From 8da01fe8a65a7dacc9114b00a48432f2b93eea6b Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Thu, 29 Oct 2020 21:20:37 +0100
Subject: [PATCH] lightning-loop: allow RPC access from main netns

Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
---
 modules/lightning-loop.nix  | 3 +--
 modules/netns-isolation.nix | 2 +-
 pkgs/netns-exec/src/main.c  | 1 -
 3 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/modules/lightning-loop.nix b/modules/lightning-loop.nix
index 5ed44c7..6a5d780 100644
--- a/modules/lightning-loop.nix
+++ b/modules/lightning-loop.nix
@@ -74,14 +74,13 @@ in {
     };
     cli = mkOption {
       default = pkgs.writeScriptBin "loop" ''
-        ${cfg.cliExec} ${cfg.package}/bin/loop \
+        ${cfg.package}/bin/loop \
         --rpcserver ${rpclisten} \
         --macaroonpath '${cfg.dataDir}/${network}/loop.macaroon' \
         --tlscertpath '${secretsDir}/loop-cert' "$@"
       '';
       description = "Binary to connect with the lightning-loop instance.";
     };
-    inherit (nix-bitcoin-services) cliExec;
     enforceTor = nix-bitcoin-services.enforceTor;
   };
 
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index bf4eaf7..265414a 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -291,7 +291,7 @@ in {
       host = netns.nanopos.address;
     };
 
-    services.lightning-loop.cliExec = mkCliExec "lightning-loop";
+    services.lightning-loop.rpcAddress = netns.lightning-loop.address;
 
     services.nbxplorer.bind = netns.nbxplorer.address;
     services.btcpayserver.bind = netns.btcpayserver.address;
diff --git a/pkgs/netns-exec/src/main.c b/pkgs/netns-exec/src/main.c
index 916de95..e86e6af 100644
--- a/pkgs/netns-exec/src/main.c
+++ b/pkgs/netns-exec/src/main.c
@@ -10,7 +10,6 @@
 #include <sys/capability.h>
 
 static char *allowed_netns[] = {
-    "nb-lightning-loop",
     "nb-joinmarket"
 };