diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index 1f3a7ae..f1f1af0 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -255,19 +255,17 @@ in { sysperms = true; }; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + "d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.bitcoind = { description = "Bitcoin daemon"; requires = [ "nix-bitcoin-secrets.target" ]; after = [ "network.target" "nix-bitcoin-secrets.target" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - if [[ ! -e ${cfg.dataDir} ]]; then - mkdir -m 0770 -p '${cfg.dataDir}' - fi - if [[ ! -e ${cfg.dataDir}/blocks ]]; then - mkdir -m 0770 -p '${cfg.dataDir}/blocks' - fi - chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' ${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"} cfg=$(cat ${configFile}; printf "rpcpassword="; cat "${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword") diff --git a/modules/clightning.nix b/modules/clightning.nix index 602b635..39b84a2 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -78,6 +78,10 @@ in { }; users.groups.clightning = {}; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${config.users.users.clightning.name} ${config.users.users.clightning.group} - -" + ]; + systemd.services.clightning = { description = "Run clightningd"; path = [ pkgs.nix-bitcoin.bitcoind ]; @@ -85,7 +89,6 @@ in { requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; preStart = '' - mkdir -m 0770 -p ${cfg.dataDir} cp ${configFile} ${cfg.dataDir}/config chown -R 'clightning:clightning' '${cfg.dataDir}' # The RPC socket has to be removed otherwise we might have stale sockets diff --git a/modules/electrs.nix b/modules/electrs.nix index 1c6df3b..15f4f8d 100644 --- a/modules/electrs.nix +++ b/modules/electrs.nix @@ -63,14 +63,16 @@ in { config = mkIf cfg.enable (mkMerge [{ environment.systemPackages = [ pkgs.nix-bitcoin.electrs ]; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.electrs = { description = "Electrs Electrum Server"; wantedBy = [ "multi-user.target" ]; requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; preStart = '' - mkdir -m 0770 -p ${cfg.dataDir} - chown -R '${cfg.user}:${cfg.group}' ${cfg.dataDir} echo "cookie = \"${config.services.bitcoind.rpcuser}:$(cat ${secretsDir}/bitcoin-rpcpassword)\"" \ > electrs.toml ''; diff --git a/modules/liquid.nix b/modules/liquid.nix index d5a7413..7fe6674 100644 --- a/modules/liquid.nix +++ b/modules/liquid.nix @@ -200,15 +200,17 @@ in { (hiPrio cfg.cli) (hiPrio cfg.swap-cli) ]; + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.liquidd = { description = "Elements daemon providing access to the Liquid sidechain"; requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - if ! test -e ${cfg.dataDir}; then - mkdir -m 0770 -p '${cfg.dataDir}' - fi cp '${configFile}' '${cfg.dataDir}/elements.conf' chmod o-rw '${cfg.dataDir}/elements.conf' chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' diff --git a/modules/lnd.nix b/modules/lnd.nix index 03fbd93..2da8c50 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -79,6 +79,10 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ]; + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0770 lnd lnd - -" + ]; + services.bitcoind = { zmqpubrawblock = "tcp://127.0.0.1:28332"; zmqpubrawtx = "tcp://127.0.0.1:28333"; @@ -91,7 +95,6 @@ in { requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; preStart = '' - mkdir -m 0770 -p ${cfg.dataDir} cp ${configFile} ${cfg.dataDir}/lnd.conf chown -R 'lnd:lnd' '${cfg.dataDir}' chmod u=rw,g=r,o= ${cfg.dataDir}/lnd.conf diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix index d3a1939..7429500 100644 --- a/modules/nix-bitcoin-webindex.nix +++ b/modules/nix-bitcoin-webindex.nix @@ -28,9 +28,8 @@ let ''; createWebIndex = pkgs.writeText "make-index.sh" '' set -e - mkdir -p /var/www/ cp ${indexFile} /var/www/index.html - chown -R nginx /var/www/ + chown -R nginx:nginx /var/www/ nodeinfo . <(nodeinfo) sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html @@ -48,6 +47,10 @@ in { }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d /var/www 0755 nginx nginx - -" + ]; + services.nginx = { enable = true; virtualHosts."_" = { diff --git a/modules/onion-chef.nix b/modules/onion-chef.nix index 9fabd5a..86d035e 100644 --- a/modules/onion-chef.nix +++ b/modules/onion-chef.nix @@ -15,7 +15,6 @@ let # wait until tor is up until ls -l /var/lib/tor/state; do sleep 1; done - mkdir -p -m 0755 ${dataDir} cd ${dataDir} # Create directory for every user and set permissions @@ -68,6 +67,10 @@ in { }; config = mkIf cfg.enable { + systemd.tmpfiles.rules = [ + "d '${dataDir}' 0755 root root - -" + ]; + systemd.services.onion-chef = { description = "Run onion-chef"; wantedBy = [ "tor.service" ]; diff --git a/modules/spark-wallet.nix b/modules/spark-wallet.nix index 8c506a1..6488a56 100644 --- a/modules/spark-wallet.nix +++ b/modules/spark-wallet.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.services.spark-wallet; inherit (config) nix-bitcoin-services; - dataDir = "/var/lib/spark-wallet/"; onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []); run-spark-wallet = pkgs.writeScript "run-spark-wallet" '' CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"