From ad2a128471cb536662a515e31c16e28ef0275e34 Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Thu, 10 Oct 2024 12:13:14 +0200
Subject: [PATCH] rtl: use clnrest

Using `clightning-rest` is no longer supported by rtl.
---
 dev/topics/rtl.sh           |  2 --
 modules/netns-isolation.nix |  2 +-
 modules/rtl.nix             | 33 ++++++++++++++++++++-------------
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/dev/topics/rtl.sh b/dev/topics/rtl.sh
index cc9c390..933504a 100644
--- a/dev/topics/rtl.sh
+++ b/dev/topics/rtl.sh
@@ -17,8 +17,6 @@ c systemctl status rtl
 c journalctl -u rtl
 c cat /var/lib/rtl/RTL-Config.json
 
-c systemctl status clightning-rest
-
 # Open webinterface. Password: a
 runuser -u "$(logname)" -- xdg-open "http://$ip:3000"
 
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 8d28343..a521d58 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -286,7 +286,7 @@ in {
         in
           optional nodes.lnd.enable "lnd" ++
           optional (nodes.lnd.enable && nodes.lnd.loop) "lightning-loop" ++
-          optional nodes.clightning.enable "clightning-rest";
+          optional nodes.clightning.enable "clightning";
       };
       clightning-rest = {
         id = 30;
diff --git a/modules/rtl.nix b/modules/rtl.nix
index 66c9179..53a3453 100644
--- a/modules/rtl.nix
+++ b/modules/rtl.nix
@@ -107,6 +107,7 @@ let
   nbLib = config.nix-bitcoin.lib;
   nbPkgs = config.nix-bitcoin.pkgs;
   secretsDir = config.nix-bitcoin.secretsDir;
+  runePath = "${cfg.dataDir}/clightning-admin-rune";
 
   inherit (nbLib) optionalAttr;
 
@@ -116,9 +117,8 @@ let
     lnImplementation = if isLnd then "LND" else "CLT";
     Authentication = {
       ${optionalAttr (isLnd && lndLoopEnabled) "swapMacaroonPath"} = "${lightning-loop.dataDir}/${bitcoind.network}";
-      macaroonPath = if isLnd
-                     then "${cfg.dataDir}/macaroons"
-                     else "${clightning-rest.dataDir}/certs";
+      ${optionalAttr (isLnd) "macaroonPath"} = "${cfg.dataDir}/macaroons";
+      ${optionalAttr (!isLnd) "runePath"} = runePath;
     };
     Settings = {
       userPersona = "OPERATOR";
@@ -133,7 +133,7 @@ let
       lnServerUrl = "https://${
         if isLnd
         then nbLib.addressWithPort lnd.restAddress lnd.restPort
-        else nbLib.addressWithPort clightning-rest.address clightning-rest.port
+        else nbLib.addressWithPort clightning.plugins.clnrest.address clightning.plugins.clnrest.port
       }";
     };
   };
@@ -159,7 +159,7 @@ let
   inherit (config.services)
     bitcoind
     lnd
-    clightning-rest
+    clightning
     lightning-loop;
 
   lndLoopEnabled = cfg.nodes.lnd.enable && cfg.nodes.lnd.loop;
@@ -177,7 +177,10 @@ in {
 
     services.lnd.enable = mkIf cfg.nodes.lnd.enable true;
     services.lightning-loop.enable = mkIf lndLoopEnabled true;
-    services.clightning-rest.enable = mkIf cfg.nodes.clightning.enable true;
+    services.clightning = mkIf cfg.nodes.clightning.enable {
+      enable = true;
+      plugins.clnrest.enable = true;
+    };
 
     systemd.tmpfiles.rules = [
       "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
@@ -187,7 +190,7 @@ in {
 
     systemd.services.rtl = rec {
       wantedBy = [ "multi-user.target" ];
-      requires = optional cfg.nodes.clightning.enable "clightning-rest.service" ++
+      requires = optional cfg.nodes.clightning.enable "clightning.service" ++
                  optional cfg.nodes.lnd.enable "lnd.service";
       after = requires ++ [ "nix-bitcoin-secrets.target" ];
       environment.RTL_CONFIG_PATH = cfg.dataDir;
@@ -198,10 +201,17 @@ in {
             <${configFile} sed "s|@multiPass@|$(cat ${secretsDir}/rtl-password)|" \
               > '${cfg.dataDir}/RTL-Config.json'
           '')
-        ] ++ optional cfg.nodes.lnd.enable
+        ]
+        ++ optional cfg.nodes.lnd.enable
+          # The lnd admin macaroon is not readable by group `lnd`, so copy it
           (nbLib.rootScript "rtl-copy-macaroon" ''
-            install -D -o ${cfg.user} -g ${cfg.group} ${lnd.networkDir}/admin.macaroon \
+            install --compare -m 640 -o ${cfg.user} -g ${cfg.group} -D ${lnd.networkDir}/admin.macaroon \
               '${cfg.dataDir}/macaroons/admin.macaroon'
+          '')
+        ++ optional cfg.nodes.clightning.enable
+          (nbLib.rootScript "rtl-create-clnrest-rune-file" ''
+            rune=$(cat '${clightning.networkDir}/admin-rune')
+            install --compare -m 640 -o ${cfg.user} -g ${cfg.group} <(printf 'LIGHTNING_RUNE="%s"\n' "$rune") '${runePath}'
           '');
         ExecStart = "${nbPkgs.rtl}/bin/rtl";
         # Show "rtl" instead of "node" in the journal
@@ -217,10 +227,7 @@ in {
     users.users.${cfg.user} = {
       isSystemUser = true;
       group = cfg.group;
-      extraGroups =
-        # Reads cert and macaroon from the clightning-rest datadir
-        optional cfg.nodes.clightning.enable clightning-rest.group ++
-        optional lndLoopEnabled lnd.group;
+      extraGroups = optional lndLoopEnabled lnd.group;
     };
     users.groups.${cfg.group} = {};