nix-bitcoin/modules/nostr-wallet-connect.nix

127 lines
3.7 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
options = {
services.lnd.nostr-wallet-connect = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add a `nostr-wallet-connect` binary to the system environment which prints
connection info for lnd clients.
See: https://github.com/getalby/nostr-wallet-connect
Usage:
```bash
# Print QR code
nostr-wallet-connect
# Print URL
nostr-wallet-connect --url
```
'';
};
onion = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for the lnd REST server,
which is used by nostr-wallet-connect.
'';
};
};
nix-bitcoin.mknostr-wallet-connect = mkOption {
readOnly = true;
default = mknostr-wallet-connect;
description = mdDoc ''
A function to create a nostr-wallet-connect binary.
See the source for further details.
'';
};
};
nbLib = config.nix-bitcoin.lib;
runAsUser = config.nix-bitcoin.runAsUserCmd;
inherit (config.services)
lnd;
mknostr-wallet-connect = {
name,
shebang ? "#!${pkgs.stdenv.shell} -e",
isClightning ? false,
port,
macaroonPath,
enableOnion,
onionService ? null,
certPath ? null
}:
# TODO-EXTERNAL:
# nostr-wallet-connect requires a --configfile argument, although it's unused
# https://github.com/LN-Zap/nostr-wallet-connect/issues/25
pkgs.hiPrio (pkgs.writeScriptBin name ''
${shebang}
url=$(
${getExe config.nix-bitcoin.pkgs.nostr-wallet-connect} --url \
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
--port=${toString port} \
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
--adminmacaroonpath='${macaroonPath}' \
--configfile=/dev/null "$@"
)
# If --url is in args
if [[ " $* " =~ " --url " ]]; then
echo "$url"
else
# This UTF-8 encoding yields a smaller, more convenient output format
# compared to the native nostr-wallet-connect output
echo -n "$url" | ${getExe pkgs.qrencode} -t UTF8 -o -
fi
'');
operatorName = config.nix-bitcoin.operator.name;
in {
inherit options;
config = mkMerge [
(mkIf (lnd.enable && lnd.nostr-wallet-connect.enable)
(mkMerge [
{
environment.systemPackages = [(
mknostr-wallet-connect {
name = "nostr-wallet-connect";
# Run as lnd user because the macaroon and cert are not group-readable
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
enableOnion = lnd.nostr-wallet-connect.onion;
onionService = "${lnd.user}/nwc-rest";
port = lnd.rpcPort;
certPath = lnd.certPath;
macaroonPath = "${lnd.networkDir}/admin.macaroon";
}
)];
services.lnd.restAddress = mkIf (!lnd.nostr-wallet-connect.onion) "0.0.0.0";
}
(mkIf lnd.nostr-wallet-connect.onion {
services.tor = {
enable = true;
relay.onionServices.nwc-rest = nbLib.mkOnionService {
target.addr = nbLib.address lnd.restAddress;
target.port = lnd.restPort;
port = lnd.restPort;
};
};
nix-bitcoin.onionAddresses.access = {
${lnd.user} = [ "nwc-rest" ];
${operatorName} = [ "nwc-rest" ];
};
})
]))
];
}