services: improve config file setup

- btcpayserver, nbxplorer: Add quotes to the dataDir arg. (dataDir can contain spaces.) - clightning, liquidd: use 'install'
2021-02-01 22:53:21 +01:00 · 2021-02-01 22:53:21 +01:00 · a43534dda0
parent 18f2002cf0
commit a43534dda0
3 changed files with 10 additions and 11 deletions
--- a/modules/btcpayserver.nix
+++ b/modules/btcpayserver.nix
@ -127,7 +127,7 @@ in {
      requires = [ "bitcoind.service" ];
      after = [ "bitcoind.service" ];
      preStart = ''
-        install -m 600 ${configFile} ${cfg.nbxplorer.dataDir}/settings.config
+        install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config'
        echo "btcrpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-btcpayserver)" \
          >> '${cfg.nbxplorer.dataDir}/settings.config'
      '';
@ -171,13 +171,13 @@ in {
                 ++ optional (cfg.btcpayserver.lightningBackend != null) "${cfg.btcpayserver.lightningBackend}.service";
      after = self.requires;
      preStart = ''
-        install -m 600 ${configFile} ${cfg.btcpayserver.dataDir}/settings.config
+        install -m 600 ${configFile} '${cfg.btcpayserver.dataDir}/settings.config'
        ${optionalString (cfg.btcpayserver.lightningBackend == "lnd") ''
          {
            echo -n "${lndConfig}";
            ${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.nix-bitcoin.secretsDir}/lnd-cert \
              | sed -e 's/.*=//;s/://g';
-          } >> ${cfg.btcpayserver.dataDir}/settings.config
+          } >> '${cfg.btcpayserver.dataDir}/settings.config'
        ''}
      '';
      serviceConfig = nbLib.defaultHardening // {
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@ -117,19 +117,17 @@ in {
      requires = [ "bitcoind.service" ];
      after = [ "bitcoind.service" ];
      preStart = ''
-        cp ${configFile} ${cfg.dataDir}/config
        chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
        # The RPC socket has to be removed otherwise we might have stale sockets
        rm -f ${cfg.networkDir}/lightning-rpc
-        chmod 640 ${cfg.dataDir}/config
+        install -m 640 ${configFile} '${cfg.dataDir}/config'
        {
          echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)"
          ${optionalString (cfg.getPublicAddressCmd != "") ''
            echo "announce-addr=$(${cfg.getPublicAddressCmd})"
          ''}
        } >> '${cfg.dataDir}/config'
-
-        '';
+      '';
      serviceConfig = nbLib.defaultHardening // {
        ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
        User = cfg.user;
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@ -224,11 +224,12 @@ in {
      after = [ "bitcoind.service" ];
      wantedBy = [ "multi-user.target" ];
      preStart = ''
-        cp '${configFile}' '${cfg.dataDir}/elements.conf'
-        chmod 640  '${cfg.dataDir}/elements.conf'
        chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
-        echo "rpcpassword=$(cat ${secretsDir}/liquid-rpcpassword)" >> '${cfg.dataDir}/elements.conf'
-        echo "mainchainrpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" >> '${cfg.dataDir}/elements.conf'
+        install -m 640 ${configFile} '${cfg.dataDir}/elements.conf'
+        {
+          echo "rpcpassword=$(cat ${secretsDir}/liquid-rpcpassword)"
+          echo "mainchainrpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-public)"
+        } >> '${cfg.dataDir}/elements.conf'
      '';
      serviceConfig = nbLib.defaultHardening // {
        Type = "simple";