nix-files/hosts/by-name/servo/services/cryptocurrencies/clightning.nix

# clightning is an implementation of Bitcoin's Lightning Network.
# as such, this assumes that `services.bitcoin` is enabled.
# docs:
# - tor clightning config: <https://docs.corelightning.org/docs/tor>
# - `lightning-cli` and subcommands: <https://docs.corelightning.org/reference/lightning-cli>
#
# management/setup/use:
# - guide: <https://github.com/ElementsProject/lightning>
# - `sudo -u clightning -g clightning lightning-cli help`
#
# first, acquire peers:
# - `lightning-cli connect id@host`
#   where `id` is the node's pubkey, and `host` is perhaps an ip:port tuple, or a hash.onion:port tuple.
#   for testing, choose any node listed on <https://1ml.com>
# - `lightning-cli listpeers`
#   should show the new peer, with `connected: true`
#
# then, fund the clightning wallet
# - `lightning-cli newaddr`
#
# then, open channels
# - `lightning-cli connect ...`
# - `lightning-cli fundchannel <node_id> <amount_in_satoshis>`
#
# who to federate with?
# - a lot of the larger nodes allow hands-free channel creation
#   - either inbound or outbound, sometimes paid
# - find nodes on:
#   - <https://terminal.lightning.engineering/>
#   - <https://1ml.com>
#     - tor nodes: <https://1ml.com/node?order=capacity&iponionservice=true>
#   - <https://mempool.space/lightning>
#   - <https://amboss.space>
# - a few tor-capable nodes which allow channel creation:
#   - <https://c-otto.de/>
#   - <https://cyberdyne.sh/>
#   - <https://yalls.org/about/>
#   - <https://coincept.com/>
# - more resources: <https://www.lopp.net/lightning-information.html>
#   - node routability: https://hashxp.org/lightning/node/<id>
#
# tune payment parameters
# - `lightning-cli setchannel id [feebase] [feeppm] [htlcmin] [htlcmax] [enforcedelay] [ignorefeelimits]`
#   - e.g. `lightning-cli setchannel all 0 10`
#   - it's suggested that feebase=0 simplifies routing.
#
# teardown:
# - `lightning-cli withdraw <bc1... dest addr> <amount in satoshis> [feerate]`
#
# sanity:
# - `lightning-cli listfunds`
#
# to receive a payment (do as `clightning` user):
# - `lightning-cli invoice <amount in millisatoshi> <label> <description>`
#   - then give the resulting bolt11 URI to the payer
# to send a payment:
# - `lightning-cli pay <bolt11 URI>`
#   - or `lightning-cli pay <bolt11 URI> [amount_msat] [label] [riskfactor] [maxfeepercent] ...`
#   - amount_msat must be "null" if the bolt11 URI specifies a value
#   - riskfactor defaults to 10
#   - maxfeepercent defaults to 0.5
#   - label is a human-friendly label for my records

{ config, ... }:
{
  sane.persist.sys.byStore.ext = [
    { user = "clightning"; group = "clightning"; mode = "0700"; path = "/var/lib/clightning"; }
  ];

  # see bitcoin.nix for how to generate this
  services.bitcoind.mainnet.rpc.users.clightning.passwordHMAC =
    "befcb82d9821049164db5217beb85439$2c31ac7db3124612e43893ae13b9527dbe464ab2d992e814602e7cb07dc28985";

  sane.services.clightning.enable = true;
  sane.services.clightning.proxy = "127.0.0.1:9050";  # proxy outgoing traffic through tor
  # sane.services.clightning.publicAddress = "statictor:127.0.0.1:9051";
  sane.services.clightning.getPublicAddressCmd = "cat /var/lib/tor/onion/clightning/hostname";

  services.tor.relay.onionServices.clightning = {
    version = 3;
    map = [{
      # by default tor will route public tor port P to 127.0.0.1:P.
      # so if this port is the same as clightning would natively use, then no further config is needed here.
      # see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>
      port = 9735;
      # target.port; target.addr;  #< set if tor port != clightning port
    }];
    # allow "tor" group (i.e. clightning) to read /var/lib/tor/onion/clightning/hostname
    settings.HiddenServiceDirGroupReadable = true;
  };

