All modules with preStart: Use systemd.tmpfiles.rules
This is NixOS' recommended way to setup service dirs https://github.com/NixOS/nixpkgs/pull/56265. This commit hands off the initial data directory creation to systemd.tmpfiles.rules. All other preStart scripts are left intact to limit this changes' scope.
This commit is contained in:
nixbitcoin
parent
423ebf862b
commit
91b6b2c370
@ -255,19 +255,17 @@ in {
|
||||
sysperms = true;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.bitcoind = {
|
||||
description = "Bitcoin daemon";
|
||||
requires = [ "nix-bitcoin-secrets.target" ];
|
||||
after = [ "network.target" "nix-bitcoin-secrets.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
if [[ ! -e ${cfg.dataDir} ]]; then
|
||||
mkdir -m 0770 -p '${cfg.dataDir}'
|
||||
fi
|
||||
if [[ ! -e ${cfg.dataDir}/blocks ]]; then
|
||||
mkdir -m 0770 -p '${cfg.dataDir}/blocks'
|
||||
fi
|
||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
||||
${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"}
|
||||
|
||||
cfg=$(cat ${configFile}; printf "rpcpassword="; cat "${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword")
|
||||
|
||||
@ -78,6 +78,10 @@ in {
|
||||
};
|
||||
users.groups.clightning = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 ${config.users.users.clightning.name} ${config.users.users.clightning.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.clightning = {
|
||||
description = "Run clightningd";
|
||||
path = [ pkgs.nix-bitcoin.bitcoind ];
|
||||
@ -85,7 +89,6 @@ in {
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
preStart = ''
|
||||
mkdir -m 0770 -p ${cfg.dataDir}
|
||||
cp ${configFile} ${cfg.dataDir}/config
|
||||
chown -R 'clightning:clightning' '${cfg.dataDir}'
|
||||
# The RPC socket has to be removed otherwise we might have stale sockets
|
||||
|
||||
@ -63,14 +63,16 @@ in {
|
||||
config = mkIf cfg.enable (mkMerge [{
|
||||
environment.systemPackages = [ pkgs.nix-bitcoin.electrs ];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.electrs = {
|
||||
description = "Electrs Electrum Server";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
preStart = ''
|
||||
mkdir -m 0770 -p ${cfg.dataDir}
|
||||
chown -R '${cfg.user}:${cfg.group}' ${cfg.dataDir}
|
||||
echo "cookie = \"${config.services.bitcoind.rpcuser}:$(cat ${secretsDir}/bitcoin-rpcpassword)\"" \
|
||||
> electrs.toml
|
||||
'';
|
||||
|
||||
@ -200,15 +200,17 @@ in {
|
||||
(hiPrio cfg.cli)
|
||||
(hiPrio cfg.swap-cli)
|
||||
];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
systemd.services.liquidd = {
|
||||
description = "Elements daemon providing access to the Liquid sidechain";
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
if ! test -e ${cfg.dataDir}; then
|
||||
mkdir -m 0770 -p '${cfg.dataDir}'
|
||||
fi
|
||||
cp '${configFile}' '${cfg.dataDir}/elements.conf'
|
||||
chmod o-rw '${cfg.dataDir}/elements.conf'
|
||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
||||
|
||||
@ -79,6 +79,10 @@ in {
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0770 lnd lnd - -"
|
||||
];
|
||||
|
||||
services.bitcoind = {
|
||||
zmqpubrawblock = "tcp://127.0.0.1:28332";
|
||||
zmqpubrawtx = "tcp://127.0.0.1:28333";
|
||||
@ -91,7 +95,6 @@ in {
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
preStart = ''
|
||||
mkdir -m 0770 -p ${cfg.dataDir}
|
||||
cp ${configFile} ${cfg.dataDir}/lnd.conf
|
||||
chown -R 'lnd:lnd' '${cfg.dataDir}'
|
||||
chmod u=rw,g=r,o= ${cfg.dataDir}/lnd.conf
|
||||
|
||||
@ -28,9 +28,8 @@ let
|
||||
'';
|
||||
createWebIndex = pkgs.writeText "make-index.sh" ''
|
||||
set -e
|
||||
mkdir -p /var/www/
|
||||
cp ${indexFile} /var/www/index.html
|
||||
chown -R nginx /var/www/
|
||||
chown -R nginx:nginx /var/www/
|
||||
nodeinfo
|
||||
. <(nodeinfo)
|
||||
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
|
||||
@ -48,6 +47,10 @@ in {
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/www 0755 nginx nginx - -"
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."_" = {
|
||||
|
||||
@ -15,7 +15,6 @@ let
|
||||
# wait until tor is up
|
||||
until ls -l /var/lib/tor/state; do sleep 1; done
|
||||
|
||||
mkdir -p -m 0755 ${dataDir}
|
||||
cd ${dataDir}
|
||||
|
||||
# Create directory for every user and set permissions
|
||||
@ -68,6 +67,10 @@ in {
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${dataDir}' 0755 root root - -"
|
||||
];
|
||||
|
||||
systemd.services.onion-chef = {
|
||||
description = "Run onion-chef";
|
||||
wantedBy = [ "tor.service" ];
|
||||
|
||||
@ -5,7 +5,6 @@ with lib;
|
||||
let
|
||||
cfg = config.services.spark-wallet;
|
||||
inherit (config) nix-bitcoin-services;
|
||||
dataDir = "/var/lib/spark-wallet/";
|
||||
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
||||
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
||||
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user