127 lines
3.7 KiB
Nix
127 lines
3.7 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
options = {
|
|
services.lnd.nostr-wallet-connect = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = mdDoc ''
|
|
Add a `nostr-wallet-connect` binary to the system environment which prints
|
|
connection info for lnd clients.
|
|
See: https://github.com/getalby/nostr-wallet-connect
|
|
|
|
Usage:
|
|
```bash
|
|
# Print QR code
|
|
nostr-wallet-connect
|
|
|
|
# Print URL
|
|
nostr-wallet-connect --url
|
|
```
|
|
'';
|
|
};
|
|
onion = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = mdDoc ''
|
|
Create an onion service for the lnd REST server,
|
|
which is used by nostr-wallet-connect.
|
|
'';
|
|
};
|
|
};
|
|
|
|
|
|
nix-bitcoin.mknostr-wallet-connect = mkOption {
|
|
readOnly = true;
|
|
default = mknostr-wallet-connect;
|
|
description = mdDoc ''
|
|
A function to create a nostr-wallet-connect binary.
|
|
See the source for further details.
|
|
'';
|
|
};
|
|
};
|
|
|
|
nbLib = config.nix-bitcoin.lib;
|
|
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
|
|
|
inherit (config.services)
|
|
lnd;
|
|
|
|
mknostr-wallet-connect = {
|
|
name,
|
|
shebang ? "#!${pkgs.stdenv.shell} -e",
|
|
isClightning ? false,
|
|
port,
|
|
macaroonPath,
|
|
enableOnion,
|
|
onionService ? null,
|
|
certPath ? null
|
|
}:
|
|
# TODO-EXTERNAL:
|
|
# nostr-wallet-connect requires a --configfile argument, although it's unused
|
|
# https://github.com/LN-Zap/nostr-wallet-connect/issues/25
|
|
pkgs.hiPrio (pkgs.writeScriptBin name ''
|
|
${shebang}
|
|
url=$(
|
|
${getExe config.nix-bitcoin.pkgs.nostr-wallet-connect} --url \
|
|
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
|
|
--port=${toString port} \
|
|
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
|
|
--adminmacaroonpath='${macaroonPath}' \
|
|
--configfile=/dev/null "$@"
|
|
)
|
|
|
|
# If --url is in args
|
|
if [[ " $* " =~ " --url " ]]; then
|
|
echo "$url"
|
|
else
|
|
# This UTF-8 encoding yields a smaller, more convenient output format
|
|
# compared to the native nostr-wallet-connect output
|
|
echo -n "$url" | ${getExe pkgs.qrencode} -t UTF8 -o -
|
|
fi
|
|
'');
|
|
|
|
operatorName = config.nix-bitcoin.operator.name;
|
|
in {
|
|
inherit options;
|
|
|
|
config = mkMerge [
|
|
(mkIf (lnd.enable && lnd.nostr-wallet-connect.enable)
|
|
(mkMerge [
|
|
{
|
|
environment.systemPackages = [(
|
|
mknostr-wallet-connect {
|
|
name = "nostr-wallet-connect";
|
|
# Run as lnd user because the macaroon and cert are not group-readable
|
|
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
|
enableOnion = lnd.nostr-wallet-connect.onion;
|
|
onionService = "${lnd.user}/nwc-rest";
|
|
port = lnd.rpcPort;
|
|
certPath = lnd.certPath;
|
|
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
|
}
|
|
)];
|
|
|
|
services.lnd.restAddress = mkIf (!lnd.nostr-wallet-connect.onion) "0.0.0.0";
|
|
}
|
|
|
|
(mkIf lnd.nostr-wallet-connect.onion {
|
|
services.tor = {
|
|
enable = true;
|
|
relay.onionServices.nwc-rest = nbLib.mkOnionService {
|
|
target.addr = nbLib.address lnd.restAddress;
|
|
target.port = lnd.restPort;
|
|
port = lnd.restPort;
|
|
};
|
|
};
|
|
nix-bitcoin.onionAddresses.access = {
|
|
${lnd.user} = [ "nwc-rest" ];
|
|
${operatorName} = [ "nwc-rest" ];
|
|
};
|
|
})
|
|
]))
|
|
];
|
|
}
|