jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge fort-nix/nix-bitcoin#575: Improve lndconnect, support WireGuard

Browse Source 
cea69b73d2 nodeinfo: enable required option `nix-bitcoin.operator` (Erik Arvstedt)
27d95fda85 nodeinfo/lnd: add `onion_rest_address` (Erik Arvstedt)
54a21874ae nodeinfo/lnd: add `rest_address` (Erik Arvstedt)
a4bfefd562 add `presets/wireguard.nix` (Erik Arvstedt)
477e1709fb lndconnect: update to Zeus 0.7.1 (Erik Arvstedt)
f996ef37d9 lnd, clightning-rest: remove `lndconnectOnion`, add generic option `lndconnect` (Erik Arvstedt)
b4bc621b8c rename `lndconnect-onion.nix` -> `lndconnect.nix` (Erik Arvstedt)
907cfe4f4c docs/services: improve title, fix numbering (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK cea69b73d2

Tree-SHA512: 747d95b49f5c1b63dfaa2c6bc302fb102e3788c36e279cc28266ea230e8daae54973d8bdb51f2a81e7e84eb86b6b1e504fbe8af85c2318525c54d901678b3f55
This commit is contained in:
Jonas Nick
2023-03-13 12:55:40 +00:00
parent edc1495f5e cea69b73d2
commit 282c45b746
16 changed files with 798 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
test/run-tests.sh
View File

@@ -274,6 +274,7 @@ buildable=(
hardened
clightning-replication
lndPruned
wireguard-lndconnect
)
buildable() { buildTests buildable "$@"; }

9
test/tests.nix
View File

@@ -86,8 +86,8 @@ let
nix-bitcoin.onionServices.lnd.public = true;
tests.lndconnect-onion-lnd = cfg.lnd.lndconnectOnion.enable;
tests.lndconnect-onion-clightning = cfg.clightning-rest.lndconnectOnion.enable;
tests.lndconnect-onion-lnd = with cfg.lnd.lndconnect; enable && onion;
tests.lndconnect-onion-clightning = with cfg.clightning-rest.lndconnect; enable && onion;
tests.lightning-loop = cfg.lightning-loop.enable;
services.lightning-loop.certificate.extraIPs = [ "20.0.0.1" ];
@@ -187,9 +187,9 @@ let
services.rtl.enable = true;
services.spark-wallet.enable = true;
services.clightning-rest.enable = true;
services.clightning-rest.lndconnectOnion.enable = true;
services.clightning-rest.lndconnect = { enable = true; onion = true; };
services.lnd.enable = true;
services.lnd.lndconnectOnion.enable = true;
services.lnd.lndconnect = { enable = true; onion = true; };
services.lightning-loop.enable = true;
services.lightning-pool.enable = true;
services.charge-lnd.enable = true;
@@ -405,6 +405,7 @@ in {
in
{
clightning-replication = import ./clightning-replication.nix makeTestVM pkgs;
wireguard-lndconnect = import ./wireguard-lndconnect.nix makeTestVM pkgs;
} // mainTests;
tests = makeTests scenarios;

4
test/tests.py
View File

@@ -177,12 +177,12 @@ def _():
@test("lndconnect-onion-lnd")
def _():
assert_running("lnd")
assert_matches("runuser -u operator -- lndconnect-onion --url", ".onion")
assert_matches("runuser -u operator -- lndconnect --url", ".onion")
@test("lndconnect-onion-clightning")
def _():
assert_running("clightning-rest")
assert_matches("runuser -u operator -- lndconnect-onion-clightning --url", ".onion")
assert_matches("runuser -u operator -- lndconnect-clightning --url", ".onion")
@test("lightning-loop")
def _():

103
test/wireguard-lndconnect.nix Normal file
View File

@@ -0,0 +1,103 @@
# You can run this test via `run-tests.sh -s wireguard-lndconnect`
makeTestVM: pkgs:
with pkgs.lib;
makeTestVM {
name = "wireguard-lndconnect";
nodes = {
server = {
imports = [
../modules/modules.nix
../modules/presets/wireguard.nix
];
nixpkgs.pkgs = pkgs;
nix-bitcoin.generateSecrets = true;
nix-bitcoin.operator.enable = true;
services.clightning-rest = {
enable = true;
lndconnect.enable = true;
};
# TODO-EXTERNAL:
# When WAN is disabled, DNS bootstrapping slows down service startup by ~15 s.
services.clightning.extraConfig = "disable-dns";
services.lnd = {
enable = true;
lndconnect.enable = true;
port = 9736;
};
};
client = {
nixpkgs.pkgs = pkgs;
environment.systemPackages = with pkgs; [
wireguard-tools
];
};
};
testScript = ''
import base64
import urllib.parse as Url
from types import SimpleNamespace
def parse_lndconnect_url(url):
u = Url.urlparse(url)
queries = Url.parse_qs(u.query)
macaroon = queries['macaroon'][0]
is_clightning = url.startswith("c-lightning-rest")
return SimpleNamespace(
host = u.hostname,
port = u.port,
macaroon_hex =
macaroon if is_clightning else base64.urlsafe_b64decode(macaroon + '===').hex().upper()
)
client.start()
server.connect()
if not "is_interactive" in vars():
with subtest("connect client to server via WireGuard"):
server.wait_for_unit("wireguard-wg-nb-peer-peer0.service")
# Get WireGuard config from server and save it to `/tmp/wireguard.conf` on the client
wg_config = server.succeed("runuser -u operator -- nix-bitcoin-wg-connect server --text")
# Encode to base64
b64 = base64.b64encode(wg_config.encode('utf-8')).decode()
client.succeed(f"install -m 400 <(echo -n {b64} | base64 -d) /tmp/wireguard.conf")
# Connect to server via WireGuard
client.succeed("wg-quick up /tmp/wireguard.conf")
# Ping server from client
print(client.succeed("ping -c 1 -W 0.5 10.10.0.1"))
with subtest("lndconnect-wg"):
server.wait_for_unit("lnd.service")
lndconnect_url = server.succeed("runuser -u operator -- lndconnect-wg --url")
api = parse_lndconnect_url(lndconnect_url)
# Make lnd REST API call
client.succeed(
f"curl -fsS --max-time 3 --insecure --header 'Grpc-Metadata-macaroon: {api.macaroon_hex}' "
f"-X GET https://{api.host}:{api.port}/v1/getinfo"
)
with subtest("lndconnect-clightning-wg"):
server.wait_for_unit("clightning-rest.service")
lndconnect_url = server.succeed("runuser -u operator -- lndconnect-clightning-wg --url")
api = parse_lndconnect_url(lndconnect_url)
# Make clightning-rest API call
client.succeed(
f"curl -fsS --max-time 3 --insecure --header 'macaroon: {api.macaroon_hex}' "
f"--header 'encodingtype: hex' -X GET https://{api.host}:{api.port}/v1/getinfo"
)
'';
}