Updating --- In your deployment directory, enter the nix shell with `nix-shell` and run ``` fetch-release > nix-bitcoin-release.nix ``` Nodeinfo --- Run `nodeinfo` to see onion addresses and local addresses for enabled services. Connect to spark-wallet --- ### Requirements * Android phone * [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en) * [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet) 1. Enable spark-wallet in `configuration.nix` Change ``` # services.spark-wallet.enable = true; ``` to ``` services.spark-wallet.enable = true; ``` 2. Deploy new `configuration.nix` ``` nixops deploy -d bitcoin-node ``` 3. Enable Orbot VPN for spark-wallet ``` Open Orbot app Turn on "VPN Mode" Select Gear icon under "Tor-Enabled Apps" Toggle checkbox under Spark icon ``` 4. Get the onion address, access key and QR access code for the spark wallet android app ``` journalctl -eu spark-wallet ``` Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlighting the entire output to invert the colors. 5. Connect to spark-wallet android app ``` Server Settings Scan QR Done ``` Connect to LND with Zeus --- ### Requirements * Android phone * [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en) * [Zeus](https://zeusln.app/) installed from [F-Droid](https://f-droid.org/en/packages/app.zeusln.zeus/) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=app.zeusln.zeus) 1. Enable `restOnionService` in `configuration.nix` Change ``` # services.lnd.restOnionService.enable = true; ``` to ``` services.lnd.restOnionService.enable = true; ``` 2. Deploy new `configuration.nix` ``` nixops deploy -d bitcoin-node ``` 3. Run command `lndconnect-rest-onion` (under `operator` user) to create a QR code for connecting to LND via the REST onion service. 4. Enable Orbot VPN for Zeus ``` Open Orbot app Turn on "VPN Mode" Select Gear icon under "Tor-Enabled Apps" Toggle checkbox under Zeus icon ``` 5. Scan the QR code with your Zeus wallet and start sending Satoshis privately Connect to electrs --- ### Requirements Android * Android phone * [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en) * [Electrum mobile app](https://electrum.org/#home) 4.0.1 and newer installed from [direct download](https://electrum.org/#download) or [Google Play](https://play.google.com/store/apps/details?id=org.electrum.electrum) ### Requirements Desktop * [Tor](https://www.torproject.org/) installed from [source](https://www.torproject.org/docs/tor-doc-unix.html.en) or [repository](https://www.torproject.org/docs/debian.html.en) * [Electrum](https://electrum.org/#download) installed 1. Enable electrs in `configuration.nix` Change ``` # services.electrs.enable = true; ``` to ``` services.electrs.enable = true; ``` 2. Deploy new `configuration.nix` ``` nixops deploy -d bitcoin-node ``` 3. Get electrs onion address with format `:` ``` nodeinfo | jq -r .electrs.onion_address ``` 4. Connect to electrs Make sure Tor is running on Desktop or as Orbot on Android. On Desktop ``` electrum --oneserver -1 -s ":t" -p socks5:localhost:9050 ``` On Android ``` Three dots in the upper-right-hand corner Network > Proxy mode: socks5, Host: 127.0.0.1, Port: 9050 Network > Auto-connect: OFF Network > One-server mode: ON Network > Server: :t ``` Connect to nix-bitcoin node through the SSH onion service --- 1. Get the SSH onion address (excluding the port suffix) ``` nixops ssh operator@bitcoin-node nodeinfo | jq -r .sshd.onion_address | sed 's/:.*//' ``` 2. Create a SSH key ``` ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 ``` 3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so ``` # FIXME: Add your SSH pubkey services.openssh.enable = true; users.users.root = { openssh.authorizedKeys.keys = [ "" ]; }; ``` 4. Connect to your nix-bitcoin node's SSH onion service, forwarding a local port to the nix-bitcoin node's SSH server ``` ssh -i ~/.ssh/id_ed25519 -L :localhost:22 root@ ``` 5. Edit your `network-nixos.nix` to look like this ``` { bitcoin-node = { config, pkgs, ... }: { deployment.targetHost = "127.0.0.1"; deployment.targetPort = ; }; } ``` 6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's SSH agent](https://github.com/romanz/trezor-agent), which provides extra security. Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface --- 1. Enable Trezor in `configuration.nix` Change ``` # services.hardware-wallets.trezor = true; ``` to ``` services.hardware-wallets.trezor = true; ``` 2. Deploy new `configuration.nix` ``` nixops deploy -d bitcoin-node ``` 3. Check that your nix-bitcoin node recognizes your Trezor ``` nixops ssh operator@bitcoin-node lsusb ``` Should show something relating to your Trezor 4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode Trezor v1 ``` Plug in your Trezor with both buttons depressed ``` Trezor v2 ``` Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through ``` 5. If your Trezor's firmware is outdated: Update your Trezor's firmware ``` trezorctl firmware-update ``` Follow the on-screen instructions **Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.** 6. If your Trezor is not yet initialized: Set up your Trezor ``` trezorctl reset-device -p ``` Follow the on-screen instructions 7. Find your Trezor ``` hwi enumerate hwi -t trezor -d promptpin hwi -t trezor -d sendpin hwi enumerate ``` 8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node JoinMarket --- ## Diff to regular JoinMarket usage For clarity reasons, nix-bitcoin renames all scripts to `jm-*` without `.py`, for example `wallet-tool.py` becomes `jm-wallet-tool`. The rest of this section details nix-bitcoin specific workflows for JoinMarket. ## Initialize JoinMarket Wallet By default, nix-bitcoin's JoinMarket module automatically generates a wallet for you. If however, you want to manually initialize your wallet, follow these steps. 1. Enable JoinMarket in your node configuration ``` services.joinmarket.enable = true; ``` 2. Move the automatically generated `wallet.jmdat` ```console mv /var/lib/joinmarket/wallet.jmdat /var/lib/joinmarket/bak.jmdat ``` 3. Generate wallet on your node ```console jm-wallet-tool generate ``` Follow the on-screen instructions and write down your seed. In order to use nix-bitcoin's `joinmarket.yieldgenerator`, use the password from `/secrets/jm-wallet-password` and use the suggested default wallet name `wallet.jmdat`. If you want to use your own `jm-wallet-password`, simply replace the password string in your local secrets directory. ## Run the tumbler The tumbler needs to be able to run in the background for a long time, use screen to run it accross SSH sessions. You can also use tmux in the same fashion. 1. Add screen to your `environment.systemPackages`, for example ``` environment.systemPackages = with pkgs; [ vim screen ]; ``` 2. Start the screen session ```console screen -S "tumbler" ``` 2. Start the tumbler Example: Tumbling into your wallet after buying from an exchange to improve privacy: ```console jm-tumbler wallet.jmdat ``` After tumbling your bitcoin end up in these three addresses. You can now spend them without the exchange collecting data on your purchases. Get more information [here](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/tumblerguide.md) 3. Detach the screen session to leave the tumbler running in the background ``` Ctrl-a d or Ctrl-a Ctrl-d ``` 4. Re-attach to the screen session ```console screen -r tumbler ``` 5. End screen session Type exit when tumbler is done ```console exit ``` ## Run a "maker" or "yield generator" The maker/yield generator in nix-bitcoin is implemented using a systemd service. See [here](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/YIELDGENERATOR.md) for more yield generator information. 1. Enable yield generator bot in your node configuration ``` services.joinmarket.yieldgenerator = { enable = true; # Optional: Add custom parameters txfee = 200; cjfee_a = 300; }; ''; ``` 2. Check service status ```console systemctl status joinmarket-yieldgenerator ``` 3. Profit clightning --- ## Plugins There are a number of [plugins](https://github.com/lightningd/plugins) available for clightning. Currently `nix-bitcoin` supports: - helpme - monitor - prometheus - rebalance - summary - zmq You can activate and configure these plugins like so: ```nix services.clightning = { enable = true; plugins = { prometheus.enable = true; prometheus.listen = "0.0.0.0:9900"; }; }; ``` Please have a look at the module for a plugin (e.g. [prometheus.nix](../modules/clightning-plugins/prometheus.nix)) to learn its configuration options.