search

fort-nix / nix-bitcoin

A collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security.
https://nixbitcoin.org
MIT License
508 stars 106 forks source link

using lightning to rent a clearnet subdomain for a nix-bitcoin node? #244

Closed satsaholic closed 3 years ago

satsaholic commented 4 years ago

Hi, I am new to Nix/NixOS, and even newer to nix-bitcoin. However, it does seem that the direction you are headed very much aligns with my desires and interests. This interview was very helpful. Please keep up the good work!

There is an interesting (prototype of a) service lnpay.xyz which basically allows for the renting of subdomain, including NS records, so that the renter could, for example, setup a mail server and set the appropriate TXT entries and such.

Additionally, you may be aware of the IP2Tor service of sorts which is available currently to Raspiblitz users where they can rent a port on a clearnet server, yet have traffic tunneled back to them over tor (and, of course, interaction with the clearnet server is also done over tor).

Can you point me in the direction of how I might go about building a nix package or configuration on top of a bitcoin-nix node whereby the node rents a clear-net subdomain from, for example, the lnpay.xyz service mentioned above?

I know that getting the security right with regard to populating (and monitoring) the DNS records is probably not trivial, but I can think of a variety of use cases. One "simple case" which is not so simple due to needing to somehow mitigate a MITM attack on the DNS level, might be for the node to then orchestrate the setting up of an email server. Another might be exposing the point-of-sale interface over clearnet, etc.

Nix-bitcoin seems the closest positioned to be able to pull off such a feat with a single-command. Well, maybe two commands:

  1. get the standard nix-bitcoin node running
  2. another command to get it secure (incentive compatible) exposure to clearnet via renting a subdomain...this command would not finalize/finish until the invoice is paid (similar to how bitclouds does it).

What are you thoughts?

jonasnick commented 4 years ago

Hi @satsaholic,

if I understand correctly, you're suggesting a module that would periodically pay lnpay.xyz, save the payment preimage and configure some subdomain records. This is an interesting idea and wouldn't be difficult to do with nix-bitcoin.

You may want to have a look at the recurring-donations module. It shows how to setup a systemd timer that fetches an invoice from tallycoin and pay with clightning. As for certificates, the nginx module has an option to automatically fetch a certificate using Let's Encrypt.

satsaholic commented 4 years ago

Hi @jonasnick, Thank you. That is exactly the type of pointer I needed. It even looks like your recurring-donations module already routes traffic through tor proxy in order to communicate with tallycoin (I was wondering how/if that could be done). Great! I am still mostly bumbling my way around nix/nixos, but it really does seem to be a nearly perfect OS for building bitcoin-related things.

erikarvstedt commented 3 years ago

Feel free to reopen this issue if you have further questions.