greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

webindex & onion-chef: Run non-network-facing services in PrivateNetwork

Browse Source
This commit is contained in:
nixbitcoin 2020-05-05 15:25:00 +02:00
parent 7c70dd43ac
commit 3cd61506e0
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/nix-bitcoin-webindex.nix
View File

@ -88,6 +88,7 @@ in {
RemainAfterExit="yes"; RemainAfterExit="yes";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";
PrivateNetwork = "true"; # This service needs no network access
} // (if cfg.enforceTor } // (if cfg.enforceTor
then nix-bitcoin-services.allowTor then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP else nix-bitcoin-services.allowAnyIP

1
modules/onion-chef.nix
View File

@ -77,6 +77,7 @@ in {
ExecStart = "${pkgs.bash}/bin/bash ${onion-chef-script}"; ExecStart = "${pkgs.bash}/bin/bash ${onion-chef-script}";
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
PrivateNetwork = "true"; # This service needs no network access
}; };
}; };
}; };