Add Outbound Remote Signer implementation

config.go

@@ -497,8 +497,15 @@ type Config struct {
 
 	RPCMiddleware *lncfg.RPCMiddleware `group:"rpcmiddleware" namespace:"rpcmiddleware"`
 
+	// RemoteSigner defines how to connect to a remote signer node. If this
+	// is enabled, the node acts as a watch-only node in a remote signer
+	// setup.
 	RemoteSigner *lncfg.RemoteSigner `group:"remotesigner" namespace:"remotesigner"`
 
+	// WatchOnlyNode defines how to connect to a watch-only node. If this is
+	// enabled, the node acts as a remote signer in a remote signer setup.
+	WatchOnlyNode *lncfg.WatchOnlyNode `group:"watchonlynode" namespace:"watchonlynode"`
+
 	Sweeper *lncfg.Sweeper `group:"sweeper" namespace:"sweeper"`
 
 	Htlcswitch *lncfg.Htlcswitch `group:"htlcswitch" namespace:"htlcswitch"`
@@ -757,10 +764,9 @@ func DefaultConfig() Config {
 		ChannelCommitBatchSize:    defaultChannelCommitBatchSize,
 		CoinSelectionStrategy:     defaultCoinSelectionStrategy,
 		KeepFailedPaymentAttempts: defaultKeepFailedPaymentAttempts,
-		RemoteSigner: &lncfg.RemoteSigner{
-			Timeout: lncfg.DefaultRemoteSignerRPCTimeout,
-		},
-		Sweeper: lncfg.DefaultSweeperConfig(),
+		RemoteSigner:              lncfg.DefaultRemoteSignerCfg(),
+		WatchOnlyNode:             lncfg.DefaultWatchOnlyNodeCfg(),
+		Sweeper:                   lncfg.DefaultSweeperConfig(),
 		Htlcswitch: &lncfg.Htlcswitch{
 			MailboxDeliveryTimeout: htlcswitch.DefaultMailboxDeliveryTimeout,
 			QuiescenceTimeout:      lncfg.DefaultQuiescenceTimeout,
@@ -1790,6 +1796,14 @@ func ValidateConfig(cfg Config, interceptor signal.Interceptor, fileParser,
 		)
 	}
 
+	// Validate that the node isn't configured as both a remote signer and a
+	// watch-only node.
+	if cfg.RemoteSigner.Enable && cfg.WatchOnlyNode.Enable {
+		return nil, fmt.Errorf("cannot be configured as both a " +
+			"watchonly node and a remote signer node " +
+			"simultaneously")
+	}
+
 	// Validate the subconfigs for workers, caches, and the tower client.
 	err = lncfg.Validate(
 		cfg.Workers,
@@ -1800,6 +1814,7 @@ func ValidateConfig(cfg Config, interceptor signal.Interceptor, fileParser,
 		cfg.HealthChecks,
 		cfg.RPCMiddleware,
 		cfg.RemoteSigner,
+		cfg.WatchOnlyNode,
 		cfg.Sweeper,
 		cfg.Htlcswitch,
 		cfg.Invoices,

config_builder.go

@@ -867,28 +867,57 @@ func (d *RPCSignerWalletImpl) BuildChainControl(
 	partialChainControl *chainreg.PartialChainControl,
 	walletConfig *btcwallet.Config) (*chainreg.ChainControl, func(), error) {
 
+	// Keeps track of both the remote signer and the chain control clean up
+	// functions.
+	var (
+		cleanUpTasks []func()
+		cleanUp      = func() {
+			for i := len(cleanUpTasks) - 1; i >= 0; i-- {
+				cleanUpTasks[i]()
+			}
+		}
+	)
+
 	walletController, err := btcwallet.New(
 		*walletConfig, partialChainControl.Cfg.BlockCache,
 	)
 	if err != nil {
 		err := fmt.Errorf("unable to create wallet controller: %w", err)
 		d.logger.Error(err)
-		return nil, nil, err
+		return nil, cleanUp, err
 	}
 
+	remoteSignerConnBuilder := rpcwallet.NewRemoteSignerConnectionBuilder(
+		d.DefaultWalletImpl.cfg.RemoteSigner,
+	)
+
+	// Create the remote signer connection instance.
+	remoteSignerConn, err := remoteSignerConnBuilder.Build(
+		context.Background(),
+	)
+	if err != nil {
+		err := fmt.Errorf("unable to set up remote signer: %w", err)
+		d.logger.Error(err)
+
+		return nil, cleanUp, err
+	}
+
+	cleanUpTasks = append(cleanUpTasks, remoteSignerConn.Stop)
+
 	baseKeyRing := keychain.NewBtcWalletKeyRing(
 		walletController.InternalWallet(), walletConfig.CoinType,
 	)
 
 	rpcKeyRing, err := rpcwallet.NewRPCKeyRing(
 		baseKeyRing, walletController,
-		d.DefaultWalletImpl.cfg.RemoteSigner, walletConfig.NetParams,
+		remoteSignerConn, walletConfig.NetParams,
 	)
 	if err != nil {
 		err := fmt.Errorf("unable to create RPC remote signing wallet "+
 			"%v", err)
 		d.logger.Error(err)
-		return nil, nil, err
+
+		return nil, cleanUp, err
 	}
 
 	// Create, and start the lnwallet, which handles the core payment
@@ -907,15 +936,18 @@ func (d *RPCSignerWalletImpl) BuildChainControl(
 
 	// We've created the wallet configuration now, so we can finish
 	// initializing the main chain control.
-	activeChainControl, cleanUp, err := chainreg.NewChainControl(
+	activeChainControl, ccCleanUp, err := chainreg.NewChainControl(
 		lnWalletConfig, rpcKeyRing, partialChainControl,
 	)
 	if err != nil {
 		err := fmt.Errorf("unable to create chain control: %w", err)
 		d.logger.Error(err)
-		return nil, nil, err
+
+		return nil, cleanUp, err
 	}
 
+	cleanUpTasks = append(cleanUpTasks, ccCleanUp)
+
 	return activeChainControl, cleanUp, nil
 }
 

docs/release-notes/release-notes-0.21.0.md

@@ -93,6 +93,10 @@
   specify a list of inputs to use as transaction inputs via the new
   `inputs` field in `EstimateFeeRequest`.
 
+* [SignCoordinatorStreams](https://github.com/lightningnetwork/lnd/pull/8754)
+  allows a remote signer to connect to the lnd node, if the
+  `remotesigner.allowinboundconnection` cfg value has been set to `true`.
+
 ## lncli Additions
 
 * The `estimatefee` command now supports the `--utxos` flag to specify explicit
@@ -107,9 +111,16 @@
   This applies to both funders and fundees, with the ability to override the
   value during channel opening or acceptance.
 
+<<<<<<< HEAD
 * Rename [experimental endorsement signal](https://github.com/lightning/blips/blob/a833e7b49f224e1240b5d669e78fa950160f5a06/blip-0004.md)
   to [accountable](https://github.com/lightningnetwork/lnd/pull/10367) to match
   the latest [proposal](https://github.com/lightning/blips/pull/67).
+=======
+* [Added](https://github.com/lightningnetwork/lnd/pull/8754) support for a new
+  remote signer type `outbound`, which makes an outbound connection to the
+  watch-only node, instead of requiring on an inbound connection from the
+  watch-only node.
+>>>>>>> 39f496b44 (docs: update release notes)
 
 ## RPC Updates