Skip to content

Commit

Permalink
lndhub-go: integrate LndHub.go
Browse files Browse the repository at this point in the history
  • Loading branch information
prusnak committed Aug 21, 2022
1 parent b214018 commit deeb21b
Show file tree
Hide file tree
Showing 11 changed files with 164 additions and 1 deletion.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ NixOS modules ([src](modules/modules.nix))
* [Lightning Pool](https://github.com/lightninglabs/pool)
* [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager
* [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service
* [LndHub.go](https://github.com/getAlby/lndhub.go): an accounting wrapper for the Lightning Network
* [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
* [spark-wallet](https://github.com/shesek/spark-wallet)
* [electrs](https://github.com/romanz/electrs)
Expand Down
5 changes: 5 additions & 0 deletions examples/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,11 @@
#
# services.fulcrum.enable = true;

### LNDHUB.GO
# Set this to enable LndHub.go, an accounting wrapper for the Lightning Network.
#
# services.lndhub-go.enable = true;

### BTCPayServer
# Set this to enable BTCPayServer, a self-hosted, open-source
# cryptocurrency payment processor.
Expand Down
1 change: 1 addition & 0 deletions modules/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
liquid = ./liquid.nix;
presets.secure-node = ./presets/secure-node.nix;
rtl = ./rtl.nix;
lndhub-go = ./lndhub-go.nix;
spark-wallet = ./spark-wallet.nix;
lnd = ./lnd.nix;
charge-lnd = ./charge-lnd.nix;
Expand Down
136 changes: 136 additions & 0 deletions modules/lndhub-go.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,136 @@
{ config, lib, pkgs, ... }:

with lib;
let
options.services = {
lndhub-go = {
enable = mkEnableOption "LndHub.go, an accounting wrapper for the Lightning Network";
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = "Address to listen on.";
};
port = mkOption {
type = types.port;
default = 8082;
description = "Port to listen on.";
};
settings = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
example = {
ALLOW_ACCOUNT_CREATION = false;
FEE_RESERVE = true;
MAX_SEND_AMOUNT = 1000000;
};
description = ''
LndHub.go settings.
See here for possible options:
https://github.com/getAlby/lndhub.go#available-configuration
'';
};
package = mkOption {
type = types.package;
default = config.nix-bitcoin.pkgs.lndhub-go;
defaultText = "config.nix-bitcoin.pkgs.lndhub-go";
description = "The package providing LndHub.go binaries.";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/lndhub-go";
description = "The data directory for LndHub.go.";
};
user = mkOption {
type = types.str;
default = "lndhub-go";
description = "The user as which to run LndHub.go.";
};
group = mkOption {
type = types.str;
default = cfg.user;
description = "The group as which to run LndHub.go.";
};
tor.enforce = nbLib.tor.enforce;
};
};

cfg = config.services.lndhub-go;
nbLib = config.nix-bitcoin.lib;

inherit (config.services)
lnd
postgresql;

configFile = builtins.toFile "lndhub-go-conf" (lib.generators.toKeyValue {} cfg.settings);

dbName = "lndhubgo";
in {
inherit options;

config = mkIf cfg.enable {
services.lnd = {
enable = true;
macaroons.lndhub-go = {
inherit (cfg) user;
permissions = ''{"entity":"info","action":"read"},{"entity":"invoices","action":"read"},{"entity":"invoices","action":"write"},{"entity":"offchain","action":"read"},{"entity":"offchain","action":"write"}'';
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ dbName ];
ensureUsers = [
{
name = cfg.user;
ensurePermissions."DATABASE ${dbName}" = "ALL PRIVILEGES";
}
];
};

services.lndhub-go.settings = {
HOST = cfg.address;
PORT = cfg.port;
DATABASE_URI = "unix://${cfg.user}@${dbName}/run/postgresql/.s.PGSQL.${toString postgresql.port}?sslmode=disable";
LND_ADDRESS = "${nbLib.addressWithPort lnd.address lnd.port}";
LND_MACAROON_FILE = "/run/lnd/lndhub-go.macaroon";
LND_CERT_FILE = lnd.certPath;
BRANDING_TITLE = "LndHub.go - Nix-Bitcoin";
BRANDING_DESC = "Accounting wrapper for the Lightning Network";
BRANDING_URL = "https://nixbitcoin.org";
BRANDING_LOGO = "https://nixbitcoin.org/files/nix-bitcoin-logo-text.png";
BRANDING_FAVICON = "https://nixbitcoin.org/files/nix-bitcoin-logo.png";
BRANDING_FOOTER = "about=https://nixbitcoin.org;github=https://github.com/fort-nix/nix-bitcoin";
};

