lnd, clightning-rest: remove lndconnectOnion
, add generic option lndconnect
For both lnd and clightning-rest, `lndconnectOnion` is replaced by options `lndconnect.enable` and `lndconnect.onion`. This allows using lndconnect without Tor.
This commit is contained in:
parent
b4bc621b8c
commit
f996ef37d9
@ -150,17 +150,23 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
|||||||
##### For lnd
|
##### For lnd
|
||||||
|
|
||||||
Add the following config:
|
Add the following config:
|
||||||
```
|
```nix
|
||||||
services.lnd.lndconnectOnion.enable = true;
|
services.lnd.lndconnect = {
|
||||||
|
enable = true;
|
||||||
|
onion = true;
|
||||||
|
};
|
||||||
```
|
```
|
||||||
|
|
||||||
##### For clightning
|
##### For clightning
|
||||||
|
|
||||||
Add the following config:
|
Add the following config:
|
||||||
```
|
```nix
|
||||||
services.clightning-rest = {
|
services.clightning-rest = {
|
||||||
enable = true;
|
enable = true;
|
||||||
lndconnectOnion.enable = true;
|
lndconnect = {
|
||||||
|
enable = true;
|
||||||
|
onion = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -171,12 +177,12 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
|||||||
|
|
||||||
##### For lnd
|
##### For lnd
|
||||||
```
|
```
|
||||||
lndconnect-onion
|
lndconnect
|
||||||
```
|
```
|
||||||
|
|
||||||
##### For clightning
|
##### For clightning
|
||||||
```
|
```
|
||||||
lndconnect-onion-clightning
|
lndconnect-clightning
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Configure Zeus
|
5. Configure Zeus
|
||||||
@ -187,15 +193,15 @@ See: [Secrets dir](./configuration.md#secrets-dir)
|
|||||||
- Start sending and stacking sats privately
|
- Start sending and stacking sats privately
|
||||||
|
|
||||||
### Additional lndconnect features
|
### Additional lndconnect features
|
||||||
Create plain text URLs or QR code images:
|
- Create plain text URLs or QR code images
|
||||||
```
|
```bash
|
||||||
lndconnect-onion --url
|
lndconnect --url
|
||||||
lndconnect-onion --image
|
lndconnect --image
|
||||||
``````
|
```
|
||||||
Create a QR code for a custom hostname:
|
- Set a custom host. By default, `lndconnect` detects the system's external IP and uses it as the host.
