Improve abstraction of deployment keys

2018-12-03 22:16:01 +00:00 · 2018-12-03 22:16:01 +00:00 · 9ed888b9c2
commit 9ed888b9c2
parent c79aaf9695
3 changed files with 28 additions and 23 deletions
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@ -5,7 +5,7 @@ with lib;
 let
  cfg = config.services.clightning;
  configFile = pkgs.writeText "config" ''
-    autolisten=${toString cfg.autolisten}
+    autolisten=${if cfg.autolisten then "true" else "false"}
    network=bitcoin
    bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
  '';
--- a/modules/nixbitcoin.nix
+++ b/modules/nixbitcoin.nix
@ -116,10 +116,6 @@ in {
        type = "oneshot";
      };
    };
-    # This is required to have the deployment keys copied and chowned even if
-    # nanopos is not enabled
-    users.users.nanopos = {};
-    users.groups.nanopos = {};

    services.liquidd.enable = cfg.modules == "all";
    services.lightning-charge.enable = cfg.modules == "all";
--- a/network-vbox.nix
+++ b/network-vbox.nix
@ -1,31 +1,40 @@
 let
  secrets = import ./secrets/secrets.nix;
+  bitcoin-rpcpassword = {
+    text = secrets.bitcoinrpcpassword;
+    destDir = "/secrets/";
+    user = "bitcoin";
+    group = "bitcoinrpc";
+    permissions = "0440";
+  };
+  lightning-charge-api-token = {
+    text = "API_TOKEN=" + secrets.lightning-charge-api-token;
+    destDir = "/secrets/";
+    user = "clightning";
+    group = "clightning";
+    permissions = "0440";
+  };
+  # variable is called CHARGE_TOKEN instead of API_TOKEN
+  lightning-charge-api-token-for-nanopos = {
+    text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
+    destDir = "/secrets/";
+    user = "nanopos";
+    group = "nanopos";
+    permissions = "0440";
+  };
 in
 {
  bitcoin-node =
    { config, pkgs, ... }:
-    { deployment.targetEnv = "virtualbox";
+    {
+      deployment.targetEnv = "virtualbox";
      deployment.virtualbox.memorySize = 2048; # megabytes
      deployment.virtualbox.vcpu = 2; # number of cpus
      deployment.virtualbox.headless = true;

-      deployment.keys.bitcoin-rpcpassword.text = secrets.bitcoinrpcpassword;
-      deployment.keys.bitcoin-rpcpassword.destDir = "/secrets/";
-      deployment.keys.bitcoin-rpcpassword.user = "bitcoin";
-      deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc";
-      deployment.keys.bitcoin-rpcpassword.permissions = "0440";

-      deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token;
-      deployment.keys.lightning-charge-api-token.destDir = "/secrets/";
-      deployment.keys.lightning-charge-api-token.user = "clightning";
-      deployment.keys.lightning-charge-api-token.group = "clightning";
-      deployment.keys.lightning-charge-api-token.permissions = "0440";
-
-      # variable is called CHARGE_TOKEN instead of API_TOKEN
-      deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
-      deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
-      deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
-      deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
-      deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
+      deployment.keys = {
+        inherit bitcoin-rpcpassword lightning-charge-api-token;
+      } // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { });
    };
 }