From 53ea447ab7ffa7b8c0475f2f9b19cb2db6379bd1 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Thu, 3 Aug 2023 15:38:45 +0200
Subject: [PATCH] trustedcoin: add option `tor.proxy`

By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.

Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.

Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
---
 docs/services.md                           |  9 +++------
 modules/clightning-plugins/trustedcoin.nix | 18 ++++++++++++++----
 2 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/docs/services.md b/docs/services.md
index aeb6db2..2ab5d0e 100644
--- a/docs/services.md
+++ b/docs/services.md
@@ -590,10 +590,7 @@ lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.inf
 lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>...
 ```
 
-If you face these issues and you still need to use trustedcoin, use can disable
-clightning's tor hardening by setting this option in your `configuration.nix`
-file:
-
-```
-services.clightning.tor.enforce = false;
+To work around this and connect via clearnet instead, set this option:
+```nix
+services.clightning.plugins.trustedcoin.tor.proxy = false;
 ```
diff --git a/modules/clightning-plugins/trustedcoin.nix b/modules/clightning-plugins/trustedcoin.nix
index 8f0b5c4..9ac14ca 100644
--- a/modules/clightning-plugins/trustedcoin.nix
+++ b/modules/clightning-plugins/trustedcoin.nix
@@ -5,12 +5,19 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
 {
   options.services.clightning.plugins.trustedcoin = {
     enable = mkEnableOption "Trustedcoin (clightning plugin)";
+
     package = mkOption {
       type = types.package;
       default = config.nix-bitcoin.pkgs.trustedcoin;
       defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
       description = mdDoc "The package providing trustedcoin binaries.";
     };
+
+    tor.proxy = mkOption {
+      type = types.bool;
+      default = config.services.clightning.tor.proxy;
+      description = mdDoc "Whether to proxy outgoing connections with Tor.";
+    };
   };
 
   config = mkIf cfg.enable {
@@ -19,12 +26,15 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
       extraConfig = ''
         plugin=${cfg.package}/bin/trustedcoin
       '';
+      tor.enforce = mkIf (!cfg.tor.proxy) false;
     };
 
-    # Trustedcoin does not honor the clightning's proxy configuration.
-    # Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19
-    systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) {
-      HTTPS_PROXY = "socks5://${config.services.clightning.proxy}";
+    systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
+      HTTPS_PROXY = let
+        clnProxy = config.services.clightning.proxy;
+        proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
+      in
+        "socks5://${proxy}";
     };
   };
 }