  # must be in "tor" group to read /var/lib/tor/onion/*/hostname
  users.users.clightning.extraGroups = [ "tor" ];

  systemd.services.clightning.after = [ "tor.service" ];

  # lightning-config contains fields from here:
  # - <https://docs.corelightning.org/docs/configuration>
  # - bitcoin-rpcpassword
  # - alias=nodename
  # - rgb=rrggbb
  sane.services.clightning.extraConfigFiles = [ config.sops.secrets."lightning-config".path ];
  sops.secrets."lightning-config" = {
    mode = "0600";
    owner = "clightning";
    group = "clightning";
  };

  sane.programs.clightning.enableFor.user.colin = true;  # for debugging/admin: `lightning-cli`
}
servo: clightning: integrate, but do not enable 2024-01-02 18:31:04 +00:00			`# clightning is an implementation of Bitcoin's Lightning Network.`
			# as such, this assumes that `services.bitcoin` is enabled.
clightning: integrate with tor 2024-01-03 18:29:16 +00:00			`# docs:`
			`# - tor clightning config: <https://docs.corelightning.org/docs/tor>`
servo: clightning: docs 2024-01-05 22:09:32 +00:00			# - `lightning-cli` and subcommands: <https://docs.corelightning.org/reference/lightning-cli>
servo: enable clightning 2024-01-03 13:56:42 +00:00			`#`
			`# management/setup/use:`
			`# - guide: <https://github.com/ElementsProject/lightning>`
			# - `sudo -u clightning -g clightning lightning-cli help`
clightning: integrate with tor 2024-01-03 18:29:16 +00:00			`#`
			`# first, acquire peers:`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			# - `lightning-cli connect id@host`
			# where `id` is the node's pubkey, and `host` is perhaps an ip:port tuple, or a hash.onion:port tuple.
			`# for testing, choose any node listed on <https://1ml.com>`
clightning: integrate with tor 2024-01-03 18:29:16 +00:00			# - `lightning-cli listpeers`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			# should show the new peer, with `connected: true`
			`#`
servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			`# then, fund the clightning wallet`
			# - `lightning-cli newaddr`
			`#`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			`# then, open channels`
servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			# - `lightning-cli connect ...`
			# - `lightning-cli fundchannel <node_id> <amount_in_satoshis>`
			`#`
			`# who to federate with?`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			`# - a lot of the larger nodes allow hands-free channel creation`
			`# - either inbound or outbound, sometimes paid`
			`# - find nodes on:`
servo: clightning: docs 2024-01-05 22:09:32 +00:00			`# - <https://terminal.lightning.engineering/>`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			`# - <https://1ml.com>`
servo: clightning: docs 2024-01-05 22:09:32 +00:00			`# - tor nodes: <https://1ml.com/node?order=capacity&iponionservice=true>`
servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			`# - <https://mempool.space/lightning>`
			`# - <https://amboss.space>`
clightning: document some places to find nodes for channels 2024-01-04 06:08:32 +00:00			`# - a few tor-capable nodes which allow channel creation:`
			`# - <https://c-otto.de/>`
			`# - <https://cyberdyne.sh/>`
			`# - <https://yalls.org/about/>`
			`# - <https://coincept.com/>`
servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			`# - more resources: <https://www.lopp.net/lightning-information.html>`
servo: clightning: docs 2024-01-05 22:09:32 +00:00			`# - node routability: https://hashxp.org/lightning/node/<id>`
			`#`
			`# tune payment parameters`
			# - `lightning-cli setchannel id [feebase] [feeppm] [htlcmin] [htlcmax] [enforcedelay] [ignorefeelimits]`
			# - e.g. `lightning-cli setchannel all 0 10`
			`# - it's suggested that feebase=0 simplifies routing.`
servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			`#`
			`# teardown:`
			# - `lightning-cli withdraw <bc1... dest addr> <amount in satoshis> [feerate]`
clightning: integrate with tor 2024-01-03 18:29:16 +00:00			`#`
			`# sanity:`
servo: enable clightning 2024-01-03 13:56:42 +00:00			# - `lightning-cli listfunds`
			`#`
			# to receive a payment (do as `clightning` user):
			# - `lightning-cli invoice <amount in millisatoshi> <label> <description>`
			`# - then give the resulting bolt11 URI to the payer`
			`# to send a payment:`
			# - `lightning-cli pay <bolt11 URI>`
servo: clightning: docs 2024-01-05 22:09:32 +00:00			# - or `lightning-cli pay <bolt11 URI> [amount_msat] [label] [riskfactor] [maxfeepercent] ...`
			`# - amount_msat must be "null" if the bolt11 URI specifies a value`
			`# - riskfactor defaults to 10`
			`# - maxfeepercent defaults to 0.5`
			`# - label is a human-friendly label for my records`
servo: clightning: integrate, but do not enable 2024-01-02 18:31:04 +00:00
			`{ config, ... }:`
			`{`
			`sane.persist.sys.byStore.ext = [`
servo: enable clightning 2024-01-03 13:56:42 +00:00			`{ user = "clightning"; group = "clightning"; mode = "0700"; path = "/var/lib/clightning"; }`
servo: clightning: integrate, but do not enable 2024-01-02 18:31:04 +00:00			`];`

