Skip to content

Commit

Permalink
Merge #575: Improve lndconnect, support WireGuard
Browse files Browse the repository at this point in the history
cea69b7 nodeinfo: enable required option `nix-bitcoin.operator` (Erik Arvstedt)
27d95fd nodeinfo/lnd: add `onion_rest_address` (Erik Arvstedt)
54a2187 nodeinfo/lnd: add `rest_address` (Erik Arvstedt)
a4bfefd add `presets/wireguard.nix` (Erik Arvstedt)
477e170 lndconnect: update to Zeus 0.7.1 (Erik Arvstedt)
f996ef3 lnd, clightning-rest: remove `lndconnectOnion`, add generic option `lndconnect` (Erik Arvstedt)
b4bc621 rename `lndconnect-onion.nix` -> `lndconnect.nix` (Erik Arvstedt)
907cfe4 docs/services: improve title, fix numbering (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK cea69b7

Tree-SHA512: 747d95b49f5c1b63dfaa2c6bc302fb102e3788c36e279cc28266ea230e8daae54973d8bdb51f2a81e7e84eb86b6b1e504fbe8af85c2318525c54d901678b3f55
  • Loading branch information
jonasnick committed Mar 13, 2023
2 parents edc1495 + cea69b7 commit 282c45b
Show file tree
Hide file tree
Showing 16 changed files with 798 additions and 172 deletions.
4 changes: 3 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,9 @@ NixOS modules ([src](modules/modules.nix))
* [Lightning Loop](https://github.com/lightninglabs/loop)
* [Lightning Pool](https://github.com/lightninglabs/pool)
* [charge-lnd](https://github.com/accumulator/charge-lnd): policy-based channel fee manager
* [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service
* [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or
clightning [via WireGuard](./docs/services.md#use-zeus-mobile-lightning-wallet-via-wireguard) or
[Tor](./docs/services.md#use-zeus-mobile-lightning-wallet-via-tor)
* [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
* [spark-wallet](https://github.com/shesek/spark-wallet)
* [electrs](https://github.com/romanz/electrs): Electrum server
Expand Down
30 changes: 30 additions & 0 deletions dev/dev-scenarios.nix
Original file line number Diff line number Diff line change
Expand Up @@ -45,4 +45,34 @@ with lib;
nix-bitcoin.nodeinfo.enable = true;
# test.container.enableWAN = true;
};

wireguard-lndconnect-online = { config, pkgs, lib, ... }: {
imports = [
../modules/presets/wireguard.nix
scenarios.regtestBase
];

# 51820 (default wg port) + 1
networking.wireguard.interfaces.wg-nb.listenPort = 51821;
test.container.enableWAN = true;
# test.container.exposeLocalhost = true;

services.clightning.extraConfig = "disable-dns";

services.lnd = {
enable = true;
lndconnect = {
enable = true;
onion = true;
};
};
services.clightning-rest = {
enable = true;
lndconnect = {
enable = true;
onion = true;
};
};
nix-bitcoin.nodeinfo.enable = true;
};
}
64 changes: 64 additions & 0 deletions dev/topics/lndconnect-and-wireguard.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# Test Tor and WireGuard connections on a mobile device

# 1. Run container
run-tests.sh -s wireguard-lndconnect-online container

# 2. Test connecting via Tor
# Print QR codes for lnd, clightning-rest connections via Tor
c lndconnect
c lndconnect-clightning
# Add these to Zeus >= 0.7.1.
# To explicitly check if the connection is successful, press the node logo in the top
# left corner, and then "Node Info".

# Debug
c lndconnect --url
c lndconnect-clightning --url

# 3. Test connecting via WireGuard

# 3.1 Forward WireGuard port from the container host to the container
iptables -t nat -A PREROUTING -p udp --dport 51821 -j DNAT --to-destination 10.225.255.2

# 3.2. Optional: When your container host has an external firewall,
# forward the WireGuard port to the container host:
# - Port: 51821
# - Protocol: UDP
# - Destination: IPv4 of the container host

# 3.2 Print QR code and setup wireguard on the mobile device
c nix-bitcoin-wg-connect
c nix-bitcoin-wg-connect --text

# Print QR codes for lnd, clightning-rest connections via WireGuard
c lndconnect-wg
c lndconnect-clightning-wg
# Add these to Zeus >= 0.7.1.
# To explicitly check if the connection is successful, press the node logo in the top
# left corner, and then "Node Info".

# Debug
c lndconnect-wg --url
c lndconnect-clightning-wg --url

# 3.3.remove external firewall port forward, remove local port forward:
iptables -t nat -D PREROUTING -p udp --dport 51821 -j DNAT --to-destination 10.225.255.2
# Now exit the container shell

#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# Debug lndconnect

run-tests.sh -s wireguard-lndconnect-online container

c nodeinfo

c lndconnect --url
c lndconnect-wg --url
c lndconnect-clightning --url
c lndconnect-clightning-wg --url

c lndconnect
c lndconnect-wg
c lndconnect-clightning
c lndconnect-clightning-wg
136 changes: 115 additions & 21 deletions docs/services.md
Original file line number Diff line number Diff line change
Expand Up @@ -142,60 +142,154 @@ You can find the `<onion-address>` with command `nodeinfo`.
The default password location is `$secretsDir/rtl-password`.
See: [Secrets dir](./configuration.md#secrets-dir)

# Use LND or clightning with Zeus (mobile wallet) via Tor
1. Install [Zeus](https://zeusln.app)
# Use Zeus (mobile lightning wallet) via Tor
1. Install [Zeus](https://zeusln.app) (version ≥ 0.7.1)

