Merge fort-nix/nix-bitcoin#405: bitcoind: add separate p2p socket for tor connections
ec4a4dbe41
btcpayserver: fix whitelist security issue (Erik Arvstedt)df2070b44a
bitcoind: add separate p2p socket for tor connections (Erik Arvstedt) Pull request description: ACKs for top commit: jonasnick: ACKec4a4dbe41
Tree-SHA512: 457bfb5806dca65507261c1868ca89c86a39f63bd10833b7531fd74dd779816083270c8ccc95ad08a5306e9b31c440904e3cba35464d47c0d87418d0be3e732d
This commit is contained in:
commit
bfe8ac972c
|
@ -15,6 +15,14 @@ let
|
||||||
default = 8333;
|
default = 8333;
|
||||||
description = "Port to listen for peer connections.";
|
description = "Port to listen for peer connections.";
|
||||||
};
|
};
|
||||||
|
onionPort = mkOption {
|
||||||
|
type = types.nullOr types.port;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
Port to listen for Tor peer connections.
|
||||||
|
If set, inbound connections to this port are tagged as onion peers.
|
||||||
|
'';
|
||||||
|
};
|
||||||
getPublicAddressCmd = mkOption {
|
getPublicAddressCmd = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = "";
|
default = "";
|
||||||
|
@ -263,8 +271,10 @@ let
|
||||||
${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
|
${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
|
||||||
|
|
||||||
# Connection options
|
# Connection options
|
||||||
${optionalString cfg.listen "bind=${cfg.address}"}
|
${optionalString cfg.listen
|
||||||
port=${toString cfg.port}
|
"bind=${cfg.address}:${toString cfg.port}"}
|
||||||
|
${optionalString (cfg.listen && cfg.onionPort != null)
|
||||||
|
"bind=${cfg.address}:${toString cfg.onionPort}=onion"}
|
||||||
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
||||||
${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"}
|
${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"}
|
||||||
${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"}
|
${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"}
|
||||||
|
|
|
@ -119,7 +119,7 @@ in {
|
||||||
# Enable p2p connections
|
# Enable p2p connections
|
||||||
listen = true;
|
listen = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
whitelist=${nbLib.address cfg.nbxplorer.address}
|
whitelist=download@${nbLib.address cfg.nbxplorer.address}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.clightning.enable = mkIf (cfg.btcpayserver.lightningBackend == "clightning") true;
|
services.clightning.enable = mkIf (cfg.btcpayserver.lightningBackend == "clightning") true;
|
||||||
|
@ -128,9 +128,6 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
# Enable p2p connections
|
# Enable p2p connections
|
||||||
listen = true;
|
listen = true;
|
||||||
extraConfig = ''
|
|
||||||
whitelist=${nbLib.address cfg.nbxplorer.address}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.lnd.macaroons.btcpayserver = mkIf (cfg.btcpayserver.lightningBackend == "lnd") {
|
services.lnd.macaroons.btcpayserver = mkIf (cfg.btcpayserver.lightningBackend == "lnd") {
|
||||||
|
|
|
@ -18,7 +18,7 @@ let
|
||||||
default = config.public;
|
default = config.public;
|
||||||
description = ''
|
description = ''
|
||||||
Create an onion service for the given service.
|
Create an onion service for the given service.
|
||||||
The service must define options 'address' and 'port'.
|
The service must define options 'address' and 'onionPort' (or `port`).
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
public = mkOption {
|
public = mkOption {
|
||||||
|
@ -64,7 +64,7 @@ in {
|
||||||
inherit (cfg.${name}) externalPort;
|
inherit (cfg.${name}) externalPort;
|
||||||
in nbLib.mkOnionService {
|
in nbLib.mkOnionService {
|
||||||
port = if externalPort != null then externalPort else service.port;
|
port = if externalPort != null then externalPort else service.port;
|
||||||
target.port = service.port;
|
target.port = service.onionPort or service.port;
|
||||||
target.addr = nbLib.address service.address;
|
target.addr = nbLib.address service.address;
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
@ -118,6 +118,10 @@ in {
|
||||||
externalPort = 80;
|
externalPort = 80;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# When the bitcoind onion service is enabled, add an onion-tagged socket
|
||||||
|
# to distinguish local connections from Tor connections
|
||||||
|
services.bitcoind.onionPort = mkIf (cfg.bitcoind.enable or false) 8334;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user