spark-wallet: Run under spark-wallet user

This commit is contained in:
nixbitcoin 2020-05-03 14:18:21 +02:00
parent 205fca3576
commit 563b210835
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA

View File

@ -12,7 +12,7 @@ let
${optionalString cfg.onion-service ${optionalString cfg.onion-service
'' ''
echo Getting onion hostname echo Getting onion hostname
CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/clightning/spark-wallet)" CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/spark-wallet/spark-wallet)"
'' ''
} }
# Use rate provide wasabi because default (bitstamp) doesn't accept # Use rate provide wasabi because default (bitstamp) doesn't accept
@ -48,6 +48,13 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.nix-bitcoin.spark-wallet ]; environment.systemPackages = [ pkgs.nix-bitcoin.spark-wallet ];
users.users.spark-wallet = {
description = "spark-wallet User";
group = "spark-wallet";
extraGroups = [ "clightning" ];
};
users.groups.spark-wallet = {};
services.tor.enable = cfg.onion-service; services.tor.enable = cfg.onion-service;
# requires client functionality for Bitcoin rate lookup # requires client functionality for Bitcoin rate lookup
services.tor.client.enable = true; services.tor.client.enable = true;
@ -58,7 +65,7 @@ in {
version = 3; version = 3;
}; };
services.onion-chef.enable = cfg.onion-service; services.onion-chef.enable = cfg.onion-service;
services.onion-chef.access.clightning = if cfg.onion-service then [ "spark-wallet" ] else []; services.onion-chef.access.spark-wallet = if cfg.onion-service then [ "spark-wallet" ] else [];
systemd.services.spark-wallet = { systemd.services.spark-wallet = {
description = "Run spark-wallet"; description = "Run spark-wallet";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -67,13 +74,13 @@ in {
serviceConfig = { serviceConfig = {
PermissionsStartOnly = "true"; PermissionsStartOnly = "true";
ExecStart = "${pkgs.bash}/bin/bash ${run-spark-wallet}"; ExecStart = "${pkgs.bash}/bin/bash ${run-spark-wallet}";
User = "clightning"; User = "spark-wallet";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "10s"; RestartSec = "10s";
} // nix-bitcoin-services.defaultHardening } // nix-bitcoin-services.defaultHardening
// nix-bitcoin-services.nodejs // nix-bitcoin-services.nodejs
// nix-bitcoin-services.allowTor; // nix-bitcoin-services.allowTor;
}; };
nix-bitcoin.secrets.spark-wallet-login.user = "clightning"; nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
}; };
} }