|
||||||
```
|
```bash
|
||||||
lndconnect-onion --host=mynode.org
|
lndconnect --host myhost
|
||||||
```
|
```
|
||||||
|
|
||||||
# Connect to spark-wallet
|
# Connect to spark-wallet
|
||||||
### Requirements
|
### Requirements
|
||||||
|
@ -56,13 +56,16 @@
|
|||||||
#
|
#
|
||||||
# == REST server
|
# == REST server
|
||||||
# Set this to create a clightning REST onion service.
|
# Set this to create a clightning REST onion service.
|
||||||
# This also adds binary `lndconnect-onion-clightning` to the system environment.
|
# This also adds binary `lndconnect-clightning` to the system environment.
|
||||||
# This binary creates QR codes or URLs for connecting applications to clightning
|
# This binary creates QR codes or URLs for connecting applications to clightning
|
||||||
# via the REST onion service (see ../docs/services.md).
|
# via the REST onion service (see ../docs/services.md).
|
||||||
#
|
#
|
||||||
# services.clightning-rest = {
|
# services.clightning-rest = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# lndconnectOnion.enable = true;
|
# lndconnect = {
|
||||||
|
# enable = true;
|
||||||
|
# onion = true;
|
||||||
|
# };
|
||||||
# };
|
# };
|
||||||
|
|
||||||
### LND
|
### LND
|
||||||
@ -78,11 +81,14 @@
|
|||||||
# The onion service is automatically announced to peers.
|
# The onion service is automatically announced to peers.
|
||||||
# nix-bitcoin.onionServices.lnd.public = true;
|
# nix-bitcoin.onionServices.lnd.public = true;
|
||||||
#
|
#
|
||||||
# Set this to create an lnd REST onion service.
|
# Set this to create a lnd REST onion service.
|
||||||
# This also adds binary `lndconnect-onion` to the system environment.
|
# This also adds binary `lndconnect` to the system environment.
|
||||||
# This binary generates QR codes or URLs for connecting applications to lnd via the
|
# This binary generates QR codes or URLs for connecting applications to lnd via the
|
||||||
# REST onion service (see ../docs/services.md).
|
# REST onion service (see ../docs/services.md).
|
||||||
# services.lnd.lndconnectOnion.enable = true;
|
# services.lnd.lndconnect = {
|
||||||
|
# enable = true;
|
||||||
|
# onion = true;
|
||||||
|
# };
|
||||||
#
|
#
|
||||||
## WARNING
|
## WARNING
|
||||||
# If you use lnd, you should manually backup your wallet mnemonic
|
# If you use lnd, you should manually backup your wallet mnemonic
|
||||||
|
@ -3,43 +3,73 @@
|
|||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
options = {
|
options = {
|
||||||
services.lnd.lndconnectOnion.enable = mkOption {
|
services.lnd.lndconnect = {
|
||||||
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = mdDoc ''
|
description = mdDoc ''
|
||||||
Create an onion service for the lnd REST server.
|
Add a `lndconnect` binary to the system environment which prints
|
||||||
Add a `lndconnect-onion` binary to the system environment.
|
connection info for lnd clients.
|
||||||
See: https://github.com/LN-Zap/lndconnect
|
See: https://github.com/LN-Zap/lndconnect
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
```bash
|
```bash
|
||||||
# Print QR code
|
# Print QR code
|
||||||
lndconnect-onion
|
lndconnect
|
||||||
|
|
||||||
# Print URL
|
# Print URL
|
||||||
lndconnect-onion --url
|
lndconnect --url
|
||||||
```
|
```
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
onion = mkOption {
|
||||||
services.clightning-rest.lndconnectOnion.enable = mkOption {
|
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = mdDoc ''
|
description = mdDoc ''
|
||||||
Create an onion service for clightning-rest.
|
Create an onion service for the lnd REST server,
|
||||||
Add a `lndconnect-onion-clightning` binary to the system environment.
|
which is used by lndconnect.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.clightning-rest.lndconnect = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Add a `lndconnect-clightning` binary to the system environment which prints
|
||||||
|
connection info for clightning clients.
|
||||||
See: https://github.com/LN-Zap/lndconnect
|
See: https://github.com/LN-Zap/lndconnect
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
```bash
|
```bash
|
||||||
# Print QR code
|
# Print QR code
|
||||||
lndconnect-onion-clightning
|
lndconnect-clightning
|
||||||
|
|
||||||
# Print URL
|
# Print URL
|
||||||
lndconnect-onion-clightning --url
|
lndconnect-clightning --url
|
||||||
```
|
```
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
onion = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Create an onion service for the clightning REST server,
|
||||||
|
which is used by lndconnect.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nix-bitcoin.mkLndconnect = mkOption {
|
||||||
|
readOnly = true;
|
||||||
|
default = mkLndconnect;
|
||||||
|
description = mdDoc ''
|
||||||
|
A function to create a lndconnect binary.
|
||||||
|
See the source for further details.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nbLib = config.nix-bitcoin.lib;
|
nbLib = config.nix-bitcoin.lib;
|
||||||
@ -47,36 +77,55 @@ let
|
|||||||
|
|
||||||
inherit (config.services)
|
inherit (config.services)
|
||||||
lnd
|
lnd
|
||||||
clightning
|
|
||||||
clightning-rest;
|
clightning-rest;
|
||||||
|
|
||||||
mkLndconnect = {
|
mkLndconnect = {
|
||||||
name,
|
name,
|
||||||
shebang ? "#!${pkgs.stdenv.shell} -e",
|
shebang ? "#!${pkgs.stdenv.shell} -e",
|
||||||
onionService,
|
|
||||||
port,
|
port,
|
||||||
certPath,
|
macaroonPath,
|
||||||
macaroonPath
