From 858ab1cfd6b2f1cac17080f9cacbd05558d7852f Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Aug 2023 01:19:03 +0200 Subject: [PATCH 01/11] clightning: revert whitespace changes --- modules/clightning.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/clightning.nix b/modules/clightning.nix index cda95e4..4f3fd1f 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -111,11 +111,9 @@ let ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} always-use-proxy=${boolToString cfg.always-use-proxy} bind-addr=${cfg.address}:${toString cfg.port} - bitcoin-rpcconnect=${nbLib.address bitcoind.rpc.address} bitcoin-rpcport=${toString bitcoind.rpc.port} bitcoin-rpcuser=${bitcoind.rpc.users.public.name} - rpc-file-mode=0660 log-timestamps=false ${optionalString (cfg.wallet != null) "wallet=${cfg.wallet}"} @@ -163,7 +161,6 @@ in { { cat ${configFile} echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" - ${optionalString (cfg.getPublicAddressCmd != "") '' echo "announce-addr=$(${cfg.getPublicAddressCmd}):${toString publicPort}" ''} From dca6813d6b0edac3b0a206fb6d323bcf2c217528 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 25 Jun 2023 11:08:54 +0200 Subject: [PATCH 02/11] tests/clightning-plugins: extract variable --- test/tests.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tests.nix b/test/tests.nix index 365a1b2..2dc6e8f 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -46,8 +46,8 @@ let test.data.clightning-plugins = let plugins = config.services.clightning.plugins; removed = [ "commando" "trustedcoin" ]; - enabled = builtins.filter (plugin: plugins.${plugin}.enable) - (subtractLists removed (builtins.attrNames plugins)); + available = subtractLists removed (builtins.attrNames plugins); + enabled = builtins.filter (plugin: plugins.${plugin}.enable) available; nbPkgs = config.nix-bitcoin.pkgs; pluginPkgs = nbPkgs.clightning-plugins // { clboss.path = "${nbPkgs.clboss}/bin/clboss"; From 57455eb897210011d86f75ba268cd2da0ecde4e3 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 25 Jun 2023 11:08:55 +0200 Subject: [PATCH 03/11] tests/clightning-plugins: set actual `clboss` pkg path --- test/tests.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/tests.nix b/test/tests.nix index 2dc6e8f..20d8153 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -50,7 +50,7 @@ let enabled = builtins.filter (plugin: plugins.${plugin}.enable) available; nbPkgs = config.nix-bitcoin.pkgs; pluginPkgs = nbPkgs.clightning-plugins // { - clboss.path = "${nbPkgs.clboss}/bin/clboss"; + clboss.path = "${plugins.clboss.package}/bin/clboss"; }; in map (plugin: pluginPkgs.${plugin}.path) enabled; From 7640c69d799dabb440bbe18b5938fbbd6faff4f9 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 25 Jun 2023 11:08:56 +0200 Subject: [PATCH 04/11] tests/clightning-plugins: enable active plugin test for `trustedcoin` --- test/tests.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/tests.nix b/test/tests.nix index 20d8153..f220e88 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -45,12 +45,16 @@ let services.clightning.extraConfig = mkIf config.test.noConnections "disable-dns"; test.data.clightning-plugins = let plugins = config.services.clightning.plugins; - removed = [ "commando" "trustedcoin" ]; + removed = [ + # Only defined via `obsolete-options.nix` + "commando" + ]; available = subtractLists removed (builtins.attrNames plugins); enabled = builtins.filter (plugin: plugins.${plugin}.enable) available; nbPkgs = config.nix-bitcoin.pkgs; pluginPkgs = nbPkgs.clightning-plugins // { clboss.path = "${plugins.clboss.package}/bin/clboss"; + trustedcoin.path = "${plugins.trustedcoin.package}/bin/trustedcoin"; }; in map (plugin: pluginPkgs.