2021-11-26 14:13:40 +00:00
# Nodeinfo
2021-01-14 12:24:26 +00:00
Run `nodeinfo` to see onion addresses and local addresses for enabled services.
2019-04-10 10:49:59 +00:00
2021-11-26 14:13:41 +00:00
# Managing services
NixOS uses the [systemd ](https://wiki.archlinux.org/title/systemd ) service manager.
Usage:
```shell
# Show service status
systemctl status bitcoind
# Show the last 100 log messages
journalctl -u bitcoind -n 100
# Show all log messages since the last system boot
journalctl -b -u bitcoind
# These commands require root permissions
systemctl stop bitcoind
systemctl start bitcoind
systemctl restart bitcoind
# Show the service definition
systemctl cat bitcoind
# Show all service parameters
systemctl show bitcoind
```
2021-11-26 14:13:40 +00:00
# Connect to RTL
2021-11-08 11:37:58 +00:00
Normally you would connect to RTL via SSH tunneling with a command like this
```
ssh -L 3000:localhost:3000 root@bitcoin-node
```
Or like this, if you are using `netns-isolation`
```
ssh -L 3000:169.254.1.29:3000 root@bitcoin-node
```
Otherwise, you can access it via Tor Browser at `http://<onion-address>` .
You can find the `<onion-address>` with command `nodeinfo` .
2022-02-03 19:46:33 +00:00
The default password location is `$secretsDir/rtl-password` .
See: [Secrets dir ](./configuration.md#secrets-dir )
2021-11-08 11:37:58 +00:00
2022-05-05 19:56:19 +00:00
# Use LND or clightning with Zeus (smartphone wallet) via Tor
1. Install [Zeus ](https://zeusln.app )
2. Edit your `configuration.nix`
##### For lnd
Add the following config:
```
services.lnd.lndconnectOnion.enable = true;
```
##### For clightning
Add the following config:
```
services.clightning-rest = {
enable = true;
lndconnectOnion.enable = true;
};
```
3. Deploy your configuration
3. Run the following command on your node (as user `operator` ) to create a QR code
with address and authentication information:
##### For lnd
```
lndconnect-onion
```
##### For clightning
```
lndconnect-onion-clightning
```
4. Configure Zeus
- Add a new node
- Select `Scan lndconnect config` (at the bottom) and scan the QR code
- For clightning: Set `Node interface` to `c-lightning-REST`
- Click `Save node config`
- Start sending sats privately
### Additional lndconnect features
Create plain text URLs or QR code images:
```
lndconnect-onion --url
lndconnect-onion --image
``````
Create a QR code for a custom hostname:
```
lndconnect-onion --host=mynode.org
```
2021-11-26 14:13:40 +00:00
# Connect to spark-wallet
2019-06-02 18:16:46 +00:00
### Requirements
* Android phone
* [Orbot ](https://guardianproject.info/apps/orbot/ ) installed from [F-Droid ](https://guardianproject.info/fdroid ) (recommended) or [Google Play ](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en )
* [Spark-wallet ](https://github.com/shesek/spark-wallet ) installed from [direct download ](https://github.com/shesek/spark-wallet/releases ) or [Google Play ](https://play.google.com/store/apps/details?id=com.spark.wallet )
2019-04-10 10:49:59 +00:00
1. Enable spark-wallet in `configuration.nix`
2020-03-21 19:42:59 +00:00
Change
```
# services.spark-wallet.enable = true;
```
to
```
services.spark-wallet.enable = true;
```
2019-04-10 10:49:59 +00:00
2. Deploy new `configuration.nix`
2019-06-02 18:16:46 +00:00
3. Enable Orbot VPN for spark-wallet
2020-03-21 19:42:59 +00:00
```
Open Orbot app
Turn on "VPN Mode"
Select Gear icon under "Tor-Enabled Apps"
Toggle checkbox under Spark icon
```
2019-06-02 18:16:46 +00:00
4. Get the onion address, access key and QR access code for the spark wallet android app
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
journalctl -eu spark-wallet
```
2020-08-04 13:32:06 +00:00
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlighting the entire output to invert the colors.
