bitcoind: add consistent address options

This commit is contained in:
Erik Arvstedt 2021-01-14 13:24:01 +01:00
parent 0c6579b942
commit 5b7e0d09b2
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
9 changed files with 33 additions and 36 deletions

View File

@ -22,16 +22,18 @@ let
${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"} ${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
# Connection options # Connection options
${optionalString cfg.listen "bind=${cfg.bind}"} ${optionalString cfg.listen "bind=${cfg.address}"}
${optionalString (cfg.port != null) "port=${toString cfg.port}"} port=${toString cfg.port}
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
listen=${if cfg.listen then "1" else "0"} listen=${if cfg.listen then "1" else "0"}
${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"} ${optionalString (cfg.discover != null) "discover=${if cfg.discover then "1" else "0"}"}
${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes} ${lib.concatMapStrings (node: "addnode=${node}\n") cfg.addnodes}
# RPC server options # RPC server options
${optionalString (cfg.rpcthreads != null) "rpcthreads=${toString cfg.rpcthreads}"} rpcbind=${cfg.rpc.address}
rpcport=${toString cfg.rpc.port} rpcport=${toString cfg.rpc.port}
rpcconnect=${cfg.rpc.address}
${optionalString (cfg.rpc.threads != null) "rpcthreads=${toString cfg.rpcthreads}"}
rpcwhitelistdefault=0 rpcwhitelistdefault=0
${concatMapStrings (user: '' ${concatMapStrings (user: ''
${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"} ${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"}
@ -39,8 +41,6 @@ let
"rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"} "rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"}
'') (builtins.attrValues cfg.rpc.users) '') (builtins.attrValues cfg.rpc.users)
} }
rpcbind=${cfg.rpcbind}
rpcconnect=${cfg.rpcbind}
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip} ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
# Wallet options # Wallet options
@ -57,6 +57,16 @@ in {
options = { options = {
services.bitcoind = { services.bitcoind = {
enable = mkEnableOption "Bitcoin daemon"; enable = mkEnableOption "Bitcoin daemon";
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = "Address to listen for peer connections.";
};
port = mkOption {
type = types.port;
default = 8333;
description = "Port to listen for peer connections.";
};
package = mkOption { package = mkOption {
type = types.package; type = types.package;
default = config.nix-bitcoin.pkgs.bitcoind; default = config.nix-bitcoin.pkgs.bitcoind;
@ -77,13 +87,6 @@ in {
default = "/var/lib/bitcoind"; default = "/var/lib/bitcoind";
description = "The data directory for bitcoind."; description = "The data directory for bitcoind.";
}; };
bind = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Bind to given address and always listen on it.
'';
};
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = "bitcoin"; default = "bitcoin";
@ -95,10 +98,17 @@ in {
description = "The group as which to run bitcoind."; description = "The group as which to run bitcoind.";
}; };
rpc = { rpc = {
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Address to listen for JSON-RPC connections.
'';
};
port = mkOption { port = mkOption {
type = types.port; type = types.port;
default = 8332; default = 8332;
description = "Port on which to listen for JSON-RPC connections."; description = "Port to listen for JSON-RPC connections.";
}; };
users = mkOption { users = mkOption {
default = {}; default = {};
@ -149,13 +159,6 @@ in {
default = null; default = null;
description = "Set the number of threads to service RPC calls"; description = "Set the number of threads to service RPC calls";
}; };
rpcbind = mkOption {
type = types.str;
default = "127.0.0.1";
description = ''
Bind to given address to listen for JSON-RPC connections.
'';
};
rpcallowip = mkOption { rpcallowip = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "127.0.0.1" ]; default = [ "127.0.0.1" ];
@ -176,11 +179,6 @@ in {
readOnly = true; readOnly = true;
default = mainnet: regtest: if cfg.regtest then regtest else mainnet; default = mainnet: regtest: if cfg.regtest then regtest else mainnet;
}; };
port = mkOption {
type = types.nullOr types.port;
default = null;
description = "Override the default port on which to listen for connections.";
};
proxy = mkOption { proxy = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null; default = if cfg.enforceTor then config.services.tor.client.socksListenAddress else null;

View File

@ -117,8 +117,8 @@ in {
configFile = builtins.toFile "config" '' configFile = builtins.toFile "config" ''
network=${config.services.bitcoind.network} network=${config.services.bitcoind.network}
btcrpcuser=${cfg.bitcoind.rpc.users.btcpayserver.name} btcrpcuser=${cfg.bitcoind.rpc.users.btcpayserver.name}
btcrpcurl=http://${config.services.bitcoind.rpcbind}:${toString cfg.bitcoind.rpc.port} btcrpcurl=http://${config.services.bitcoind.rpc.address}:${toString cfg.bitcoind.rpc.port}
btcnodeendpoint=${config.services.bitcoind.bind}:8333 btcnodeendpoint=${config.services.bitcoind.address}:${toString config.services.bitcoind.port}
bind=${cfg.nbxplorer.bind} bind=${cfg.nbxplorer.bind}
port=${toString cfg.nbxplorer.port} port=${toString cfg.nbxplorer.port}
''; '';

