lndhub-go: integrate LndHub.go into Nix-Bitcoin

README.md

@@ -82,6 +82,7 @@ NixOS modules ([src](modules/modules.nix))
     * [Lightning Pool](https://github.com/lightninglabs/pool)
     * [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager
   * [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service
+  * [LndHub.go](https://github.com/getAlby/lndhub.go): an accounting wrapper for the Lightning Network
   * [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
   * [spark-wallet](https://github.com/shesek/spark-wallet)
   * [electrs](https://github.com/romanz/electrs)

examples/configuration.nix

@@ -125,6 +125,10 @@
   # Set this to enable electrs, an efficient Electrum server implemented in Rust.
   # services.electrs.enable = true;
 
+  ### LNDHUB.GO
+  # Set this to enable LndHub.go, an accounting wrapper for the Lightning Network.
+  # services.lndhub-go.enable = true;
+
   ### BTCPayServer
   # Set this to enable BTCPayServer, a self-hosted, open-source
   # cryptocurrency payment processor.

modules/default.nix

@@ -7,6 +7,7 @@
   liquid = ./liquid.nix;
   presets.secure-node = ./presets/secure-node.nix;
   rtl = ./rtl.nix;
+  lndhub-go = ./lndhub-go.nix;
   spark-wallet = ./spark-wallet.nix;
   lnd = ./lnd.nix;
   charge-lnd = ./charge-lnd.nix;

modules/lndhub-go.nix

@@ -0,0 +1,117 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  options.services = {
+    lndhub-go = {
+      enable = mkEnableOption "LndHub.go, an accounting wrapper for the Lightning Network";
+      address = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "Address to listen on.";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 3001;
+        description = "Port to listen on.";
+      };
+      feeReserve = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Keep fee reserve for each user.";
+      };
+      allowAccountCreation = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable creation of new accounts.";
+      };
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/lib/lndhub-go";
+        description = "The data directory for LndHub.go.";
+      };
+      user = mkOption {
+        type = types.str;
+        default = "lndhub-go";
+        description = "The user as which to run LndHub.go.";
+      };
+      group = mkOption {
+        type = types.str;
+        default = cfg.lndhub-go.user;
+        description = "The group as which to run LndHub.go.";
+      };
+      tor.enforce = nbLib.tor.enforce;
+    };
+  };
+
+  cfg = config.services;
+  nbLib = config.nix-bitcoin.lib;
+
+in {
+  inherit options;
+
+  config = mkIf cfg.lndhub-go.enable {
+    services.lnd = {
+      enable = true;
+      macaroons.lndhub-go = {
+        inherit (cfg.lndhub-go) user;
+        permissions = ''{"entity":"info","action":"read"},{"entity":"invoices","action":"read"},{"entity":"invoices","action":"write"},{"entity":"offchain","action":"read"},{"entity":"offchain","action":"write"}'';
+      };
+    };
+    services.postgresql = {
+      enable = true;
+      ensureDatabases = [ "lndhub-go" ];
+      ensureUsers = [
+        {
+          name = cfg.lndhub-go.user;
+          ensurePermissions."DATABASE lndhub-go" = "ALL PRIVILEGES";
+        }
+      ];
+    };
+
+    systemd.services.lndhub-go = {
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "lnd.service" "postgresql.service" ];
+      after = self.requires;
+      preStart = ''
+        mkdir -p '${cfg.lndhub-go.dataDir}';
+        {
+          echo "DATABASE_URI=postgresql://${cfg.lndhub-go.user}:@localhost:${cfg.postgresql.port}/lndhub-go?sslmode=disable"
+          echo "JWT_SECRET=$(cat ${config.nix-bitcoin.secretsDir}/lndhub.go-jwt_secret)"
+          echo "LND_ADDRESS="${cfg.lnd.address}:${toString cfg.lnd.port}"
+          echo "LND_MACAROON_HEX=$(xxd -p -c 9999 /run/lnd/lndhub-go.macaroon)"
+          echo "LND_CERT_HEX=$(xxd -p -c 9999 ${cfg.lnd.certPath})"
+          echo "HOST=${cfg.lndhub-go.address}"
+          echo "PORT=${toString cfg.lndhub-go.port}"
+          echo "FEE_RESERVE=${cfg.lndhub-go.feeReserve}"
+          echo "ALLOW_ACCOUNT_CREATION=${cfg.lndhub-go.allowAccountCreation}"
+          echo "BRANDING_TITLE=LndHub.go - Nix-Bitcoin"
+          echo "BRANDING_DESC=Accounting wrapper for the Lightning Network"
+          echo "BRANDING_URL=https://nixbitcoin.org"
+          echo "BRANDING_LOGO=https://nixbitcoin.org/files/nix-bitcoin-logo-text.png"
+          echo "BRANDING_FAVICON=https://nixbitcoin.org/files/nix-bitcoin-logo.png"
+          echo "BRANDING_FOOTER=about=https://nixbitcoin.org,github=https://github.com/fort-nix/nix-bitcoin"
+        } > '${cfg.lndhub-go.dataDir}/lndhub-go.env'
+        chmod 600 '${cfg.lndhub-go.dataDir}/lndhub-go.env'
+      '';
+      serviceConfig = nbLib.defaultHardening // {
+        EnvironmentFile = "${cfg.lndhub-go.dataDir}/lndhub-go.env";
+        ExecStart = ''
+          ${cfg.lndhub-go.package}/bin/lndhub.go
+        '';
+        User = cfg.lndhub-go.user;
+        Restart = "on-failure";
+        RestartSec = "10s";
+      } // nbLib.allowedIPAddresses cfg.lndhub-go.tor.enforce;
+    };
+
+    users.users.${cfg.lndhub-go.user} = {
+      isSystemUser = true;
+      group = cfg.lndhub-go.group;
+    };
+    users.groups.${cfg.lndhub-go.group} = {};
+    nix-bitcoin.generateSecretsCmds.lndhub-go = ''
+      makePasswordSecret lndhub.go-jwt_secret
+    '';
+  };
+}

