diff --git a/modules/core/sovran-hub.nix b/modules/core/sovran-hub.nix index fa51754..e7ccb59 100644 --- a/modules/core/sovran-hub.nix +++ b/modules/core/sovran-hub.nix @@ -43,6 +43,10 @@ let { label = "URL"; file = "/var/lib/domains/btcpayserver"; prefix = "https://"; } { label = "Note"; value = "Create your admin account on first visit"; } ]; } + { name = "Zeus Connect"; unit = "zeus-connect-setup.service"; type = "system"; icon = "zeus"; enabled = cfg.services.bitcoin; category = "bitcoin-apps"; credentials = [ + { label = "Connection URL"; file = "/var/lib/secrets/zeus-connect-url"; } + { label = "How to Connect"; value = "1. Download Zeus from App Store or Google Play\n2. Open Zeus → Scan Node Config\n3. Copy and paste the Connection URL above"; } + ]; } { name = "Mempool"; unit = "mempool.service"; type = "system"; icon = "mempool"; enabled = cfg.features.mempool; category = "bitcoin-apps"; credentials = [ { label = "Tor Access"; file = "/var/lib/tor/onion/mempool-frontend/hostname"; prefix = "http://"; } { label = "Local Network"; file = "/var/lib/secrets/internal-ip"; prefix = "http://"; suffix = ":60847"; } @@ -237,4 +241,4 @@ in # ── Open firewall port ───────────────────────────────────── networking.firewall.allowedTCPPorts = [ 8937 ]; }; -} +} \ No newline at end of file diff --git a/modules/credentials-pdf.nix b/modules/credentials-pdf.nix index 739604d..09aa04b 100644 --- a/modules/credentials-pdf.nix +++ b/modules/credentials-pdf.nix @@ -68,7 +68,7 @@ in echo "║ ║" echo "║ 'passwd free' only updates /etc/shadow. ║" echo "║ The Hub and Magic Keys PDF will NOT be updated. ║" - echo "╚════════════════════════════════════════��═════════════╝" + echo "╚════════════════════════════��═════════════════════════╝" echo "" return 1 end @@ -116,6 +116,47 @@ in ''; }; + # ── 1c. Save Zeus/lndconnect URL for hub credentials ──────── + systemd.services.zeus-connect-setup = { + description = "Save Zeus lndconnect URL"; + wantedBy = [ "multi-user.target" ]; + after = [ "lnd.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + path = [ pkgs.coreutils "/run/current-system/sw" ]; + script = '' + SECRET_FILE="/var/lib/secrets/zeus-connect-url" + mkdir -p /var/lib/secrets + + URL="" + if command -v lndconnect >/dev/null 2>&1; then + URL=$(lndconnect --url 2>/dev/null || true) + elif command -v lnconnect-clnrest >/dev/null 2>&1; then + URL=$(lnconnect-clnrest --url 2>/dev/null || true) + fi + + if [ -n "$URL" ]; then + echo "$URL" > "$SECRET_FILE" + chmod 600 "$SECRET_FILE" + echo "Zeus connect URL saved." + else + echo "No lndconnect URL available yet." + fi + ''; + }; + + # ── Refresh Zeus URL periodically (certs/macaroons may rotate) + systemd.timers.zeus-connect-setup = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "2min"; + OnUnitActiveSec = "30min"; + Unit = "zeus-connect-setup.service"; + }; + }; + # ── 2. Timer: Check every 5 minutes ──────────────────────── systemd.timers.generate-credentials-pdf = { description = "Periodically check if Magic Keys PDF needs regenerating"; @@ -172,7 +213,8 @@ in /var/lib/secrets/wordpress-admin \ /var/lib/secrets/vaultwarden/vaultwarden.env \ /var/lib/domains/vaultwarden \ - /var/lib/domains/btcpayserver; do + /var/lib/domains/btcpayserver \ + /var/lib/secrets/zeus-connect-url; do if [ -f "$f" ]; then SECRET_SOURCES="$SECRET_SOURCES$(cat "$f")" fi