jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

trustedcoin: add option tor.proxy

Browse Source 
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.

Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.

Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
This commit is contained in:
Erik Arvstedt
2023-08-03 15:38:45 +02:00
parent 31b76f1ffe
commit 53ea447ab7
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/clightning-plugins/trustedcoin.nix
View File

@@ -5,12 +5,19 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
{
options.services.clightning.plugins.trustedcoin = {
enable = mkEnableOption "Trustedcoin (clightning plugin)";
package = mkOption {
type = types.package;
default = config.nix-bitcoin.pkgs.trustedcoin;
defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
description = mdDoc "The package providing trustedcoin binaries.";
};
tor.proxy = mkOption {
type = types.bool;
default = config.services.clightning.tor.proxy;
description = mdDoc "Whether to proxy outgoing connections with Tor.";
};
};
config = mkIf cfg.enable {
@@ -19,12 +26,15 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
extraConfig = ''
plugin=${cfg.package}/bin/trustedcoin
'';
tor.enforce = mkIf (!cfg.tor.proxy) false;
};
# Trustedcoin does not honor the clightning's proxy configuration.
# Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19
systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) {
HTTPS_PROXY = "socks5://${config.services.clightning.proxy}";
systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
HTTPS_PROXY = let
clnProxy = config.services.clightning.proxy;
proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
in
"socks5://${proxy}";
};
};
}