spark-wallet: add netns
- Adds spark-wallet to netns-isolation.services - Adds extraArgs option to allow using spark-wallet with network namespaces - Adds host option (defaults to localhost) as target of hidden service - Adds enforceTor option to bring in line with other services
This commit is contained in:
parent
d6296acaba
commit
c4ab73d51f
|
@ -105,6 +105,11 @@ in {
|
|||
connections = [ "bitcoind" ]
|
||||
++ ( optionals config.services.electrs.TLSProxy.enable [ "nginx" ]);
|
||||
};
|
||||
spark-wallet = {
|
||||
id = 17;
|
||||
# communicates with clightning over lightning-rpc socket
|
||||
connections = [];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services = {
|
||||
|
@ -252,6 +257,12 @@ in {
|
|||
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
|
||||
};
|
||||
|
||||
# spark-wallet: Custom netns configs
|
||||
services.spark-wallet = mkIf config.services.spark-wallet.enable {
|
||||
host = netns.spark-wallet.address;
|
||||
extraArgs = "--no-tls";
|
||||
};
|
||||
|
||||
})
|
||||
# Custom netns config option values if netns-isolation not enabled
|
||||
(mkIf (!cfg.enable) {
|
||||
|
|
|
@ -122,7 +122,10 @@ in {
|
|||
toHost = cfg.electrs.host;
|
||||
};
|
||||
|
||||
services.spark-wallet.onion-service = true;
|
||||
services.spark-wallet = {
|
||||
onion-service = true;
|
||||
enforceTor = true;
|
||||
};
|
||||
|
||||
services.nix-bitcoin-webindex.enforceTor = true;
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ let
|
|||
inherit (config) nix-bitcoin-services;
|
||||
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
||||
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
||||
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
|
||||
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} --host ${cfg.host} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login ${cfg.extraArgs}"
|
||||
${optionalString cfg.onion-service
|
||||
''
|
||||
echo Getting onion hostname
|
||||
|
@ -29,6 +29,11 @@ in {
|
|||
If enabled, the spark-wallet service will be installed.
|
||||
'';
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = "http(s) server listen address.";
|
||||
};
|
||||
ln-path = mkOption {
|
||||
type = types.path;
|
||||
default = "${config.services.clightning.dataDir}/bitcoin";
|
||||
|
@ -43,6 +48,12 @@ in {
|
|||
"If enabled, configures spark-wallet to be reachable through an onion service.";
|
||||
'';
|
||||
};
|
||||
extraArgs = mkOption {
|
||||
type = types.separatedString " ";
|
||||
default = "";
|
||||
description = "Extra command line arguments passed to spark-wallet.";
|
||||
};
|
||||
enforceTor = nix-bitcoin-services.enforceTor;
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -65,7 +76,7 @@ in {
|
|||
services.tor.client.enable = true;
|
||||
services.tor.hiddenServices.spark-wallet = mkIf cfg.onion-service {
|
||||
map = [{
|
||||
port = 80; toPort = 9737;
|
||||
port = 80; toPort = 9737; toHost = cfg.host;
|
||||
}];
|
||||
version = 3;
|
||||
};
|
||||
|
@ -82,8 +93,10 @@ in {
|
|||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = "/var/lib/onion-chef";
|
||||
} // nix-bitcoin-services.nodejs
|
||||
// nix-bitcoin-services.allowTor;
|
||||
} // (if cfg.enforceTor
|
||||
then nix-bitcoin-services.allowTor
|
||||
else nix-bitcoin-services.allowAnyIP)
|
||||
// nix-bitcoin-services.nodejs;
|
||||
};
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue
Block a user