ${optionalString cfg.listen "bind=${cfg.address}"} - port=${toString cfg.port} + ${optionalString cfg.listen + "bind=${cfg.address}:${toString cfg.port}"} + ${optionalString (cfg.listen && cfg.onionPort != null) + "bind=${cfg.address}:${toString cfg.onionPort}=onion"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} ${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"} ${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"} diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index cc959aa..4a95900 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -119,7 +119,7 @@ in { # Enable p2p connections listen = true; extraConfig = '' - whitelist=${nbLib.address cfg.nbxplorer.address} + whitelist=download@${nbLib.address cfg.nbxplorer.address} ''; }; services.clightning.enable = mkIf (cfg.btcpayserver.lightningBackend == "clightning") true; @@ -128,9 +128,6 @@ in { enable = true; # Enable p2p connections listen = true; - extraConfig = '' - whitelist=${nbLib.address cfg.nbxplorer.address} - ''; }; services.lnd.macaroons.btcpayserver = mkIf (cfg.btcpayserver.lightningBackend == "lnd") { diff --git a/modules/onion-services.nix b/modules/onion-services.nix index 490f136..8fa3549 100644 --- a/modules/onion-services.nix +++ b/modules/onion-services.nix @@ -18,7 +18,7 @@ let default = config.public; description = '' Create an onion service for the given service. - The service must define options 'address' and 'port'. + The service must define options 'address' and 'onionPort' (or `port`). ''; }; public = mkOption { @@ -64,7 +64,7 @@ in { inherit (cfg.${name}) externalPort; in nbLib.mkOnionService { port = if externalPort != null then externalPort else service.port; - target.port = service.port; + target.port = service.onionPort or service.port; target.addr = nbLib.address service.address; } ); @@ -118,6 +118,10 @@ in { externalPort = 80; }; }; + + # When the bitcoind onion service is enabled, add an onion-tagged socket + # to distinguish local connections from Tor connections + services.bitcoind.onionPort = mkIf (cfg.bitcoind.enable or false) 8334; } ]; }