acf5fe69ad
- Rename `services.rtl.cl-rest` to `services.clightning-rest`. `clightning-rest` is generally useful for connecting external REST clients to clightning. - Add a dedicated network namespace in netns-isolation. - Add nodeinfo entry. - Add datadir (which contains REST auth data) to backups.
54 lines
1.5 KiB
Nix
54 lines
1.5 KiB
Nix
{ lib, config, ... }:
|
|
let
|
|
defaultTrue = lib.mkDefault true;
|
|
defaultEnableTorProxy = {
|
|
tor.proxy = defaultTrue;
|
|
tor.enforce = defaultTrue;
|
|
};
|
|
defaultEnforceTor = {
|
|
tor.enforce = defaultTrue;
|
|
};
|
|
in {
|
|
services.tor = {
|
|
enable = true;
|
|
client.enable = true;
|
|
};
|
|
|
|
services = {
|
|
# Use Tor as a proxy for outgoing connections
|
|
# and restrict all connections to Tor
|
|
#
|
|
bitcoind = defaultEnableTorProxy;
|
|
clightning = defaultEnableTorProxy;
|
|
lnd = defaultEnableTorProxy;
|
|
lightning-loop = defaultEnableTorProxy;
|
|
liquidd = defaultEnableTorProxy;
|
|
# TODO-EXTERNAL:
|
|
# disable Tor enforcement until btcpayserver can fetch rates over Tor
|
|
# btcpayserver = defaultEnableTorProxy;
|
|
spark-wallet = defaultEnableTorProxy;
|
|
lightning-pool = defaultEnableTorProxy;
|
|
|
|
# These services don't make outgoing connections
|
|
# (or use Tor by default in case of joinmarket)
|
|
# but we restrict them to Tor just to be safe.
|
|
#
|
|
electrs = defaultEnforceTor;
|
|
nbxplorer = defaultEnforceTor;
|
|
rtl = defaultEnforceTor;
|
|
joinmarket = defaultEnforceTor;
|
|
joinmarket-ob-watcher = defaultEnforceTor;
|
|
clightning-rest = defaultEnforceTor;
|
|
};
|
|
|
|
# Add onion services for incoming connections
|
|
nix-bitcoin.onionServices = {
|
|
bitcoind.enable = defaultTrue;
|
|
liquidd.enable = defaultTrue;
|
|
electrs.enable = defaultTrue;
|
|
spark-wallet.enable = defaultTrue;
|
|
joinmarket-ob-watcher.enable = defaultTrue;
|
|
rtl.enable = defaultTrue;
|
|
};
|
|
}
|