greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

recurring-donations: add netns

Browse Source 
- Adds recurring-donations to netns-isolation.services
- Adds cfg.enforceTor to bring recurring-donations in line with other
  services
- Removes torsocks dependency in favor of `curl --socks-hostname`
This commit is contained in:
nixbitcoin 2020-06-10 14:46:30 +00:00
parent 582cb86d74
commit ef89607704
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
3 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/netns-isolation.nix
View File

@ -119,6 +119,11 @@ in {
id = 19; id = 19;
connections = [ "nginx" "lightning-charge" ]; connections = [ "nginx" "lightning-charge" ];
}; };
recurring-donations = {
id = 20;
# communicates with clightning over lightning-rpc socket
connections = [];
};
}; };
systemd.services = { systemd.services = {

2
modules/presets/secure-node.nix
View File

@ -131,6 +131,8 @@ in {
services.nanopos.enforceTor = true; services.nanopos.enforceTor = true;
services.recurring-donations.enforceTor = true;
services.nix-bitcoin-webindex.enforceTor = true; services.nix-bitcoin-webindex.enforceTor = true;

9
modules/recurring-donations.nix
View File

@ -11,7 +11,7 @@ let
NAME=$1 NAME=$1
AMOUNT=$2 AMOUNT=$2
echo Attempting to pay $AMOUNT sat to $NAME echo Attempting to pay $AMOUNT sat to $NAME
INVOICE=$(torsocks curl -d "satoshi_amount=$AMOUNT&payment_method=ln&id=$NAME&type=profile" -X POST https://api.tallyco.in/v1/payment/request/ | jq -r '.lightning_pay_request') 2> /dev/null INVOICE=$(curl --socks5-hostname ${config.services.tor.client.socksListenAddress} -d "satoshi_amount=$AMOUNT&payment_method=ln&id=$NAME&type=profile" -X POST https://api.tallyco.in/v1/payment/request/ | jq -r '.lightning_pay_request') 2> /dev/null
if [ -z "$INVOICE" ] || [ "$INVOICE" = "null" ]; then if [ -z "$INVOICE" ] || [ "$INVOICE" = "null" ]; then
echo "ERROR: did not get invoice from tallycoin" echo "ERROR: did not get invoice from tallycoin"
return return
@ -75,6 +75,7 @@ in {
Random delay to add to scheduled time for donation. Default is one day. Random delay to add to scheduled time for donation. Default is one day.
''; '';
}; };
enforceTor = nix-bitcoin-services.enforceTor;
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -95,12 +96,14 @@ in {
description = "Run recurring-donations"; description = "Run recurring-donations";
requires = [ "clightning.service" ]; requires = [ "clightning.service" ];
after = [ "clightning.service" ]; after = [ "clightning.service" ];
path = with pkgs; [ nix-bitcoin.clightning curl torsocks sudo jq ]; path = with pkgs; [ nix-bitcoin.clightning curl sudo jq ];
serviceConfig = nix-bitcoin-services.defaultHardening // { serviceConfig = nix-bitcoin-services.defaultHardening // {
ExecStart = "${pkgs.bash}/bin/bash ${recurring-donations-script}"; ExecStart = "${pkgs.bash}/bin/bash ${recurring-donations-script}";
User = "recurring-donations"; User = "recurring-donations";
Type = "oneshot"; Type = "oneshot";
} // nix-bitcoin-services.allowTor; } // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP);
}; };
systemd.timers.recurring-donations = { systemd.timers.recurring-donations = {
requires = [ "clightning.service" ]; requires = [ "clightning.service" ];