erikarvstedt/nix-bitcoin-container.sh

## nix-bitcoin-container.sh
# Start a nix shell with extra-container (https://github.com/erikarvstedt/extra-container)
nix-shell -p '
(import <nixpkgs> {}).callPackage (builtins.fetchTarball {
    url = "https://github.com/erikarvstedt/extra-container/archive/0.3.tar.gz";
    sha256 = "0qvsrggp85dvgmln4d9xwdqa6nva5rlcp9d25iy1pnisdyykrycs";
}) {}
'

sudo extra-container destroy tmp

## Demo: Start a container running nix-bitcoin and showcase some features

# I also like to run containers on live mainchain data by bind-mounting a unionfs
# with my main bitcoin node data into it.

nixBitcoin=$HOME/path/to/nix-bitcoin
NIX_PATH=nixpkgs=$(nix eval --raw -f $nixBitcoin/pkgs/nixpkgs-pinned.nix nixpkgs):nix-bitcoin=$nixBitcoin \
sudo extra-container create --start <<'EOF'
{ pkgs, lib, ... }: let
    containerName = "tmp";
    localAddress = "10.250.0.2"; # container address
    hostAddress = "10.250.0.1";
in {
  containers.${containerName} = {
    privateNetwork = true;
    inherit localAddress hostAddress;

    config = { pkgs, config, lib, ... }: with lib; {
      imports = [
        <nix-bitcoin/modules/nix-bitcoin.nix>
        <nix-bitcoin/modules/secrets/generate-secrets.nix>
      ];

      services.nix-bitcoin.enable = true;
      services.bitcoind.extraConfig = mkForce ''
        connect=0
      '';

      services.electrs.enable = true;
      systemd.services.electrs.wantedBy = mkForce [];

      services.clightning.enable = true;
      # disable waiting for rpc socket due to a systemd-nspawn bug
      systemd.services.clightning.postStart = mkForce "";
      services.spark-wallet.enable = true;
      services.lightning-charge.enable = true;
      services.nanopos.enable = true;

      services.liquidd = {
        enable = true;
        listen = mkForce false;
        extraConfig = ''
          noconnect=1
        '';
      };

      services.lnd.enable = true;
      systemd.services.lnd.wantedBy = mkForce [];
      services.lnd.extraConfig = "externalip=1.1.1.1"; # for nodeinfo

      services.nix-bitcoin-webindex.enable = true;

      networking.firewall.enable = mkForce false;
      # For easier testing, make the container localhost accessible via localAddress (the container's address)
      systemd.services.forward-to-localhost = {
        wantedBy = [ "multi-user.target" ];
        script = ''
          ${pkgs.procps}/bin/sysctl -w net.ipv4.conf.all.route_localnet=1
          ${pkgs.iptables}/bin/iptables -t nat -I PREROUTING -p tcp -d ${localAddress} ! --dport 80 -j DNAT --to-destination 127.0.0.1
        '';
      };
    };
  };
  # Allow WAN access
  systemd.services."container@${containerName}" = {
    preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE";
    postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE || true";
  };
}
EOF
set -o pipefail
c() { sudo nixos-container run tmp -- "$@" | cat; }
machine=10.250.0.2

# bitcoind
c systemctl status bitcoind
c systemctl cat bitcoind
c journalctl -b -u bitcoind
c bitcoin-cli getpeerinfo
c bitcoin-cli getnetworkinfo

# liquid
c systemctl status liquidd
c elements-cli getpeerinfo
c elements-cli getnetworkinfo
c liquidswap-cli --help

# clightning
c lightning-cli getinfo

# spark wallet
c systemctl status spark-wallet
c spark-wallet --help
sparkAuth=$(c cat /secrets/spark-wallet-login | grep -ohP '(?<=login=).*')
curl http://$sparkAuth@$machine:9737
xdg-open http://$sparkAuth@$machine:9737

# lightning charge
c systemctl status lightning-charge
chargeAuth=$(c cat /secrets/lightning-charge-api-token | grep -ohP '(?<=API_TOKEN=).*')
curl -s http://api-token:${chargeAuth}@$machine:9112/info | jq

# nanopos
c systemctl status nanopos
curl $machine:9116
xdg-open $machine:9116

# onion-chef
c systemctl status onion-chef
c ls -al /var/lib/onion-chef/operator
c cat /var/lib/onion-chef/operator/bitcoind

# nodeinfo
c nodeinfo

# webindex
c systemctl status create-web-index
c systemctl restart create-web-index
c journalctl -b -u create-web-index
c curl $machine
xdg-open $machine

# lnd
c systemctl stop clightning
c systemctl start lnd
c lncli getinfo
c nodeinfo
c journalctl -b -u lnd

# tor
c cat /var/lib/tor/state
c ls -al /var/lib/tor/onion/
c ls -al /var/lib/tor/onion/bitcoind
c ls -al /var/lib/tor/onion/clightning

