lnd+server+watchtower: allow Standalone access to the tor controller

This commit lets the watchtower automatically create hidden services by giving it a pointer to a TorController. The server was also slightly refactored so that it was not the sole owner of the TorController.
2025-08-31 17:51:33 +02:00 · 2020-03-17 10:58:36 -04:00
parent f1fd5e86c0
commit ada0b78dfc
4 changed files with 107 additions and 28 deletions
--- a/watchtower/config.go
+++ b/watchtower/config.go
@@ -34,8 +34,8 @@ var (
 )

 // Config defines the resources and parameters used to configure a Watchtower.
-// All nil-able elements with the Config must be set in order for the Watchtower
-// to function properly.
+// All nil-able elements besides tor-related ones must be set in order for the
+// Watchtower to function properly.
 type Config struct {
 	// ChainHash identifies the chain that the watchtower will be monitoring
 	// for breaches and that will be advertised in the server's Init message
@@ -89,4 +89,16 @@ type Config struct {
 	// message from the other end, if the connection has stopped buffering
 	// the server's replies.
 	WriteTimeout time.Duration
+
+	// TorController allows the watchtower to optionally setup an onion hidden
+	// service.
+	TorController *tor.Controller
+
+	// WatchtowerKeyPath allows the watchtower to specify where the private key
+	// for a watchtower hidden service should be stored.
+	WatchtowerKeyPath string
+
+	// Type specifies the hidden service type (V2 or V3) that the watchtower
+	// will create.
+	Type tor.OnionType
 }
--- a/watchtower/standalone.go
+++ b/watchtower/standalone.go
@@ -6,6 +6,7 @@ import (

 	"github.com/btcsuite/btcd/btcec"
 	"github.com/lightningnetwork/lnd/brontide"
+	"github.com/lightningnetwork/lnd/tor"
 	"github.com/lightningnetwork/lnd/watchtower/lookout"
 	"github.com/lightningnetwork/lnd/watchtower/wtserver"
 )
@@ -112,6 +113,15 @@ func (w *Standalone) Start() error {

 	log.Infof("Starting watchtower")

+	// If a tor controller exists in the config, then automatically create a
+	// hidden service for the watchtower to accept inbound connections from.
+	if w.cfg.TorController != nil {
+		log.Infof("Creating watchtower hidden service")
+		if err := w.createNewHiddenService(); err != nil {
+			return err
+		}
+	}
+
 	if err := w.lookout.Start(); err != nil {
 		return err
 	}
@@ -142,6 +152,39 @@ func (w *Standalone) Stop() error {
 	return nil
 }

+// createNewHiddenService automatically sets up a v2 or v3 onion service in
+// order to listen for inbound connections over Tor.
+func (w *Standalone) createNewHiddenService() error {
+	// Get all the ports the watchtower is listening on. These will be used to
+	// map the hidden service's virtual port.
+	listenPorts := make([]int, 0, len(w.listeners))
+	for _, listener := range w.listeners {
+		port := listener.Addr().(*net.TCPAddr).Port
+		listenPorts = append(listenPorts, port)
+	}
+
+	// Once we've created the port mapping, we can automatically create the
+	// hidden service. The service's private key will be saved on disk in order
+	// to persistently have access to this hidden service across restarts.
+	onionCfg := tor.AddOnionConfig{
+		VirtualPort: DefaultPeerPort,
+		TargetPorts: listenPorts,
+		Store:       tor.NewOnionFile(w.cfg.WatchtowerKeyPath, 0600),
+		Type:        w.cfg.Type,
+	}
+
+	addr, err := w.cfg.TorController.AddOnion(onionCfg)
+	if err != nil {
+		return err
+	}
+
+	// Append this address to ExternalIPs so that it will be exposed in
+	// tower info calls.
+	w.cfg.ExternalIPs = append(w.cfg.ExternalIPs, addr)
+
+	return nil
+}
+
 // PubKey returns the public key for the watchtower used to authentication and
 // encrypt traffic with clients.
 //