Move deployment keys into network.nix

This commit is contained in:
Jonas Nick 2018-12-06 11:33:13 +00:00
parent 3c7d0c66fb
commit 12292ecbcc
2 changed files with 44 additions and 41 deletions

View File

@ -1,48 +1,10 @@
let
secrets = import ./secrets/secrets.nix;
bitcoin-rpcpassword = {
text = secrets.bitcoinrpcpassword;
destDir = "/secrets/";
user = "bitcoin";
group = "bitcoinrpc";
permissions = "0440";
};
lightning-charge-api-token = {
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "clightning";
group = "clightning";
permissions = "0440";
};
# variable is called CHARGE_TOKEN instead of API_TOKEN
lightning-charge-api-token-for-nanopos = {
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "nanopos";
group = "nanopos";
permissions = "0440";
};
liquid-rpcpassword = {
text = secrets.liquidrpcpassword;
destDir = "/secrets/";
user = "liquid";
group = "liquid";
permissions = "0440";
};
in
{
bitcoin-node =
{ config, pkgs, ... }:
{
deployment.targetEnv = "virtualbox";
deployment.virtualbox.memorySize = 4096; # megabytes
deployment.virtualbox.vcpu = 2; # number of cpus
deployment.virtualbox.vcpu = 4; # number of cpus
deployment.virtualbox.headless = true;
deployment.keys = {
inherit bitcoin-rpcpassword lightning-charge-api-token;
}
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { });
};
}

View File

@ -1,5 +1,46 @@
{
let
secrets = import ./secrets/secrets.nix;
bitcoin-rpcpassword = {
text = secrets.bitcoinrpcpassword;
destDir = "/secrets/";
user = "bitcoin";
group = "bitcoinrpc";
permissions = "0440";
};
lightning-charge-api-token = {
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "clightning";
group = "clightning";
permissions = "0440";
};
# variable is called CHARGE_TOKEN instead of API_TOKEN
lightning-charge-api-token-for-nanopos = {
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "nanopos";
group = "nanopos";
permissions = "0440";
};
liquid-rpcpassword = {
text = secrets.liquidrpcpassword;
destDir = "/secrets/";
user = "liquid";
group = "liquid";
permissions = "0440";
};
in {
network.description = "Bitcoin Core node";
bitcoin-node =
{ config, pkgs, ... }:
let
bitcoin-node = import ./configuration.nix;
in {
deployment.keys = {
inherit bitcoin-rpcpassword lightning-charge-api-token;
}
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { });
} // (bitcoin-node { inherit config pkgs; });
}