Created
November 27, 2019 13:01
-
-
Save erikarvstedt/5db4fa7dd3f1137920b58e39647116f6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Start a nix shell with extra-container (https://github.com/erikarvstedt/extra-container) | |
nix-shell -p ' | |
(import <nixpkgs> {}).callPackage (builtins.fetchTarball { | |
url = "https://github.com/erikarvstedt/extra-container/archive/0.3.tar.gz"; | |
sha256 = "0qvsrggp85dvgmln4d9xwdqa6nva5rlcp9d25iy1pnisdyykrycs"; | |
}) {} | |
' | |
sudo extra-container destroy tmp | |
## Demo: Start a container running nix-bitcoin and showcase some features | |
# I also like to run containers on live mainchain data by bind-mounting a unionfs | |
# with my main bitcoin node data into it. | |
nixBitcoin=$HOME/path/to/nix-bitcoin | |
NIX_PATH=nixpkgs=$(nix eval --raw -f $nixBitcoin/pkgs/nixpkgs-pinned.nix nixpkgs):nix-bitcoin=$nixBitcoin \ | |
sudo extra-container create --start <<'EOF' | |
{ pkgs, lib, ... }: let | |
containerName = "tmp"; | |
localAddress = "10.250.0.2"; # container address | |
hostAddress = "10.250.0.1"; | |
in { | |
containers.${containerName} = { | |
privateNetwork = true; | |
inherit localAddress hostAddress; | |
config = { pkgs, config, lib, ... }: with lib; { | |
imports = [ | |
<nix-bitcoin/modules/nix-bitcoin.nix> | |
<nix-bitcoin/modules/secrets/generate-secrets.nix> | |
]; | |
services.nix-bitcoin.enable = true; | |
services.bitcoind.extraConfig = mkForce '' | |
connect=0 | |
''; | |
services.electrs.enable = true; | |
systemd.services.electrs.wantedBy = mkForce []; | |
services.clightning.enable = true; | |
# disable waiting for rpc socket due to a systemd-nspawn bug | |
systemd.services.clightning.postStart = mkForce ""; | |
services.spark-wallet.enable = true; | |
services.lightning-charge.enable = true; | |
services.nanopos.enable = true; | |
services.liquidd = { | |
enable = true; | |
listen = mkForce false; | |
extraConfig = '' | |
noconnect=1 | |
''; | |
}; | |
services.lnd.enable = true; | |
systemd.services.lnd.wantedBy = mkForce []; | |
services.lnd.extraConfig = "externalip=1.1.1.1"; # for nodeinfo | |
services.nix-bitcoin-webindex.enable = true; | |
networking.firewall.enable = mkForce false; | |
# For easier testing, make the container localhost accessible via localAddress (the container's address) | |
systemd.services.forward-to-localhost = { | |
wantedBy = [ "multi-user.target" ]; | |
script = '' | |
${pkgs.procps}/bin/sysctl -w net.ipv4.conf.all.route_localnet=1 | |
${pkgs.iptables}/bin/iptables -t nat -I PREROUTING -p tcp -d ${localAddress} ! --dport 80 -j DNAT --to-destination 127.0.0.1 | |
''; | |
}; | |
}; | |
}; | |
# Allow WAN access | |
systemd.services."container@${containerName}" = { | |
preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE"; | |
postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE || true"; | |
}; | |
} | |
EOF | |
set -o pipefail | |
c() { sudo nixos-container run tmp -- "$@" | cat; } | |
machine=10.250.0.2 | |
# bitcoind | |
c systemctl status bitcoind | |
c systemctl cat bitcoind | |
c journalctl -b -u bitcoind | |
c bitcoin-cli getpeerinfo | |
c bitcoin-cli getnetworkinfo | |
# liquid | |
c systemctl status liquidd | |
c elements-cli getpeerinfo | |
c elements-cli getnetworkinfo | |
c liquidswap-cli --help | |
# clightning | |
c lightning-cli getinfo | |
# spark wallet | |
c systemctl status spark-wallet | |
c spark-wallet --help | |
sparkAuth=$(c cat /secrets/spark-wallet-login | grep -ohP '(?<=login=).*') | |
curl http://$sparkAuth@$machine:9737 | |
xdg-open http://$sparkAuth@$machine:9737 | |
# lightning charge | |
c systemctl status lightning-charge | |
chargeAuth=$(c cat /secrets/lightning-charge-api-token | grep -ohP '(?<=API_TOKEN=).*') | |
curl -s http://api-token:${chargeAuth}@$machine:9112/info | jq | |
# nanopos | |
c systemctl status nanopos | |
curl $machine:9116 | |
xdg-open $machine:9116 | |
# onion-chef | |
c systemctl status onion-chef | |
c ls -al /var/lib/onion-chef/operator | |
c cat /var/lib/onion-chef/operator/bitcoind | |
# nodeinfo | |
c nodeinfo | |
# webindex | |
c systemctl status create-web-index | |
c systemctl restart create-web-index | |
c journalctl -b -u create-web-index | |
c curl $machine | |
xdg-open $machine | |
# lnd | |
c systemctl stop clightning | |
c systemctl start lnd | |
c lncli getinfo | |
c nodeinfo | |
c journalctl -b -u lnd | |
# tor | |
c cat /var/lib/tor/state | |
c ls -al /var/lib/tor/onion/ | |
c ls -al /var/lib/tor/onion/bitcoind | |
c ls -al /var/lib/tor/onion/clightning | |
# meta | |
sudo extra-container stop tmp | |
sudo extra-container restart tmp | |
sudo extra-container destroy tmp | |
# stats | |
c netstat -nlp | |
sudo du -sh /var/lib/containers/tmp | |
# The container root filesystem | |
/var/lib/containers/tmp |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment