From e873326bfea093f8dcc54849ea691ecf4e21ce99 Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Tue, 16 Feb 2021 16:52:45 +0000
Subject: [PATCH] modules: use user & group options

I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
---
 modules/bitcoind.nix               | 8 ++++----
 modules/btcpayserver.nix           | 8 ++++----
 modules/electrs.nix                | 2 +-
 modules/lightning-loop.nix         | 8 ++++----
 modules/liquid.nix                 | 2 +-
 modules/lnd-rest-onion-service.nix | 2 +-
 modules/recurring-donations.nix    | 2 +-
 7 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index fe8e9d3..4340e7f 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -385,13 +385,13 @@ in {
     users.groups.bitcoinrpc = {};
     nix-bitcoin.operator.groups = [ cfg.group ];
 
-    nix-bitcoin.secrets.bitcoin-rpcpassword-privileged.user = "bitcoin";
+    nix-bitcoin.secrets.bitcoin-rpcpassword-privileged.user = cfg.user;
     nix-bitcoin.secrets.bitcoin-rpcpassword-public = {
-      user = "bitcoin";
+      user = cfg.user;
       group = "bitcoinrpc";
     };
 
-    nix-bitcoin.secrets.bitcoin-HMAC-privileged.user = "bitcoin";
-    nix-bitcoin.secrets.bitcoin-HMAC-public.user = "bitcoin";
+    nix-bitcoin.secrets.bitcoin-HMAC-privileged.user = cfg.user;
+    nix-bitcoin.secrets.bitcoin-HMAC-public.user = cfg.user;
   };
 }
diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix
index a65b8fa..a425777 100644
--- a/modules/btcpayserver.nix
+++ b/modules/btcpayserver.nix
@@ -218,7 +218,7 @@ in {
     users.groups.${cfg.nbxplorer.group} = {};
     users.users.${cfg.btcpayserver.user} = {
       group = cfg.btcpayserver.group;
-      extraGroups = [ "nbxplorer" ]
+      extraGroups = [ cfg.nbxplorer.group ]
                     ++ optional (cfg.btcpayserver.lightningBackend == "clightning") cfg.clightning.user;
       home = cfg.btcpayserver.dataDir;
     };
@@ -226,10 +226,10 @@ in {
 
     nix-bitcoin.secrets = {
       bitcoin-rpcpassword-btcpayserver = {
-        user = "bitcoin";
-        group = "nbxplorer";
+        user = cfg.bitcoind.user;
+        group = cfg.nbxplorer.group;
       };
-      bitcoin-HMAC-btcpayserver.user = "bitcoin";
+      bitcoin-HMAC-btcpayserver.user = cfg.bitcoind.user;
     };
   };
 }
diff --git a/modules/electrs.nix b/modules/electrs.nix
index f11dc76..7c7956a 100644
--- a/modules/electrs.nix
+++ b/modules/electrs.nix
@@ -110,7 +110,7 @@ in {
 
     users.users.${cfg.user} = {
       group = cfg.group;
-      extraGroups = [ "bitcoinrpc" ] ++ optionals cfg.high-memory [ "bitcoin" ];
+      extraGroups = [ "bitcoinrpc" ] ++ optionals cfg.high-memory [ bitcoind.user ];
     };
     users.groups.${cfg.group} = {};
   };
diff --git a/modules/lightning-loop.nix b/modules/lightning-loop.nix
index 3c84713..c0ddc9b 100644
--- a/modules/lightning-loop.nix
+++ b/modules/lightning-loop.nix
@@ -89,7 +89,7 @@ in {
     environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
 
     systemd.tmpfiles.rules = [
-      "d '${cfg.dataDir}' 0770 lnd lnd - -"
+      "d '${cfg.dataDir}' 0770 ${config.services.lnd.user} ${config.services.lnd.group} - -"
     ];
 
     systemd.services.lightning-loop = {
@@ -98,7 +98,7 @@ in {
       after = [ "lnd.service" ];
       serviceConfig = nbLib.defaultHardening // {
         ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
-        User = "lnd";
+        User = config.services.lnd.user;
         Restart = "on-failure";
         RestartSec = "10s";
         ReadWritePaths = cfg.dataDir;
@@ -108,8 +108,8 @@ in {
     };
 
      nix-bitcoin.secrets = {
-       loop-key.user = "lnd";
-       loop-cert.user = "lnd";
+       loop-key.user = config.services.lnd.user;
+       loop-cert.user = config.services.lnd.user;
      };
   };
 }
diff --git a/modules/liquid.nix b/modules/liquid.nix
index a5ee67e..de4931d 100644
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@@ -252,6 +252,6 @@ in {
     users.groups.${cfg.group} = {};
     nix-bitcoin.operator.groups = [ cfg.group ];
 
-    nix-bitcoin.secrets.liquid-rpcpassword.user = "liquid";
+    nix-bitcoin.secrets.liquid-rpcpassword.user = cfg.user;
   };
 }
diff --git a/modules/lnd-rest-onion-service.nix b/modules/lnd-rest-onion-service.nix
index 9af27c0..31415f3 100644
--- a/modules/lnd-rest-onion-service.nix
+++ b/modules/lnd-rest-onion-service.nix
@@ -11,7 +11,7 @@ let
   lnd = config.services.lnd;
 
   bin = pkgs.writeScriptBin "lndconnect-rest-onion" ''
-    #!/usr/bin/env -S ${runAsUser} lnd ${pkgs.bash}/bin/bash
+    #!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash
 
     exec ${cfg.package}/bin/lndconnect \
      --host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/lnd/lnd-rest) \
diff --git a/modules/recurring-donations.nix b/modules/recurring-donations.nix
index d4351d2..9386cc2 100644
--- a/modules/recurring-donations.nix
+++ b/modules/recurring-donations.nix
@@ -100,7 +100,7 @@ in {
 
     users.users.recurring-donations = {
       group = "recurring-donations";
-      extraGroups = [ "clightning" ];
+      extraGroups = [ config.services.clightning.group ];
     };
     users.groups.recurring-donations = {};
   };