systemd.services.lndhub-go = rec {
wantedBy = [ "multi-user.target" ];
requires = [ "lnd.service" "postgresql.service" ];
after = requires;
preStart = ''
set -euo pipefail
{
cat ${configFile}
echo "JWT_SECRET=$(cat '${config.nix-bitcoin.secretsDir}/lndhub.go-jwt-secret')"
} > .env
'';
serviceConfig = nbLib.defaultHardening // {
StateDirectory = "lndhub-go";
StateDirectoryMode = "770";
WorkingDirectory = "/var/lib/lndhub-go";
ExecStart = "${config.nix-bitcoin.pkgs.lndhub-go}/bin/lndhub.go";
User = cfg.user;
Restart = "on-failure";
RestartSec = "10s";
} // nbLib.allowedIPAddresses cfg.tor.enforce;
};

users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
};
users.groups.${cfg.group} = {};

nix-bitcoin.secrets."lndhub.go-jwt-secret".user = cfg.user;
nix-bitcoin.generateSecretsCmds.lndhub-go = ''
makePasswordSecret lndhub.go-jwt-secret
'';
};
}
1 change: 1 addition & 0 deletions modules/modules.nix
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
./clightning-replication.nix
./spark-wallet.nix
./lnd.nix
./lndhub-go.nix
./lightning-loop.nix
./lightning-pool.nix
./charge-lnd.nix
Expand Down
6 changes: 6 additions & 0 deletions modules/netns-isolation.nix
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,10 @@ in {
id = 31;
connections = [ "bitcoind" ];
};
lndhub-go = {
id = 32;
connections = [ "lnd" ];
};
};

services.bitcoind = {
Expand Down Expand Up @@ -355,6 +359,8 @@ in {
services.rtl.address = netns.rtl.address;

services.clightning-rest.address = netns.clightning-rest.address;

services.lndhub-go.address = netns.lndhub-go.address;
}
]);
}
1 change: 1 addition & 0 deletions modules/nodeinfo.nix
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ in {
liquidd = mkInfo "";
joinmarket-ob-watcher = mkInfo "";
rtl = mkInfo "";
lndhub-go = mkInfo "";
# Only add sshd when it has an onion service
sshd = name: cfg: mkIfOnionPort "sshd" (onionPort: ''
add_service("sshd", """set_onion_address(info, "sshd", ${onionPort})""")
Expand Down
2 changes: 2 additions & 0 deletions modules/presets/enable-tor.nix
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ in {
joinmarket = defaultEnforceTor;
joinmarket-ob-watcher = defaultEnforceTor;
clightning-rest = defaultEnforceTor;
lndhub-go = defaultEnforceTor;
};

# Add onion services for incoming connections
Expand All @@ -51,5 +52,6 @@ in {
spark-wallet.enable = defaultTrue;
joinmarket-ob-watcher.enable = defaultTrue;
rtl.enable = defaultTrue;
lndhub-go.enable = defaultTrue;
};
}
3 changes: 2 additions & 1 deletion pkgs/pinned.nix
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@ pkgs: pkgsUnstable:
fulcrum
hwi
lightning-loop
lnd;
lnd
lndhub-go;

inherit pkgs pkgsUnstable;
}
4 changes: 4 additions & 0 deletions test/tests.nix
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,8 @@ let
tests.liquidd = cfg.liquidd.enable;
services.liquidd.extraConfig = mkIf config.test.noConnections "connect=0";

tests.lndhub-go = cfg.lndhub-go.enable;

tests.btcpayserver = cfg.btcpayserver.enable;
services.btcpayserver = {
lightningBackend = mkDefault "lnd";
Expand Down Expand Up @@ -204,6 +206,7 @@ let
services.lightning-loop.enable = true;
services.lightning-pool.enable = true;
services.charge-lnd.enable = true;
services.lndhub-go.enable = true;
services.electrs.enable = true;
services.fulcrum.enable = true;
services.liquidd.enable = true;
Expand Down Expand Up @@ -251,6 +254,7 @@ let
services.lightning-loop.enable = true;
services.lightning-pool.enable = true;
services.charge-lnd.enable = true;
services.lndhub-go.enable = true;
services.electrs.enable = true;
services.fulcrum.enable = true;
services.btcpayserver.enable = true;
Expand Down
5 changes: 5 additions & 0 deletions test/tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,11 @@ def _():
def _():
succeed("systemctl stop electrs")

@test("lndhub-go")
def _():
assert_running("lndhub-go")
wait_for_open_port(ip("lndhub-go"), 8082)

@test("liquidd")
def _():
assert_running("liquidd")
Expand Down

0 comments on commit deeb21b

Please sign in to comment.