|
| 1 | +{ config, lib, pkgs, ... }: |
| 2 | + |
| 3 | +with lib; |
| 4 | + |
| 5 | +let |
| 6 | + cfg = config.services.faraday; |
| 7 | + inherit (config) nix-bitcoin-services; |
| 8 | + secretsDir = config.nix-bitcoin.secretsDir; |
| 9 | + network = config.services.bitcoind.network; |
| 10 | + rpclisten = "${cfg.rpcAddress}:${toString cfg.rpcPort}"; |
| 11 | +in { |
| 12 | + |
| 13 | + options.services.faraday = { |
| 14 | + enable = mkEnableOption "faraday"; |
| 15 | + package = mkOption { |
| 16 | + type = types.package; |
| 17 | + default = config.nix-bitcoin.pkgs.faraday; |
| 18 | + defaultText = "pkgs.nix-bitcoin.faraday"; |
| 19 | + description = "The package providing faraday binaries."; |
| 20 | + }; |
| 21 | + rpcAddress = mkOption { |
| 22 | + type = types.str; |
| 23 | + default = "localhost"; |
| 24 | + description = "Address to listen for gRPC connections."; |
| 25 | + }; |
| 26 | + rpcPort = mkOption { |
| 27 | + type = types.port; |
| 28 | + default = 8465; |
| 29 | + description = "Port to listen for gRPC connections."; |
| 30 | + }; |
| 31 | + faradayDir = mkOption { |
| 32 | + type = types.path; |
| 33 | + default = "/var/lib/faraday"; |
| 34 | + description = "The data directory for faraday."; |
| 35 | + }; |
| 36 | + extraArgs = mkOption { |
| 37 | + type = types.separatedString " "; |
| 38 | + default = ""; |
| 39 | + description = "Extra command line arguments passed to faraday."; |
| 40 | + }; |
| 41 | + cli = mkOption { |
| 42 | + default = pkgs.writeScriptBin "frcli" |
| 43 | + '' |
| 44 | + ${cfg.package}/bin/frcli \ |
| 45 | + --rpcserver ${rpclisten} \ |
| 46 | + --faradaydir ${cfg.faradayDir} "$@" |
| 47 | + ''; |
| 48 | + description = "Binary to connect with the faraday instance."; |
| 49 | + }; |
| 50 | + enforceTor = nix-bitcoin-services.enforceTor; |
| 51 | + }; |
| 52 | + |
| 53 | + config = mkIf cfg.enable { |
| 54 | + services.lnd.enable = true; |
| 55 | + |
| 56 | + environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ]; |
| 57 | + |
| 58 | + systemd.tmpfiles.rules = [ |
| 59 | + "d '${cfg.faradayDir}' 0770 lnd lnd - -" |
| 60 | + ]; |
| 61 | + |
| 62 | + |
| 63 | + systemd.services.faraday = { |
| 64 | + description = "Run faraday"; |
| 65 | + wantedBy = [ "multi-user.target" ]; |
| 66 | + requires = [ "lnd.service" ]; |
| 67 | + after = [ "lnd.service" ]; |
| 68 | + serviceConfig = nix-bitcoin-services.defaultHardening // { |
| 69 | + preStart = '' |
| 70 | + mkdir -p ${cfg.faradayDir} |
| 71 | + chown -R 'lnd:lnd' '${cfg.faradayDir}' |
| 72 | + ''; |
| 73 | + ExecStart = '' |
| 74 | + ${cfg.package}/bin/faraday \ |
| 75 | + --faradaydir=${cfg.faradayDir} \ |
| 76 | + --rpclisten=${rpclisten} \ |
| 77 | + --lnd.rpcserver=${config.services.lnd.rpcAddress}:${toString config.services.lnd.rpcPort} \ |
| 78 | + --lnd.macaroondir=${config.services.lnd.networkDir} \ |
| 79 | + --lnd.tlscertpath=${secretsDir}/lnd-cert |
| 80 | + ''; |
| 81 | + User = "lnd"; |
| 82 | + Restart = "on-failure"; |
| 83 | + RestartSec = "10s"; |
| 84 | + ReadWritePaths = "${cfg.faradayDir}"; |
| 85 | + } // (if cfg.enforceTor |
| 86 | + then nix-bitcoin-services.allowTor |
| 87 | + else nix-bitcoin-services.allowAnyIP); |
| 88 | + }; |
| 89 | + }; |
| 90 | +} |
0 commit comments