53ea447ab7
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`, `trustedcoin` can be used without Tor proxying, while clighting still uses Tor for lightning layer connections. Previously, disabling Tor for `trustedcoin` required to also disable Tor for clightning. Also fix the workaround in the docs for the trustedcoin Tor connection issues: The previous config snippet only affected systemd hardening settings, but didn't disable Tor for trustedcoin.
41 lines
1.2 KiB
Nix
41 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let cfg = config.services.clightning.plugins.trustedcoin; in
|
|
{
|
|
options.services.clightning.plugins.trustedcoin = {
|
|
enable = mkEnableOption "Trustedcoin (clightning plugin)";
|
|
|
|
package = mkOption {
|
|
type = types.package;
|
|
default = config.nix-bitcoin.pkgs.trustedcoin;
|
|
defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
|
|
description = mdDoc "The package providing trustedcoin binaries.";
|
|
};
|
|
|
|
tor.proxy = mkOption {
|
|
type = types.bool;
|
|
default = config.services.clightning.tor.proxy;
|
|
description = mdDoc "Whether to proxy outgoing connections with Tor.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.clightning = {
|
|
useBcliPlugin = false;
|
|
extraConfig = ''
|
|
plugin=${cfg.package}/bin/trustedcoin
|
|
'';
|
|
tor.enforce = mkIf (!cfg.tor.proxy) false;
|
|
};
|
|
|
|
systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
|
|
HTTPS_PROXY = let
|
|
clnProxy = config.services.clightning.proxy;
|
|
proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
|
|
in
|
|
"socks5://${proxy}";
|
|
};
|
|
};
|
|
}
|