Improve abstraction of deployment keys
This commit is contained in:
parent
c79aaf9695
commit
9ed888b9c2
@ -5,7 +5,7 @@ with lib;
|
|||||||
let
|
let
|
||||||
cfg = config.services.clightning;
|
cfg = config.services.clightning;
|
||||||
configFile = pkgs.writeText "config" ''
|
configFile = pkgs.writeText "config" ''
|
||||||
autolisten=${toString cfg.autolisten}
|
autolisten=${if cfg.autolisten then "true" else "false"}
|
||||||
network=bitcoin
|
network=bitcoin
|
||||||
bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
|
bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
|
||||||
'';
|
'';
|
||||||
|
@ -116,10 +116,6 @@ in {
|
|||||||
type = "oneshot";
|
type = "oneshot";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# This is required to have the deployment keys copied and chowned even if
|
|
||||||
# nanopos is not enabled
|
|
||||||
users.users.nanopos = {};
|
|
||||||
users.groups.nanopos = {};
|
|
||||||
|
|
||||||
services.liquidd.enable = cfg.modules == "all";
|
services.liquidd.enable = cfg.modules == "all";
|
||||||
services.lightning-charge.enable = cfg.modules == "all";
|
services.lightning-charge.enable = cfg.modules == "all";
|
||||||
|
@ -1,31 +1,40 @@
|
|||||||
let
|
let
|
||||||
secrets = import ./secrets/secrets.nix;
|
secrets = import ./secrets/secrets.nix;
|
||||||
|
bitcoin-rpcpassword = {
|
||||||
|
text = secrets.bitcoinrpcpassword;
|
||||||
|
destDir = "/secrets/";
|
||||||
|
user = "bitcoin";
|
||||||
|
group = "bitcoinrpc";
|
||||||
|
permissions = "0440";
|
||||||
|
};
|
||||||
|
lightning-charge-api-token = {
|
||||||
|
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
|
||||||
|
destDir = "/secrets/";
|
||||||
|
user = "clightning";
|
||||||
|
group = "clightning";
|
||||||
|
permissions = "0440";
|
||||||
|
};
|
||||||
|
# variable is called CHARGE_TOKEN instead of API_TOKEN
|
||||||
|
lightning-charge-api-token-for-nanopos = {
|
||||||
|
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
|
||||||
|
destDir = "/secrets/";
|
||||||
|
user = "nanopos";
|
||||||
|
group = "nanopos";
|
||||||
|
permissions = "0440";
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
bitcoin-node =
|
bitcoin-node =
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{ deployment.targetEnv = "virtualbox";
|
{
|
||||||
|
deployment.targetEnv = "virtualbox";
|
||||||
deployment.virtualbox.memorySize = 2048; # megabytes
|
deployment.virtualbox.memorySize = 2048; # megabytes
|
||||||
deployment.virtualbox.vcpu = 2; # number of cpus
|
deployment.virtualbox.vcpu = 2; # number of cpus
|
||||||
deployment.virtualbox.headless = true;
|
deployment.virtualbox.headless = true;
|
||||||
|
|
||||||
deployment.keys.bitcoin-rpcpassword.text = secrets.bitcoinrpcpassword;
|
|
||||||
deployment.keys.bitcoin-rpcpassword.destDir = "/secrets/";
|
|
||||||
deployment.keys.bitcoin-rpcpassword.user = "bitcoin";
|
|
||||||
deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc";
|
|
||||||
deployment.keys.bitcoin-rpcpassword.permissions = "0440";
|
|
||||||
|
|
||||||
deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token;
|
deployment.keys = {
|
||||||
deployment.keys.lightning-charge-api-token.destDir = "/secrets/";
|
inherit bitcoin-rpcpassword lightning-charge-api-token;
|
||||||
deployment.keys.lightning-charge-api-token.user = "clightning";
|
} // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { });
|
||||||
deployment.keys.lightning-charge-api-token.group = "clightning";
|
|
||||||
deployment.keys.lightning-charge-api-token.permissions = "0440";
|
|
||||||
|
|
||||||
# variable is called CHARGE_TOKEN instead of API_TOKEN
|
|
||||||
deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
|
|
||||||
deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
|
|
||||||
deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
|
|
||||||
deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
|
|
||||||
deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user