Add Tor support for LND #332
|
@ -26,6 +26,8 @@
|
||||||
"kosmos-bitcoin::dotnet",
|
"kosmos-bitcoin::dotnet",
|
||||||
"kosmos-bitcoin::nbxplorer",
|
"kosmos-bitcoin::nbxplorer",
|
||||||
"kosmos-bitcoin::btcpay",
|
"kosmos-bitcoin::btcpay",
|
||||||
|
"tor-full",
|
||||||
|
"tor-full::default",
|
||||||
"apt::default",
|
"apt::default",
|
||||||
"timezone_iii::default",
|
"timezone_iii::default",
|
||||||
"timezone_iii::debian",
|
"timezone_iii::debian",
|
||||||
|
@ -82,6 +84,7 @@
|
||||||
"recipe[kosmos-bitcoin::c-lightning]",
|
"recipe[kosmos-bitcoin::c-lightning]",
|
||||||
"recipe[kosmos-bitcoin::lnd]",
|
"recipe[kosmos-bitcoin::lnd]",
|
||||||
"recipe[kosmos-bitcoin::rtl]",
|
"recipe[kosmos-bitcoin::rtl]",
|
||||||
"role[btcpay]"
|
"role[btcpay]",
|
||||||
|
"recipe[tor-full]"
|
||||||
]
|
]
|
||||||
}
|
}
|
|
@ -25,6 +25,9 @@ node.default['bitcoin']['conf'] = {
|
||||||
zmqpubrawtx: 'tcp://127.0.0.1:8338'
|
zmqpubrawtx: 'tcp://127.0.0.1:8338'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Also enables Tor for LND
|
||||||
|
node.default['bitcoin']['tor_enabled'] = true
|
||||||
|
|
||||||
node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning'
|
node.default['c-lightning']['repo'] = 'https://github.com/ElementsProject/lightning'
|
||||||
node.default['c-lightning']['revision'] = 'v0.10.0'
|
node.default['c-lightning']['revision'] = 'v0.10.0'
|
||||||
node.default['c-lightning']['source_dir'] = '/opt/c-lightning'
|
node.default['c-lightning']['source_dir'] = '/opt/c-lightning'
|
||||||
|
|
|
@ -26,3 +26,4 @@ depends 'kosmos-nginx'
|
||||||
depends 'kosmos-nodejs'
|
depends 'kosmos-nodejs'
|
||||||
depends 'firewall'
|
depends 'firewall'
|
||||||
depends 'application_javascript'
|
depends 'application_javascript'
|
||||||
|
depends 'tor-full'
|
||||||
|
|
|
@ -71,6 +71,9 @@ template "#{lnd_dir}/lnd.conf" do
|
||||||
notifies :restart, "systemd_unit[lnd.service]", :delayed
|
notifies :restart, "systemd_unit[lnd.service]", :delayed
|
||||||
end
|
end
|
||||||
|
|
||||||
|
exec_flags = ""
|
||||||
|
exec_flags += "--tor.active --tor.v3" if node['bitcoin']['tor_enabled']
|
||||||
|
|
||||||
systemd_unit 'lnd.service' do
|
systemd_unit 'lnd.service' do
|
||||||
content({
|
content({
|
||||||
Unit: {
|
Unit: {
|
||||||
|
@ -83,7 +86,7 @@ systemd_unit 'lnd.service' do
|
||||||
User: bitcoin_user,
|
User: bitcoin_user,
|
||||||
Group: bitcoin_group,
|
Group: bitcoin_group,
|
||||||
Type: 'simple',
|
Type: 'simple',
|
||||||
ExecStart: '/opt/go/bin/lnd',
|
ExecStart: "/opt/go/bin/lnd #{exec_flags}",
|
||||||
Restart: 'always',
|
Restart: 'always',
|
||||||
RestartSec: '30',
|
RestartSec: '30',
|
||||||
TimeoutSec: '240',
|
TimeoutSec: '240',
|
||||||
|
@ -108,3 +111,8 @@ firewall_rule 'lnd' do
|
||||||
protocol :tcp
|
protocol :tcp
|
||||||
command :allow
|
command :allow
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if node['bitcoin']['tor_enabled']
|
||||||
|
node.override['tor']['ControlPort'] = 9051
|
||||||
|
node.override['tor']['CookieAuthentication'] = true
|
||||||
|
end
|
||||||
|
|
|
@ -81,6 +81,14 @@ user bitcoin_user do
|
||||||
shell "/bin/bash"
|
shell "/bin/bash"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if node['bitcoin']['tor_enabled']
|
||||||
|
group 'debian-tor' do
|
||||||
|
action :modify
|
||||||
|
members bitcoin_user
|
||||||
|
append true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
[bitcoin_datadir, bitcoin_walletdir].each do |path|
|
[bitcoin_datadir, bitcoin_walletdir].each do |path|
|
||||||
directory path do
|
directory path do
|
||||||
owner bitcoin_user
|
owner bitcoin_user
|
||||||
|
|
|
@ -32,6 +32,8 @@ The following platform families are supported:
|
||||||
* `node['tor']['MinLogLevel']` - The minimum log level to log. Possible values include debug, info, notice, warn, and err.
|
* `node['tor']['MinLogLevel']` - The minimum log level to log. Possible values include debug, info, notice, warn, and err.
|
||||||
* `node['tor']['LogDestination']` - Where logs should be written. Valid values include a path to a file or "syslog"
|
* `node['tor']['LogDestination']` - Where logs should be written. Valid values include a path to a file or "syslog"
|
||||||
* `node['tor']['SocksPorts']` - List of 'address:port' to open tor socks proxy on. Defaults to disabled
|
* `node['tor']['SocksPorts']` - List of 'address:port' to open tor socks proxy on. Defaults to disabled
|
||||||
|
* `node['tor']['ControlPort']` - The port on which Tor will listen for local connections from Tor controller applications
|
||||||
|
* `node['tor']['CookieAuthentication']` - Enable this (`true`) when using ControlPort
|
||||||
|
|
||||||
### Hidden Services config section
|
### Hidden Services config section
|
||||||
|
|
||||||
|
|
|
@ -65,11 +65,11 @@ DataDirectory <%= node['tor']['DataDirectory'] %>
|
||||||
|
|
||||||
## The port on which Tor will listen for local connections from Tor
|
## The port on which Tor will listen for local connections from Tor
|
||||||
## controller applications, as documented in control-spec.txt.
|
## controller applications, as documented in control-spec.txt.
|
||||||
#ControlPort 9051
|
<% if node['tor']['ControlPort'] %>ControlPort <%= node['tor']['ControlPort'] %><% else %>#ControlPort 9051<% end %>
|
||||||
## If you enable the controlport, be sure to enable one of these
|
## If you enable the controlport, be sure to enable one of these
|
||||||
## authentication methods, to prevent attackers from accessing it.
|
## authentication methods, to prevent attackers from accessing it.
|
||||||
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
|
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
|
||||||
#CookieAuthentication 1
|
<% if node['tor']['CookieAuthentication'] %>CookieAuthentication 1<% else %>#CookieAuthentication 1<% end %>
|
||||||
|
|
||||||
############### This section is just for location-hidden services ###
|
############### This section is just for location-hidden services ###
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue