Merge fort-nix/nix-bitcoin#405: bitcoind: add separate p2p socket for tor connections

ec4a4dbe41 btcpayserver: fix whitelist security issue (Erik Arvstedt)
df2070b44a bitcoind: add separate p2p socket for tor connections (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK ec4a4dbe41

Tree-SHA512: 457bfb5806dca65507261c1868ca89c86a39f63bd10833b7531fd74dd779816083270c8ccc95ad08a5306e9b31c440904e3cba35464d47c0d87418d0be3e732d

modules/bitcoind.nix

@@ -15,6 +15,14 @@ let
         default = 8333;
         description = "Port to listen for peer connections.";
       };
+      onionPort = mkOption {
+        type = types.nullOr types.port;
+        default = null;
+        description = ''
+          Port to listen for Tor peer connections.
+          If set, inbound connections to this port are tagged as onion peers.
+        '';
+      };
       getPublicAddressCmd = mkOption {
         type = types.str;
         default = "";
@@ -263,8 +271,10 @@ let
     ${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
 
     # Connection options
-    ${optionalString cfg.listen "bind=${cfg.address}"}
-    port=${toString cfg.port}
+    ${optionalString cfg.listen
+      "bind=${cfg.address}:${toString cfg.port}"}
+    ${optionalString (cfg.listen && cfg.onionPort != null)
+      "bind=${cfg.address}:${toString cfg.onionPort}=onion"}
     ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
     ${optionalString (cfg.i2p != false) "i2psam=${nbLib.addressWithPort i2pSAM.address i2pSAM.port}"}
     ${optionalString (cfg.i2p == "only-outgoing") "i2pacceptincoming=0"}