			`# see bitcoin.nix for how to generate this`
			`services.bitcoind.mainnet.rpc.users.clightning.passwordHMAC =`
			`"befcb82d9821049164db5217beb85439$2c31ac7db3124612e43893ae13b9527dbe464ab2d992e814602e7cb07dc28985";`

servo: enable clightning 2024-01-03 13:56:42 +00:00			`sane.services.clightning.enable = true;`
clightning: integrate with tor 2024-01-03 18:29:16 +00:00			`sane.services.clightning.proxy = "127.0.0.1:9050"; # proxy outgoing traffic through tor`
			`# sane.services.clightning.publicAddress = "statictor:127.0.0.1:9051";`
			`sane.services.clightning.getPublicAddressCmd = "cat /var/lib/tor/onion/clightning/hostname";`

			`services.tor.relay.onionServices.clightning = {`
			`version = 3;`
			`map = [{`
			`# by default tor will route public tor port P to 127.0.0.1:P.`
			`# so if this port is the same as clightning would natively use, then no further config is needed here.`
			`# see: <https://2019.www.torproject.org/docs/tor-manual.html.en#HiddenServicePort>`
			`port = 9735;`
			`# target.port; target.addr; #< set if tor port != clightning port`
			`}];`
			`# allow "tor" group (i.e. clightning) to read /var/lib/tor/onion/clightning/hostname`
			`settings.HiddenServiceDirGroupReadable = true;`
			`};`

			`# must be in "tor" group to read /var/lib/tor/onion/*/hostname`
			`users.users.clightning.extraGroups = [ "tor" ];`

			`systemd.services.clightning.after = [ "tor.service" ];`

servo: clightning: node personalization and docs 2024-01-04 21:55:13 +00:00			`# lightning-config contains fields from here:`
			`# - <https://docs.corelightning.org/docs/configuration>`
			`# - bitcoin-rpcpassword`
			`# - alias=nodename`
			`# - rgb=rrggbb`
servo: enable clightning 2024-01-03 13:56:42 +00:00			`sane.services.clightning.extraConfigFiles = [ config.sops.secrets."lightning-config".path ];`
servo: clightning: integrate, but do not enable 2024-01-02 18:31:04 +00:00			`sops.secrets."lightning-config" = {`
			`mode = "0600";`
			`owner = "clightning";`
			`group = "clightning";`
			`};`
servo: enable clightning 2024-01-03 13:56:42 +00:00
bitcoind: host behind tor 2024-01-04 16:20:28 +00:00			sane.programs.clightning.enableFor.user.colin = true; # for debugging/admin: `lightning-cli`
servo: clightning: integrate, but do not enable 2024-01-02 18:31:04 +00:00			`}`