diff --git a/modules/bitcoind-rpc-public-whitelist.nix b/modules/bitcoind-rpc-public-whitelist.nix index 0d3d204..425b5e2 100644 --- a/modules/bitcoind-rpc-public-whitelist.nix +++ b/modules/bitcoind-rpc-public-whitelist.nix @@ -35,6 +35,7 @@ "getnetworkhashps" # Network "getnetworkinfo" + "getnodeaddresses" "getpeerinfo" # Rawtransactions "analyzepsbt" diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index 062915c..883618a 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -109,7 +109,7 @@ let example = { alice = { passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae"; - rpcwhitelist = [ "getnetworkinfo" "getpeerinfo" ]; + rpcwhitelist = [ "sendtoaddress" "getnewaddress" ]; }; }; type = with types; attrsOf (submodule ({ name, ... }: { diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index d5a8cd4..727b822 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -117,7 +117,6 @@ in { rpcwhitelist = cfg.bitcoind.rpc.users.public.rpcwhitelist ++ [ "setban" "generatetoaddress" - "getpeerinfo" ]; }; listenWhitelisted = true; diff --git a/modules/lnd.nix b/modules/lnd.nix index 78dadb7..701bb90 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -174,7 +174,7 @@ let ${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"} bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port} - bitcoind.rpcuser=${bitcoind.rpc.users.${rpcUser}.name} + bitcoind.rpcuser=${bitcoind.rpc.users.public.name} bitcoind.zmqpubrawblock=${zmqHandleSpecialAddress bitcoind.zmqpubrawblock} bitcoind.zmqpubrawtx=${zmqHandleSpecialAddress bitcoind.zmqpubrawtx} @@ -184,16 +184,11 @@ let ''; zmqHandleSpecialAddress = builtins.replaceStrings [ "0.0.0.0" "[::]" ] [ "127.0.0.1" "[::1]" ]; - - isPruned = bitcoind.prune > 0; - # When bitcoind pruning is enabled, lnd requires non-public RPC commands `getpeerinfo`, `getnodeaddresses` - # to fetch missing blocks from peers (implemented in btcsuite/btcwallet/chain/pruned_block_dispatcher.go) - rpcUser = if isPruned then "lnd" else "public"; in { inherit options; - config = mkIf cfg.enable (mkMerge [ { + config = mkIf cfg.enable { assertions = [ { assertion = !(config.services ? clightning) @@ -233,7 +228,7 @@ in { preStart = '' install -m600 ${configFile} '${cfg.dataDir}/lnd.conf' { - echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-${rpcUser})" + echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" ${optionalString (cfg.getPublicAddressCmd != "") '' echo "externalip=$(${cfg.getPublicAddressCmd})" ''} @@ -311,22 +306,5 @@ in { makePasswordSecret lnd-wallet-password makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}' ''; - } - - (mkIf isPruned { - services.bitcoind.rpc.users.lnd = { - passwordHMACFromFile = true; - rpcwhitelist = bitcoind.rpc.users.public.rpcwhitelist ++ [ - "getpeerinfo" - "getnodeaddresses" - ]; - }; - nix-bitcoin.secrets = { - bitcoin-rpcpassword-lnd.user = cfg.user; - bitcoin-HMAC-lnd.user = bitcoind.user; - }; - nix-bitcoin.generateSecretsCmds.lndBitcoinRPC = '' - makeBitcoinRPCPassword lnd - ''; - }) ]); + }; }