rename lndconnect-onion.nix -> lndconnect.nix

2023-01-22 16:18:02 +01:00
parent 907cfe4f4c
commit b4bc621b8c
2 changed files with 1 additions and 1 deletions
--- a/modules/lndconnect.nix
+++ b/modules/lndconnect.nix
@@ -0,0 +1,126 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  options = {
+    services.lnd.lndconnectOnion.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = mdDoc ''
+        Create an onion service for the lnd REST server.
+        Add a `lndconnect-onion` binary to the system environment.
+        See: https://github.com/LN-Zap/lndconnect
+
+        Usage:
+        ```bash
+          # Print QR code
+          lndconnect-onion
+
+          # Print URL
+          lndconnect-onion --url
+        ```
+      '';
+    };
+
+    services.clightning-rest.lndconnectOnion.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = mdDoc ''
+        Create an onion service for clightning-rest.
+        Add a `lndconnect-onion-clightning` binary to the system environment.
+        See: https://github.com/LN-Zap/lndconnect
+
+        Usage:
+        ```bash
+          # Print QR code
+          lndconnect-onion-clightning
+
+          # Print URL
+          lndconnect-onion-clightning --url
+        ```
+      '';
+    };
+  };
+
+  nbLib = config.nix-bitcoin.lib;
+  runAsUser = config.nix-bitcoin.runAsUserCmd;
+
+  inherit (config.services)
+    lnd
+    clightning
+    clightning-rest;
+
+  mkLndconnect = {
+    name,
+    shebang ? "#!${pkgs.stdenv.shell} -e",
+    onionService,
+    port,
+    certPath,
+    macaroonPath
+  }:
+  # TODO-EXTERNAL:
+  # lndconnect requires a --configfile argument, although it's unused
+  # https://github.com/LN-Zap/lndconnect/issues/25
+  pkgs.writeScriptBin name ''
+    ${shebang}
+    exec ${config.nix-bitcoin.pkgs.lndconnect}/bin/lndconnect \
+     --host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService}) \
+     --port=${toString port} \
+     --tlscertpath='${certPath}' \
+     --adminmacaroonpath='${macaroonPath}' \
+     --configfile=/dev/null "$@"
+  '';
+
+  operatorName = config.nix-bitcoin.operator.name;
+in {
+  inherit options;
+
+  config = mkMerge [
+    (mkIf (lnd.enable && lnd.lndconnectOnion.enable) {
+      services.tor = {
+        enable = true;
+        relay.onionServices.lnd-rest = nbLib.mkOnionService {
+          target.addr = nbLib.address lnd.restAddress;
+          target.port = lnd.restPort;
+          port = lnd.restPort;
+        };
+      };
+      nix-bitcoin.onionAddresses.access.${lnd.user} = [ "lnd-rest" ];
+
+      environment.systemPackages = [(
+        mkLndconnect {
+          name = "lndconnect-onion";
+          # Run as lnd user because the macaroon and cert are not group-readable
+          shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
+          onionService = "${lnd.user}/lnd-rest";
+          port = lnd.restPort;
+          certPath = lnd.certPath;
+          macaroonPath = "${lnd.networkDir}/admin.macaroon";
+        }
+      )];
+    })
+
+    (mkIf (clightning-rest.enable && clightning-rest.lndconnectOnion.enable) {
+      services.tor = {
+        enable = true;
+        relay.onionServices.clightning-rest = nbLib.mkOnionService {
+          target.addr = nbLib.address clightning-rest.address;
+          target.port = clightning-rest.port;
+          port = clightning-rest.port;
+        };
+      };
+      # This also allows nodeinfo to show the clightning-rest onion address
+      nix-bitcoin.onionAddresses.access.${operatorName} = [ "clightning-rest" ];
+
+      environment.systemPackages = [(
+        mkLndconnect {
+          name = "lndconnect-onion-clightning";
+          onionService = "${operatorName}/clightning-rest";
+          port = clightning-rest.port;
+          certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
+          macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
+        }
+      )];
+    })
+  ];
+}