rtl: 0.14.1 -> 0.15.4, add clightning.plugins.clnrest

README.md

@@ -78,7 +78,6 @@ NixOS modules ([src](modules/modules.nix))
     * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced
     * [trustedcoin](https://github.com/nbd-wtf/trustedcoin) ([experimental](docs/services.md#trustedcoin)): replaces bitcoind with trusted public explorers
     * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints
-  * [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning
   * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md)
     * [Lightning Loop](https://github.com/lightninglabs/loop)
     * [Lightning Pool](https://github.com/lightninglabs/pool)

dev/dev-scenarios.nix

@@ -66,6 +66,16 @@ with lib;
         onion = true;
       };
     };
+    services.clightning = {
+      enable = true;
+      plugins.clnrest = {
+        enable = true;
+        lnconnect = {
+          enable = true;
+          onion = true;
+        };
+      };
+    };
     services.clightning-rest = {
       enable = true;
       lndconnect = {

dev/topics/lndconnect-and-wireguard.sh

@@ -7,13 +7,15 @@ run-tests.sh -s wireguard-lndconnect-online container
 # 2. Test connecting via Tor
 # Print QR codes for lnd, clightning-rest connections via Tor
 c lndconnect
+c lnconnect-clnrest
 c lndconnect-clightning
-# Add these to Zeus >= 0.7.1.
+# Add these to Zeus >= 0.9.0.
 # To explicitly check if the connection is successful, press the node logo in the top
 # left corner, and then "Node Info".
 
 # Debug
 c lndconnect --url
+c lnconnect-clnrest --url
 c lndconnect-clightning --url
 
 # 3. Test connecting via WireGuard
@@ -33,13 +35,15 @@ c nix-bitcoin-wg-connect --text
 
 # Print QR codes for lnd, clightning-rest connections via WireGuard
 c lndconnect-wg
+c lnconnect-clnrest-wg
 c lndconnect-clightning-wg
-# Add these to Zeus >= 0.7.1.
-# To explicitly check if the connection is successful, press the node logo in the top
+# Add these to Zeus >= 0.9.0.
+# To explicitly check if the connection is successful, press the menu button in the top
 # left corner, and then "Node Info".
 
 # Debug
 c lndconnect-wg --url
+c lnconnect-clnrest-wg --url
 c lndconnect-clightning-wg --url
 
 # 3.3.remove external firewall port forward, remove local port forward:
@@ -55,6 +59,8 @@ c nodeinfo
 
 c lndconnect --url
 c lndconnect-wg --url
+c lndconnect-clnrest --url
+c lndconnect-clnrest-wg --url
 c lndconnect-clightning --url
 c lndconnect-clightning-wg --url
 

dev/topics/rtl.sh

@@ -17,8 +17,6 @@ c systemctl status rtl
 c journalctl -u rtl
 c cat /var/lib/rtl/RTL-Config.json
 
-c systemctl status clightning-rest
-
 # Open webinterface. Password: a
 runuser -u "$(logname)" -- xdg-open "http://$ip:3000"
 

docs/services.md

@@ -143,7 +143,7 @@ The default password location is `$secretsDir/rtl-password`.
 See: [Secrets dir](./configuration.md#secrets-dir)
 
 # Use Zeus (mobile lightning wallet) via Tor
-1. Install [Zeus](https://zeusln.app) (version ≥ 0.7.1)
+1. Install [Zeus](https://zeusln.app) (version ≥ 0.9.0)
 
 2. Edit your `configuration.nix`
 
@@ -161,9 +161,9 @@ See: [Secrets dir](./configuration.md#secrets-dir)
 
    Add the following config:
    ```nix
-   services.clightning-rest = {
+   services.clightning.plugins.clnrest = {
      enable = true;
-     lndconnect = {
+     lnconnect = {
        enable = true;
        onion = true;
      };
@@ -182,7 +182,7 @@ See: [Secrets dir](./configuration.md#secrets-dir)
 
    ##### For clightning
    ```
-   lndconnect-clightning
+   lnconnect-clnrest
    ```
 
 5. Configure Zeus
@@ -212,7 +212,7 @@ There are two ways to establish a secure, direct connection:
 - Connecting via WireGuard. This approach is simpler and more versatile, and is
   described in this guide.
 
