From ba8f95ce7d6a804b42a95e6a7c2f877c2eeb6fca Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:02:24 -0400 Subject: [PATCH] lightning --- .../modules/clightning/config/lightning.conf | 35 +++++++ .../bitcoin/modules/clightning/default.nix | 94 +++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 src/system/modules/bitcoin/modules/clightning/config/lightning.conf create mode 100644 src/system/modules/bitcoin/modules/clightning/default.nix diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf new file mode 100644 index 0000000..35784ee --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf @@ -0,0 +1,35 @@ +alias=OrdSux + +network=bitcoin +bitcoin-datadir=/var/lib/bitcoin +bitcoin-rpcconnect=127.0.0.1 +bitcoin-rpcport=8332 + +lightning-dir=/var/lib/clightning +plugin-dir=/var/lib/clightning/plugins + +log-file=/var/lib/clightning/lightningd.log +log-level=info + +# Bind RPC locally only +bind-addr=127.0.0.1:9736 + +# Auto-create Tor hidden service for peer connections +addr=autotor:127.0.0.1:9051 + +# Route outbound through Tor +proxy=127.0.0.1:9050 +always-use-proxy=true + +large-channels +fee-base=1000 +fee-per-satoshi=10 +min-capacity-sat=10000 +htlc-minimum-msat=0 +funding-confirms=3 +max-concurrent-htlcs=30 + +# CLNRest - REST API for wallets (Zeus, RTL, etc.) +clnrest-port=3010 +clnrest-host=127.0.0.1 +clnrest-protocol=https diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix new file mode 100644 index 0000000..2a1d797 --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -0,0 +1,94 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.system.bitcoin.clightning; + btc = config.modules.system.bitcoin; + nginx = config.modules.system.nginx; + home = "/var/lib/clightning"; + domain = "ramos.codes"; + + clnConfig = pkgs.writeTextFile { + name = "lightning.conf"; + text = builtins.readFile ./config/lightning.conf; + }; + +in +{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; + config = mkIf (cfg.enable && btc.enable) { + environment.systemPackages = with pkgs; [ + clightning + ]; + + users = { + users = { + "clightning" = { + inherit home; + description = "Core Lightning system user"; + isSystemUser = true; + group = "bitcoin"; + extraGroups = [ "tor" ]; + createHome = true; + }; + }; + groups = { + "bitcoin" = { + members = mkAfter [ + "clightning" + ]; + }; + }; + }; + + programs.bash.shellAliases = { + cln = "lightning-cli"; + }; + + systemd.services.lightningd = { + description = "Core Lightning Daemon"; + wantedBy = [ "multi-user.target" ]; + + wants = [ "bitcoind-mainnet.service" "tor.service" ]; + after = [ + "bitcoind-mainnet.service" + "tor.service" + "network.target" + ]; + + serviceConfig = { + ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; + User = "clightning"; + Group = "bitcoin"; + WorkingDirectory = home; + + Type = "simple"; + KillMode = "process"; + TimeoutSec = 60; + Restart = "always"; + RestartSec = 60; + }; + }; + + # Ensure data directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d ${home} 0750 clightning bitcoin -" + "d ${home}/plugins 0750 clightning bitcoin -" + ]; + + modules.system.backup.paths = [ + "${home}/bitcoin/hsm_secret" + ]; + + # Nginx reverse proxy for CLNRest API (Zeus, RTL, etc.) + services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { + useACMEHost = domain; + forceSSL = true; + locations."/" = { + proxyPass = "https://127.0.0.1:3010"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + }; + }; +}