colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

servo: cryptocurrencies: get clightning back into a state where i can see its working

Browse Source
This commit is contained in:
Colin
2024-07-28 21:44:36 +00:00
parent 666744bda3
commit dc2d46b9c0
4 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hosts/by-name/servo/services/cryptocurrencies/bitcoin.nix
View File

@@ -20,6 +20,7 @@ let
bitcoind = pkgs.bitcoind; bitcoind = pkgs.bitcoind;
# wrapper to run bitcoind with the tor onion address as externalip (computed at runtime) # wrapper to run bitcoind with the tor onion address as externalip (computed at runtime)
_bitcoindWithExternalIp = pkgs.writeShellScriptBin "bitcoind" '' _bitcoindWithExternalIp = pkgs.writeShellScriptBin "bitcoind" ''
set -xeu
externalip="$(cat /var/lib/tor/onion/bitcoind/hostname)" externalip="$(cat /var/lib/tor/onion/bitcoind/hostname)"
exec ${bitcoind}/bin/bitcoind "-externalip=$externalip" "$@" exec ${bitcoind}/bin/bitcoind "-externalip=$externalip" "$@"
''; '';
@@ -68,10 +69,21 @@ in
# proxy all outbound traffic through Tor # proxy all outbound traffic through Tor
proxy=127.0.0.1:9050 proxy=127.0.0.1:9050
''; '';
extraCmdlineOptions = [
# "--debug"
# "--debug=estimatefee"
# "--debug=http"
# "--debug=net"
"--debug=proxy"
"--debug=rpc"
# "--debug=validation"
];
}; };
users.users.bitcoind-mainnet.extraGroups = [ "tor" ]; users.users.bitcoind-mainnet.extraGroups = [ "tor" ];
systemd.services.bitcoind-mainnet.after = [ "tor.service" ];
systemd.services.bitcoind-mainnet.requires = [ "tor.service" ];
systemd.services.bitcoind-mainnet.serviceConfig.RestartSec = "30s"; #< default is 0 systemd.services.bitcoind-mainnet.serviceConfig.RestartSec = "30s"; #< default is 0
sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path; sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path;

7
hosts/by-name/servo/services/cryptocurrencies/clightning.nix
View File

@@ -106,6 +106,7 @@
users.users.clightning.extraGroups = [ "tor" ]; users.users.clightning.extraGroups = [ "tor" ];
systemd.services.clightning.after = [ "tor.service" ]; systemd.services.clightning.after = [ "tor.service" ];
systemd.services.clightning.requires = [ "tor.service" ];
# lightning-config contains fields from here: # lightning-config contains fields from here:
# - <https://docs.corelightning.org/docs/configuration> # - <https://docs.corelightning.org/docs/configuration>
@@ -118,13 +119,15 @@
# - feature configs (i.e. experimental-xyz options) # - feature configs (i.e. experimental-xyz options)
sane.services.clightning.extraConfig = '' sane.services.clightning.extraConfig = ''
# log levels: "io", "debug", "info", "unusual", "broken" # log levels: "io", "debug", "info", "unusual", "broken"
log-level=info:lightningd log-level=info
# log-level=info:lightningd
# log-level=debug:lightningd # log-level=debug:lightningd
# log-level=debug
# peerswap: # peerswap:
# - config example: <https://github.com/fort-nix/nix-bitcoin/pull/462/files#diff-b357d832705b8ce8df1f41934d613f79adb77c4cd5cd9e9eb12a163fca3e16c6> # - config example: <https://github.com/fort-nix/nix-bitcoin/pull/462/files#diff-b357d832705b8ce8df1f41934d613f79adb77c4cd5cd9e9eb12a163fca3e16c6>
# XXX: peerswap crashes clightning on launch. stacktrace is useless. # XXX: peerswap crashes clightning on launch. stacktrace is useless.
# plugin=${pkgs.peerswap}/bin/peerswap # plugin={pkgs.peerswap}/bin/peerswap
# peerswap-db-path=/var/lib/clightning/peerswap/swaps # peerswap-db-path=/var/lib/clightning/peerswap/swaps
# peerswap-policy-path=... # peerswap-policy-path=...
''; '';

6
hosts/by-name/servo/services/cryptocurrencies/tor.nix
View File

@@ -1,9 +1,9 @@
# tor settings: <https://2019.www.torproject.org/docs/tor-manual.html.en> # tor settings: <https://2019.www.torproject.org/docs/tor-manual.html.en>
{ lib, ... }: { lib, ... }:
{ {
# tor hidden service hostnames aren't deterministic, so persist. sane.persist.sys.byStore.ephemeral = [
# might be able to get away with just persisting /var/lib/tor/onion, not sure. # N.B.: tor hidden service hostnames aren't deterministic, so if you need them
sane.persist.sys.byStore.private = [ # to be preserved across reboots then persist /var/lib/tor/onion in "private" store.
{ user = "tor"; group = "tor"; mode = "0710"; path = "/var/lib/tor"; method = "bind"; } { user = "tor"; group = "tor"; mode = "0710"; path = "/var/lib/tor"; method = "bind"; }
]; ];

11
modules/services/clightning.nix
View File

@@ -149,20 +149,23 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.clightning = { systemd.services.clightning = {
path = [ bitcoind.package ]; path = [ bitcoind.package ]; #< TODO: maybe need only `sane.programs.bitcoin-cli.package` (sandboxed) ?
# note the wantedBy bitcoind: this should make it so that a bitcoind restart causes clightning to also restart (instead of to only stop) # note the wantedBy bitcoind: this should make it so that a bitcoind restart causes clightning to also restart (instead of to only stop)
wantedBy = [ "bitcoind-${cfg.bitcoindName}.service" "multi-user.target" ]; wantedBy = [ "bitcoind-${cfg.bitcoindName}.service" "multi-user.target" ];
requires = [ "bitcoind-${cfg.bitcoindName}.service" ]; requires = [ "bitcoind-${cfg.bitcoindName}.service" ];
after = [ "bitcoind-${cfg.bitcoindName}.service" ]; after = [ "bitcoind-${cfg.bitcoindName}.service" ];
serviceConfig = { serviceConfig = {
# TODO: hardening
ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}"; ExecStart = "${cfg.package}/bin/lightningd --lightning-dir=${cfg.dataDir}";
User = cfg.user; User = cfg.user;
Restart = "on-failure"; Restart = "always";
RestartSec = "30s"; RestartSec = "30s";
ReadWritePaths = [ cfg.dataDir ]; ReadWritePaths = [
cfg.dataDir
"/var/lib/bitcoind-${cfg.bitcoindName}" #< TODO: can this be ReadOnlyPaths?
];
TimeoutStartSec = "360s"; #< give some chance in case bitcoind needs to sync
# hardening # hardening
LockPersonality = true; LockPersonality = true;