greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

netns-liquidd: allow RPC access from main netns

Browse Source
This commit is contained in:
Erik Arvstedt 2020-10-29 21:20:31 +01:00
parent 82f4901880
commit 6903e8afcc
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
3 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/liquid.nix
View File

@ -27,6 +27,7 @@ let
(attrValues cfg.rpc.users) (attrValues cfg.rpc.users)
} }
${lib.concatMapStrings (rpcbind: "rpcbind=${rpcbind}\n") cfg.rpcbind} ${lib.concatMapStrings (rpcbind: "rpcbind=${rpcbind}\n") cfg.rpcbind}
rpcconnect=${builtins.elemAt cfg.rpcbind 0}
${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip} ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"} ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"} ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
@ -205,17 +206,16 @@ in {
cli = mkOption { cli = mkOption {
readOnly = true; readOnly = true;
default = pkgs.writeScriptBin "elements-cli" '' default = pkgs.writeScriptBin "elements-cli" ''
${cfg.cliExec} ${pkgs.nix-bitcoin.elementsd}/bin/elements-cli -datadir='${cfg.dataDir}' "$@" ${pkgs.nix-bitcoin.elementsd}/bin/elements-cli -datadir='${cfg.dataDir}' "$@"
''; '';
description = "Binary to connect with the liquidd instance."; description = "Binary to connect with the liquidd instance.";
}; };
swapCli = mkOption { swapCli = mkOption {
default = pkgs.writeScriptBin "liquidswap-cli" '' default = pkgs.writeScriptBin "liquidswap-cli" ''
${cfg.cliExec} ${pkgs.nix-bitcoin.liquid-swap}/bin/liquidswap-cli -c '${cfg.dataDir}/elements.conf' "$@" ${pkgs.nix-bitcoin.liquid-swap}/bin/liquidswap-cli -c '${cfg.dataDir}/elements.conf' "$@"
''; '';
description = "Binary for managing liquid swaps."; description = "Binary for managing liquid swaps.";
}; };
inherit (nix-bitcoin-services) cliExec;
enforceTor = nix-bitcoin-services.enforceTor; enforceTor = nix-bitcoin-services.enforceTor;
}; };
}; };

11
modules/netns-isolation.nix
View File

@ -270,14 +270,11 @@ in {
services.liquidd = { services.liquidd = {
bind = netns.liquidd.address; bind = netns.liquidd.address;
rpcbind = [ rpcbind = [ netns.liquidd.address ];
"${netns.liquidd.address}"
"127.0.0.1"
];
rpcallowip = [ rpcallowip = [
"127.0.0.1" bridgeIp # For operator user
] ++ map (n: "${netns.${n}.address}") netns.liquidd.availableNetns; netns.liquidd.address
cliExec = mkCliExec "liquidd"; ] ++ map (n: netns.${n}.address) netns.liquidd.availableNetns;
}; };
services.electrs.address = netns.electrs.address; services.electrs.address = netns.electrs.address;

1
pkgs/netns-exec/src/main.c
View File

@ -11,7 +11,6 @@
static char *allowed_netns[] = { static char *allowed_netns[] = {
"nb-lightning-loop", "nb-lightning-loop",
"nb-liquidd",
"nb-joinmarket" "nb-joinmarket"
}; };