-1. Install [Zeus](https://zeusln.app) (version ≥ 0.7.1) and
+1. Install [Zeus](https://zeusln.app) (version ≥ 0.9.0) and
    [WireGuard](https://www.wireguard.com/install/) on your mobile device.
 
 2. Add the following to your `configuration.nix`:
@@ -229,9 +229,11 @@ There are two ways to establish a secure, direct connection:
    services.lnd.lndconnect.enable = true;
 
    # For clightning
-   services.clightning-rest = {
-     enable = true;
-     lndconnect.enable = true;
+   services.clightning = {
+     plugins.clnrest = {
+       enable = true;
+       lnconnect.enable = true;
+     };
    };
    ```
 3. Deploy your configuration.
@@ -275,7 +277,7 @@ There are two ways to establish a secure, direct connection:
 
    ##### For clightning
    ```
-   lndconnect-clightning-wg
+   lnconnect-clnrest-wg
    ```
 
    Configure Zeus:

examples/configuration.nix

@@ -56,15 +56,15 @@
   #
   # == REST server
   # Set this to create a clightning REST onion service.
-  # This also adds binary `lndconnect-clightning` to the system environment.
+  # This also adds binary `lnconnect-clnrest` to the system environment.
   # This binary creates QR codes or URLs for connecting applications to clightning
   # via the REST onion service.
   # You can also connect via WireGuard instead of Tor.
   # See ../docs/services.md for details.
   #
-  # services.clightning-rest = {
+  # services.clightning.plugins.clnrest = {
   #   enable = true;
-  #   lndconnect = {
+  #   lnconnect = {
   #     enable = true;
   #     onion = true;
   #   };

modules/clightning-plugins/clnrest.nix

@@ -0,0 +1,78 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  options = {
+    services.clightning.plugins.clnrest = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable clnrest (clightning plugin).
+
+          clnrest provides a clightning REST API, using clightning RPC calls as its backend.
+          It also broadcasts clightning notifications to listeners connected to its websocket server.
+
+          See here for all available options:
+          https://docs.corelightning.org/docs/rest
+          Extra options can be set via `services.clightning.extraConfig`.
+        '';
+      };
+      address = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "Address to listen for REST connections.";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 3010;
+        description = "REST server port.";
+      };
+      createAdminRune = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Create a rune with admin permissions at path `''${config.services.clightning.networkDir}/admin-rune`.
+        '';
+      };
+      package = mkOption {
+        type = types.package;
+        default = config.nix-bitcoin.pkgs.nbPython3Packages.clnrest;
+        defaultText = "config.nix-bitcoin.pkgs.nbPython3Packages.clnrest";
+        description = "The package providing clnrest binaries.";
+      };
+    };
+
+    # Internal read-only options used by `./nodeinfo.nix` and `./onion-services.nix`
+    services.clnrest = let
+      inherit (config.nix-bitcoin.lib) mkAlias;
+    in {
+      enable = mkAlias cfg.enable;
+      address = mkAlias cfg.address;
+      port = mkAlias cfg.port;
+    };
+  };
+
+  cfg = config.services.clightning.plugins.clnrest;
+  inherit (config.services) clightning;
+
+  runePath = "${clightning.networkDir}/admin-rune";
+in
+{
+  inherit options;
+
+  config = mkIf cfg.enable {
+    services.clightning.extraConfig = ''
+      plugin=${cfg.package}/bin/clnrest
+      clnrest-host=${cfg.address}
+      clnrest-port=${toString cfg.port}
+    '';
+
+    systemd.services.clightning.postStart = mkIf cfg.createAdminRune (mkAfter ''
+      if [[ ! -e '${runePath}' ]]; then
+        rune=$(${clightning.cli}/bin/lightning-cli createrune | ${pkgs.jq}/bin/jq -r .rune)
+        install -m 640 <(echo "$rune") '${runePath}'
+      fi
+    '');
+  };
+}

modules/clightning-plugins/default.nix

@@ -13,6 +13,7 @@ let
 in {
   imports = [
     ./clboss.nix
+    ./clnrest.nix
     ./feeadjuster.nix
     ./trustedcoin.nix
     ./zmq.nix

modules/lndconnect.nix

@@ -32,6 +32,34 @@ let
       };
     };
 