2019-04-10 10:49:59 +00:00
2019-06-02 18:16:46 +00:00
5. Connect to spark-wallet android app
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
Server Settings
Scan QR
Done
```
2019-04-10 10:49:59 +00:00
2021-11-26 14:13:40 +00:00
# Connect to electrs
2019-06-02 18:16:46 +00:00
### Requirements Android
* Android phone
* [Orbot ](https://guardianproject.info/apps/orbot/ ) installed from [F-Droid ](https://guardianproject.info/fdroid ) (recommended) or [Google Play ](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en )
2020-05-10 14:13:20 +00:00
* [Electrum mobile app ](https://electrum.org/#home ) 4.0.1 and newer installed from [direct download ](https://electrum.org/#download ) or [Google Play ](https://play.google.com/store/apps/details?id=org.electrum.electrum )
2019-06-02 18:16:46 +00:00
### Requirements Desktop
* [Tor ](https://www.torproject.org/ ) installed from [source ](https://www.torproject.org/docs/tor-doc-unix.html.en ) or [repository ](https://www.torproject.org/docs/debian.html.en )
* [Electrum ](https://electrum.org/#download ) installed
2019-04-10 10:49:59 +00:00
1. Enable electrs in `configuration.nix`
2020-03-21 19:42:59 +00:00
Change
```
# services.electrs.enable = true;
```
to
```
services.electrs.enable = true;
```
2019-04-10 10:49:59 +00:00
2. Deploy new `configuration.nix`
2021-01-14 12:24:26 +00:00
3. Get electrs onion address with format `<onion-address>:<port>`
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
2021-01-14 12:24:26 +00:00
nodeinfo | jq -r .electrs.onion_address
2020-03-21 19:42:59 +00:00
```
2019-04-10 10:49:59 +00:00
4. Connect to electrs
2020-05-10 14:13:20 +00:00
Make sure Tor is running on Desktop or as Orbot on Android.
On Desktop
2020-03-21 19:42:59 +00:00
```
2021-01-14 12:24:26 +00:00
electrum --oneserver -1 -s "< electrs onion address > :t" -p socks5:localhost:9050
2020-03-21 19:42:59 +00:00
```
2020-05-10 14:13:20 +00:00
On Android
2020-03-21 19:42:59 +00:00
```
Three dots in the upper-right-hand corner
2020-05-10 14:13:20 +00:00
Network > Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
Network > Auto-connect: OFF
Network > One-server mode: ON
2021-01-14 12:24:26 +00:00
Network > Server: < electrs onion address > :t
2020-03-21 19:42:59 +00:00
```
2019-04-10 10:49:59 +00:00
2021-11-26 14:13:40 +00:00
# Connect to nix-bitcoin node through the SSH onion service
2021-01-14 12:24:26 +00:00
1. Get the SSH onion address (excluding the port suffix)
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
2021-03-08 14:11:13 +00:00
ssh operator@bitcoin-node
2021-01-14 12:24:26 +00:00
nodeinfo | jq -r .sshd.onion_address | sed 's/:.*//'
2020-03-21 19:42:59 +00:00
```
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
2. Create a SSH key
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
```
2019-04-10 10:49:59 +00:00
3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so
2020-03-21 19:42:59 +00:00
```
# FIXME: Add your SSH pubkey
services.openssh.enable = true;
users.users.root = {
2021-01-14 12:24:26 +00:00
openssh.authorizedKeys.keys = [ "< contents of ~ / . ssh / id_ed25519 . pub > " ];
2020-03-21 19:42:59 +00:00
};
```
2019-04-10 10:49:59 +00:00
2021-01-14 12:24:26 +00:00
4. Connect to your nix-bitcoin node's SSH onion service, forwarding a local port to the nix-bitcoin node's SSH server
2019-04-10 10:49:59 +00:00
2020-03-21 19:42:59 +00:00
```
2021-01-14 12:24:26 +00:00
ssh -i ~/.ssh/id_ed25519 -L < random port of your choosing > :localhost:22 root@< SSH onion address >
2020-03-21 19:42:59 +00:00
```
2019-04-10 10:49:59 +00:00
2021-03-10 13:08:42 +00:00
5. Edit your deployment tool's configuration and change the node's address to `localhost` and the ssh port to `<random port of your choosing>` .
