Support Tor connections for LND

Adds basics for general Tor support in bitcoin recipes, and specific support for Tor to the lnd recipe.
2021-07-01 15:34:06 +02:00 · 2021-07-01 15:34:06 +02:00 · b7af04e8be
parent 9f0b5f0e64
commit b7af04e8be
5 changed files with 25 additions and 2 deletions
--- a/nodes/bitcoin-2.json
+++ b/nodes/bitcoin-2.json
@ -26,6 +26,8 @@
      "kosmos-bitcoin::dotnet",
      "kosmos-bitcoin::nbxplorer",
      "kosmos-bitcoin::btcpay",
+      "tor-full",
+      "tor-full::default",
      "apt::default",
      "timezone_iii::default",
      "timezone_iii::debian",
@ -82,6 +84,7 @@
    "recipe[kosmos-bitcoin::c-lightning]",
    "recipe[kosmos-bitcoin::lnd]",
    "recipe[kosmos-bitcoin::rtl]",
-    "role[btcpay]"
+    "role[btcpay]",
+    "recipe[tor-full]"
  ]
 }
--- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb
+++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb
@ -25,6 +25,9 @@ node.default['bitcoin']['conf'] = {
  zmqpubrawtx: 'tcp://127.0.0.1:8338'
 }

+# Also enables Tor for LND
+node.default['bitcoin']['tor_enabled'] = true
+
 node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning'
 node.default['c-lightning']['revision'] = 'v0.10.0'
 node.default['c-lightning']['source_dir'] = '/opt/c-lightning'
--- a/site-cookbooks/kosmos-bitcoin/metadata.rb
+++ b/site-cookbooks/kosmos-bitcoin/metadata.rb
@ -26,3 +26,4 @@ depends 'kosmos-nginx'
 depends 'kosmos-nodejs'
 depends 'firewall'
 depends 'application_javascript'
+depends 'tor-full'
--- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
@ -71,6 +71,9 @@ template "#{lnd_dir}/lnd.conf" do
  notifies :restart, "systemd_unit[lnd.service]", :delayed
 end

+exec_flags = ""
+exec_flags += "--tor.active --tor.v3" if node['bitcoin']['tor_enabled']
+
 systemd_unit 'lnd.service' do
  content({
    Unit: {
@ -83,7 +86,7 @@ systemd_unit 'lnd.service' do
      User: bitcoin_user,
      Group: bitcoin_group,
      Type: 'simple',
-      ExecStart: '/opt/go/bin/lnd',
+      ExecStart: "/opt/go/bin/lnd #{exec_flags}",
      Restart: 'always',
      RestartSec: '30',
      TimeoutSec: '240',
@ -108,3 +111,8 @@ firewall_rule 'lnd' do
  protocol :tcp
  command  :allow
 end
+
+if node['bitcoin']['tor_enabled']
+  node.override['tor']['ControlPort'] = 9051
+  node.override['tor']['CookieAuthentication'] = true
+end
--- a/site-cookbooks/kosmos-bitcoin/recipes/source.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/source.rb
@ -81,6 +81,14 @@ user bitcoin_user do
  shell "/bin/bash"
 end

+if node['bitcoin']['tor_enabled']
+  group 'debian-tor' do
+    action :modify
+    members bitcoin_user
+    append true
+  end
+end
+
 [bitcoin_datadir, bitcoin_walletdir].each do |path|
  directory path do
    owner bitcoin_user