nixbitcoin
0ba55757f8
clightning: allow group access to RPC socket
2020-05-19 11:13:12 +00:00
nixbitcoin
4c139a6d77
electrs: Make TLSProxy truly optional
...
If TLSProxy is disabled, bypass nginx by forwarding Tor HS traffic
directly to electrs.
2020-05-19 11:08:48 +00:00
nixbitcoin
742aef1e0f
Only set dataDirReadableByGroup if cfg.high-memory is enabled
2020-04-24 16:21:12 +02:00
Erik Arvstedt
4dc6c3ba5d
add option 'dataDirReadableByGroup'
...
These settings are now more accessible for users that don't use
nix-bitcoin's default node config.
Additionally, remove 'other' permissions via umask.
2020-04-16 15:55:34 +02:00
Erik Arvstedt
bceaa361ca
operator: allow reading systemd journal
2020-04-09 11:02:06 +02:00
Erik Arvstedt
145961c2de
fix operator authorized keys setup
...
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
...
These are generally useful and shouldn't be limited to secure-node.nix.
Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition
2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string
2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg'
2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
...
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
...
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals
2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
...
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
...
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf
2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions
2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
...
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility
2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix
2020-04-08 17:35:12 +02:00