${plugin}.path) enabled; From f3e9c644e32be8a7527966721b344fa868bc6708 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Aug 2023 00:38:50 +0200 Subject: [PATCH 05/11] clightning-plugins/trustedcoin: improve docs --- README.md | 2 +- docs/services.md | 17 ++++++----------- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 2669a40..bbef7ef 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ NixOS modules ([src](modules/modules.nix)) * [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced * [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status - * [trustedcoin](https://github.com/nbd-wtf/trustedcoin) [[experimental](docs/services.md#trustedcoin-hints)]: replaces bitcoind with trusted public explorers + * [trustedcoin](https://github.com/nbd-wtf/trustedcoin) ([experimental](docs/services.md#trustedcoin)): replaces bitcoind with trusted public explorers * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints * [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md) diff --git a/docs/services.md b/docs/services.md index 961b95a..aeb6db2 100644 --- a/docs/services.md +++ b/docs/services.md @@ -579,20 +579,15 @@ services.clightning = { Please have a look at the module for a plugin (e.g. [prometheus.nix](../modules/clightning-plugins/prometheus.nix)) to learn its configuration options. -### Trustedcoin hints -The [trustedcoin](https://github.com/nbd-wtf/trustedcoin) plugin use a Tor -proxy for all of its external connections by default. That's why you can -sometimes face issues with your connections to esploras getting blocked. - -An example of clightning log error output in a case your connections are getting blocked: +### Trustedcoin +When `services.clightning.tor.proxy` is enabled, [trustedcoin](https://github.com/nbd-wtf/trustedcoin) +also uses Tor for all external connections by default. +In this case, connections to block explorers can sometimes get blocked. +An example of clightning log error output when connections are getting blocked: ``` lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.info/api error: 403 Forbidden -``` - -``` -lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: -lightningd[4933]: Date: Thu, 3 Aug 2023 15:38:45 +0200 Subject: [PATCH 07/11] trustedcoin: add option `tor.proxy` By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`, `trustedcoin` can be used without Tor proxying, while clighting still uses Tor for lightning layer connections. Previously, disabling Tor for `trustedcoin` required to also disable Tor for clightning. Also fix the workaround in the docs for the trustedcoin Tor connection issues: The previous config snippet only affected systemd hardening settings, but didn't disable Tor for trustedcoin. --- docs/services.md | 9 +++------ modules/clightning-plugins/trustedcoin.nix | 18 ++++++++++++++---- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/docs/services.md b/docs/services.md index aeb6db2..2ab5d0e 100644 --- a/docs/services.md +++ b/docs/services.md @@ -590,10 +590,7 @@ lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.inf lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: ... ``` -If you face these issues and you still need to use trustedcoin, use can disable -clightning's tor hardening by setting this option in your `configuration.nix` -file: - -``` -services.clightning.tor.enforce = false; +To work around this and connect via clearnet instead, set this option: +```nix +services.clightning.plugins.trustedcoin.tor.proxy = false; ``` diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix index 8f0b5c4..9ac14ca 100644 --- a/modules/clightning-plugins/trustedcoin.nix +++ b/modules/clightning-plugins/trustedcoin.nix @@ -5,12 +5,19 @@ let cfg = config.services.clightning.plugins.trustedcoin; in { options.services.clightning.plugins.trustedcoin = { enable = mkEnableOption "Trustedcoin (clightning plugin)"; + package = mkOption { type = types.package; default = config.nix-bitcoin.pkgs.trustedcoin; defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; description = mdDoc "The package providing trustedcoin binaries."; }; + + tor.proxy = mkOption { + type = types.bool; + default = config.services.clightning.tor.proxy; + description = mdDoc "Whether to proxy