mirror of
https://github.com/aljazceru/nutshell.git
synced 2025-12-24 12:04:21 +01:00
29571287b3
* settings * fix name settings * management rpc * hook up the RPC server * working * format * update build script fix import error * remove accidental commit of vscode extension data * working ✔ * \n * add get mint quote get melt quote * gRPC cli update quotes commands * update mint melt quotes from cli * comment under get cli command group * keyset rotation not yet implemented * try fix * change back contact info default to be empty list * fix import * add server mTLS * ll * script for generating certificates * rename settings * move generation script * do not save TTL expiry into Cache object, rather always load from settings. * update lightning fees * update auth limits * auth rate limit cli * optional arguemnts * better error messages * tests for db update mint/melt quotes * start mint rpc tests * add tos_url field to get-info grpc response * format checks * add types to click groups where it's needed * tests on updating quotes * fix tests * skip updating mint quote state if on regtest * test edge case * unified test_add_remove_contact * mark pytest-asyncio * fix missing db argument * hopefully no more silly errors * fix test_db_update_mint_quote_state * pass in the quote id string. * add keyset rotation * test for keyset rotation through gRPC command * fix logger warning * remove rotation test because it breaks other tests * use different bolt11 invoices * assert returned melt quote has quote * is_postgres * try different things * skip if deprecated api * format checks * update .gitignore * default location for certificates
166 lines
5.7 KiB
Plaintext
166 lines
5.7 KiB
Plaintext
DEBUG=FALSE
|
|
CASHU_DIR=~/.cashu
|
|
|
|
# --------- WALLET ---------
|
|
|
|
# Address of the default mint to connect to
|
|
# MINT_URL=https://localhost:3338
|
|
MINT_HOST=127.0.0.1
|
|
MINT_PORT=3338
|
|
|
|
# use builtin tor, this overrides SOCKS_PROXY, HTTP_PROXY
|
|
TOR=TRUE
|
|
|
|
# use custom proxy, this will only work with TOR=false
|
|
#SOCKS_PROXY=socks5://localhost:9050
|
|
#HTTP_PROXY=http://localhost:8088
|
|
|
|
# NOSTR
|
|
# nostr private key to which to receive tokens to
|
|
# NOSTR_PRIVATE_KEY=nostr_privatekey_here_hex_or_bech32_nsec
|
|
# nostr relays (comma separated list)
|
|
NOSTR_RELAYS=["wss://nostr-pub.wellorder.net"]
|
|
|
|
# Wallet API port
|
|
API_PORT=4448
|
|
|
|
# Wallet default unit
|
|
WALLET_UNIT="sat"
|
|
|
|
# --------- MINT ---------
|
|
|
|
# Network
|
|
MINT_LISTEN_HOST=127.0.0.1
|
|
MINT_LISTEN_PORT=3338
|
|
|
|
# Mint information
|
|
MINT_INFO_NAME="My Cashu mint"
|
|
MINT_INFO_DESCRIPTION="The short mint description"
|
|
MINT_INFO_DESCRIPTION_LONG="A long mint description that can be a long piece of text."
|
|
MINT_INFO_CONTACT=[["email","contact@me.com"], ["twitter","@me"], ["nostr", "npub..."]]
|
|
MINT_INFO_MOTD="Message to users"
|
|
MINT_INFO_ICON_URL="https://mint.host/icon.jpg"
|
|
MINT_INFO_URLS=["https://mint.host", "http://mint8gv0sq5ul602uxt2fe0t80e3c2bi9fy0cxedp69v1vat6ruj81wv.onion"]
|
|
MINT_INFO_TOS_URL="https://mint.host/tos"
|
|
|
|
# This is used to derive your mint's private keys. Store it securely.
|
|
# MINT_PRIVATE_KEY=<openssl rand -hex 32>
|
|
|
|
# Increment derivation path to rotate to a new keyset
|
|
# Example: m/0'/0'/0' -> m/0'/0'/1'
|
|
MINT_DERIVATION_PATH="m/0'/0'/0'"
