mirror of
https://github.com/fort-nix/nix-bitcoin.git
synced 2024-11-27 12:06:33 +03:00
a3490dfc0f
Currently, public services that publish their onion addresses have a `requires` dependeny on service `onion-addresses`, so they are restarted when `onion-addresses` restarts. This has the downside that most of nix-bitcoin's services are restarted when a new onion service is added and the system config has the following common settings: - nix-bitcoin.onionServices.bitcoind.public = true - nix-bitcoin.operator.enable = true Sequence of events: 1. onion service is added 2. `onion-addresses` restarts, because the new onion service is made available to `operator` 3. bitcoind restarts 4. all depending services restart Fix this by using a `wants` dependency.
129 lines
4.2 KiB
Nix
129 lines
4.2 KiB
Nix
# This module creates onion-services for NixOS services.
|
|
# An onion service can be enabled for every service that defines
|
|
# options 'address', 'port' and optionally 'getPublicAddressCmd'.
|
|
#
|
|
# See it in use at ./presets/enable-tor.nix
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
options.nix-bitcoin.onionServices = mkOption {
|
|
default = {};
|
|
type = with types; attrsOf (submodule (
|
|
{ config, ... }: {
|
|
options = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = config.public;
|
|
description = ''
|
|
Create an onion service for the given service.
|
|
The service must define options 'address' and 'onionPort' (or `port`).
|
|
'';
|
|
};
|
|
public = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = ''
|
|
Make the onion address accessible to the service.
|
|
If enabled, the onion service is automatically enabled.
|
|
Only available for services that define option `getPublicAddressCmd`.
|
|
'';
|
|
};
|
|
externalPort = mkOption {
|
|
type = types.nullOr types.port;
|
|
default = null;
|
|
description = "Override the external port of the onion service.";
|
|
};
|
|
};
|
|
}
|
|
));
|
|
};
|
|
|
|
cfg = config.nix-bitcoin.onionServices;
|
|
nbLib = config.nix-bitcoin.lib;
|
|
|
|
onionServices = builtins.attrNames cfg;
|
|
|
|
activeServices = builtins.filter (service:
|
|
config.services.${service}.enable && cfg.${service}.enable
|
|
) onionServices;
|
|
|
|
publicServices = builtins.filter (service: cfg.${service}.public) activeServices;
|
|
in {
|
|
inherit options;
|
|
|
|
config = mkMerge [
|
|
(mkIf (activeServices != []) {
|
|
# Define hidden services
|
|
services.tor = {
|
|
enable = true;
|
|
relay.onionServices = genAttrs activeServices (name:
|
|
let
|
|
service = config.services.${name};
|
|
inherit (cfg.${name}) externalPort;
|
|
in nbLib.mkOnionService {
|
|
port = if externalPort != null then externalPort else service.port;
|
|
target.port = service.onionPort or service.port;
|
|
target.addr = nbLib.address service.address;
|
|
}
|
|
);
|
|
};
|
|
|
|
nix-bitcoin.onionAddresses = {
|
|
# Enable public services to access their own onion addresses
|
|
services = publicServices;
|
|
|
|
# Allow the operator user to access onion addresses for all active services
|
|
access.${config.nix-bitcoin.operator.name} = mkIf config.nix-bitcoin.operator.enable activeServices;
|
|
};
|
|
systemd.services = let
|
|
onionAddresses = [ "onion-addresses.service" ];
|
|
in genAttrs publicServices (service: {
|
|
# TODO-EXTERNAL: Instead of `wants`, use a future systemd dependency type
|
|
# that propagates initial start failures but no restarts
|
|
wants = onionAddresses;
|
|
after = onionAddresses;
|
|
});
|
|
})
|
|
|
|
# Set getPublicAddressCmd for public services
|
|
{
|
|
services = let
|
|
# publicServices' doesn't depend on config.services.*.enable,
|
|
# so we can use it to define config.services without causing infinite recursion
|
|
publicServices' = builtins.filter (service:
|
|
let srv = cfg.${service};
|
|
in srv.public && srv.enable
|
|
) onionServices;
|
|
in genAttrs publicServices' (service: {
|
|
getPublicAddressCmd = "cat ${config.nix-bitcoin.onionAddresses.dataDir}/services/${service}";
|
|
});
|
|
}
|
|
|
|
# Set sensible defaults for some services
|
|
{
|
|
nix-bitcoin.onionServices = {
|
|
spark-wallet = {
|
|
externalPort = 80;
|
|
# Enable 'public' by default, but don't auto-enable the onion service.
|
|
# When the onion service is enabled, 'public' lets spark-wallet generate
|
|
# a QR code for accessing the web interface.
|
|
public = true;
|
|
# Low priority so we can override this with mkDefault in ./presets/enable-tor.nix
|
|
enable = mkOverride 1400 false;
|
|
};
|
|
btcpayserver = {
|
|
externalPort = 80;
|
|
};
|
|
joinmarket-ob-watcher = {
|
|
externalPort = 80;
|
|
};
|
|
rtl = {
|
|
externalPort = 80;
|
|
};
|
|
};
|
|
}
|
|
];
|
|
}
|