View File

@ -14,7 +14,7 @@ let
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"} ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
always-use-proxy=${if cfg.always-use-proxy then "true" else "false"} always-use-proxy=${if cfg.always-use-proxy then "true" else "false"}
bind-addr=${cfg.bind-addr}:${toString cfg.bindport} bind-addr=${cfg.bind-addr}:${toString cfg.bindport}
bitcoin-rpcconnect=${config.services.bitcoind.rpcbind} bitcoin-rpcconnect=${config.services.bitcoind.rpc.address}
bitcoin-rpcport=${toString config.services.bitcoind.rpc.port} bitcoin-rpcport=${toString config.services.bitcoind.rpc.port}
bitcoin-rpcuser=${config.services.bitcoind.rpc.users.public.name} bitcoin-rpcuser=${config.services.bitcoind.rpc.users.public.name}
rpc-file-mode=0660 rpc-file-mode=0660

View File

@ -95,7 +95,7 @@ in {
--daemon-dir='${bitcoind.dataDir}' \ --daemon-dir='${bitcoind.dataDir}' \
--electrum-rpc-addr=${cfg.address}:${toString cfg.port} \ --electrum-rpc-addr=${cfg.address}:${toString cfg.port} \
--monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \ --monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \
--daemon-rpc-addr=${bitcoind.rpcbind}:${toString bitcoind.rpc.port} \ --daemon-rpc-addr=${bitcoind.rpc.address}:${toString bitcoind.rpc.port} \
${cfg.extraArgs} ${cfg.extraArgs}
''; '';
User = cfg.user; User = cfg.user;

View File

@ -21,7 +21,7 @@ let
[BLOCKCHAIN] [BLOCKCHAIN]
blockchain_source = bitcoin-rpc blockchain_source = bitcoin-rpc
network = ${bitcoind.network} network = ${bitcoind.network}
rpc_host = ${bitcoind.rpcbind} rpc_host = ${bitcoind.rpc.address}
rpc_port = ${toString bitcoind.rpc.port} rpc_port = ${toString bitcoind.rpc.port}
rpc_user = ${bitcoind.rpc.users.privileged.name} rpc_user = ${bitcoind.rpc.users.privileged.name}
@@RPC_PASSWORD@@ @@RPC_PASSWORD@@

View File

@ -32,7 +32,7 @@ let
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip} ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"} ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"} ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
mainchainrpchost=${config.services.bitcoind.rpcbind} mainchainrpchost=${config.services.bitcoind.rpc.address}
mainchainrpcport=${toString config.services.bitcoind.rpc.port} mainchainrpcport=${toString config.services.bitcoind.rpc.port}
mainchainrpcuser=${config.services.bitcoind.rpc.users.public.name} mainchainrpcuser=${config.services.bitcoind.rpc.users.public.name}

View File

@ -8,7 +8,7 @@ let
secretsDir = config.nix-bitcoin.secretsDir; secretsDir = config.nix-bitcoin.secretsDir;
bitcoind = config.services.bitcoind; bitcoind = config.services.bitcoind;
bitcoindRpcAddress = bitcoind.rpcbind; bitcoindRpcAddress = bitcoind.rpc.address;
onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []); onion-chef-service = (if cfg.announce-tor then [ "onion-chef.service" ] else []);
networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}"; networkDir = "${cfg.dataDir}/chain/bitcoin/${bitcoind.network}";
configFile = pkgs.writeText "lnd.conf" '' configFile = pkgs.writeText "lnd.conf" ''

View File

@ -245,8 +245,8 @@ in {
}; };
services.bitcoind = { services.bitcoind = {
bind = netns.bitcoind.address; address = netns.bitcoind.address;
rpcbind = netns.bitcoind.address; rpc.address = netns.bitcoind.address;
rpcallowip = [ rpcallowip = [
bridgeIp # For operator user bridgeIp # For operator user
netns.bitcoind.address netns.bitcoind.address

View File

@ -53,7 +53,6 @@ in {
listen = true; listen = true;
dataDirReadableByGroup = mkIf cfg.electrs.high-memory true; dataDirReadableByGroup = mkIf cfg.electrs.high-memory true;
enforceTor = true; enforceTor = true;
port = 8333;
assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6"; assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6";
addnodes = [ "ecoc5q34tmbq54wl.onion" ]; addnodes = [ "ecoc5q34tmbq54wl.onion" ];
discover = false; discover = false;
@ -63,7 +62,7 @@ in {
# under high bitcoind rpc load # under high bitcoind rpc load
rpcthreads = 16; rpcthreads = 16;
}; };
services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.bind; }; services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.address; };
# clightning # clightning
services.clightning.enforceTor = true; services.clightning.enforceTor = true;