2018-12-06 14:39:54 +03:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
2019-01-01 22:16:24 +03:00
|
|
|
cfg = config.services.nix-bitcoin-webindex;
|
2019-11-27 16:04:23 +03:00
|
|
|
inherit (config) nix-bitcoin-services;
|
2018-12-06 14:39:54 +03:00
|
|
|
indexFile = pkgs.writeText "index.html" ''
|
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<p>
|
|
|
|
<h1>
|
|
|
|
nix-bitcoin
|
|
|
|
</h1>
|
|
|
|
</p>
|
2020-06-10 17:44:50 +03:00
|
|
|
${optionalString config.services.nanopos.enable ''<p><h2><a href="store/">store</a></h2></p>''}
|
2018-12-06 14:39:54 +03:00
|
|
|
<p>
|
|
|
|
<h3>
|
|
|
|
lightning node: CLIGHTNING_ID
|
|
|
|
</h3>
|
|
|
|
</p>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
'';
|
|
|
|
createWebIndex = pkgs.writeText "make-index.sh" ''
|
|
|
|
set -e
|
|
|
|
cp ${indexFile} /var/www/index.html
|
2020-05-06 13:43:57 +03:00
|
|
|
chown -R nginx:nginx /var/www/
|
2018-12-06 14:39:54 +03:00
|
|
|
nodeinfo
|
|
|
|
. <(nodeinfo)
|
|
|
|
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
|
|
|
|
'';
|
|
|
|
in {
|
2019-01-01 22:16:24 +03:00
|
|
|
options.services.nix-bitcoin-webindex = {
|
2018-12-06 14:39:54 +03:00
|
|
|
enable = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
If enabled, the webindex service will be installed.
|
|
|
|
'';
|
|
|
|
};
|
2020-06-10 17:48:20 +03:00
|
|
|
host = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "localhost";
|
|
|
|
description = "HTTP server listen address.";
|
|
|
|
};
|
2019-04-28 02:53:26 +03:00
|
|
|
enforceTor = nix-bitcoin-services.enforceTor;
|
2018-12-06 14:39:54 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2020-06-15 13:34:11 +03:00
|
|
|
assertions = [
|
|
|
|
{ assertion = config.services.nanopos.enable;
|
|
|
|
message = "nix-bitcoin-webindex requires nanopos.";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2020-05-06 13:43:57 +03:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d /var/www 0755 nginx nginx - -"
|
|
|
|
];
|
|
|
|
|
2018-12-06 14:39:54 +03:00
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts."_" = {
|
|
|
|
root = "/var/www";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
services.tor.hiddenServices.nginx = {
|
|
|
|
map = [{
|
2020-06-10 17:48:20 +03:00
|
|
|
port = 80; toHost = cfg.host;
|
2018-12-06 14:39:54 +03:00
|
|
|
} {
|
2020-06-10 17:48:20 +03:00
|
|
|
port = 443; toHost = cfg.host;
|
2018-12-06 14:39:54 +03:00
|
|
|
}];
|
|
|
|
version = 3;
|
|
|
|
};
|
|
|
|
|
|
|
|
# create-web-index
|
|
|
|
systemd.services.create-web-index = {
|
|
|
|
description = "Get node info";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
2020-08-21 23:35:58 +03:00
|
|
|
path = with pkgs; [
|
2020-05-03 17:42:53 +03:00
|
|
|
config.programs.nodeinfo
|
2019-11-27 16:04:33 +03:00
|
|
|
jq
|
|
|
|
sudo
|
2020-08-21 23:35:58 +03:00
|
|
|
] ++ optional config.services.lnd.enable config.services.lnd.cli
|
|
|
|
++ optional config.services.clightning.enable config.services.clightning.cli;
|
2020-05-05 16:18:41 +03:00
|
|
|
serviceConfig = nix-bitcoin-services.defaultHardening // {
|
2018-12-06 14:39:54 +03:00
|
|
|
ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
|
|
|
|
User = "root";
|
|
|
|
Type = "simple";
|
|
|
|
RemainAfterExit="yes";
|
|
|
|
Restart = "on-failure";
|
|
|
|
RestartSec = "10s";
|
2020-05-05 16:25:00 +03:00
|
|
|
PrivateNetwork = "true"; # This service needs no network access
|
2020-05-06 11:28:00 +03:00
|
|
|
PrivateUsers = "false";
|
2020-05-05 18:15:16 +03:00
|
|
|
ReadWritePaths = "/var/www";
|
2020-05-05 16:27:07 +03:00
|
|
|
CapabilityBoundingSet = "CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER";
|
2020-05-05 16:18:41 +03:00
|
|
|
} // (if cfg.enforceTor
|
2019-04-28 02:53:26 +03:00
|
|
|
then nix-bitcoin-services.allowTor
|
|
|
|
else nix-bitcoin-services.allowAnyIP
|
|
|
|
);
|
2018-12-06 14:39:54 +03:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|