nodeinfo: Convert to module and allow alternative operator username
currently, nodeinfo has presets/secure-node.nix as a strict dependency as it requires onion-chef and the 'operatorName' option. and nix-bitcoin-webindex.nix has nodeinfo as a dependecy. so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
This commit is contained in:
parent
95d230d1d6
commit
5d01ea7101
|
@ -6,7 +6,6 @@
|
||||||
./clightning.nix
|
./clightning.nix
|
||||||
./lightning-charge.nix
|
./lightning-charge.nix
|
||||||
./nanopos.nix
|
./nanopos.nix
|
||||||
./nix-bitcoin-webindex.nix
|
|
||||||
./liquid.nix
|
./liquid.nix
|
||||||
./spark-wallet.nix
|
./spark-wallet.nix
|
||||||
./electrs.nix
|
./electrs.nix
|
||||||
|
|
|
@ -75,7 +75,7 @@ in {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
after = [ "nodeinfo.service" ];
|
after = [ "nodeinfo.service" ];
|
||||||
path = with pkgs; [
|
path = with pkgs; [
|
||||||
nix-bitcoin.nodeinfo
|
config.programs.nodeinfo
|
||||||
config.services.clightning.cli
|
config.services.clightning.cli
|
||||||
config.services.lnd.cli
|
config.services.lnd.cli
|
||||||
jq
|
jq
|
||||||
|
|
68
modules/nodeinfo.nix
Normal file
68
modules/nodeinfo.nix
Normal file
|
@ -0,0 +1,68 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
operatorName = config.nix-bitcoin.operatorName;
|
||||||
|
script = pkgs.writeScriptBin "nodeinfo" ''
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
|
BITCOIND_ONION="$(cat /var/lib/onion-chef/${operatorName}/bitcoind)"
|
||||||
|
echo BITCOIND_ONION="$BITCOIND_ONION"
|
||||||
|
|
||||||
|
if systemctl is-active --quiet clightning; then
|
||||||
|
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
||||||
|
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/${operatorName}/clightning)"
|
||||||
|
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
||||||
|
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
||||||
|
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
||||||
|
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if systemctl is-active --quiet lnd; then
|
||||||
|
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
||||||
|
echo LND_NODEID="$LND_NODEID"
|
||||||
|
fi
|
||||||
|
|
||||||
|
NGINX_ONION_FILE=/var/lib/onion-chef/${operatorName}/nginx
|
||||||
|
if [ -e "$NGINX_ONION_FILE" ]; then
|
||||||
|
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
||||||
|
echo NGINX_ONION="$NGINX_ONION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
LIQUIDD_ONION_FILE=/var/lib/onion-chef/${operatorName}/liquidd
|
||||||
|
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
||||||
|
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
||||||
|
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/${operatorName}/spark-wallet
|
||||||
|
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
||||||
|
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
||||||
|
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ELECTRS_ONION_FILE=/var/lib/onion-chef/${operatorName}/electrs
|
||||||
|
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
||||||
|
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
||||||
|
echo ELECTRS_ONION="$ELECTRS_ONION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
SSHD_ONION_FILE=/var/lib/onion-chef/${operatorName}/sshd
|
||||||
|
if [ -e "$SSHD_ONION_FILE" ]; then
|
||||||
|
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
||||||
|
echo SSHD_ONION="$SSHD_ONION"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
programs.nodeinfo = mkOption {
|
||||||
|
readOnly = true;
|
||||||
|
default = script;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
environment.systemPackages = [ script ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,12 +5,18 @@ with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services;
|
cfg = config.services;
|
||||||
|
|
||||||
|
operatorName = config.nix-bitcoin.operatorName;
|
||||||
|
|
||||||
mkHiddenService = map: {
|
mkHiddenService = map: {
|
||||||
map = [ map ];
|
map = [ map ];
|
||||||
version = 3;
|
version = 3;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
imports = [ ../modules.nix ];
|
imports = [
|
||||||
|
../modules.nix
|
||||||
|
../nodeinfo.nix
|
||||||
|
../nix-bitcoin-webindex.nix
|
||||||
|
];
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
services.clightning.onionport = mkOption {
|
services.clightning.onionport = mkOption {
|
||||||
|
@ -18,12 +24,16 @@ in {
|
||||||
default = 9735;
|
default = 9735;
|
||||||
description = "Port on which to listen for tor client connections.";
|
description = "Port on which to listen for tor client connections.";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.electrs.onionport = mkOption {
|
services.electrs.onionport = mkOption {
|
||||||
type = types.ints.u16;
|
type = types.ints.u16;
|
||||||
default = 50002;
|
default = 50002;
|
||||||
description = "Port on which to listen for tor client connections.";
|
description = "Port on which to listen for tor client connections.";