modules/modules.nix

@@ -15,6 +15,7 @@
     ./clightning-rest.nix
     ./spark-wallet.nix
     ./lnd.nix
+    ./lndhub-go.nix
     ./lightning-loop.nix
     ./lightning-pool.nix
     ./charge-lnd.nix

modules/netns-isolation.nix

@@ -293,6 +293,10 @@ in {
       clightning-rest = {
         id = 30;
       };
+      lndhub-go = {
+        id = 31;
+        connections = [ "lnd" ];
+      };
     };
 
     services.bitcoind = {
@@ -349,6 +353,8 @@ in {
     services.rtl.address = netns.rtl.address;
 
     services.clightning-rest.address = netns.clightning-rest.address;
+
+    services.lndhub-go.address = netns.lndhub-go.address;
   }
   ]);
 }

modules/nodeinfo.nix

@@ -137,6 +137,7 @@ in {
       liquidd = mkInfo "";
       joinmarket-ob-watcher = mkInfo "";
       rtl = mkInfo "";
+      lndhub-go = mkInfo "";
       # Only add sshd when it has an onion service
       sshd = name: cfg: mkIfOnionPort "sshd" (onionPort: ''
         add_service("sshd", """set_onion_address(info, "sshd", ${onionPort})""")

modules/presets/enable-tor.nix

@@ -39,6 +39,7 @@ in {
     joinmarket = defaultEnforceTor;
     joinmarket-ob-watcher = defaultEnforceTor;
     clightning-rest = defaultEnforceTor;
+    lndhub-go = defaultEnforceTor;
   };
 
   # Add onion services for incoming connections
@@ -49,5 +50,6 @@ in {
     spark-wallet.enable = defaultTrue;
     joinmarket-ob-watcher.enable = defaultTrue;
     rtl.enable = defaultTrue;
+    lndhub-go.enable = defaultTrue;
   };
 }

pkgs/pinned.nix

@@ -17,6 +17,7 @@ pkgs: pkgsUnstable:
     hwi
     lightning-loop
     lnd
+    lndhub-go
     nbxplorer;
 
   inherit pkgs pkgsUnstable;

test/tests.nix

@@ -112,6 +112,8 @@ let
       tests.liquidd = cfg.liquidd.enable;
       services.liquidd.extraConfig = mkIf config.test.noConnections "connect=0";
 
+      tests.lndhub-go = cfg.lndhub-go.enable;
+
       tests.btcpayserver = cfg.btcpayserver.enable;
       services.btcpayserver = {
         lightningBackend = mkDefault "lnd";
@@ -193,6 +195,7 @@ let
       services.lightning-loop.enable = true;
       services.lightning-pool.enable = true;
       services.charge-lnd.enable = true;
+      services.lndhub-go.enable = true;
       services.electrs.enable = true;
       services.liquidd.enable = true;
       services.btcpayserver.enable = true;
@@ -239,6 +242,7 @@ let
       services.lightning-loop.enable = true;
       services.lightning-pool.enable = true;
       services.charge-lnd.enable = true;
+      services.lndhub-go.enable = true;
       services.electrs.enable = true;
       services.btcpayserver.enable = true;
       services.joinmarket.enable = true;