Merge #477: Add standalone clightning-rest service, add lndconnect-onion for clightning

8e1ad6e docs/services: update Zeus usage section, add clightning (Erik Arvstedt)
20c0194 readme: add hint about github table of contents button (Erik Arvstedt)
e2fee4b lnd-rest-onion-service.nix: move to lndconnect-onion.nix, add clightning support (Erik Arvstedt)
acf5fe6 add standalone `clightning-rest` service (Erik Arvstedt)
c30aa33 cl-rest: rename pkg to clightning-rest (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 8e1ad6e

Tree-SHA512: 7d70648aa404fd9b452b6b015c68f72f24f284aae69f4d7df6e94167864d28aae0fca5642c9f6f469ce3ad9a2fd441d6b2de0a0178cc5b0c88ef1cd14bc3d104

Author: jonasnick

README.md

@@ -49,6 +49,9 @@ Get started
 
 Docs
 ---
+Hint: To show a table of contents, click the button (![Github TOC button](docs/img/github-table-of-contents.svg)) in the
+top left corner of the documents.
+
 * [Hardware requirements](docs/hardware.md)
 * [Installation](docs/install.md)
 * [Configuration and maintenance](docs/configuration.md)
@@ -73,11 +76,12 @@ NixOS modules ([src](modules/modules.nix))
     * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced
     * [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status
     * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints
+  * [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning
   * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md)
     * [Lightning Loop](https://github.com/lightninglabs/loop)
     * [Lightning Pool](https://github.com/lightninglabs/pool)
     * [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager
-    * [lndconnect](https://github.com/LN-Zap/lndconnect) via a REST onion service
+  * [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service
   * [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
   * [spark-wallet](https://github.com/shesek/spark-wallet)
   * [electrs](https://github.com/romanz/electrs)

docs/img/github-table-of-contents.svg

@@ -44,6 +44,61 @@ You can find the `<onion-address>` with command `nodeinfo`.
 The default password location is `$secretsDir/rtl-password`.
 See: [Secrets dir](./configuration.md#secrets-dir)
 
+# Use LND or clightning with Zeus (smartphone wallet) via Tor
+1. Install [Zeus](https://zeusln.app)
+
+2. Edit your `configuration.nix`
+
+   ##### For lnd
+
+   Add the following config:
+   ```
+   services.lnd.lndconnectOnion.enable = true;
+   ```
+
+   ##### For clightning
+
+   Add the following config:
+   ```
+   services.clightning-rest = {
+     enable = true;
+     lndconnectOnion.enable = true;
+   };
+   ```
+
+3. Deploy your configuration
+
+3. Run the following command on your node (as user `operator`) to create a QR code
+   with address and authentication information:
+
+   ##### For lnd
+   ```
+   lndconnect-onion
+   ```
+
+   ##### For clightning
+   ```
+   lndconnect-onion-clightning
+   ```
+
+4. Configure Zeus
+   - Add a new node
+   - Select `Scan lndconnect config` (at the bottom) and scan the QR code
+   - For clightning: Set `Node interface` to `c-lightning-REST`
+   - Click `Save node config`
+   - Start sending sats privately
+
+### Additional lndconnect features
+Create plain text URLs or QR code images:
+```
+lndconnect-onion --url
+lndconnect-onion --image
+``````
+Create a QR code for a custom hostname:
+```
+lndconnect-onion --host=mynode.org
+```
+
 # Connect to spark-wallet
 ### Requirements
 * Android phone
@@ -87,42 +142,6 @@ See: [Secrets dir](./configuration.md#secrets-dir)
     Done
     ```
 
-# Connect to LND with Zeus
-### Requirements
-* Android phone
-* [Orbot](https://guardianproject.info/apps/orbot/) installed from
-  [F-Droid](https://guardianproject.info/fdroid) (recommended) or
-  [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en)
-* [Zeus](https://zeusln.app/) installed from
-  [F-Droid](https://f-droid.org/en/packages/app.zeusln.zeus/) (recommended) or
-  [Google Play](https://play.google.com/store/apps/details?id=app.zeusln.zeus)
-
-1. Enable `restOnionService` in `configuration.nix`
-
-    Change
-    ```
-    # services.lnd.restOnionService.enable = true;
-    ```
-    to
-    ```
-    services.lnd.restOnionService.enable = true;
-    ```
-
-2. Deploy new `configuration.nix`
-
-3. Run command `lndconnect-rest-onion` (under `operator` user) to create a QR code for
-   connecting to LND via the REST onion service.
-
-4. Enable Orbot VPN for Zeus
-    ```
-    Open Orbot app
-    Turn on "VPN Mode"
-    Select Gear icon under "Tor-Enabled Apps"
-    Toggle checkbox under Zeus icon
-    ```
-
-5. Scan the QR code with your Zeus wallet and start sending Satoshis privately
-
 # Connect to electrs
 ### Requirements Android
 * Android phone

docs/services.md

@@ -53,6 +53,17 @@
   # == Plugins
   # See ../README.md (Features → clightning) for the list of available plugins.
   # services.clightning.plugins.prometheus.enable = true;
+  #
+  # == REST server
+  # Set this to create a clightning REST onion service.
+  # This also adds binary `lndconnect-onion-clightning` to the system environment.
+  # This binary creates QR codes or URLs for connecting applications to clightning
+  # via the REST onion service (see ../docs/services.md).
+  #
+  # services.clightning-rest = {
+  #   enable = true;
+  #   lndconnectOnion.enable = true;
+  # };
 
