From d0b8d77de2018207d8b2e598990ba65db499c08d Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 21 Aug 2020 22:35:58 +0200 Subject: [PATCH] netns: remove conditionals for service settings Going without the conditionals (like in secure-node.nix) adds readability and doesn't reduce evaluation performance (in fact, it even slightly improves performance due to implementation details of mkIf). To avoid errors, remove use of disabled services in secure-node.nix and nix-bitcoin-webindex.nix. --- modules/netns-isolation.nix | 18 +++++++++--------- modules/nix-bitcoin-webindex.nix | 7 +++---- modules/presets/secure-node.nix | 4 +++- 3 files changed, 15 insertions(+), 14 deletions(-) diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix index 050e183..ddff07b 100644 --- a/modules/netns-isolation.nix +++ b/modules/netns-isolation.nix @@ -223,13 +223,13 @@ in { }; # clightning: Custom netns configs - services.clightning = mkIf config.services.clightning.enable { + services.clightning = { bitcoin-rpcconnect = netns.bitcoind.address; bind-addr = netns.clightning.address; }; # lnd: Custom netns configs - services.lnd = mkIf config.services.lnd.enable { + services.lnd = { listen = netns.lnd.address; rpclisten = [ "${netns.lnd.address}" @@ -249,7 +249,7 @@ in { }; # liquidd: Custom netns configs - services.liquidd = mkIf config.services.liquidd.enable { + services.liquidd = { bind = netns.liquidd.address; rpcbind = [ "${netns.liquidd.address}" @@ -268,31 +268,31 @@ in { }; # electrs: Custom netns configs - services.electrs = mkIf config.services.electrs.enable { + services.electrs = { address = netns.electrs.address; daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}"; }; # spark-wallet: Custom netns configs - services.spark-wallet = mkIf config.services.spark-wallet.enable { + services.spark-wallet = { host = netns.spark-wallet.address; extraArgs = "--no-tls"; }; # lightning-charge: Custom netns configs - services.lightning-charge.host = mkIf config.services.lightning-charge.enable netns.lightning-charge.address; + services.lightning-charge.host = netns.lightning-charge.address; # nanopos: Custom netns configs - services.nanopos = mkIf config.services.nanopos.enable { + services.nanopos = { charged-url = "http://${netns.lightning-charge.address}:9112"; host = netns.nanopos.address; }; # nginx: Custom netns configs - services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address; + services.nix-bitcoin-webindex.host = netns.nginx.address; # loop: Custom netns configs - services.lightning-loop = mkIf config.services.lightning-loop.enable { + services.lightning-loop = { cli = pkgs.writeScriptBin "loop" # Switch user because lnd makes datadir contents readable by user only '' diff --git a/modules/nix-bitcoin-webindex.nix b/modules/nix-bitcoin-webindex.nix index b75ab2e..7375f6e 100644 --- a/modules/nix-bitcoin-webindex.nix +++ b/modules/nix-bitcoin-webindex.nix @@ -77,13 +77,12 @@ in { systemd.services.create-web-index = { description = "Get node info"; wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ + path = with pkgs; [ config.programs.nodeinfo - config.services.clightning.cli - config.services.lnd.cli jq sudo - ]; + ] ++ optional config.services.lnd.enable config.services.lnd.cli + ++ optional config.services.clightning.enable config.services.clightning.cli; serviceConfig = nix-bitcoin-services.defaultHardening // { ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}"; User = "root"; diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index 133f649..e666ca1 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -194,7 +194,9 @@ in { port = 50001; enforceTor = true; }; - services.tor.hiddenServices.electrs = mkHiddenService { port = cfg.electrs.port; toHost = cfg.electrs.address; }; + services.tor.hiddenServices.electrs = mkIf cfg.electrs.enable (mkHiddenService { + port = cfg.electrs.port; toHost = cfg.electrs.address; + }); services.spark-wallet = { onion-service = true;