colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: clightning: integrate, but do not enable

Browse Source
This commit is contained in:
Colin
2024-01-02 18:31:04 +00:00
parent d8f4158bc6
commit 3e52956a3a
4 changed files with 57 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
hosts/by-name/servo/services/cryptocurrencies/clightning.nix Normal file
View File

@@ -0,0 +1,22 @@
# clightning is an implementation of Bitcoin's Lightning Network.
# as such, this assumes that `services.bitcoin` is enabled.
{ config, ... }:
{
sane.persist.sys.byStore.ext = [
{ user = "clightning"; group = "clightning"; path = "/var/lib/clightning"; }
];
# see bitcoin.nix for how to generate this
services.bitcoind.mainnet.rpc.users.clightning.passwordHMAC =
"befcb82d9821049164db5217beb85439$2c31ac7db3124612e43893ae13b9527dbe464ab2d992e814602e7cb07dc28985";
# sane.services.clightning.enable = true;
sane.services.clightning.extraConfigFiles = config.sops.secrets."lightning-config";
sops.secrets."lightning-config" = {
mode = "0600";
owner = "clightning";
group = "clightning";
};
sane.services.clightning.proxy = "TODO";
}

1
hosts/by-name/servo/services/cryptocurrencies/default.nix
View File

@@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./bitcoin.nix ./bitcoin.nix
./clightning.nix
./monero.nix ./monero.nix
]; ];
} }

3
modules/services/clightning.nix
View File

@@ -34,7 +34,7 @@ in
enable = mkEnableOption "clightning, a Lightning Network implementation in C"; enable = mkEnableOption "clightning, a Lightning Network implementation in C";
package = mkPackageOption pkgs "clightning" { }; package = mkPackageOption pkgs "clightning" { };
bitcoindName = mkOption { bitcoindName = mkOption {
type = str; type = types.str;
default = "mainnet"; default = "mainnet";
description = '' description = ''
name of bitcoind config to attach to. name of bitcoind config to attach to.
@@ -125,6 +125,7 @@ in
after = [ "bitcoind-${cfg.bitcoindName}.service" ]; after = [ "bitcoind-${cfg.bitcoindName}.service" ];
serviceConfig = { serviceConfig = {
# TODO: hardening
ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}"; ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}";
User = cfg.user; User = cfg.user;
Restart = "on-failure"; Restart = "on-failure";

32
secrets/servo/lightning-config.bin Normal file
View File

@@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:q5byWGXbW0hl/UnAoq5bbM0WRYMGwq/bVFE85kdoAjy3Ef+ONt6TuFe62z2SJzf+gvaPFj5ArcdWViJXSw8FYw==,iv:8RTiIuceL0zqjV6dk1r7j+FvzyWrD1AJOnIU1Z3V6sw=,tag:cSEQUO5DLfYaWO4GWF5slw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMZXJ3THRvNzZIMENBQUNI\nRVEzdFZoMEYwWUx5TjhhWVJ5ampJbXdaV1NBCjV4aWJuOCtUVGRHdFlEbVVJSVlX\nVDQ4QUpyU1dJa3UwZVVRQkVSYk9Xek0KLS0tIGd1cFoyZDJoRXhpeTBIMmo1ZDlB\ndzJWT2MzOVQxc1BOZDU1UDlvN0dFNVUKoSwT/LfaSqkQRedWfiTfKietxvUUjg8I\ngT0o2MHWIWhfxWsChKeprmj7l0o8L4rgegXJ9Tr58w0Koe5YzWhNhg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVmlpaXhjbDZhTHVvZ2dw\nSXdIaEovejJoWisxZUZacjFhUHlaWlMxOVdJCjRIeHFRZXJwZEpJWnBMOXRTenMx\nNGY1TTlNVFBXdVNMVVk0SmMxK2NCUVEKLS0tIDkwdjBwZU13WXpiZWFnTkFXY2Rp\naGdOUnRtZjBvWm42Rkgzd200Vm1xYzgKgVxpJnLin0jvGh+BV0zldo3zKM8KJ5Ee\nupxmVyFWgEH4vyZdN0aJh3N9T1huG4Zrd7p+1yoxN0zX3xbL3aU3Hw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCV2U2cDlwMzNUZ0JlVUE2\naWM0aTlJeXFnN2tDaHUvTzQyOGhOb21JSlRZClZBd0lsTmFuT1M1N1AxNm5DK2NC\nVGFiTGVjT0E0L2wxVktkdXR4NUc2R2MKLS0tIEdWeUI3REI5ekhYTXROUmRITkpw\ndFE4QTVzdWtzMlZWNFdZMWo0WlZuOVEKuooLzZZ2gnlPaYTo3kDaDUcR+a2hFO0c\nkzoctqU1qPiXUJi/6u1OQAglNZ0SXgiNMy8e02iA8Xc/oL+IDVTQUw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2RGJJNlNUQTIzY0FyRVFY\nSm1zRmtpa20zaXRzZDIwR0FpK3VoT3FpL1ZZCnYrcEVZUHpVQnJmZ2d2WGdYdHNE\nQW0wOUlYeHpMRVo1TGdTRENITExxdncKLS0tIHFuMHIwNjdpVitSTEtsWkNiNjVH\nbGVRK1Racm93RVVnMkI1RThLS3Y3SGcKJVFfcTLMPu2GjkQhGm9gSS7eqzzAVW4e\nLoMh52PZog2/1NrT3KKEqxQ1/XyRcqv1T1oU/xvV6EE9+nj2LEuWog==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-01-02T18:22:52Z",
"mac": "ENC[AES256_GCM,data:mbnyvMMJgiDTsUTIlIbsyYHB90e3ItLkDs090YukiMzWLD2q1F2u0IfzFaZp+Dn9KMYGd1MD8eRVdT8CtyfdduS5R6C++FAT7Fa7TrFrp921bbJgmdjvsKdcV77eriqoUp2fLghAjaiLJrxJcvDDJTzcPvq5QTCHpCHKfA8enPI=,iv:iHJJL7OE0PzP1ju+gXJyCfaFDZgmWPKwuyNkTYwS4qU=,tag:wXL4JOuBoTecgWlHfcdXtA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}