|
enableOnion,
|
||||||
|
onionService ? null,
|
||||||
|
certPath ? null
|
||||||
}:
|
}:
|
||||||
# TODO-EXTERNAL:
|
# TODO-EXTERNAL:
|
||||||
# lndconnect requires a --configfile argument, although it's unused
|
# lndconnect requires a --configfile argument, although it's unused
|
||||||
# https://github.com/LN-Zap/lndconnect/issues/25
|
# https://github.com/LN-Zap/lndconnect/issues/25
|
||||||
pkgs.writeScriptBin name ''
|
pkgs.hiPrio (pkgs.writeScriptBin name ''
|
||||||
${shebang}
|
${shebang}
|
||||||
exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \
|
exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \
|
||||||
--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \
|
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
|
||||||
--port=${toString port} \
|
--port=${toString port} \
|
||||||
--tlscertpath='${certPath}' \
|
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
|
||||||
--adminmacaroonpath='${macaroonPath}' \
|
--adminmacaroonpath='${macaroonPath}' \
|
||||||
--configfile=/dev/null "$@"
|
--configfile=/dev/null "$@"
|
||||||
'';
|
'');
|
||||||
|
|
||||||
operatorName = config.nix-bitcoin.operator.name;
|
operatorName = config.nix-bitcoin.operator.name;
|
||||||
in {
|
in {
|
||||||
inherit options;
|
inherit options;
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf (lnd.enable && lnd.lndconnectOnion.enable) {
|
(mkIf (lnd.enable && lnd.lndconnect.enable)
|
||||||
|
(mkMerge [
|
||||||
|
{
|
||||||
|
environment.systemPackages = [(
|
||||||
|
mkLndconnect {
|
||||||
|
name = "lndconnect";
|
||||||
|
# Run as lnd user because the macaroon and cert are not group-readable
|
||||||
|
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
||||||
|
enableOnion = lnd.lndconnect.onion;
|
||||||
|
onionService = "${lnd.user}/lnd-rest";
|
||||||
|
port = lnd.restPort;
|
||||||
|
certPath = lnd.certPath;
|
||||||
|
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
||||||
|
}
|
||||||
|
)];
|
||||||
|
|
||||||
|
services.lnd.restAddress = mkIf (!lnd.lndconnect.onion) "0.0.0.0";
|
||||||
|
}
|
||||||
|
|
||||||
|
(mkIf lnd.lndconnect.onion {
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
relay.onionServices.lnd-rest = nbLib.mkOnionService {
|
relay.onionServices.lnd-rest = nbLib.mkOnionService {
|
||||||
@ -86,21 +135,27 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
|
nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
|
||||||
|
})
|
||||||
|
]))
|
||||||
|
|
||||||
|
(mkIf (clightning-rest.enable && clightning-rest.lndconnect.enable)
|
||||||
|
(mkMerge [
|
||||||
|
{
|
||||||
environment.systemPackages = [(
|
environment.systemPackages = [(
|
||||||
mkLndconnect {
|
mkLndconnect {
|
||||||
name = "lndconnect-onion";
|
name = "lndconnect-clightning";
|
||||||
# Run as lnd user because the macaroon and cert are not group-readable
|
enableOnion = clightning-rest.lndconnect.onion;
|
||||||
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
onionService = "${operatorName}/clightning-rest";
|
||||||
onionService = "${lnd.user}/lnd-rest";
|
port = clightning-rest.port;
|
||||||
port = lnd.restPort;
|
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
|
||||||
certPath = lnd.certPath;
|
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
|
||||||
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
|
||||||
}
|
}
|
||||||
)];
|
)];
|
||||||
})
|
|
||||||
|
|
||||||
(mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) {
|
# clightning-rest always binds to all interfaces
|
||||||
|
}
|
||||||
|
|
||||||
|
(mkIf clightning-rest.lndconnect.onion {
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
relay.onionServices.clightning-rest = nbLib.mkOnionService {
|
relay.onionServices.clightning-rest = nbLib.mkOnionService {
|
||||||
@ -111,16 +166,8 @@ in {
|
|||||||
};
|
};
|
||||||
# This also allows nodeinfo to show the clightning-rest onion address
|
# This also allows nodeinfo to show the clightning-rest onion address
|
||||||
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
|
nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
|
||||||
|
|
||||||
environment.systemPackages = [(
|
|
||||||
mkLndconnect {
|
|
||||||
name = "lndconnect-onion-clightning";
|
|
||||||
onionService = "${operatorName}/clightning-rest";
|
|
||||||
port = clightning-rest.port;
|
|
||||||
certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
|
|
||||||
macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
|
|
||||||
}
|
|
||||||
)];
|
|
||||||
})
|
})
|
||||||
|
])
|
||||||
|
)
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -33,7 +33,6 @@ in {
|
|||||||
(mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ])
|
(mkRenamedOptionModule [ "services" "liquidd" "rpcbind" ] [ "services" "liquidd" "rpc" "address" ])
|
||||||
# 0.0.70
|
# 0.0.70
|
||||||
(mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ])
|
(mkRenamedOptionModule [ "services" "rtl" "cl-rest" ] [ "services" "clightning-rest" ])
|
||||||
(mkRenamedOptionModule [ "services" "lnd" "restOnionService" "enable" ] [ "services" "lnd" "lndconnectOnion" "enable" ])
|
|
||||||
|
|
||||||
(mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ])
|
(mkRenamedOptionModule [ "nix-bitcoin" "setup-secrets" ] [ "nix-bitcoin" "setupSecrets" ])
|
||||||
|
|
||||||
@ -46,6 +45,28 @@ in {
|
|||||||
bitcoin peer connections for syncing blocks. This performs well on low and high
|
bitcoin peer connections for syncing blocks. This performs well on low and high
|
||||||
memory systems.