# meta
sudo extra-container stop tmp
sudo extra-container restart tmp
sudo extra-container destroy tmp

# stats
c netstat -nlp
sudo du -sh /var/lib/containers/tmp
# The container root filesystem
/var/lib/containers/tmp
	# Start a nix shell with extra-container (https://github.com/erikarvstedt/extra-container)
	nix-shell -p '
	(import <nixpkgs> {}).callPackage (builtins.fetchTarball {
	url = "https://github.com/erikarvstedt/extra-container/archive/0.3.tar.gz";
	sha256 = "0qvsrggp85dvgmln4d9xwdqa6nva5rlcp9d25iy1pnisdyykrycs";
	}) {}
	'

	sudo extra-container destroy tmp

	## Demo: Start a container running nix-bitcoin and showcase some features

	# I also like to run containers on live mainchain data by bind-mounting a unionfs
	# with my main bitcoin node data into it.

	nixBitcoin=$HOME/path/to/nix-bitcoin
	NIX_PATH=nixpkgs=$(nix eval --raw -f $nixBitcoin/pkgs/nixpkgs-pinned.nix nixpkgs):nix-bitcoin=$nixBitcoin \
	sudo extra-container create --start <<'EOF'
	{ pkgs, lib, ... }: let
	containerName = "tmp";
	localAddress = "10.250.0.2"; # container address
	hostAddress = "10.250.0.1";
	in {
	containers.${containerName} = {
	privateNetwork = true;
	inherit localAddress hostAddress;

	config = { pkgs, config, lib, ... }: with lib; {
	imports = [
	<nix-bitcoin/modules/nix-bitcoin.nix>
	<nix-bitcoin/modules/secrets/generate-secrets.nix>
	];

	services.nix-bitcoin.enable = true;
	services.bitcoind.extraConfig = mkForce ''
	connect=0
	'';

	services.electrs.enable = true;
	systemd.services.electrs.wantedBy = mkForce [];

	services.clightning.enable = true;
	# disable waiting for rpc socket due to a systemd-nspawn bug
	systemd.services.clightning.postStart = mkForce "";
	services.spark-wallet.enable = true;
	services.lightning-charge.enable = true;
	services.nanopos.enable = true;

	services.liquidd = {
	enable = true;
	listen = mkForce false;
	extraConfig = ''
	noconnect=1
	'';
	};

	services.lnd.enable = true;
	systemd.services.lnd.wantedBy = mkForce [];
	services.lnd.extraConfig = "externalip=1.1.1.1"; # for nodeinfo

	services.nix-bitcoin-webindex.enable = true;

	networking.firewall.enable = mkForce false;
	# For easier testing, make the container localhost accessible via localAddress (the container's address)
	systemd.services.forward-to-localhost = {
	wantedBy = [ "multi-user.target" ];
	script = ''
	${pkgs.procps}/bin/sysctl -w net.ipv4.conf.all.route_localnet=1
	${pkgs.iptables}/bin/iptables -t nat -I PREROUTING -p tcp -d ${localAddress} ! --dport 80 -j DNAT --to-destination 127.0.0.1
	'';
	};
	};
	};
	# Allow WAN access
	systemd.services."container@${containerName}" = {
	preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE";
	postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE \|\| true";
	};
	}
	EOF
	set -o pipefail
	c() { sudo nixos-container run tmp -- "$@" \| cat; }
	machine=10.250.0.2

	# bitcoind
	c systemctl status bitcoind
	c systemctl cat bitcoind
	c journalctl -b -u bitcoind
	c bitcoin-cli getpeerinfo
	c bitcoin-cli getnetworkinfo

	# liquid
	c systemctl status liquidd
	c elements-cli getpeerinfo
	c elements-cli getnetworkinfo
	c liquidswap-cli --help

	# clightning
	c lightning-cli getinfo

	# spark wallet
	c systemctl status spark-wallet
	c spark-wallet --help
	sparkAuth=$(c cat /secrets/spark-wallet-login \| grep -ohP '(?<=login=).*')
	curl http://$sparkAuth@$machine:9737
	xdg-open http://$sparkAuth@$machine:9737

	# lightning charge
	c systemctl status lightning-charge
	chargeAuth=$(c cat /secrets/lightning-charge-api-token \| grep -ohP '(?<=API_TOKEN=).*')
	curl -s http://api-token:${chargeAuth}@$machine:9112/info \| jq

	# nanopos
	c systemctl status nanopos
	curl $machine:9116
	xdg-open $machine:9116

	# onion-chef
	c systemctl status onion-chef
	c ls -al /var/lib/onion-chef/operator
	c cat /var/lib/onion-chef/operator/bitcoind

	# nodeinfo
	c nodeinfo

	# webindex
	c systemctl status create-web-index
	c systemctl restart create-web-index
	c journalctl -b -u create-web-index
	c curl $machine
	xdg-open $machine

	# lnd
	c systemctl stop clightning
	c systemctl start lnd
	c lncli getinfo
	c nodeinfo
	c journalctl -b -u lnd

	# tor
	c cat /var/lib/tor/state
	c ls -al /var/lib/tor/onion/
	c ls -al /var/lib/tor/onion/bitcoind
	c ls -al /var/lib/tor/onion/clightning

	# meta
	sudo extra-container stop tmp
	sudo extra-container restart tmp
	sudo extra-container destroy tmp

	# stats
	c netstat -nlp
	sudo du -sh /var/lib/containers/tmp
	# The container root filesystem
	/var/lib/containers/tmp