|
||||||
};
|
};
|
||||||
|
nix-bitcoin.operatorName = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "operator";
|
||||||
|
description = "Less-privileged user's name.";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
@ -111,11 +121,10 @@ in {
|
||||||
tor
|
tor
|
||||||
jq
|
jq
|
||||||
qrencode
|
qrencode
|
||||||
nix-bitcoin.nodeinfo
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# Create user 'operator' which can access the node's services
|
# Create operator user which can access the node's services
|
||||||
users.users.operator = {
|
users.users.${operatorName} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [
|
extraGroups = [
|
||||||
"systemd-journal"
|
"systemd-journal"
|
||||||
|
@ -130,18 +139,18 @@ in {
|
||||||
};
|
};
|
||||||
# Give operator access to onion hostnames
|
# Give operator access to onion hostnames
|
||||||
services.onion-chef.enable = true;
|
services.onion-chef.enable = true;
|
||||||
services.onion-chef.access.operator = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
services.onion-chef.access.${operatorName} = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
||||||
|
|
||||||
security.sudo.configFile =
|
security.sudo.configFile =
|
||||||
(optionalString cfg.lnd.enable ''
|
(optionalString cfg.lnd.enable ''
|
||||||
operator ALL=(lnd) NOPASSWD: ALL
|
${operatorName} ALL=(lnd) NOPASSWD: ALL
|
||||||
'');
|
'');
|
||||||
|
|
||||||
# Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
|
# Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
|
||||||
systemd.services.get-vbox-nixops-client-key =
|
systemd.services.get-vbox-nixops-client-key =
|
||||||
mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
|
mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
|
||||||
postStart = ''
|
postStart = ''
|
||||||
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.operator.home}"
|
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.${operatorName}.home}"
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
{ pkgs ? import <nixpkgs> {} }:
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
{
|
{
|
||||||
nodeinfo = pkgs.callPackage ./nodeinfo { };
|
|
||||||
lightning-charge = pkgs.callPackage ./lightning-charge { };
|
lightning-charge = pkgs.callPackage ./lightning-charge { };
|
||||||
nanopos = pkgs.callPackage ./nanopos { };
|
nanopos = pkgs.callPackage ./nanopos { };
|
||||||
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{pkgs}:
|
|
||||||
|
|
||||||
with pkgs;
|
|
||||||
stdenv.mkDerivation {
|
|
||||||
name = "nodeinfo";
|
|
||||||
src = ./nodeinfo.sh;
|
|
||||||
|
|
||||||
unpackPhase = "true";
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out
|
|
||||||
mkdir -p $out/bin
|
|
||||||
cp $src $out/bin/nodeinfo
|
|
||||||
chmod +x $out/bin/nodeinfo
|
|
||||||
'';
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
set -e
|
|
||||||
set -o pipefail
|
|
||||||
|
|
||||||
BITCOIND_ONION="$(cat /var/lib/onion-chef/operator/bitcoind)"
|
|
||||||
echo BITCOIND_ONION="$BITCOIND_ONION"
|
|
||||||
|
|
||||||
if systemctl is-active --quiet clightning; then
|
|
||||||
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
|
||||||
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/operator/clightning)"
|
|
||||||
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
|
||||||
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
|
||||||
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
|
||||||
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if systemctl is-active --quiet lnd; then
|
|
||||||
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
|
||||||
echo LND_NODEID="$LND_NODEID"
|
|
||||||
fi
|
|
||||||
|
|
||||||
NGINX_ONION_FILE=/var/lib/onion-chef/operator/nginx
|
|
||||||
if [ -e "$NGINX_ONION_FILE" ]; then
|
|
||||||
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
|
||||||
echo NGINX_ONION="$NGINX_ONION"
|
|
||||||
fi
|
|
||||||
|
|
||||||
LIQUIDD_ONION_FILE=/var/lib/onion-chef/operator/liquidd
|
|
||||||
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
|
||||||
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
|
||||||
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
|
||||||
fi
|
|
||||||
|
|
||||||
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/operator/spark-wallet
|
|
||||||
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
|
||||||
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
|
||||||
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ELECTRS_ONION_FILE=/var/lib/onion-chef/operator/electrs
|
|
||||||
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
|
||||||
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
|
||||||
echo ELECTRS_ONION="$ELECTRS_ONION"
|
|
||||||
fi
|
|
||||||
|
|
||||||
SSHD_ONION_FILE=/var/lib/onion-chef/operator/sshd
|
|
||||||
if [ -e "$SSHD_ONION_FILE" ]; then
|
|
||||||
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
|
||||||
echo SSHD_ONION="$SSHD_ONION"
|
|
||||||
fi
|
|
Loading…
Reference in New Issue
Block a user