From ac2be00c7f1933e94c9ec888ca8f5da50dc38cde Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Fri, 23 Nov 2018 15:49:13 +0000 Subject: [PATCH] Add guest user with same ssh keys as root and fix nodeinfo not waiting for clightning to warm up --- configuration.nix | 7 +------ modules/clightning.nix | 3 +++ modules/nixbitcoin.nix | 21 ++++++++++++++++++++- pkgs/nodeinfo.sh | 12 +++++++++--- 4 files changed, 33 insertions(+), 10 deletions(-) diff --git a/configuration.nix b/configuration.nix index 9aad899..3256d27 100644 --- a/configuration.nix +++ b/configuration.nix @@ -24,6 +24,7 @@ in { environment.systemPackages = with pkgs; [ vim tmux clightning bitcoin nodeinfo + jq ]; nixpkgs.config.packageOverrides = pkgs: { inherit nodeinfo; @@ -69,12 +70,6 @@ in { # Open ports in the firewall. # Or disable the firewall altogether. - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.guest = { - # isNormalUser = true; - # uid = 1000; - # }; - # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you diff --git a/modules/clightning.nix b/modules/clightning.nix index e9a97e9..ad62bbb 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -52,6 +52,8 @@ in { { description = "Run clightningd"; path = [ pkgs.clightning pkgs.bitcoin ]; wantedBy = [ "multi-user.target" ]; + requires = [ "bitcoind.service" ]; + after = [ "bitcoind.service" ]; preStart = '' mkdir -p ${home}/.lightning ln -sf ${configFile} ${home}/.lightning/config @@ -61,6 +63,7 @@ in { ExecStart = "${pkgs.clightning}/bin/lightningd"; User = "clightning"; Restart = "on-failure"; + RestartSec = "10s"; PrivateTmp = "true"; ProtectSystem = "full"; NoNewPrivileges = "true"; diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix index 9601abd..5c4487e 100644 --- a/modules/nixbitcoin.nix +++ b/modules/nixbitcoin.nix @@ -51,12 +51,31 @@ in { systemd.services.nodeinfo = { description = "Get node info"; wantedBy = [ "multi-user.target" ]; + after = [ "clightning.service" "tor.service" ]; path = [ pkgs.clightning pkgs.jq pkgs.sudo ]; serviceConfig = { - ExecStart = "${pkgs.bash}/bin/bash -c ${pkgs.nodeinfo}/bin/nodeinfo"; + ExecStart="${pkgs.bash}/bin/bash ${pkgs.nodeinfo}/bin/nodeinfo"; + User = "root"; + Type = "simple"; + RemainAfterExit="yes"; + Restart = "on-failure"; + RestartSec = "10s"; + }; + }; + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.guest = { + isNormalUser = true; + }; + systemd.services.copy-root-authorized-keys = { + description = "Copy root authorized keys"; + wantedBy = [ "multi-user.target" ]; + path = [ ]; + serviceConfig = { + ExecStart = "${pkgs.bash}/bin/bash -c \"mkdir -p ${config.users.users.guest.home}/.ssh && cp ${config.users.users.root.home}/.vbox-nixops-client-key ${config.users.users.guest.home}/.ssh/authorized_keys && chown -R guest ${config.users.users.guest.home}/.ssh\""; user = "root"; type = "oneshot"; }; }; + }; } diff --git a/pkgs/nodeinfo.sh b/pkgs/nodeinfo.sh index 16a298c..f1f9756 100644 --- a/pkgs/nodeinfo.sh +++ b/pkgs/nodeinfo.sh @@ -1,9 +1,15 @@ -sleep 5 +set -e +set -o pipefail + OUTFILE=/var/lib/nodeinfo.nix + +BITCOIND_ONION=$(cat /var/lib/tor/onion/bitcoind/hostname) +CLIGHTNING_ID=$(sudo -u clightning lightning-cli getinfo | jq -r '.id') + rm -f $OUTFILE { echo \{ - echo " bitcoind_onion = \"$(cat /var/lib/tor/onion/bitcoind/hostname)\";" - echo " clightning_id = \"$(sudo -u clightning lightning-cli getinfo | jq -r '.id')\";" + echo " bitcoind_onion = \"$BITCOIND_ONION\";" + echo " clightning_id = \"$CLIGHTNING_ID\";" echo \} } > $OUTFILE