From f6b883a9acd92e3d94062b21615db14c8383f3b7 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt
Date: Thu, 14 Jan 2021 13:24:25 +0100
Subject: [PATCH] remove webindex
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
---
README.md | 1 -
docs/usage.md | 2 +-
examples/configuration.nix | 5 --
modules/default.nix | 1 -
modules/nix-bitcoin-webindex.nix | 105 -------------------------------
modules/presets/enable-tor.nix | 1 -
modules/presets/secure-node.nix | 1 -
test/tests.nix | 1 -
test/tests.py | 8 ---
9 files changed, 1 insertion(+), 124 deletions(-)
delete mode 100644 modules/nix-bitcoin-webindex.nix
diff --git a/README.md b/README.md
index 8489d97..8ebba91 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,6 @@ NixOS modules
* [netns-isolation](modules/netns-isolation.nix): isolates applications on the network-level via network namespaces
* [backups](modules/backups.nix): daily duplicity backups of all your node's important files
* [operator](modules/operator.nix): adds non-root user `operator` who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`)
- * [nix-bitcoin webindex](modules/nix-bitcoin-webindex.nix): a local website to display node information
Security
---
diff --git a/docs/usage.md b/docs/usage.md
index 53d1c8b..d6baab4 100644
--- a/docs/usage.md
+++ b/docs/usage.md
@@ -8,7 +8,7 @@ fetch-release > nix-bitcoin-release.nix
Nodeinfo
---
-Run `nodeinfo` to see your onion addresses for the webindex, spark, etc. if they are enabled.
+Run `nodeinfo` to see the onion addresses for enabled services.
Connect to spark-wallet
---
diff --git a/examples/configuration.nix b/examples/configuration.nix
index 1d358db..8ebd037 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -110,11 +110,6 @@
# tool run as user operator.
# services.liquidd.enable = true;
- ### WEBINDEX
- # Enable this module to use the nix-bitcoin-webindex, a simple website
- # displaying your node information. Only available if clightning is enabled.
- # services.nix-bitcoin-webindex.enable = true;
-
### RECURRING-DONATIONS
# Enable this module to send recurring donations. This is EXPERIMENTAL; it's
# not guaranteed that payments are succeeding or that you will notice payment
diff --git a/modules/default.nix b/modules/default.nix
index 72d7661..cc013a5 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -6,7 +6,6 @@
electrs = ./electrs.nix;
liquid = ./liquid.nix;
presets.secure-node = ./presets/secure-node.nix;
- nix-bitcoin-webindex = ./nix-bitcoin-webindex.nix;
spark-wallet = ./spark-wallet.nix;
recurring-donations = ./recurring-donations.nix;
lnd = ./lnd.nix;
diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix
deleted file mode 100644
index 4224243..0000000
--- a/modules/nix-bitcoin-webindex.nix
+++ /dev/null
@@ -1,105 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
- cfg = config.services.nix-bitcoin-webindex;
- inherit (config) nix-bitcoin-services;
- indexFile = pkgs.writeText "index.html" ''
-
-
-
-
- nix-bitcoin
-
-
-
-
- lightning node: CLIGHTNING_ID
-
-
-
-
- '';
- createWebIndex = pkgs.writeText "make-index.sh" ''
- set -e
- cp ${indexFile} /var/www/index.html
- chown -R nginx:nginx /var/www/
- nodeinfo
- . <(nodeinfo)
- sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
- '';
-in {
- options.services.nix-bitcoin-webindex = {
- enable = mkOption {
- type = types.bool;
- default = false;
- description = ''
- If enabled, the webindex service will be installed.
- '';
- };
- host = mkOption {
- type = types.str;
- default = if config.nix-bitcoin.netns-isolation.enable then
- config.nix-bitcoin.netns-isolation.netns.nginx.address
- else
- "localhost";
- description = "HTTP server listen address.";
- };
- enforceTor = nix-bitcoin-services.enforceTor;
- };
-
- config = mkIf cfg.enable {
- assertions = [
- { assertion = config.services.clightning.enable;
- message = "nix-bitcoin-webindex requires clightning.";
- }
- ];
-
- systemd.tmpfiles.rules = [
- "d /var/www 0755 nginx nginx - -"
- ];
-
- services.nginx = {
- enable = true;
- virtualHosts."_" = {
- root = "/var/www";
- };
- };
- services.tor.hiddenServices.nginx = {
- map = [{
- port = 80; toHost = cfg.host;
- } {
- port = 443; toHost = cfg.host;
- }];
- version = 3;
- };
-
- # create-web-index
- systemd.services.create-web-index = {
- description = "Get node info";
- wantedBy = [ "multi-user.target" ];
- path = with pkgs; [
- config.programs.nodeinfo
- jq
- sudo
- ] ++ optional config.services.lnd.enable config.services.lnd.cli
- ++ optional config.services.clightning.enable config.services.clightning.cli;
- serviceConfig = nix-bitcoin-services.defaultHardening // {
- ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
- User = "root";
- Type = "simple";
- RemainAfterExit="yes";
- Restart = "on-failure";
- RestartSec = "10s";
- PrivateNetwork = "true"; # This service needs no network access
- PrivateUsers = "false";
- ReadWritePaths = "/var/www";
- CapabilityBoundingSet = "CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER";
- } // (if cfg.enforceTor
- then nix-bitcoin-services.allowTor
- else nix-bitcoin-services.allowAnyIP
- );
- };
- };
-}
diff --git a/modules/presets/enable-tor.nix b/modules/presets/enable-tor.nix
index cdbd4d6..8d16a9e 100644
--- a/modules/presets/enable-tor.nix
+++ b/modules/presets/enable-tor.nix
@@ -20,7 +20,6 @@ in {
nbxplorer.enforceTor = true;
spark-wallet.enforceTor = true;
recurring-donations.enforceTor = true;
- nix-bitcoin-webindex.enforceTor = true;
};
# Add onion services for incoming connections
diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix
index 5c6ee23..1f1d012 100644
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -15,7 +15,6 @@ in {
imports = [
../modules.nix
../nodeinfo.nix
- ../nix-bitcoin-webindex.nix
./enable-tor.nix
];
diff --git a/test/tests.nix b/test/tests.nix
index 758e9b6..98b12ff 100644
--- a/test/tests.nix
+++ b/test/tests.nix
@@ -130,7 +130,6 @@ let testEnv = rec {
scenarios.full
../modules/presets/secure-node.nix
];
- services.nix-bitcoin-webindex.enable = true;
tests.secure-node = true;
tests.banlist-and-restart = true;
diff --git a/test/tests.py b/test/tests.py
index 18afd1e..01b27e5 100644
--- a/test/tests.py
+++ b/test/tests.py
@@ -220,14 +220,6 @@ def _():
def _():
assert_running("onion-addresses")
- # FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due
- # to incomplete unit dependencies.
- # 'create-web-index' implicitly tests 'nodeinfo'.
- machine.wait_for_unit("create-web-index")
- assert_running("nginx")
- wait_for_open_port(ip("nginx"), 80)
- assert_matches(f"curl {ip('nginx')}", "nix-bitcoin")
-
# Run this test before the following tests that shut down services
# (and their corresponding network namespaces).