treewide: remove unneeded string literals
This commit is contained in:
Erik Arvstedt
parent
e6a6c721c1
commit
4f6ff408ef
@ -72,7 +72,7 @@ in {
|
||||
"--include-filelist" "${filelist}"
|
||||
"--full-if-older-than" "1M"
|
||||
];
|
||||
targetUrl = "${cfg.destination}";
|
||||
targetUrl = cfg.destination;
|
||||
frequency = cfg.frequency;
|
||||
secretFile = "${config.nix-bitcoin.secretsDir}/backup-encryption-env";
|
||||
};
|
||||
|
||||
@ -343,13 +343,13 @@ in {
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
Type = "notify";
|
||||
NotifyAccess = "all";
|
||||
User = "${cfg.user}";
|
||||
Group = "${cfg.group}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
TimeoutStartSec = 300;
|
||||
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
||||
Restart = "on-failure";
|
||||
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // (if cfg.enforceTor
|
||||
then nbLib.allowTor
|
||||
else nbLib.allowAnyIP)
|
||||
@ -375,9 +375,9 @@ in {
|
||||
done
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
User = "${cfg.user}";
|
||||
Group = "${cfg.group}";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // nbLib.allowTor;
|
||||
};
|
||||
|
||||
|
||||
@ -108,7 +108,7 @@ in {
|
||||
enable = true;
|
||||
ensureDatabases = [ "btcpaydb" ];
|
||||
ensureUsers = [{
|
||||
name = "${cfg.btcpayserver.user}";
|
||||
name = cfg.btcpayserver.user;
|
||||
ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES";
|
||||
}];
|
||||
};
|
||||
|
||||
@ -140,10 +140,10 @@ in {
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
|
||||
User = "${cfg.user}";
|
||||
User = cfg.user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // (if cfg.enforceTor
|
||||
then nbLib.allowTor
|
||||
else nbLib.allowAnyIP
|
||||
|
||||
@ -47,7 +47,7 @@ in {
|
||||
# Provides lsusb for debugging
|
||||
pkgs.usbutils
|
||||
];
|
||||
users.groups."${cfg.group}" = {};
|
||||
users.groups.${cfg.group} = {};
|
||||
nix-bitcoin.operator.groups = [ cfg.group ];
|
||||
})
|
||||
(mkIf cfg.ledger {
|
||||
|
||||
@ -79,7 +79,7 @@ in {
|
||||
serviceConfig = nbLib.defaultHardening // rec {
|
||||
StateDirectory = "joinmarket-ob-watcher";
|
||||
StateDirectoryMode = "0770";
|
||||
WorkingDirectory = "${cfg.dataDir}"; # The service creates dir 'logs' in the working dir
|
||||
WorkingDirectory = cfg.dataDir; # The service creates dir 'logs' in the working dir
|
||||
ExecStart = ''
|
||||
${nbPkgs.joinmarket}/bin/ob-watcher --datadir=${cfg.dataDir} \
|
||||
--host=${cfg.address} --port=${toString cfg.port}
|
||||
|
||||
@ -148,7 +148,7 @@ in {
|
||||
];
|
||||
users.users.${cfg.user} = {
|
||||
description = "joinmarket User";
|
||||
group = "${cfg.group}";
|
||||
group = cfg.group;
|
||||
home = cfg.dataDir;
|
||||
extraGroups = [ "tor" ];
|
||||
};
|
||||
@ -202,11 +202,11 @@ in {
|
||||
fi
|
||||
'');
|
||||
ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";
|
||||
WorkingDirectory = "${cfg.dataDir}"; # The service creates 'commitmentlist' in the working dir
|
||||
User = "${cfg.user}";
|
||||
WorkingDirectory = cfg.dataDir; # The service creates 'commitmentlist' in the working dir
|
||||
User = cfg.user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // nbLib.allowTor;
|
||||
};
|
||||
|
||||
@ -242,10 +242,10 @@ in {
|
||||
serviceConfig = nbLib.defaultHardening // rec {
|
||||
RuntimeDirectory = "joinmarket-yieldgenerator"; # Only used to create start script
|
||||
RuntimeDirectoryMode = "700";
|
||||
WorkingDirectory = "${cfg.dataDir}"; # The service creates dir 'logs' in the working dir
|
||||
WorkingDirectory = cfg.dataDir; # The service creates dir 'logs' in the working dir
|
||||
ExecStart = "${pkgs.bash}/bin/bash /run/${RuntimeDirectory}/start";
|
||||
User = "${cfg.user}";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
User = cfg.user;
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // nbLib.allowTor;
|
||||
};
|
||||
})
|
||||
|
||||
@ -101,7 +101,7 @@ in {
|
||||
User = "lnd";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // (if cfg.enforceTor
|
||||
then nbLib.allowTor
|
||||
else nbLib.allowAnyIP);
|
||||
|
||||
@ -233,12 +233,12 @@ in {
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
Type = "simple";
|
||||
User = "${cfg.user}";
|
||||
Group = "${cfg.group}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ExecStart = "${nbPkgs.elementsd}/bin/elementsd ${cmdlineOptions}";
|
||||
PIDFile = "${pidFile}";
|
||||
PIDFile = pidFile;
|
||||
Restart = "on-failure";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
} // (if cfg.enforceTor
|
||||
then nbLib.allowTor
|
||||
else nbLib.allowAnyIP
|
||||
|
||||
@ -193,7 +193,7 @@ in {
|
||||
User = "lnd";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = "${cfg.dataDir}";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
ExecStartPost = let
|
||||
restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
|
||||
in [
|
||||
@ -246,7 +246,7 @@ in {
|
||||
sleep 0.1
|
||||
done
|
||||
|
||||
''}"
|
||||
'')
|
||||
# Run fully privileged for chown
|
||||
"+${nbLib.script ''
|
||||
umask ug=r,o=
|
||||
|
||||
@ -6,7 +6,7 @@ buildPythonPackage rec {
|
||||
src = fetchFromGitHub {
|
||||
owner = "freelan-developers";
|
||||
repo = "chromalog";
|
||||
rev = "${version}";
|
||||
rev = version;
|
||||
sha256 = "0pj4s52rgwlvwkzrj85y92c5r9c84pz8gga45jl5spysrv41y9p0";
|
||||
};
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user