outgoing connections with Tor."; + }; }; config = mkIf cfg.enable { @@ -19,12 +26,15 @@ let cfg = config.services.clightning.plugins.trustedcoin; in extraConfig = '' plugin=${cfg.package}/bin/trustedcoin ''; + tor.enforce = mkIf (!cfg.tor.proxy) false; }; - # Trustedcoin does not honor the clightning's proxy configuration. - # Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19 - systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) { - HTTPS_PROXY = "socks5://${config.services.clightning.proxy}"; + systemd.services.clightning.environment = mkIf (cfg.tor.proxy) { + HTTPS_PROXY = let + clnProxy = config.services.clightning.proxy; + proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort; + in + "socks5://${proxy}"; }; }; } From 6de5029c498124778c08632dc3a70b4c1a6da55d Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 25 Jun 2023 11:08:57 +0200 Subject: [PATCH 08/11] tests/trustedcoin: refactor - No need to wait for bitcoind: clightning being active implies that bitcoind is active. - Remove redundant log checks --- test/tests.nix | 3 +-- test/tests.py | 5 ----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/test/tests.nix b/test/tests.nix index f220e88..5d26c7d 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -39,6 +39,7 @@ let tests.clightning = cfg.clightning.enable; test.data.clightning-replication = cfg.clightning.replication.enable; + tests.trustedcoin = cfg.clightning.plugins.trustedcoin.enable; # TODO-EXTERNAL: # When WAN is disabled, DNS bootstrapping slows down service startup by ~15 s. @@ -317,9 +318,7 @@ let services.bitcoind.prune = 1000; }; - # Test the special clightning setup where trustedcoin plugin is used trustedcoin = { - tests.trustedcoin = true; services.clightning = { enable = true; plugins.trustedcoin.enable = true; diff --git a/test/tests.py b/test/tests.py index a97da3f..64ef7eb 100644 --- a/test/tests.py +++ b/test/tests.py @@ -429,13 +429,8 @@ def _(): @test("trustedcoin") def _(): - machine.wait_for_unit("bitcoind") machine.wait_for_unit("clightning") - - # Let's check the trustedcoin plugin was correctly initialized - machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+initialized plugin")) machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working")) - machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+tip: 0")) machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+estimatefees error: none of the esploras returned usable responses")) From aa418869b394c1d4f9bb4b826aca957553e37cdf Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Aug 2023 17:16:06 +0200 Subject: [PATCH 09/11] tests/trustedcoin: extract fn --- test/tests.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/test/tests.py b/test/tests.py index 64ef7eb..1f1ab09 100644 --- a/test/tests.py +++ b/test/tests.py @@ -429,10 +429,12 @@ def _(): @test("trustedcoin") def _(): - machine.wait_for_unit("clightning") - machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working")) - machine.wait_until_succeeds(log_has_string("clightning", "plugin-trustedcoin[^^]\[0m\s+estimatefees error: none of the esploras returned usable responses")) + def expect_clightning_log(str): + machine.wait_until_succeeds(log_has_string("clightning", str)) + machine.wait_for_unit("clightning") + expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working") + expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+estimatefees error: none of the esploras returned usable responses") if "netns-isolation" in enabled_tests: def ip(name): From ac59f93e638261795fdf7977a8e518c455e4f70b Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Aug 2023 17:26:15 +0200 Subject: [PATCH 10/11] trustedcoin: add regtest support, reenable test --- pkgs/trustedcoin/default.nix | 14 ++++++++++++-- test/run-tests.sh | 6 +----- test/tests.nix | 2 ++ test/tests.py | 5 +++++ 4 files changed, 20 insertions(+), 7 deletions(-) diff --git a/pkgs/trustedcoin/default.nix b/pkgs/trustedcoin/default.nix index 