From d0b8d77de2018207d8b2e598990ba65db499c08d Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Fri, 21 Aug 2020 22:35:58 +0200
Subject: [PATCH] netns: remove conditionals for service settings

Going without the conditionals (like in secure-node.nix) adds
readability and doesn't reduce evaluation performance (in fact, it
even slightly improves performance due to implementation details
of mkIf).

To avoid errors, remove use of disabled services in secure-node.nix and
nix-bitcoin-webindex.nix.
---
 modules/netns-isolation.nix      | 18 +++++++++---------
 modules/nix-bitcoin-webindex.nix |  7 +++----
 modules/presets/secure-node.nix  |  4 +++-
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index 050e183..ddff07b 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -223,13 +223,13 @@ in {
     };
 
     # clightning: Custom netns configs
-    services.clightning = mkIf config.services.clightning.enable {
+    services.clightning = {
       bitcoin-rpcconnect = netns.bitcoind.address;
       bind-addr = netns.clightning.address;
     };
 
     # lnd: Custom netns configs
-    services.lnd = mkIf config.services.lnd.enable {
+    services.lnd = {
       listen = netns.lnd.address;
       rpclisten = [
         "${netns.lnd.address}"
@@ -249,7 +249,7 @@ in {
     };
 
     # liquidd: Custom netns configs
-    services.liquidd = mkIf config.services.liquidd.enable {
+    services.liquidd = {
       bind = netns.liquidd.address;
       rpcbind = [
         "${netns.liquidd.address}"
@@ -268,31 +268,31 @@ in {
     };
 
     # electrs: Custom netns configs
-    services.electrs = mkIf config.services.electrs.enable {
+    services.electrs = {
       address = netns.electrs.address;
       daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
     };
 
     # spark-wallet: Custom netns configs
-    services.spark-wallet = mkIf config.services.spark-wallet.enable {
+    services.spark-wallet = {
       host = netns.spark-wallet.address;
       extraArgs = "--no-tls";
     };
 
     # lightning-charge: Custom netns configs
-    services.lightning-charge.host = mkIf config.services.lightning-charge.enable netns.lightning-charge.address;
+    services.lightning-charge.host = netns.lightning-charge.address;
 
     # nanopos: Custom netns configs
-    services.nanopos = mkIf config.services.nanopos.enable {
+    services.nanopos = {
       charged-url = "http://${netns.lightning-charge.address}:9112";
       host = netns.nanopos.address;
     };
 
     # nginx: Custom netns configs
-    services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address;
+    services.nix-bitcoin-webindex.host = netns.nginx.address;
 
     # loop: Custom netns configs
-    services.lightning-loop = mkIf config.services.lightning-loop.enable {
+    services.lightning-loop = {
       cli = pkgs.writeScriptBin "loop"
       # Switch user because lnd makes datadir contents readable by user only
       ''
diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix
index b75ab2e..7375f6e 100644
--- a/modules/nix-bitcoin-webindex.nix
+++ b/modules/nix-bitcoin-webindex.nix
@@ -77,13 +77,12 @@ in {
     systemd.services.create-web-index = {
       description = "Get node info";
       wantedBy = [ "multi-user.target" ];
-      path  = with pkgs; [
+      path = with pkgs; [
         config.programs.nodeinfo
-        config.services.clightning.cli
-        config.services.lnd.cli
         jq
         sudo
-      ];
+      ] ++ optional config.services.lnd.enable config.services.lnd.cli
+        ++ optional config.services.clightning.enable config.services.clightning.cli;
       serviceConfig = nix-bitcoin-services.defaultHardening // {
         ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
         User = "root";
diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix
index 133f649..e666ca1 100644
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -194,7 +194,9 @@ in {
       port = 50001;
       enforceTor = true;
     };
-    services.tor.hiddenServices.electrs = mkHiddenService { port = cfg.electrs.port; toHost = cfg.electrs.address; };
+    services.tor.hiddenServices.electrs = mkIf cfg.electrs.enable (mkHiddenService {
+      port = cfg.electrs.port; toHost = cfg.electrs.address;
+    });
 
     services.spark-wallet = {
       onion-service = true;