services: add tor.* options

Split `enforceTor` into `tor.proxy` and `tor.enforce`. By enabling `tor.proxy` without `tor.enforce`, a service can accept incoming clearnet connections. E.g., this allows setting up a Tor-proxied bitcoind node that accepts RPC connections from LAN.
2021-11-28 21:24:49 +01:00
parent ff24e73ad7
commit 9bda7305fd
17 changed files with 109 additions and 65 deletions
--- a/modules/obsolete-options.nix
+++ b/modules/obsolete-options.nix
@@ -7,6 +7,16 @@ let
    mkRemovedOptionModule [ "services" service "announce-tor" ] ''
      Use option `nix-bitcoin.onionServices.${service}.public` instead.
    '';
+
+  mkSplitEnforceTorOption = service:
+    (mkRemovedOptionModule [ "services" service "enforceTor" ] ''
+      The option has been split into options `tor.proxy` and `tor.enforce`.
+      Set `tor.proxy = true` to proxy outgoing connections with Tor.
+      Set `tor.enforce = true` to only allow connections (incoming and outgoing) through Tor.
+    '');
+  mkRenamedEnforceTorOption = service:
+    (mkRenamedOptionModule [ "services" service "enforceTor" ] [ "services" service "tor" "enforce" ]);
+
 in {
  imports = [
    (mkRenamedOptionModule [ "services" "bitcoind" "bind" ] [ "services" "bitcoind" "address" ])
@@ -33,5 +43,20 @@ in {
      bitcoin peer connections for syncing blocks. This performs well on low and high
      memory systems.
    '')
-  ];
+  ] ++
+  # 0.0.59
+  (map mkSplitEnforceTorOption [
+    "clightning"
+    "lightning-loop"
+    "lightning-pool"
+    "liquid"
+    "lnd"
+    "spark-wallet"
+    "bitcoind"
+  ]) ++
+  (map mkRenamedEnforceTorOption [
+    "btcpayserver"
+    "rtl"
+    "electrs"
+  ]);
 }