|
memory systems.
|
||||||
'')
|
'')
|
||||||
|
# 0.0.86
|
||||||
|
(mkRemovedOptionModule [ "services" "lnd" "restOnionService" "enable" ] ''
|
||||||
|
Set the following options instead:
|
||||||
|
services.lnd.lndconnect = {
|
||||||
|
enable = true;
|
||||||
|
onion = true;
|
||||||
|
}
|
||||||
|
'')
|
||||||
|
(mkRemovedOptionModule [ "services" "lnd" "lndconnect-onion" ] ''
|
||||||
|
Set the following options instead:
|
||||||
|
services.lnd.lndconnect = {
|
||||||
|
enable = true;
|
||||||
|
onion = true;
|
||||||
|
}
|
||||||
|
'')
|
||||||
|
(mkRemovedOptionModule [ "services" "clightning-rest" "lndconnect-onion" ] ''
|
||||||
|
Set the following options instead:
|
||||||
|
services.clightning-rest.lndconnect = {
|
||||||
|
enable = true;
|
||||||
|
onion = true;
|
||||||
|
}
|
||||||
|
'')
|
||||||
] ++
|
] ++
|
||||||
# 0.0.59
|
# 0.0.59
|
||||||
(map mkSplitEnforceTorOption [
|
(map mkSplitEnforceTorOption [
|
||||||
|
@ -228,7 +228,7 @@ let
|
|||||||
version = "0.0.70";
|
version = "0.0.70";
|
||||||
condition = config.services.lnd.lndconnectOnion.enable;
|
condition = config.services.lnd.lndconnectOnion.enable;
|
||||||
message = ''
|
message = ''
|
||||||
The `lndconnect-rest-onion` binary has been renamed to `lndconnect-onion`.
|
The `lndconnect-rest-onion` binary has been renamed to `lndconnect`.
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
@ -86,8 +86,8 @@ let
|
|||||||
|
|
||||||
nix-bitcoin.onionServices.lnd.public = true;
|
nix-bitcoin.onionServices.lnd.public = true;
|
||||||
|
|
||||||
tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable;
|
tests.lndconnect-onion-lnd = with cfg.lnd.lndconnect; enable && onion;
|
||||||
tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable;
|
tests.lndconnect-onion-clightning = with cfg.clightning-rest.lndconnect; enable && onion;
|
||||||
|
|
||||||
tests.lightning-loop = cfg.lightning-loop.enable;
|
tests.lightning-loop = cfg.lightning-loop.enable;
|
||||||
services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ];
|
services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ];
|
||||||
@ -187,9 +187,9 @@ let
|
|||||||
services.rtl.enable = true;
|
services.rtl.enable = true;
|
||||||
services.spark-wallet.enable = true;
|
services.spark-wallet.enable = true;
|
||||||
services.clightning-rest.enable = true;
|
services.clightning-rest.enable = true;
|
||||||
services.clightning-rest.lndconnectOnion.enable = true;
|
services.clightning-rest.lndconnect = { enable = true; onion = true; };
|
||||||
services.lnd.enable = true;
|
services.lnd.enable = true;
|
||||||
services.lnd.lndconnectOnion.enable = true;
|
services.lnd.lndconnect = { enable = true; onion = true; };
|
||||||
services.lightning-loop.enable = true;
|
services.lightning-loop.enable = true;
|
||||||
services.lightning-pool.enable = true;
|
services.lightning-pool.enable = true;
|
||||||
services.charge-lnd.enable = true;
|
services.charge-lnd.enable = true;
|
||||||
|
@ -177,12 +177,12 @@ def _():
|
|||||||
@test("lndconnect-onion-lnd")
|
@test("lndconnect-onion-lnd")
|
||||||
def _():
|
def _():
|
||||||
assert_running("lnd")
|
assert_running("lnd")
|
||||||
assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion")
|
assert_matches("runuser -u operator -- lndconnect --url", ".onion")
|
||||||
|
|
||||||
@test("lndconnect-onion-clightning")
|
@test("lndconnect-onion-clightning")
|
||||||
def _():
|
def _():
|
||||||
assert_running("clightning-rest")
|
assert_running("clightning-rest")
|
||||||
assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion")
|
assert_matches("runuser -u operator -- lndconnect-clightning --url", ".onion")
|
||||||
|
|
||||||
@test("lightning-loop")
|
@test("lightning-loop")
|
||||||
def _():
|
def _():
|
||||||
|
Loading…
Reference in New Issue
Block a user