From 36638e80a38ed7b556ec890fa11635a3c5d29e5a Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Tue, 2 Jan 2024 18:11:46 +0000
Subject: [PATCH] bitcoin: add myself as an authenticated rpcuser

---
 hosts/by-name/servo/services/bitcoin.nix | 24 ++++++++++++++++--
 secrets/servo/bitcoin.conf.bin           | 32 ++++++++++++++++++++++++
 2 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 secrets/servo/bitcoin.conf.bin

diff --git a/hosts/by-name/servo/services/bitcoin.nix b/hosts/by-name/servo/services/bitcoin.nix
index c635345e..c6185f54 100644
--- a/hosts/by-name/servo/services/bitcoin.nix
+++ b/hosts/by-name/servo/services/bitcoin.nix
@@ -1,5 +1,16 @@
 # as of 2023/12/02: complete blockchain is 530 GiB (on-disk size may be larger)
-{ ... }:
+#
+# rpc setup:
+# - generate a password
+#   - use: <https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py>
+#     (rpcauth.py is not included in the `'.#bitcoin'` package result)
+#   - `wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py`
+#   - `python ./rpcauth.py colin`
+#   - copy the hash here. it's SHA-256, so safe to be public.
+#   - add "rpcuser=colin" and "rpcpassword=<output>" to secrets/servo/bitcoin.conf  (i.e. ~/.bitcoin/bitcoin.conf)
+#     - bitcoin.conf docs: <https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md>
+# - validate with `bitcoin-cli -netinfo`
+{ config, sane-lib, ... }:
 {
   sane.persist.sys.byStore.ext = [
     # /var/lib/monero/lmdb is what consumes most of the space
@@ -16,7 +27,16 @@
   services.bitcoind.mainnet = {
     enable = true;
     # TODO: set `rpc.users` to include my user
+    rpc.users.colin = {
+      # see docs at top of file for how to generate this
+      passwordHMAC = "30002c05d82daa210550e17a182db3f3$6071444151281e1aa8a2729f75e3e2d224e9d7cac3974810dab60e7c28ffaae4";
+    };
   };
 
-
+  sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path;
+  sops.secrets."bitcoin.conf" = {
+    mode = "0600";
+    owner = "colin";
+    group = "users";
+  };
 }
diff --git a/secrets/servo/bitcoin.conf.bin b/secrets/servo/bitcoin.conf.bin
new file mode 100644
index 00000000..dc5c00c1
--- /dev/null
+++ b/secrets/servo/bitcoin.conf.bin
@@ -0,0 +1,32 @@
+{
+	"data": "ENC[AES256_GCM,data:Bzz0jnUca1zVCu8D6dOvwVxptu65NsdcrTF9h3MGLx0V/QVppGTducNNhZBQIB6epbjZgUBHVwNZ14esFwuFvb4iBuXLtA==,iv:yJwGAtIUzceJ0n+cYxQhyLF8Xcd27itbSnFvQ8MZLa8=,tag:2pMxehMHnkIjINOcVBsmMw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOCtCQzg5V3hXQlNZT1lo\nWUxMT1VlUmVUZmd3blFLN1ZnV1BJZWRIaURvCmJ3ZzhvRGpjQldrTUpsMnY5TklI\nMGp2aThKY1duR2RzdTMyVXpibzB5WTgKLS0tIDd4b2NyTU9XcTF0VWdvVjZNdlZs\nT1VxZk9qOVIyN0lXVDNFSC84T0JKeGcKr1zdv6lha2iJRJKszz/HeAz7labzdMI7\n+zP/CjXf0/q2cQeZoxuuSsQwc8+3DRJBJwsB//wh5Uo16kKLnAiynQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNWx0eG83UHhET0Z2YWtM\nTm5BTTByUC9TT1UwSnQ0Y2c0VTVBMk5pSGlrCkc1cVR6MzZ3KzY1eU5sSXlXN0Vj\nQTFsemFMU0dFdk1qeFBXTTFwZndnN1EKLS0tIFVTTG9EdzFuNzdnMGNCb00rb0xy\nYXVsa3FQdG1qSjBTWmdQUHRhaDFocHcKeit4PvcXUHCHVniojD1on0Nkwf8kcW96\nrOeSfFs2A20GZB5KPbB3j8D+6csdY1lHqZuaVCWtpuheE74MQQSOaw==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOXJualdaNUpsYUVtU2ZM\nQnNjYkE3OTI2SWZZOGhwSHh6ODZSQjVZVEZjCnNpbjhVMlhsVWZnZVVkQmtsdmta\neURqNjZXZmtJQ0FIWVhydFovblVPZmMKLS0tIFpKVVBVQUtzR1RNVmE0dURGMVAw\nc0wxWHlmMjVVVEVsNmQrODR2OHczam8KrgIhu3Rhco0bgZA8TotzfGqnlio0L9G/\nvCJ/gP05o6zqaFqJV8Q7W5YdLwyI+ao9QnTn+QdTbM6HLImLPz9KBA==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdjhnSVg1eWhOK0toTmpR\nK3V6cGxnSWd0RFBUWjYrSysvdWcvbjhtZVdFCmxyUm1ISnBKMlMwM1pmZlZweUJz\nVE5HRGcxZUI1dTlZLzQ0L0JiWStwVmcKLS0tIGkwamRHZ2oxZ1dLV1B4ZW41Yk0y\ncTZHTTJGSDNEczRYYmZVdkxPTzVOc2MKI7lMn2a1XR6jvbH6P4bJS4FMFc0lBsxo\nzAO8oLcJpX+OxiiAB/tp2Jr3/7ik7KmxpF+EWHOuWT3z2D29A8ZLDw==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-01-02T18:10:48Z",
+		"mac": "ENC[AES256_GCM,data:F647PM6jSQ6BceuPt3KILW7goKtG4eHPUYj+qGQ9wp0aDQX7edx+HBh+E0jZQxALVrIyy/Ym9Muw5ChBZYPerkI3gpf3uAU0ek4+kj/LAWFG1Kc1cxpII+rQgM+GxO8ixpNw5yJZ1hnkTBrieBZNN1ThRA/irwVOUT6f3gK+ZyY=,iv:REcQw8EO8XgJuXo0u0M1IxEpGZjhiAULMlS/ncpgVCY=,tag:5e9sdVzHWLylUFV4Vj935A==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file