From 8cac8285347bc8063ae357675ee4bf8e2d632f27 Mon Sep 17 00:00:00 2001
From: Otto Sabart <seberm@seberm.com>
Date: Mon, 27 Jun 2022 21:38:00 +0200
Subject: [PATCH] doc: remote-bitcoind: allowing external connections when
 tor.enforce is active

---
 docs/configuration.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/configuration.md b/docs/configuration.md
index 98c0f53..b0f151c 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -214,6 +214,21 @@ services.bitcoind = {
 };
 ```
 
+If a `secure-node.nix` or `tor-enable.nix` preset is imported in your
+configuration or a `tor.enforce` option is explicitly enabled, you also need to
+allow remote connections for **every** service which needs to connect to the
+remote bitcoind:
+
+```
+systemd.services.<service>.serviceConfig = {
+  IPAddressAllow = [ ${services.bitcoind.rpc.address} ];
+};
+```
+
+> Please note that configuration above applies only if the remote bitcoind **is
+> not** accessed via Tor.
+
+
 Now save the password of the RPC user to the following files on your nix-bitcoin node:
 ```shell
 $secretsDir/bitcoin-rpcpassword-privileged