remove webindex

This module is outdated and incomplete. We can readd an improved version in
the future.

Move nanopos nginx proxy tests to the nanopos test.

README.md

@@ -76,7 +76,6 @@ NixOS modules
   * [netns-isolation](modules/netns-isolation.nix): isolates applications on the network-level via network namespaces
   * [backups](modules/backups.nix): daily duplicity backups of all your node's important files
   * [operator](modules/operator.nix): adds non-root user `operator` who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`)
-  * [nix-bitcoin webindex](modules/nix-bitcoin-webindex.nix): a local website to display node information
 
 Security
 ---

docs/usage.md

@@ -8,7 +8,7 @@ fetch-release > nix-bitcoin-release.nix
 
 Nodeinfo
 ---
-Run `nodeinfo` to see your onion addresses for the webindex, spark, etc. if they are enabled.
+Run `nodeinfo` to see the onion addresses for enabled services.
 
 Connect to spark-wallet
 ---

examples/configuration.nix

@@ -110,11 +110,6 @@
   # tool run as user operator.
   # services.liquidd.enable = true;
 
-  ### WEBINDEX
-  # Enable this module to use the nix-bitcoin-webindex, a simple website
-  # displaying your node information. Only available if clightning is enabled.
-  # services.nix-bitcoin-webindex.enable = true;
-
   ### RECURRING-DONATIONS
   # Enable this module to send recurring donations. This is EXPERIMENTAL; it's
   # not guaranteed that payments are succeeding or that you will notice payment

modules/default.nix

@@ -6,7 +6,6 @@
   electrs = ./electrs.nix;
   liquid = ./liquid.nix;
   presets.secure-node = ./presets/secure-node.nix;
-  nix-bitcoin-webindex = ./nix-bitcoin-webindex.nix;
   spark-wallet = ./spark-wallet.nix;
   recurring-donations = ./recurring-donations.nix;
   lnd = ./lnd.nix;

modules/nix-bitcoin-webindex.nix

@@ -1,105 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.nix-bitcoin-webindex;
-  inherit (config) nix-bitcoin-services;
-  indexFile = pkgs.writeText "index.html" ''
-    <html>
-      <body>
-        <p>
-          <h1>
-            nix-bitcoin
-          </h1>
-        </p>
-        <p>
-        <h3>
-          lightning node: CLIGHTNING_ID
-        </h3>
-        </p>
-      </body>
-    </html>
-  '';
-  createWebIndex = pkgs.writeText "make-index.sh" ''
-    set -e
-    cp ${indexFile} /var/www/index.html
-    chown -R nginx:nginx /var/www/
-    nodeinfo
-    . <(nodeinfo)
-    sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
-  '';
-in {
-  options.services.nix-bitcoin-webindex = {
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        If enabled, the webindex service will be installed.
-      '';
-    };
-    host = mkOption {
-      type = types.str;
-      default = if config.nix-bitcoin.netns-isolation.enable then
-        config.nix-bitcoin.netns-isolation.netns.nginx.address
-      else
-        "localhost";
-      description = "HTTP server listen address.";
-    };
-    enforceTor =  nix-bitcoin-services.enforceTor;
-  };
-
-  config = mkIf cfg.enable {
-    assertions = [
-      { assertion = config.services.clightning.enable;
-        message = "nix-bitcoin-webindex requires clightning.";
-      }
-    ];
-
-    systemd.tmpfiles.rules = [
-      "d /var/www 0755 nginx nginx - -"
-    ];
-
-    services.nginx = {
-      enable = true;
-      virtualHosts."_" = {
-        root = "/var/www";
-      };
-    };
-    services.tor.hiddenServices.nginx = {
-      map = [{
-        port = 80; toHost = cfg.host;
-      } {
-        port = 443; toHost = cfg.host;
-      }];
-      version = 3;
-    };
-
-    # create-web-index
-    systemd.services.create-web-index = {
-      description = "Get node info";
-      wantedBy = [ "multi-user.target" ];
-      path = with pkgs; [
-        config.programs.nodeinfo
-        jq
-        sudo
-      ] ++ optional config.services.lnd.enable config.services.lnd.cli
-        ++ optional config.services.clightning.enable config.services.clightning.cli;
-      serviceConfig = nix-bitcoin-services.defaultHardening // {
-        ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
-        User = "root";
-        Type = "simple";
-        RemainAfterExit="yes";
-        Restart = "on-failure";
-        RestartSec = "10s";
-        PrivateNetwork = "true"; # This service needs no network access
-        PrivateUsers = "false";
-        ReadWritePaths = "/var/www";
-        CapabilityBoundingSet = "CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER";
-      } // (if cfg.enforceTor
-          then nix-bitcoin-services.allowTor
-          else nix-bitcoin-services.allowAnyIP
-        );
-    };
-  };
-}

modules/presets/enable-tor.nix

@@ -20,7 +20,6 @@ in {
     nbxplorer.enforceTor = true;
     spark-wallet.enforceTor = true;
     recurring-donations.enforceTor = true;
-    nix-bitcoin-webindex.enforceTor = true;
   };
 
   # Add onion services for incoming connections

modules/presets/secure-node.nix

@@ -15,7 +15,6 @@ in {
   imports = [
     ../modules.nix
     ../nodeinfo.nix
-    ../nix-bitcoin-webindex.nix
     ./enable-tor.nix
   ];
 

test/tests.nix

@@ -130,7 +130,6 @@ let testEnv = rec {
         scenarios.full
         ../modules/presets/secure-node.nix
       ];
-      services.nix-bitcoin-webindex.enable = true;
       tests.secure-node = true;
       tests.banlist-and-restart = true;
 

test/tests.py

@@ -220,14 +220,6 @@ def _():
 def _():
     assert_running("onion-addresses")
 
-    # FIXME: use 'wait_for_unit' because 'create-web-index' always fails during startup due
-    # to incomplete unit dependencies.
-    # 'create-web-index' implicitly tests 'nodeinfo'.
-    machine.wait_for_unit("create-web-index")
-    assert_running("nginx")
-    wait_for_open_port(ip("nginx"), 80)
-    assert_matches(f"curl {ip('nginx')}", "nix-bitcoin")
-
 
 # Run this test before the following tests that shut down services
 # (and their corresponding network namespaces).