2024-01-02 18:31:04 +00:00
|
|
|
# clightning is an implementation of Bitcoin's Lightning Network.
|
|
|
|
# as such, this assumes that `services.bitcoin` is enabled.
|
2024-01-03 18:29:16 +00:00
|
|
|
# docs:
|
|
|
|
# - tor clightning config: <https://docs.corelightning.org/docs/tor>
|
2024-01-05 22:09:32 +00:00
|
|
|
# - `lightning-cli` and subcommands: <https://docs.corelightning.org/reference/lightning-cli>
|
2024-01-03 13:56:42 +00:00
|
|
|
#
|
|
|
|
# management/setup/use:
|
|
|
|
# - guide: <https://github.com/ElementsProject/lightning>
|
|
|
|
# - `sudo -u clightning -g clightning lightning-cli help`
|
2024-01-03 18:29:16 +00:00
|
|
|
#
|
|
|
|
# first, acquire peers:
|
2024-01-04 06:08:32 +00:00
|
|
|
# - `lightning-cli connect id@host`
|
|
|
|
# where `id` is the node's pubkey, and `host` is perhaps an ip:port tuple, or a hash.onion:port tuple.
|
|
|
|
# for testing, choose any node listed on <https://1ml.com>
|
2024-01-03 18:29:16 +00:00
|
|
|
# - `lightning-cli listpeers`
|
2024-01-04 06:08:32 +00:00
|
|
|
# should show the new peer, with `connected: true`
|
|
|
|
#
|
2024-01-04 21:55:13 +00:00
|
|
|
# then, fund the clightning wallet
|
|
|
|
# - `lightning-cli newaddr`
|
|
|
|
#
|
2024-01-04 06:08:32 +00:00
|
|
|
# then, open channels
|
2024-01-04 21:55:13 +00:00
|
|
|
# - `lightning-cli connect ...`
|
|
|
|
# - `lightning-cli fundchannel <node_id> <amount_in_satoshis>`
|
|
|
|
#
|
|
|
|
# who to federate with?
|
2024-01-04 06:08:32 +00:00
|
|
|
# - a lot of the larger nodes allow hands-free channel creation
|
|
|
|
# - either inbound or outbound, sometimes paid
|
|
|
|
# - find nodes on:
|
2024-01-05 22:09:32 +00:00
|
|
|
# - <https://terminal.lightning.engineering/>
|
2024-01-04 06:08:32 +00:00
|
|
|
# - <https://1ml.com>
|
2024-01-05 22:09:32 +00:00
|
|
|
# - tor nodes: <https://1ml.com/node?order=capacity&iponionservice=true>
|
2024-01-04 21:55:13 +00:00
|
|
|
# - <https://mempool.space/lightning>
|
|
|
|
# - <https://amboss.space>
|
2024-01-04 06:08:32 +00:00
|
|
|
# - a few tor-capable nodes which allow channel creation:
|
|
|
|
# - <https://c-otto.de/>
|
|
|
|
# - <https://cyberdyne.sh/>
|
|
|
|
# - <https://yalls.org/about/>
|
|
|
|
# - <https://coincept.com/>
|
2024-01-04 21:55:13 +00:00
|
|
|
# - more resources: <https://www.lopp.net/lightning-information.html>
|
2024-01-05 22:09:32 +00:00
|
|
|
# - node routability: https://hashxp.org/lightning/node/<id>
|
|
|
|
#
|
|
|
|
# tune payment parameters
|
|
|
|
# - `lightning-cli setchannel id [feebase] [feeppm] [htlcmin] [htlcmax] [enforcedelay] [ignorefeelimits]`
|
|
|
|
# - e.g. `lightning-cli setchannel all 0 10`
|
|
|
|
# - it's suggested that feebase=0 simplifies routing.
|
2024-01-04 21:55:13 +00:00
|
|
|
#
|
|
|
|
# teardown:
|
|
|
|
# - `lightning-cli withdraw <bc1... dest addr> <amount in satoshis> [feerate]`
|
2024-01-03 18:29:16 +00:00
|
|
|
#
|
|
|
|
# sanity:
|
2024-01-03 13:56:42 +00:00
|
|
|
# - `lightning-cli listfunds`
|
|
|
|
#
|
|
|
|
# to receive a payment (do as `clightning` user):
|
