2021-11-08 11:43:14 +00:00
|
|
|
{ lib, config, ... }:
|
2021-01-14 12:24:18 +00:00
|
|
|
let
|
|
|
|
defaultTrue = lib.mkDefault true;
|
2021-11-28 20:24:49 +00:00
|
|
|
defaultEnableTorProxy = {
|
|
|
|
tor.proxy = defaultTrue;
|
|
|
|
tor.enforce = defaultTrue;
|
|
|
|
};
|
|
|
|
defaultEnforceTor = {
|
|
|
|
tor.enforce = defaultTrue;
|
|
|
|
};
|
2021-01-14 12:24:18 +00:00
|
|
|
in {
|
|
|
|
services.tor = {
|
|
|
|
enable = true;
|
|
|
|
client.enable = true;
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
2021-11-28 20:24:49 +00:00
|
|
|
# Use Tor as a proxy for outgoing connections
|
|
|
|
# and restrict all connections to Tor
|
|
|
|
#
|
|
|
|
bitcoind = defaultEnableTorProxy;
|
|
|
|
clightning = defaultEnableTorProxy;
|
|
|
|
lnd = defaultEnableTorProxy;
|
|
|
|
lightning-loop = defaultEnableTorProxy;
|
|
|
|
liquidd = defaultEnableTorProxy;
|
2021-01-14 12:24:18 +00:00
|
|
|
# disable Tor enforcement until btcpayserver can fetch rates over Tor
|
2021-11-28 20:24:49 +00:00
|
|
|
# btcpayserver = defaultEnableTorProxy;
|
|
|
|
spark-wallet = defaultEnableTorProxy;
|
|
|
|
lightning-pool = defaultEnableTorProxy;
|
|
|
|
|
|
|
|
# These services don't make outgoing connections
|
|
|
|
# (or use Tor by default in case of joinmarket)
|
|
|
|
# but we restrict them to Tor just to be safe.
|
|
|
|
#
|
|
|
|
electrs = defaultEnforceTor;
|
|
|
|
nbxplorer = defaultEnforceTor;
|
|
|
|
rtl = defaultEnforceTor;
|
|
|
|
joinmarket = defaultEnforceTor;
|
|
|
|
joinmarket-ob-watcher = defaultEnforceTor;
|
2021-01-14 12:24:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
# Add onion services for incoming connections
|
|
|
|
nix-bitcoin.onionServices = {
|
|
|
|
bitcoind.enable = defaultTrue;
|
|
|
|
liquidd.enable = defaultTrue;
|
|
|
|
electrs.enable = defaultTrue;
|
2021-01-14 12:24:19 +00:00
|
|
|
spark-wallet.enable = defaultTrue;
|
2021-01-17 12:24:57 +00:00
|
|
|
joinmarket-ob-watcher.enable = defaultTrue;
|
2021-11-08 11:43:14 +00:00
|
|
|
rtl.enable = defaultTrue;
|
2021-01-14 12:24:18 +00:00
|
|
|
};
|
|
|
|
}
|