47c93f6..1a3c27f 100644 --- a/pkgs/trustedcoin/default.nix +++ b/pkgs/trustedcoin/default.nix @@ -1,15 +1,25 @@ -{ lib, buildGoModule, fetchFromGitHub }: +{ lib, buildGoModule, fetchFromGitHub, fetchpatch }: buildGoModule rec { pname = "trustedcoin"; version = "0.6.1"; + src = fetchFromGitHub { owner = "nbd-wtf"; repo = pname; rev = "v${version}"; - sha256 = "sha256-UNQjxhAT0mK1In7vUtIoMoMNBV+0wkrwbDmm7m+0R3o="; + hash = "sha256-UNQjxhAT0mK1In7vUtIoMoMNBV+0wkrwbDmm7m+0R3o="; }; + patches = [ + # https://github.com/nbd-wtf/trustedcoin/pull/22 required for regtest + (fetchpatch { + name = "add-regtest-support"; + url = "https://github.com/nbd-wtf/trustedcoin/commit/aba05c55ccbfc50785328f556be8a5bd46e76beb.patch"; + hash = "sha256-24mYyXjUMVSlr9IlaqaTVAPE6bxxScNgR8Bb3x2t90Y="; + }) + ]; + vendorSha256 = "sha256-xvkK9rMQlXTnNyOMd79qxVSvhgPobcBk9cq4/YWbupY="; subPackages = [ "." ]; diff --git a/test/run-tests.sh b/test/run-tests.sh index 5a69daf..223c980 100755 --- a/test/run-tests.sh +++ b/test/run-tests.sh @@ -295,11 +295,7 @@ buildable=( clightning-replication lndPruned wireguard-lndconnect - - # TODO-EXTERNAL: - # Reenable when this has been fixed: - # https://github.com/nbd-wtf/trustedcoin/issues/21 - # trustedcoin + trustedcoin ) buildable() { buildTests buildable "$@"; } diff --git a/test/tests.nix b/test/tests.nix index 5d26c7d..a28232b 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -319,6 +319,8 @@ let }; trustedcoin = { + imports = [ scenarios.regtestBase ]; + services.clightning = { enable = true; plugins.trustedcoin.enable = true; diff --git a/test/tests.py b/test/tests.py index 1f1ab09..c799dfc 100644 --- a/test/tests.py +++ b/test/tests.py @@ -435,6 +435,11 @@ def _(): machine.wait_for_unit("clightning") expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+bitcoind RPC working") expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+estimatefees error: none of the esploras returned usable responses") + if "regtest" in enabled_tests: + num_blocks = test_data["num_blocks"] + expect_clightning_log(f"plugin-trustedcoin[^^]\[0m\s+tip: {num_blocks}") + expect_clightning_log("plugin-trustedcoin[^^]\[0m\s+returning block") + if "netns-isolation" in enabled_tests: def ip(name): From 4e8369705df76b1c3ecd945446a9593516bac6ab Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Aug 2023 17:12:24 +0200 Subject: [PATCH 11/11] dev: add trustedcoin --- dev/dev-features.sh | 9 +++++++++ dev/dev-scenarios.nix | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/dev/dev-features.sh b/dev/dev-features.sh index 67514eb..9fd7dcc 100644 --- a/dev/dev-features.sh +++ b/dev/dev-features.sh @@ -279,6 +279,15 @@ c curl 127.0.0.1:62601 nix run --inputs-from . nixpkgs#lynx -- --dump $ip:62601 c curl -s 127.0.0.1:62601 | grep -i "orders found" +#――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― +# trustedcoin +run-tests.sh -s trustedcoin-online container + +c systemctl start clightning +c journalctl -u clightning -f +# This should show log msgs like +# plugin-trustedcoin returning block 801409, 0000000000000000000482ddc4…, 1483968 bytes + #――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― # rtl # see ./topics/rtl.sh diff --git a/dev/dev-scenarios.nix b/dev/dev-scenarios.nix index 9091e65..37b1744 100644 --- a/dev/dev-scenarios.nix +++ b/dev/dev-scenarios.nix @@ -75,4 +75,23 @@ with lib; }; nix-bitcoin.nodeinfo.enable = true; }; + + trustedcoin-online = { + services.clightning = { + enable = true; + tor.proxy = true; + plugins.trustedcoin.enable = true; + plugins.trustedcoin.tor.proxy = false; + }; + + # Don't run clightning on startup. + # This breaks the follwing dependency cycle: + # clightning + # -> network (trustedcoin fails and exits clightning without network access) + # -> multi-user.target (NixOS containers only gain network access after multi-user.target has completed) + # -> clightning + systemd.services.clightning.wantedBy = mkForce []; + + test.container.enableWAN = true; + }; }