Stop assuming that clightning is always enabled
This commit is contained in:
parent
7242598909
commit
58ba467ffd
@ -119,7 +119,8 @@ in {
|
|||||||
# Create user operator which can use bitcoin-cli and lightning-cli
|
# Create user operator which can use bitcoin-cli and lightning-cli
|
||||||
users.users.operator = {
|
users.users.operator = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "clightning" config.services.bitcoind.group ]
|
extraGroups = [ config.services.bitcoind.group ]
|
||||||
|
++ (if config.services.clightning.enable then [ "clightning" ] else [ ])
|
||||||
++ (if config.services.liquidd.enable then [ config.services.liquidd.group ] else [ ]);
|
++ (if config.services.liquidd.enable then [ config.services.liquidd.group ] else [ ]);
|
||||||
};
|
};
|
||||||
# Give operator access to onion hostnames
|
# Give operator access to onion hostnames
|
||||||
@ -134,9 +135,12 @@ in {
|
|||||||
'' else "");
|
'' else "");
|
||||||
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket
|
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket
|
||||||
# https://github.com/ElementsProject/lightning/issues/1366
|
# https://github.com/ElementsProject/lightning/issues/1366
|
||||||
security.sudo.configFile = ''
|
security.sudo.configFile = (
|
||||||
|
if config.services.clightning.enable then ''
|
||||||
operator ALL=(clightning) NOPASSWD: ALL
|
operator ALL=(clightning) NOPASSWD: ALL
|
||||||
'';
|
''
|
||||||
|
else ""
|
||||||
|
);
|
||||||
|
|
||||||
# Give root ssh access to the operator account
|
# Give root ssh access to the operator account
|
||||||
systemd.services.copy-root-authorized-keys = {
|
systemd.services.copy-root-authorized-keys = {
|
||||||
|
@ -45,8 +45,9 @@ in {
|
|||||||
bitcoin-node = import ./configuration.nix;
|
bitcoin-node = import ./configuration.nix;
|
||||||
in {
|
in {
|
||||||
deployment.keys = {
|
deployment.keys = {
|
||||||
inherit bitcoin-rpcpassword lightning-charge-api-token;
|
inherit bitcoin-rpcpassword;
|
||||||
}
|
}
|
||||||
|
// (if (config.services.lightning-charge.enable) then { inherit lightning-charge-api-token; } else { })
|
||||||
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
|
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
|
||||||
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { })
|
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { })
|
||||||
// (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { });
|
// (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { });
|
||||||
|
Loading…
Reference in New Issue
Block a user