From 58ba467ffdbf8d190a1135a59c0f81092b1f8e78 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Fri, 5 Apr 2019 13:49:38 +0000 Subject: [PATCH] Stop assuming that clightning is always enabled --- modules/nix-bitcoin.nix | 12 ++++++++---- network.nix | 3 ++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/nix-bitcoin.nix b/modules/nix-bitcoin.nix index 0a0f9e5..4e7495b 100644 --- a/modules/nix-bitcoin.nix +++ b/modules/nix-bitcoin.nix @@ -119,7 +119,8 @@ in { # Create user operator which can use bitcoin-cli and lightning-cli users.users.operator = { isNormalUser = true; - extraGroups = [ "clightning" config.services.bitcoind.group ] + extraGroups = [ config.services.bitcoind.group ] + ++ (if config.services.clightning.enable then [ "clightning" ] else [ ]) ++ (if config.services.liquidd.enable then [ config.services.liquidd.group ] else [ ]); }; # Give operator access to onion hostnames @@ -134,9 +135,12 @@ in { '' else ""); # Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket # https://github.com/ElementsProject/lightning/issues/1366 - security.sudo.configFile = '' - operator ALL=(clightning) NOPASSWD: ALL - ''; + security.sudo.configFile = ( + if config.services.clightning.enable then '' + operator ALL=(clightning) NOPASSWD: ALL + '' + else "" + ); # Give root ssh access to the operator account systemd.services.copy-root-authorized-keys = { diff --git a/network.nix b/network.nix index 61bf492..49d8d76 100644 --- a/network.nix +++ b/network.nix @@ -45,8 +45,9 @@ in { bitcoin-node = import ./configuration.nix; in { deployment.keys = { - inherit bitcoin-rpcpassword lightning-charge-api-token; + inherit bitcoin-rpcpassword; } + // (if (config.services.lightning-charge.enable) then { inherit lightning-charge-api-token; } else { }) // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { }) // (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { }) // (if (config.services.spark-wallet.enable) then { inherit spark-wallet-login; } else { });