|
|
|
# - `lightning-cli invoice <amount in millisatoshi> <label> <description>`
|
|
|
|
# - then give the resulting bolt11 URI to the payer
|
|
|
|
# to send a payment:
|
|
|
|
# - `lightning-cli pay <bolt11 URI>`
|
2024-01-05 22:09:32 +00:00
|
|
|
# - or `lightning-cli pay <bolt11 URI> [amount_msat] [label] [riskfactor] [maxfeepercent] ...`
|
|
|
|
# - amount_msat must be "null" if the bolt11 URI specifies a value
|
|
|
|
# - riskfactor defaults to 10
|
|
|
|
# - maxfeepercent defaults to 0.5
|
|
|
|
# - label is a human-friendly label for my records
|
2024-01-02 18:31:04 +00:00
|
|
|
|
|
|
|
{ config, ... }:
|
|
|
|
{
|
|
|
|
sane.persist.sys.byStore.ext = [
|
2024-01-03 13:56:42 +00:00
|
|
|
{ user = "clightning"; group = "clightning"; mode = "0700"; path = "/var/lib/clightning"; }
|
2024-01-02 18:31:04 +00:00
|
|
|
];
|
|
|
|
|
|
|
|
# see bitcoin.nix for how to generate this
|
|
|
|
services.bitcoind.mainnet.rpc.users.clightning.passwordHMAC =
|
|
|
|
"befcb82d9821049164db5217beb85439$2c31ac7db3124612e43893ae13b9527dbe464ab2d992e814602e7cb07dc28985";
|
|
|
|
|
2024-01-03 13:56:42 +00:00
|
|
|
sane.services.clightning.enable = true;
|
2024-01-03 18:29:16 +00:00
|
|
|
sane.services.clightning.proxy = "127.0.0.1:9050"; # proxy outgoing traffic through tor
|
|
|
|
# sane.services.clightning.publicAddress = "statictor:127.0.0.1:9051";
|
|
|
|
sane.services.clightning.getPublicAddressCmd = "cat /var/lib/tor/onion/clightning/hostname";
|
|
|
|
|
|
|
|
services.tor.relay.onionServices.clightning = {
|
|
|
|
version = 3;
|
|
|
|
map = [{
|
|
|
|
# by default tor will route public tor port P to 127.0.0.1:P.
|
|
|
|
# so if this port is the same as clightning would natively use, then no further config is needed here.
|
|
|
|
# see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>
|
|
|
|
port = 9735;
|
|
|
|
# target.port; target.addr; #< set if tor port != clightning port
|
|
|
|
}];
|
|
|
|
# allow "tor" group (i.e. clightning) to read /var/lib/tor/onion/clightning/hostname
|
|
|
|
settings.HiddenServiceDirGroupReadable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
# must be in "tor" group to read /var/lib/tor/onion/*/hostname
|
|
|
|
users.users.clightning.extraGroups = [ "tor" ];
|
|
|
|
|
|
|
|
systemd.services.clightning.after = [ "tor.service" ];
|
|
|
|
|
2024-01-04 21:55:13 +00:00
|
|
|
# lightning-config contains fields from here:
|
|
|
|
# - <https://docs.corelightning.org/docs/configuration>
|
|
|
|
# - bitcoin-rpcpassword
|
|
|
|
# - alias=nodename
|
|
|
|
# - rgb=rrggbb
|
2024-01-03 13:56:42 +00:00
|
|
|
sane.services.clightning.extraConfigFiles = [ config.sops.secrets."lightning-config".path ];
|
2024-01-02 18:31:04 +00:00
|
|
|
sops.secrets."lightning-config" = {
|
|
|
|
mode = "0600";
|
|
|
|
owner = "clightning";
|
|
|
|
group = "clightning";
|
|
|
|
};
|
2024-01-03 13:56:42 +00:00
|
|
|
|
2024-01-04 16:20:28 +00:00
|
|
|
sane.programs.clightning.enableFor.user.colin = true; # for debugging/admin: `lightning-cli`
|
2024-01-02 18:31:04 +00:00
|
|
|
}
|