netns: remove conditionals for service settings

Going without the conditionals (like in secure-node.nix) adds
readability and doesn't reduce evaluation performance (in fact, it
even slightly improves performance due to implementation details
of mkIf).

To avoid errors, remove use of disabled services in secure-node.nix and
nix-bitcoin-webindex.nix.
This commit is contained in:
Erik Arvstedt 2020-08-21 22:35:58 +02:00
parent 0f0f6ddbb9
commit d0b8d77de2
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
3 changed files with 15 additions and 14 deletions

View File

@ -223,13 +223,13 @@ in {
}; };
# clightning: Custom netns configs # clightning: Custom netns configs
services.clightning = mkIf config.services.clightning.enable { services.clightning = {
bitcoin-rpcconnect = netns.bitcoind.address; bitcoin-rpcconnect = netns.bitcoind.address;
bind-addr = netns.clightning.address; bind-addr = netns.clightning.address;
}; };
# lnd: Custom netns configs # lnd: Custom netns configs
services.lnd = mkIf config.services.lnd.enable { services.lnd = {
listen = netns.lnd.address; listen = netns.lnd.address;
rpclisten = [ rpclisten = [
"${netns.lnd.address}" "${netns.lnd.address}"
@ -249,7 +249,7 @@ in {
}; };
# liquidd: Custom netns configs # liquidd: Custom netns configs
services.liquidd = mkIf config.services.liquidd.enable { services.liquidd = {
bind = netns.liquidd.address; bind = netns.liquidd.address;
rpcbind = [ rpcbind = [
"${netns.liquidd.address}" "${netns.liquidd.address}"
@ -268,31 +268,31 @@ in {
}; };
# electrs: Custom netns configs # electrs: Custom netns configs
services.electrs = mkIf config.services.electrs.enable { services.electrs = {
address = netns.electrs.address; address = netns.electrs.address;
daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}"; daemonrpc = "${netns.bitcoind.address}:${toString config.services.bitcoind.rpc.port}";
}; };
# spark-wallet: Custom netns configs # spark-wallet: Custom netns configs
services.spark-wallet = mkIf config.services.spark-wallet.enable { services.spark-wallet = {
host = netns.spark-wallet.address; host = netns.spark-wallet.address;
extraArgs = "--no-tls"; extraArgs = "--no-tls";
}; };
# lightning-charge: Custom netns configs # lightning-charge: Custom netns configs
services.lightning-charge.host = mkIf config.services.lightning-charge.enable netns.lightning-charge.address; services.lightning-charge.host = netns.lightning-charge.address;
# nanopos: Custom netns configs # nanopos: Custom netns configs
services.nanopos = mkIf config.services.nanopos.enable { services.nanopos = {
charged-url = "http://${netns.lightning-charge.address}:9112"; charged-url = "http://${netns.lightning-charge.address}:9112";
host = netns.nanopos.address; host = netns.nanopos.address;
}; };
# nginx: Custom netns configs # nginx: Custom netns configs
services.nix-bitcoin-webindex.host = mkIf config.services.nix-bitcoin-webindex.enable netns.nginx.address; services.nix-bitcoin-webindex.host = netns.nginx.address;
# loop: Custom netns configs # loop: Custom netns configs
services.lightning-loop = mkIf config.services.lightning-loop.enable { services.lightning-loop = {
cli = pkgs.writeScriptBin "loop" cli = pkgs.writeScriptBin "loop"
# Switch user because lnd makes datadir contents readable by user only # Switch user because lnd makes datadir contents readable by user only
'' ''

View File

@ -77,13 +77,12 @@ in {
systemd.services.create-web-index = { systemd.services.create-web-index = {
description = "Get node info"; description = "Get node info";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
path = with pkgs; [ path = with pkgs; [
config.programs.nodeinfo config.programs.nodeinfo
config.services.clightning.cli
config.services.lnd.cli
jq jq
sudo sudo
]; ] ++ optional config.services.lnd.enable config.services.lnd.cli
++ optional config.services.clightning.enable config.services.clightning.cli;
serviceConfig = nix-bitcoin-services.defaultHardening // { serviceConfig = nix-bitcoin-services.defaultHardening // {
ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}"; ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
User = "root"; User = "root";

View File

@ -194,7 +194,9 @@ in {
port = 50001; port = 50001;
enforceTor = true; enforceTor = true;
}; };
services.tor.hiddenServices.electrs = mkHiddenService { port = cfg.electrs.port; toHost = cfg.electrs.address; }; services.tor.hiddenServices.electrs = mkIf cfg.electrs.enable (mkHiddenService {
port = cfg.electrs.port; toHost = cfg.electrs.address;
});
services.spark-wallet = { services.spark-wallet = {
onion-service = true; onion-service = true;