2. Edit your `configuration.nix`

##### For lnd

Add the following config:
```
services.lnd.lndconnectOnion.enable = true;
```nix
services.lnd.lndconnect = {
enable = true;
onion = true;
};
```

##### For clightning

Add the following config:
```
```nix
services.clightning-rest = {
enable = true;
lndconnectOnion.enable = true;
lndconnect = {
enable = true;
onion = true;
};
};
```

3. Deploy your configuration

3. Run the following command on your node (as user `operator`) to create a QR code
4. Run the following command on your node (as user `operator`) to create a QR code
with address and authentication information:

##### For lnd
```
lndconnect-onion
lndconnect
```

##### For clightning
```
lndconnect-onion-clightning
lndconnect-clightning
```

4. Configure Zeus
- Add a new node
- Select `Scan lndconnect config` (at the bottom) and scan the QR code
- For clightning: Set `Node interface` to `c-lightning-REST`
5. Configure Zeus
- Add a new node and scan the QR code
- Click `Save node config`
- Start sending and stacking sats privately

### Additional lndconnect features
Create plain text URLs or QR code images:
```
lndconnect-onion --url
lndconnect-onion --image
- Create a plain text URL:
```bash
lndconnect --url
```
- Set a custom host. By default, `lndconnect` detects the system's external IP and uses it as the host.
```bash
lndconnect --host myhost
```

# Use Zeus (mobile lightning wallet) via WireGuard

Connecting Zeus directly to your node is much faster than using Tor, but a bit more complex to setup.

There are two ways to establish a secure, direct connection:

- Connecting via TLS. This requires installing your lightning app's
TLS Certificate on your mobile device.

- Connecting via WireGuard. This approach is simpler and more versatile, and is
described in this guide.

1. Install [Zeus](https://zeusln.app) (version ≥ 0.7.1) and
[WireGuard](https://www.wireguard.com/install/) on your mobile device.

2. Add the following to your `configuration.nix`:
```nix
imports = [
# Use this line when using the default deployment method
<nix-bitcoin/modules/presets/wireguard.nix>
# Use this line when using Flakes
(nix-bitcoin + /modules/presets/wireguard.nix)
]
# For lnd
services.lnd.lndconnect.enable = true;
# For clightning
services.clightning-rest = {
enable = true;
lndconnect.enable = true;
};
```
3. Deploy your configuration.

4. If your node is behind an external firewall or NAT, add the following port forwarding
rule to the external device:
- Port: 51820 (the default value of option `networking.wireguard.interfaces.wg-nb.listenPort`)
- Protocol: UDP
- Destination: IP of your node

5. Setup WireGuard on your mobile device.

Run the following command on your node (as user `operator`) to create a QR code
for WireGuard:
```bash
nix-bitcoin-wg-connect

# For debugging: Show the WireGuard config as text
nix-bitcoin-wg-connect --text
```
The above commands automatically detect your node's external IP.\
To set a custom IP or hostname, run the following:
```
nix-bitcoin-wg-connect 93.184.216.34
nix-bitcoin-wg-connect mynode.org
```

Configure WireGuard:
- Press the `+` button in the bottom right corner
- Scan the QR code
- Add the tunnel

6. Setup Zeus

Run the following command on your node (as user `operator`) to create a QR code for Zeus:

##### For lnd
```
lndconnect-wg
```

##### For clightning
```
lndconnect-clightning-wg
```

Configure Zeus:
- Add a new node and scan the QR code
- Click `Save node config`
- On the certificate warning screen, click `I understand, save node config`.\
Certificates are not needed when connecting via WireGuard.
- Start sending and stacking sats privately

### Additional lndconnect features
Create a plain text URL:
```bash
lndconnect-wg --url
``````
Create a QR code for a custom hostname:
```
lndconnect-onion --host=mynode.org
```

# Connect to spark-wallet
### Requirements
Expand Down
25 changes: 18 additions & 7 deletions examples/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -56,13 +56,18 @@
#
# == REST server
# Set this to create a clightning REST onion service.
# This also adds binary `lndconnect-onion-clightning` to the system environment.
# This also adds binary `lndconnect-clightning` to the system environment.
# This binary creates QR codes or URLs for connecting applications to clightning
# via the REST onion service (see ../docs/services.md).
# via the REST onion service.
# You can also connect via WireGuard instead of Tor.
# See ../docs/services.md for details.
#
# services.clightning-rest = {
# enable = true;
# lndconnectOnion.enable = true;
# lndconnect = {
# enable = true;
# onion = true;
# };
# };

### LND
Expand All @@ -78,11 +83,17 @@
# The onion service is automatically announced to peers.
# nix-bitcoin.onionServices.lnd.public = true;
#
# Set this to create an lnd REST onion service.
# This also adds binary `lndconnect-onion` to the system environment.
# Set this to create a lnd REST onion service.
# This also adds binary `lndconnect` to the system environment.
# This binary generates QR codes or URLs for connecting applications to lnd via the
# REST onion service (see ../docs/services.md).
# services.lnd.lndconnectOnion.enable = true;
# REST onion service.
# You can also connect via WireGuard instead of Tor.
# See ../docs/services.md for details.
#
# services.lnd.lndconnect = {
# enable = true;
# onion = true;
# };
#
## WARNING
# If you use lnd, you should manually backup your wallet mnemonic
Expand Down
Loading

0 comments on commit 282c45b

Please sign in to comment.