If you use krops as described in the [installation tutorial ](./install.md ), set `target = "localhost:<random port of your choosing>";` in `krops/deploy.nix` .
2019-04-10 10:49:59 +00:00
2021-03-08 14:11:13 +00:00
6. After deploying the new configuration, it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that some deployment tools don't support. An example would be authenticating with [Trezor's SSH agent ](https://github.com/romanz/trezor-agent ), which provides extra security.
2019-05-05 18:59:19 +00:00
2021-11-26 14:13:40 +00:00
# Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
2019-05-05 18:59:19 +00:00
1. Enable Trezor in `configuration.nix`
2020-03-21 19:42:59 +00:00
Change
```
# services.hardware-wallets.trezor = true;
```
to
```
services.hardware-wallets.trezor = true;
```
2019-05-05 18:59:19 +00:00
2. Deploy new `configuration.nix`
2019-05-15 14:14:01 +00:00
3. Check that your nix-bitcoin node recognizes your Trezor
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
```
2021-03-08 14:11:13 +00:00
ssh operator@bitcoin-node
2020-03-21 19:42:59 +00:00
lsusb
```
Should show something relating to your Trezor
2019-05-05 18:59:19 +00:00
2019-05-15 14:14:01 +00:00
4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
Trezor v1
```
Plug in your Trezor with both buttons depressed
```
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
Trezor v2
```
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
```
2019-05-05 18:59:19 +00:00
2019-05-15 14:14:01 +00:00
5. If your Trezor's firmware is outdated: Update your Trezor's firmware
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
```
trezorctl firmware-update
```
Follow the on-screen instructions
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
2019-05-13 15:13:23 +00:00
2019-05-15 14:14:01 +00:00
6. If your Trezor is not yet initialized: Set up your Trezor
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
```
trezorctl reset-device -p
```
Follow the on-screen instructions
2019-05-05 18:59:19 +00:00
2019-05-15 14:14:01 +00:00
7. Find your Trezor
2019-05-05 18:59:19 +00:00
2020-03-21 19:42:59 +00:00
```
hwi enumerate
hwi -t trezor -d < path from previous command > promptpin
hwi -t trezor -d < path > sendpin < number positions for the PIN as displayed on your device ' s screen >
hwi enumerate
```
2019-05-05 18:59:19 +00:00
2019-05-15 14:14:01 +00:00
8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets ](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md ) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node
2020-04-24 15:34:13 +00:00
2021-11-26 14:13:40 +00:00
# JoinMarket
2020-04-24 15:34:13 +00:00
## Diff to regular JoinMarket usage
For clarity reasons, nix-bitcoin renames all scripts to `jm-*` without `.py` , for
example `wallet-tool.py` becomes `jm-wallet-tool` . The rest of this section
details nix-bitcoin specific workflows for JoinMarket.
2021-08-27 12:37:44 +00:00
## Wallets
2020-04-24 15:34:13 +00:00
2021-08-27 12:37:44 +00:00
By default, a wallet is automatically generated at service startup.
It's stored at `/var/lib/joinmarket/wallets/wallet.jmdat` , and its mnmenoic recovery
seed phrase is stored at `/var/lib/joinmarket/jm-wallet-seed` .
A missing wallet file is automatically recreated if the seed file is still present.
If you want to manually initialize your wallet instead, follow these steps:
2020-04-24 15:34:13 +00:00
1. Enable JoinMarket in your node configuration
```
services.joinmarket.enable = true;
```
2. Move the automatically generated `wallet.jmdat`
```console
2020-09-22 17:32:08 +00:00
mv /var/lib/joinmarket/wallet.jmdat /var/lib/joinmarket/bak.jmdat
2020-04-24 15:34:13 +00:00
```
3. Generate wallet on your node
```console
jm-wallet-tool generate
```
Follow the on-screen instructions and write down your seed.
In order to use nix-bitcoin's `joinmarket.yieldgenerator` , use the password
2022-02-03 19:46:33 +00:00
from `$secretsDir/jm-wallet-password` and use the suggested default wallet name
2020-04-24 15:34:13 +00:00
`wallet.jmdat` . If you want to use your own `jm-wallet-password` , simply
replace the password string in your local secrets directory.
2022-02-03 19:46:33 +00:00
See: [Secrets dir ](./configuration.md#secrets-dir )
2020-04-24 15:34:13 +00:00
## Run the tumbler
The tumbler needs to be able to run in the background for a long time, use screen
2021-01-14 12:24:26 +00:00
to run it accross SSH sessions. You can also use tmux in the same fashion.
2020-04-24 15:34:13 +00:00
1. Add screen to your `environment.systemPackages` , for example
```
environment.systemPackages = with pkgs; [
vim
screen
];
```
2. Start the screen session
```console
screen -S "tumbler"
```
2021-08-12 10:53:27 +00:00
3. Start the tumbler
2020-04-24 15:34:13 +00:00
Example: Tumbling into your wallet after buying from an exchange to improve privacy:
```console
jm-tumbler wallet.jmdat < addr1 > < addr2 > < addr3 >
```
After tumbling your bitcoin end up in these three addresses. You can now
spend them without the exchange collecting data on your purchases.
Get more information [here ](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/tumblerguide.md )
2021-08-12 10:53:27 +00:00
4. Detach the screen session to leave the tumbler running in the background
2020-04-24 15:34:13 +00:00
```
Ctrl-a d or Ctrl-a Ctrl-d
```
2021-08-12 10:53:27 +00:00
5. Re-attach to the screen session
2020-04-24 15:34:13 +00:00
```console
screen -r tumbler
```
2021-08-12 10:53:27 +00:00
6. End screen session
2020-04-24 15:34:13 +00:00
Type exit when tumbler is done
```console
exit
```
## Run a "maker" or "yield generator"
The maker/yield generator in nix-bitcoin is implemented using a systemd service.
See [here ](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/YIELDGENERATOR.md ) for more yield generator information.
1. Enable yield generator bot in your node configuration
```
2021-02-10 14:02:05 +00:00
services.joinmarket.yieldgenerator = {
enable = true;
# Optional: Add custom parameters
txfee = 200;
cjfee_a = 300;
};
2020-04-24 15:34:13 +00:00
'';
```
2. Check service status
```console
systemctl status joinmarket-yieldgenerator
```
3. Profit
2020-11-19 02:01:45 +00:00
2021-11-26 14:13:40 +00:00
# clightning
2020-11-19 02:01:45 +00:00
## Plugins
2022-02-03 19:46:32 +00:00
There is a number of [plugins ](https://github.com/lightningd/plugins ) available for clightning.
See [`Readme: Features → clightning` ](../README.md#features ) or [search.nixos.org][1] for a complete list.
2020-11-19 02:01:45 +00:00
2022-02-03 19:46:32 +00:00
[1]: https://search.nixos.org/flakes?channel=unstable& from=0& size=30& sort=relevance& type=options& query=services.clightning.plugins
2020-11-19 02:01:45 +00:00
You can activate and configure these plugins like so:
```nix
services.clightning = {
enable = true;
plugins = {
prometheus.enable = true;
prometheus.listen = "0.0.0.0:9900";
};
};
```
Please have a look at the module for a plugin (e.g. [prometheus.nix ](../modules/clightning-plugins/prometheus.nix )) to learn its configuration options.