+    services.clightning.plugins.clnrest.lnconnect = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Add a `lnconnect-clnrest` binary to the system environment which prints
+          connection info for clightning clients.
+          See: https://github.com/LN-Zap/lndconnect
+
+          Usage:
+          ```bash
+            # Print QR code
+            lnconnect-clnrest
+
+            # Print URL
+            lnconnect-clnrest --url
+          ```
+        '';
+      };
+      onion = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Create an onion service for the clnrest server,
+          which is used by lnconnect.
+        '';
+      };
+    };
 
     services.clightning-rest.lndconnect = {
       enable = mkOption {
@@ -77,14 +105,18 @@ let
 
   inherit (config.services)
     lnd
+    clightning
     clightning-rest;
 
+  inherit (clightning.plugins) clnrest;
+
   mkLndconnect = {
     name,
     shebang ? "#!${pkgs.stdenv.shell} -e",
     isClightning ? false,
+    isClnrest ? false,
     port,
-    macaroonPath,
+    authSecretPath,
     enableOnion,
     onionService ? null,
     certPath ? null
@@ -99,7 +131,7 @@ let
         ${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
         --port=${toString port} \
         ${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
-        --adminmacaroonpath='${macaroonPath}' \
+        --adminmacaroonpath='${authSecretPath}' \
         --configfile=/dev/null "$@"
     )
 
@@ -109,7 +141,7 @@ let
       #   Because `macaroon` is always the last URL fragment, the
       #   sed replacement below works correctly.
       ''
-        macaroonHex=$(${getExe pkgs.xxd} -p -u -c 99999 '${macaroonPath}')
+        macaroonHex=$(${getExe pkgs.xxd} -p -u -c 99999 '${authSecretPath}')
         url=$(
           echo "$url" | ${getExe pkgs.gnused} "
             s|^lndconnect|c-lightning-rest|
@@ -119,6 +151,18 @@ let
       ''
     }
 
+    ${optionalString isClnrest
+      # Change URL procotcol to clnrest
+      ''
+        url=$(
+          echo "$url" | ${getExe pkgs.gnused} "
+            s|^lndconnect|clnrest|
+            s|macaroon=.*|rune=$(cat '${authSecretPath}')|
+          ";
+        )
+      ''
+     }
+
     # If --url is in args
     if [[ " $* " =~ " --url " ]]; then
       echo "$url"
@@ -146,7 +190,7 @@ in {
               onionService = "${lnd.user}/lnd-rest";
               port = lnd.restPort;
               certPath = lnd.certPath;
-              macaroonPath = "${lnd.networkDir}/admin.macaroon";
+              authSecretPath = "${lnd.networkDir}/admin.macaroon";
             }
           )];
 
@@ -169,6 +213,39 @@ in {
         })
       ]))
 
+    (mkIf (clnrest.enable && clnrest.lnconnect.enable)
+      (mkMerge [
+        {
+          environment.systemPackages = [(
+            mkLndconnect {
+              name = "lnconnect-clnrest";
+              isClnrest = true;
+              enableOnion = clnrest.lnconnect.onion;
+              onionService = "${operatorName}/clnrest";
+              port = clnrest.port;
+              certPath = "${clightning.networkDir}/client.pem";
+              authSecretPath = "${clightning.networkDir}/admin-rune";
+            }
+          )];
+
+          services.clightning.plugins.clnrest.address = mkIf (!clnrest.lnconnect.onion) "0.0.0.0";
+        }
+
+        (mkIf clnrest.lnconnect.onion {
+          services.tor = {
+            enable = true;
+            relay.onionServices.clnrest = nbLib.mkOnionService {
+              target.addr = nbLib.address clnrest.address;
+              target.port = clnrest.port;
+              port = clnrest.port;
+            };
+          };
+          # This also allows nodeinfo to show the clnrest onion address
+          nix-bitcoin.onionAddresses.access.${operatorName} = [ "clnrest" ];
+        })
+      ])
+    )
+
     (mkIf (clightning-rest.enable && clightning-rest.lndconnect.enable)
       (mkMerge [
         {
@@ -180,7 +257,7 @@ in {
               onionService = "${operatorName}/clightning-rest";
               port = clightning-rest.port;
               certPath = "${clightning-rest.dataDir}/certs/certificate.pem";
-              macaroonPath = "${clightning-rest.dataDir}/certs/access.macaroon";
+              authSecretPath = "${clightning-rest.dataDir}/certs/access.macaroon";
             }
           )];