|
|
|
|
# Multiple derivation paths and units. Unit is parsed from the derivation path.
|
|
# m/0'/0'/0' is "sat" (default)
|
|
# m/0'/1'/0' is "msat"
|
|
# m/0'/2'/0' is "usd"
|
|
# m/0'/3'/0' is "eur"
|
|
# In this example, we have 2 keysets for sat, 1 for msat and 1 for usd
|
|
# MINT_DERIVATION_PATH_LIST=["m/0'/0'/0'", "m/0'/0'/1'", "m/0'/1'/0'", "m/0'/2'/0'"]
|
|
|
|
# To use SQLite, choose a directory to store the database
|
|
MINT_DATABASE=data/mint
|
|
# To use PostgreSQL, set the connection string
|
|
# MINT_DATABASE=postgres://cashu:cashu@localhost:5432/cashu
|
|
|
|
# Funding source backends
|
|
# Set one funding source backend for each unit
|
|
# Supported: FakeWallet, LndRestWallet, LndRPCWallet, CLNRestWallet, BlinkWallet, LNbitsWallet, StrikeWallet, CoreLightningRestWallet (deprecated)
|
|
|
|
MINT_BACKEND_BOLT11_SAT=FakeWallet
|
|
# Only works if a usd derivation path is set
|
|
# MINT_BACKEND_BOLT11_USD=FakeWallet
|
|
# MINT_BACKEND_BOLT11_EUR=FakeWallet
|
|
|
|
# NUT-19 Cached responses
|
|
# Enable these settings to cache responses in Redis
|
|
#
|
|
# MINT_REDIS_CACHE_ENABLED=TRUE
|
|
# MINT_REDIS_CACHE_URL="redis://localhost:6379"
|
|
|
|
# Funding source settings
|
|
|
|
# Use with LndRPCWallet
|
|
MINT_LND_RPC_ENDPOINT=localhost:10009
|
|
MINT_LND_RPC_CERT="/path/to/tls.cert"
|
|
MINT_LND_RPC_MACAROON="/path/to/admin.macaroon"
|
|
|
|
# Use with LndRestWallet
|
|
MINT_LND_REST_ENDPOINT=https://127.0.0.1:8086
|
|
MINT_LND_REST_CERT="/home/lnd/.lnd/tls.cert"
|
|
MINT_LND_REST_MACAROON="/home/lnd/.lnd/data/chain/bitcoin/regtest/admin.macaroon"
|
|
MINT_LND_REST_CERT_VERIFY=True
|
|
|
|
# Use with CLNRestWallet
|
|
MINT_CLNREST_URL=https://localhost:3010
|
|
MINT_CLNREST_CERT="./clightning-2/regtest/ca.pem"
|
|
MINT_CLNREST_RUNE="Base64string== or path to file containing the rune"
|
|
|
|
# Use with CoreLightningRestWallet
|
|
# Note: CoreLightningRestWallet is deprecated, use CLNRestWallet instead
|
|
MINT_CORELIGHTNING_REST_URL=https://localhost:3001
|
|
MINT_CORELIGHTNING_REST_MACAROON="./clightning-rest/access.macaroon"
|
|
MINT_CORELIGHTNING_REST_CERT="./clightning-2-rest/certificate.pem"
|
|
|
|
# Use with LNbitsWallet
|
|
MINT_LNBITS_ENDPOINT=https://legend.lnbits.com
|
|
MINT_LNBITS_KEY=yourkeyasdasdasd
|
|
|
|
# Use with BlinkWallet
|
|
MINT_BLINK_KEY=blink_abcdefgh
|
|
|
|
# Use with StrikeWallet for BTC, USD, and EUR
|
|
MINT_STRIKE_KEY=ABC123
|
|
|
|
# fee to reserve in percent of the amount
|
|
LIGHTNING_FEE_PERCENT=1.0
|
|
# minimum fee to reserve
|
|
LIGHTNING_RESERVE_FEE_MIN=2000
|
|
|
|
# Mint Management gRPC service configurations
|
|
MINT_RPC_SERVER_ENABLE=FALSE
|
|
MINT_RPC_SERVER_ADDR=localhost
|
|
MINT_RPC_SERVER_PORT=8086
|
|
MINT_RPC_SERVER_MUTUAL_TLS=TRUE
|
|
MINT_RPC_SERVER_KEY="./server_private.pem"
|
|
MINT_RPC_SERVER_CERT="./server_cert.pem"
|
|
MINT_RPC_SERVER_CA="./ca_cert.pem"
|
|
|
|
# Limits
|
|
# Max mint balance in satoshis
|
|
# MINT_MAX_BALANCE=1000000
|
|
# Max peg-in amount in satoshis
|
|
# MINT_MAX_MINT_BOLT11_SAT=100000
|
|
# Max peg-out amount in satoshis
|
|
# MINT_MAX_MELT_BOLT11_SAT=100000
|
|
# Disable minting of BOLT11 invoices
|
|
# MINT_BOLT11_DISABLE_MINT=FALSE
|
|
# Disable melting of BOLT11 invoices
|
|
# MINT_BOLT11_DISABLE_MELT=FALSE
|
|
|
|
# Rate limit requests to mint. Make sure that you can see request IPs in the logs.
|
|
# You may need to adjust your reverse proxy if you only see requests originating from 127.0.0.1
|
|
# MINT_RATE_LIMIT=TRUE
|
|
# Determines the number of all requests allowed per minute per IP
|
|
# MINT_GLOBAL_RATE_LIMIT_PER_MINUTE=60
|
|
# Determines the number of transactions (mint, melt, swap) allowed per minute per IP
|
|
# MINT_TRANSACTION_RATE_LIMIT_PER_MINUTE=20
|
|
|
|
# Authentication
|
|
# These settings allow you to enable blind authentication to limit the user of your mint to a group of authenticated users.
|
|
# To use this, you need to set up an OpenID Connect provider like Keycloak, Auth0, or Hydra.
|
|
# - Add the client ID "cashu-client"
|
|
# - Enable the ES256 and RS256 algorithms for this client
|
|
# - If you want to use the authorization flow, you must add the redirect URI "http://localhost:33388/callback".
|
|
# - To support other wallets, use the well-known list of allowed redirect URIs here: https://...TODO.md
|
|
#
|
|
# Turn on authentication
|
|
# MINT_REQUIRE_AUTH=TRUE
|
|
# OpenID Connect discovery URL of the authentication provider
|
|
# MINT_AUTH_OICD_DISCOVERY_URL=http://localhost:8080/realms/nutshell/.well-known/openid-configuration
|
|
# MINT_AUTH_OICD_CLIENT_ID=cashu-client
|
|
# Number of authentication attempts allowed per minute per user
|
|
# MINT_AUTH_RATE_LIMIT_PER_MINUTE=5
|
|
# Maximum number of blind auth tokens per authentication request
|
|
# MINT_AUTH_MAX_BLIND_TOKENS=100
|