Merge fort-nix/nix-bitcoin#723: bitcoind-rpc-public-whitelist: Add getnodeaddresses

da625fc13d bitcoind.rpc.users: improve example (Erik Arvstedt)
a04c15958a btcpayserver: remove redundant RPC entry from whitelist (Erik Arvstedt)
fee9dc8c17 bitcoind-rpc-public-whitelist: add `getnodeaddresses` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK da625fc13d

Tree-SHA512: a0e2394d3b5af13b06a6b6e8ecb6a228b4b2bf5b56b063c2029025cafb337de1d8431ec28ea4343f48b1e3534136080d00b450558c9e772afeee371b9ea70419
This commit is contained in:
Jonas Nick 2024-08-02 15:06:51 +00:00
commit ac5c280a6a
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
4 changed files with 6 additions and 28 deletions

View File

@ -35,6 +35,7 @@
"getnetworkhashps"
# Network
"getnetworkinfo"
"getnodeaddresses"
"getpeerinfo"
# Rawtransactions
"analyzepsbt"

View File

@ -109,7 +109,7 @@ let
example = {
alice = {
passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
rpcwhitelist = [ "getnetworkinfo" "getpeerinfo" ];
rpcwhitelist = [ "sendtoaddress" "getnewaddress" ];
};
};
type = with types; attrsOf (submodule ({ name, ... }: {

View File

@ -117,7 +117,6 @@ in {
rpcwhitelist = cfg.bitcoind.rpc.users.public.rpcwhitelist ++ [
"setban"
"generatetoaddress"
"getpeerinfo"
];
};
listenWhitelisted = true;

View File

@ -174,7 +174,7 @@ let
${optionalString (cfg.tor-socks != null) "tor.socks=${cfg.tor-socks}"}
bitcoind.rpchost=${bitcoindRpcAddress}:${toString bitcoind.rpc.port}
bitcoind.rpcuser=${bitcoind.rpc.users.${rpcUser}.name}
bitcoind.rpcuser=${bitcoind.rpc.users.public.name}
bitcoind.zmqpubrawblock=${zmqHandleSpecialAddress bitcoind.zmqpubrawblock}
bitcoind.zmqpubrawtx=${zmqHandleSpecialAddress bitcoind.zmqpubrawtx}
@ -184,16 +184,11 @@ let
'';
zmqHandleSpecialAddress = builtins.replaceStrings [ "0.0.0.0" "[::]" ] [ "127.0.0.1" "[::1]" ];
isPruned = bitcoind.prune > 0;
# When bitcoind pruning is enabled, lnd requires non-public RPC commands `getpeerinfo`, `getnodeaddresses`
# to fetch missing blocks from peers (implemented in btcsuite/btcwallet/chain/pruned_block_dispatcher.go)
rpcUser = if isPruned then "lnd" else "public";
in {
inherit options;
config = mkIf cfg.enable (mkMerge [ {
config = mkIf cfg.enable {
assertions = [
{ assertion =
!(config.services ? clightning)
@ -233,7 +228,7 @@ in {
preStart = ''
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
{
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-${rpcUser})"
echo "bitcoind.rpcpass=$(cat ${secretsDir}/bitcoin-rpcpassword-public)"
${optionalString (cfg.getPublicAddressCmd != "") ''
echo "externalip=$(${cfg.getPublicAddressCmd})"
''}
@ -311,22 +306,5 @@ in {
makePasswordSecret lnd-wallet-password
makeCert lnd '${nbLib.mkCertExtraAltNames cfg.certificate}'
'';
}
(mkIf isPruned {
services.bitcoind.rpc.users.lnd = {
passwordHMACFromFile = true;
rpcwhitelist = bitcoind.rpc.users.public.rpcwhitelist ++ [
"getpeerinfo"
"getnodeaddresses"
];
};
nix-bitcoin.secrets = {
bitcoin-rpcpassword-lnd.user = cfg.user;
bitcoin-HMAC-lnd.user = bitcoind.user;
};
nix-bitcoin.generateSecretsCmds.lndBitcoinRPC = ''
makeBitcoinRPCPassword lnd
'';
}) ]);
}