fort-nix/nix-bitcoin
1
1
Fork 0
mirror of https://github.com/fort-nix/nix-bitcoin.git synced 2024-11-22 22:33:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

trustedcoin: add option tor.proxy

Browse Source 
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.

Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.

Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
This commit is contained in:
Erik Arvstedt 2023-08-03 15:38:45 +02:00
parent 31b76f1ffe
commit 53ea447ab7
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/services.md
View File

@ -590,10 +590,7 @@ lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.inf
lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>... lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>...
``` ```
If you face these issues and you still need to use trustedcoin, use can disable To work around this and connect via clearnet instead, set this option:
clightning's tor hardening by setting this option in your `configuration.nix` ```nix
file: services.clightning.plugins.trustedcoin.tor.proxy = false;
```
services.clightning.tor.enforce = false;
``` ```

18
modules/clightning-plugins/trustedcoin.nix
View File

@ -5,12 +5,19 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
{ {
options.services.clightning.plugins.trustedcoin = { options.services.clightning.plugins.trustedcoin = {
enable = mkEnableOption "Trustedcoin (clightning plugin)"; enable = mkEnableOption "Trustedcoin (clightning plugin)";
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = config.nix-bitcoin.pkgs.trustedcoin; default = config.nix-bitcoin.pkgs.trustedcoin;
defaultText = "config.nix-bitcoin.pkgs.trustedcoin"; defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
description = mdDoc "The package providing trustedcoin binaries."; description = mdDoc "The package providing trustedcoin binaries.";
}; };
tor.proxy = mkOption {
type = types.bool;
default = config.services.clightning.tor.proxy;
description = mdDoc "Whether to proxy outgoing connections with Tor.";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -19,12 +26,15 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
extraConfig = '' extraConfig = ''
plugin=${cfg.package}/bin/trustedcoin plugin=${cfg.package}/bin/trustedcoin
''; '';
tor.enforce = mkIf (!cfg.tor.proxy) false;
}; };
# Trustedcoin does not honor the clightning's proxy configuration. systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
# Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19 HTTPS_PROXY = let
systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) { clnProxy = config.services.clightning.proxy;
HTTPS_PROXY = "socks5://${config.services.clightning.proxy}"; proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
in
"socks5://${proxy}";
}; };
}; };
} }