Allow operator to access liquid-cli

2018-12-03 22:33:21 +00:00 · 2018-12-03 22:33:21 +00:00 · 1927fda514
commit 1927fda514
parent 9ed888b9c2
4 changed files with 14 additions and 2 deletions
--- a/generate_secrets.sh
+++ b/generate_secrets.sh
@ -14,6 +14,7 @@ echo Write secrets to $SECRETSFILE
    echo \{
    echo "  bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
    echo "  lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
+    echo "  liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
    echo \}
 } >> $SECRETSFILE
 echo Done
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@ -185,6 +185,7 @@ in {
        cp '${configFile}' '${cfg.dataDir}/liquid.conf'
        chmod o-rw  '${cfg.dataDir}/liquid.conf'
        chown '${cfg.user}:${cfg.group}' '${cfg.dataDir}/liquid.conf'
+        echo "rpcpassword=$(cat /secrets/liquid-rpcpassword)" >> '${cfg.dataDir}/liquid.conf'
      '';
      serviceConfig = {
        Type = "simple";
--- a/modules/nixbitcoin.nix
+++ b/modules/nixbitcoin.nix
@ -118,6 +118,8 @@ in {
    };

    services.liquidd.enable = cfg.modules == "all";
+    services.liquidd.rpcuser = "liquidrpc";
+
    services.lightning-charge.enable = cfg.modules == "all";
    services.nanopos.enable = cfg.modules == "all";
    services.nixbitcoin-webindex.enable = cfg.modules == "all";
--- a/network-vbox.nix
+++ b/network-vbox.nix
@ -22,6 +22,13 @@ let
    group = "nanopos";
    permissions = "0440";
  };
+  liquid-rpcpassword = {
+    text = secrets.liquidrpcpassword;
+    destDir = "/secrets/";
+    user = "liquid";
+    group = "liquid";
+    permissions = "0440";
+  };
 in
 {
  bitcoin-node =
@ -32,9 +39,10 @@ in
      deployment.virtualbox.vcpu = 2; # number of cpus
      deployment.virtualbox.headless = true;

-
      deployment.keys = {
        inherit bitcoin-rpcpassword lightning-charge-api-token;
-      } // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { });
+      }
+      // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
+      // (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { });
    };
 }