   ### LND
   # Set this to enable lnd, a lightning implementation written in Go.
@@ -68,10 +79,10 @@
   # nix-bitcoin.onionServices.lnd.public = true;
   #
   # Set this to create an lnd REST onion service.
-  # Adds binary `lndconnect-rest-onion` to the system environment.
-  # This binary generates QR codes or URIs for connecting applications to lnd via the
-  # REST onion service.
-  # services.lnd.restOnionService.enable = true;
+  # This also adds binary `lndconnect-onion` to the system environment.
+  # This binary generates QR codes or URLs for connecting applications to lnd via the
+  # REST onion service (see ../docs/services.md).
+  # services.lnd.lndconnectOnion.enable = true;
   #
   ## WARNING
   # If you use lnd, you should manually backup your wallet mnemonic

examples/configuration.nix

@@ -62,6 +62,7 @@ let
     ''}
     ${config.services.bitcoind.dataDir}
     ${config.services.clightning.dataDir}
+    ${config.services.clightning-rest.dataDir}
     ${config.services.lnd.dataDir}
     ${optionalString (!cfg.with-bulk-data) ''
       - ${config.services.liquidd.dataDir}/*/blocks

modules/backups.nix

@@ -0,0 +1,104 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  options.services.clightning-rest = {
+    enable = mkEnableOption "lightning-rest";
+    port = mkOption {
+      type = types.port;
+      default = 3001;
+      description = "REST server port.";
+    };
+    docPort = mkOption {
+      type = types.port;
+      default = 4001;
+      description = "Swagger API documentation server port.";
+    };
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/clightning-rest";
+      description = "The data directory for clightning-rest.";
+    };
+    extraConfig = mkOption {
+      type = types.attrs;
+      default = {};
+      example = {
+        DOMAIN = "mynode.org";
+      };
+      description = ''
+        Extra config options.
+        See: https://github.com/Ride-The-Lightning/c-lightning-REST#option-1-via-config-file-cl-rest-configjson
+      '';
+    };
+    # Used by ./rtl.nix
+    group = mkOption {
+      readOnly = true;
+      default = clightning.group;
+      description = "The group under which clightning-rest is run.";
+    };
+    # Rest server address.
+    # Not configurable. The server always listens on all interfaces:
+    # https://github.com/Ride-The-Lightning/c-lightning-REST/issues/84
+    # Required by netns-isolation.
+    address = mkOption {
+      internal = true;
+      default = "0.0.0.0";
+    };
+    tor.enforce = nbLib.tor.enforce;
+  };
+
+  cfg = config.services.clightning-rest;
+  nbLib = config.nix-bitcoin.lib;
+  nbPkgs = config.nix-bitcoin.pkgs;
+
+  inherit (config.services)
+    bitcoind
+    clightning;
+
+  configFile = builtins.toFile "clightning-rest-config" (builtins.toJSON ({
+    PORT = cfg.port;
+    DOCPORT = cfg.docPort;
+    LNRPCPATH = "${clightning.dataDir}/${bitcoind.makeNetworkName "bitcoin" "regtest"}/lightning-rpc";
+    EXECMODE = "production";
+    PROTOCOL = "https";
+    RPCCOMMANDS = ["*"];
+  } // cfg.extraConfig));
+in {
+  inherit options;
+
+  config = mkIf cfg.enable {
+    services.clightning.enable = true;
+
+    systemd.tmpfiles.rules = [
+      "d '${cfg.dataDir}' 0770 ${clightning.user} ${cfg.group} - -"
+    ];
+
+    systemd.services.clightning-rest = mkIf cfg.enable {
+      wantedBy = [ "multi-user.target" ];
+      requires = [ "clightning.service" ];
+      after = [ "clightning.service" ];
+      path = [ pkgs.openssl ];
+      environment.CL_REST_STATE_DIR = cfg.dataDir;
+      preStart = ''
+        ln -sfn ${configFile} cl-rest-config.json
+      '';
+      postStart = ''
+        while [[ ! -e '${cfg.dataDir}/certs/access.macaroon' ]]; do
+          sleep 0.1
+        done
+      '';
+      serviceConfig = nbLib.defaultHardening // {
+        # clightning-rest reads the config file from the working directory
+        WorkingDirectory = cfg.dataDir;
+        ExecStart = "${nbPkgs.clightning-rest}/bin/cl-rest";
+        # Show "clightning-rest" instead of "node" in the journal
+        SyslogIdentifier = "clightning-rest";
+        User = clightning.user;
+        Restart = "on-failure";
+        RestartSec = "10s";
+        ReadWritePaths = cfg.dataDir;
+      } // nbLib.allowedIPAddresses cfg.tor.enforce
+        // nbLib.nodejs;
+    };
+  };
+}