Commit Graph

6 Commits

Author SHA1 Message Date
Erik Arvstedt
b701cb5603
secrets: add option 'generateSecrets'
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.

Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.

Also rename option setup-secrets -> setupSecrets.
2021-03-15 12:42:52 +00:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
ad23b508e3
{generate,setup}-secrets: remove process hardening
ProtectSystem=full disables writing to /etc which is the default
secrets location.

Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
2020-02-26 20:38:46 +01:00
Erik Arvstedt
89f9bedb9d
generate-secrets.nix: fix indentation 2020-02-26 20:38:46 +01:00
Erik Arvstedt
826245484e
make secrets dir location configurable
Users of the nix-bitcoin modules shouldn't be forced to add an extra
dir under root.
The secrets location is unchanged for the default node config.
2020-01-13 00:25:12 +01:00
Erik Arvstedt
b90bf6691b
add generate-secrets.service 2020-01-12 20:02:01 +01:00