diff --git a/README.md b/README.md index d4a8c3ae6..42c1df5ed 100644 --- a/README.md +++ b/README.md @@ -82,6 +82,7 @@ NixOS modules ([src](modules/modules.nix)) * [Lightning Pool](https://github.com/lightninglabs/pool) * [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager * [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service + * [LndHub.go](https://github.com/getAlby/lndhub.go): an accounting wrapper for the Lightning Network * [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning` * [spark-wallet](https://github.com/shesek/spark-wallet) * [electrs](https://github.com/romanz/electrs) diff --git a/examples/configuration.nix b/examples/configuration.nix index 1dec72db4..819d32a66 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -125,6 +125,10 @@ # Set this to enable electrs, an efficient Electrum server implemented in Rust. # services.electrs.enable = true; + ### LNDHUB.GO + # Set this to enable LndHub.go, an accounting wrapper for the Lightning Network. + # services.lndhub-go.enable = true; + ### BTCPayServer # Set this to enable BTCPayServer, a self-hosted, open-source # cryptocurrency payment processor. diff --git a/modules/default.nix b/modules/default.nix index f173f9ac5..6f10628fe 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -7,6 +7,7 @@ liquid = ./liquid.nix; presets.secure-node = ./presets/secure-node.nix; rtl = ./rtl.nix; + lndhub-go = ./lndhub-go.nix; spark-wallet = ./spark-wallet.nix; lnd = ./lnd.nix; charge-lnd = ./charge-lnd.nix; diff --git a/modules/lndhub-go.nix b/modules/lndhub-go.nix new file mode 100644 index 000000000..79d933e0b --- /dev/null +++ b/modules/lndhub-go.nix @@ -0,0 +1,117 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + options.services = { + lndhub-go = { + enable = mkEnableOption "LndHub.go, an accounting wrapper for the Lightning Network"; + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = "Address to listen on."; + }; + port = mkOption { + type = types.port; + default = 3001; + description = "Port to listen on."; + }; + feeReserve = mkOption { + type = types.bool; + default = false; + description = "Keep fee reserve for each user."; + }; + allowAccountCreation = mkOption { + type = types.bool; + default = true; + description = "Enable creation of new accounts."; + }; + dataDir = mkOption { + type = types.path; + default = "/var/lib/lndhub-go"; + description = "The data directory for LndHub.go."; + }; + user = mkOption { + type = types.str; + default = "lndhub-go"; + description = "The user as which to run LndHub.go."; + }; + group = mkOption { + type = types.str; + default = cfg.lndhub-go.user; + description = "The group as which to run LndHub.go."; + }; + tor.enforce = nbLib.tor.enforce; + }; + }; + + cfg = config.services; + nbLib = config.nix-bitcoin.lib; + +in { + inherit options; + + config = mkIf cfg.lndhub-go.enable { + services.lnd = { + enable = true; + macaroons.lndhub-go = { + inherit (cfg.lndhub-go) user; + permissions = ''{"entity":"info","action":"read"},{"entity":"invoices","action":"read"},{"entity":"invoices","action":"write"},{"entity":"offchain","action":"read"},{"entity":"offchain","action":"write"}''; + }; + }; + services.postgresql = { + enable = true; + ensureDatabases = [ "lndhub-go" ]; + ensureUsers = [ + { + name = cfg.lndhub-go.user; + ensurePermissions."DATABASE lndhub-go" = "ALL PRIVILEGES"; + } + ]; + }; + + systemd.services.lndhub-go = { + wantedBy = [ "multi-user.target" ]; + requires = [ "lnd.service" "postgresql.service" ]; + after = self.requires; + preStart = '' + mkdir -p '${cfg.lndhub-go.dataDir}'; + { + echo "DATABASE_URI=postgresql://${cfg.lndhub-go.user}:@localhost:${toString cfg.postgresql.port}/lndhub-go?sslmode=disable" + echo "JWT_SECRET=$(cat ${config.nix-bitcoin.secretsDir}/lndhub.go-jwt_secret)" + echo "LND_ADDRESS="${cfg.lnd.address}:${toString cfg.lnd.port}" + echo "LND_MACAROON_HEX=$(xxd -p -c 9999 /run/lnd/lndhub-go.macaroon)" + echo "LND_CERT_HEX=$(xxd -p -c 9999 ${cfg.lnd.certPath})" + echo "HOST=${cfg.lndhub-go.address}" + echo "PORT=${toString cfg.lndhub-go.port}" + echo "FEE_RESERVE=${cfg.lndhub-go.feeReserve}" + echo "ALLOW_ACCOUNT_CREATION=${cfg.lndhub-go.allowAccountCreation}" + echo "BRANDING_TITLE=LndHub.go - Nix-Bitcoin" + echo "BRANDING_DESC=Accounting wrapper for the Lightning Network" + echo "BRANDING_URL=https://nixbitcoin.org" + echo "BRANDING_LOGO=https://nixbitcoin.org/files/nix-bitcoin-logo-text.png" + echo "BRANDING_FAVICON=https://nixbitcoin.org/files/nix-bitcoin-logo.png" + echo "BRANDING_FOOTER=about=https://nixbitcoin.org,github=https://github.com/fort-nix/nix-bitcoin" + } > '${cfg.lndhub-go.dataDir}/lndhub-go.env' + chmod 600 '${cfg.lndhub-go.dataDir}/lndhub-go.env' + ''; + serviceConfig = nbLib.defaultHardening // { + EnvironmentFile = "${cfg.lndhub-go.dataDir}/lndhub-go.env"; + ExecStart = '' + ${cfg.lndhub-go.package}/bin/lndhub.go + ''; + User = cfg.lndhub-go.user; + Restart = "on-failure"; + RestartSec = "10s"; + } // nbLib.allowedIPAddresses cfg.lndhub-go.tor.enforce; + }; + + users.users.${cfg.lndhub-go.user} = { + isSystemUser = true; + group = cfg.lndhub-go.group; + }; + users.groups.${cfg.lndhub-go.group} = {}; + nix-bitcoin.generateSecretsCmds.lndhub-go = '' + makePasswordSecret lndhub.go-jwt_secret + ''; + }; +} diff --git a/modules/modules.nix b/modules/modules.nix index bf0dbab64..b6039cb46 100644 --- a/modules/modules.nix +++ b/modules/modules.nix @@ -15,6 +15,7 @@ ./clightning-rest.nix ./spark-wallet.nix ./lnd.nix + ./lndhub-go.nix ./lightning-loop.nix ./lightning-pool.nix ./charge-lnd.nix diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index 725ae5bc7..b563a9c28 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -293,6 +293,10 @@ in { clightning-rest = { id = 30; }; + lndhub-go = { + id = 31; + connections = [ "lnd" ]; + }; }; services.bitcoind = { @@ -349,6 +353,8 @@ in { services.rtl.address = netns.rtl.address; services.clightning-rest.address = netns.clightning-rest.address; + + services.lndhub-go.address = netns.lndhub-go.address; } ]); } diff --git a/modules/nodeinfo.nix b/modules/nodeinfo.nix index 5bbc4e044..494473ffb 100644 --- a/modules/nodeinfo.nix +++ b/modules/nodeinfo.nix @@ -137,6 +137,7 @@ in { liquidd = mkInfo ""; joinmarket-ob-watcher = mkInfo ""; rtl = mkInfo ""; + lndhub-go = mkInfo ""; # Only add sshd when it has an onion service sshd = name: cfg: mkIfOnionPort "sshd" (onionPort: '' add_service("sshd", """set_onion_address(info, "sshd", ${onionPort})""") diff --git a/modules/presets/enable-tor.nix b/modules/presets/enable-tor.nix index 2a0ed02df..a12d6ecd8 100644 --- a/modules/presets/enable-tor.nix +++ b/modules/presets/enable-tor.nix @@ -39,6 +39,7 @@ in { joinmarket = defaultEnforceTor; joinmarket-ob-watcher = defaultEnforceTor; clightning-rest = defaultEnforceTor; + lndhub-go = defaultEnforceTor; }; # Add onion services for incoming connections @@ -49,5 +50,6 @@ in { spark-wallet.enable = defaultTrue; joinmarket-ob-watcher.enable = defaultTrue; rtl.enable = defaultTrue; + lndhub-go.enable = defaultTrue; }; } diff --git a/pkgs/pinned.nix b/pkgs/pinned.nix index d10c9e0d2..3a72c2f46 100644 --- a/pkgs/pinned.nix +++ b/pkgs/pinned.nix @@ -17,6 +17,7 @@ pkgs: pkgsUnstable: hwi lightning-loop lnd + lndhub-go nbxplorer; inherit pkgs pkgsUnstable; diff --git a/test/tests.nix b/test/tests.nix index 89686881e..8e5bd400b 100644 --- a/test/tests.nix +++ b/test/tests.nix @@ -112,6 +112,8 @@ let tests.liquidd = cfg.liquidd.enable; services.liquidd.extraConfig = mkIf config.test.noConnections "connect=0"; + tests.lndhub-go = cfg.lndhub-go.enable; + tests.btcpayserver = cfg.btcpayserver.enable; services.btcpayserver = { lightningBackend = mkDefault "lnd"; @@ -193,6 +195,7 @@ let services.lightning-loop.enable = true; services.lightning-pool.enable = true; services.charge-lnd.enable = true; + services.lndhub-go.enable = true; services.electrs.enable = true; services.liquidd.enable = true; services.btcpayserver.enable = true; @@ -239,6 +242,7 @@ let services.lightning-loop.enable = true; services.lightning-pool.enable = true; services.charge-lnd.enable = true; + services.lndhub-go.enable = true; services.electrs.enable = true; services.btcpayserver.enable = true; services.joinmarket.enable = true;