define (but dont activate) a clighting bitcoin service
This commit is contained in:
parent
6471524f4a
commit
28d0a72c62
161
modules/services/clightning.nix
Normal file
161
modules/services/clightning.nix
Normal file
|
@ -0,0 +1,161 @@
|
|||
# clightning: Bitcoin Lightning Network daemon
|
||||
#
|
||||
# module is based on nix-bitcoin: <https://github.com/fort-nix/nix-bitcoin/blob/master/modules/clightning.nix>
|
||||
#
|
||||
# reasons to prefer this module over nix-bitcoin's include:
|
||||
# - compatible with nixpkgs' bitcoind service
|
||||
# - more self-contained
|
||||
# - doesn't pull in an entire nix secrets management implementation
|
||||
# although that can be disabled with `nix-bitcoin.secretsSetupMethod = "manual"`
|
||||
#
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
cfg = config.sane.services.clightning;
|
||||
bitcoind = config.services.bitcoind."${cfg.bitcoindName}";
|
||||
# clightning config docs: <https://github.com/ElementsProject/lightning/blob/master/doc/lightningd-config.5.md>
|
||||
configFile = pkgs.writeText "config" ''
|
||||
network=bitcoin
|
||||
bitcoin-datadir=${bitcoind.dataDir}
|
||||
${lib.optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
||||
always-use-proxy=${lib.boolToString cfg.always-use-proxy}
|
||||
bind-addr=${cfg.address}:${toString cfg.port}
|
||||
bitcoin-rpcconnect=127.0.0.1
|
||||
bitcoin-rpcport=8332
|
||||
bitcoin-rpcuser=${cfg.user}
|
||||
rpc-file-mode=0660
|
||||
log-timestamps=false
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
in
|
||||
{
|
||||
options = with lib; {
|
||||
sane.services.clightning = {
|
||||
enable = mkEnableOption "clightning, a Lightning Network implementation in C";
|
||||
package = mkPackageOption pkgs "clightning" { };
|
||||
bitcoindName = mkOption {
|
||||
type = str;
|
||||
default = "mainnet";
|
||||
description = ''
|
||||
name of bitcoind config to attach to.
|
||||
for example if you configured `services.bitcoind.mainnet`, then specify "mainnet" here.
|
||||
'';
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "clightning";
|
||||
description = mdDoc "The user as which to run clightning.";
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.user;
|
||||
description = mdDoc "The group as which to run clightning.";
|
||||
};
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/clightning";
|
||||
description = mdDoc "The data directory for clightning.";
|
||||
};
|
||||
networkDir = mkOption {
|
||||
type = types.path;
|
||||
default = "${cfg.dataDir}/bitcoin";
|
||||
description = mdDoc "The network data directory.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for peer connections.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 9735;
|
||||
description = mdDoc "Port to listen for peer connections.";
|
||||
};
|
||||
proxy = mkOption {
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = mdDoc ''
|
||||
Socks proxy for connecting to Tor nodes (or for all connections if option always-use-proxy is set).
|
||||
'';
|
||||
};
|
||||
always-use-proxy = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.proxy != null;
|
||||
description = mdDoc ''
|
||||
Always use the proxy, even to connect to normal IP addresses.
|
||||
You can still connect to Unix domain sockets manually.
|
||||
This also disables all DNS lookups, to avoid leaking address information.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
example = ''
|
||||
alias=mynode
|
||||
'';
|
||||
description = mdDoc ''
|
||||
Extra lines appended to the configuration file.
|
||||
|
||||
See all available options at
|
||||
https://github.com/ElementsProject/lightning/blob/master/doc/lightningd-config.5.md
|
||||
or by running {command}`lightningd --help`.
|
||||
'';
|
||||
};
|
||||
extraConfigFiles = mkOption {
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = ''
|
||||
extra files to populate the config from at runtime.
|
||||
useful if you need to pass config you wish to keep outside the nix store, such as secrets.
|
||||
|
||||
you should probably populate this with a file that defines
|
||||
bitcoin-rpcpassword=MY_HASHED_RPCAUTH_PASSWORD
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.services.clightning = {
|
||||
path = [ bitcoind.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind-${cfg.bitcoindName}.service" ];
|
||||
after = [ "bitcoind-${cfg.bitcoindName}.service" ];
|
||||
|
||||
serviceConfig = {
|
||||
ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}";
|
||||
User = cfg.user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "30s";
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
# Remove an existing socket so that `postStart` can detect when a new
|
||||
# socket has been created and clightning is ready to accept RPC connections.
|
||||
# This will no longer be needed when clightning supports systemd startup notifications.
|
||||
rm -f ${cfg.networkDir}/lightning-rpc
|
||||
|
||||
umask u=rw,g=r,o=
|
||||
cat ${configFile} ${lib.concatStringsSep " " cfg.extraConfigFiles} > ${cfg.dataDir}/config
|
||||
'';
|
||||
# Wait until the rpc socket appears
|
||||
postStart = ''
|
||||
while [[ ! -e ${cfg.networkDir}/lightning-rpc ]]; do
|
||||
sleep 0.1
|
||||
done
|
||||
# Needed to enable lightning-cli for users with group 'clightning'
|
||||
chmod g+x ${cfg.networkDir}
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
extraGroups = [ "bitcoind-${cfg.bitcoindName}" ];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
};
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./clightning.nix
|
||||
./dyn-dns.nix
|
||||
./eg25-control.nix
|
||||
./eg25-manager.nix
|
||||
|
|
Loading…
Reference in New Issue
Block a user