greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
91b6b2c370
nix-bitcoin/modules/nix-bitcoin-webindex.nix
nixbitcoin 91b6b2c370
All modules with preStart: Use systemd.tmpfiles.rules 
This is NixOS' recommended way to setup service dirs
https://github.com/NixOS/nixpkgs/pull/56265. This commit hands off the
initial data directory creation to systemd.tmpfiles.rules. All other
preStart scripts are left intact to limit this changes' scope.
2020-05-22 14:54:39 +00:00

103 lines
2.5 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.nix-bitcoin-webindex;
inherit (config) nix-bitcoin-services;
indexFile = pkgs.writeText "index.html" ''
<html>
<body>
<p>
<h1>
nix-bitcoin
</h1>
</p>
<p>
<h2>
<a href="store/">store</a>
</h2>
</p>
<p>
<h3>
lightning node: CLIGHTNING_ID
</h3>
</p>
</body>
</html>
'';
createWebIndex = pkgs.writeText "make-index.sh" ''
set -e
cp ${indexFile} /var/www/index.html
chown -R nginx:nginx /var/www/
nodeinfo
. <(nodeinfo)
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
'';
in {
options.services.nix-bitcoin-webindex = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
If enabled, the webindex service will be installed.
'';
};
enforceTor = nix-bitcoin-services.enforceTor;
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d /var/www 0755 nginx nginx - -"
];
services.nginx = {
enable = true;
virtualHosts."_" = {
root = "/var/www";
extraConfig = ''
location /store/ {
proxy_pass http://127.0.0.1:${toString config.services.nanopos.port};
rewrite /store/(.*) /$1 break;
}
'';
};
};
services.tor.hiddenServices.nginx = {
map = [{
port = 80;
} {
port = 443;
}];
version = 3;
};
# create-web-index
systemd.services.create-web-index = {
description = "Get node info";
wantedBy = [ "multi-user.target" ];
after = [ "nodeinfo.service" ];
path = with pkgs; [
config.programs.nodeinfo
config.services.clightning.cli
config.services.lnd.cli
jq
sudo
];
serviceConfig = nix-bitcoin-services.defaultHardening // {
ExecStart="${pkgs.bash}/bin/bash ${createWebIndex}";
User = "root";
Type = "simple";
RemainAfterExit="yes";
Restart = "on-failure";
RestartSec = "10s";
PrivateNetwork = "true"; # This service needs no network access
CapabilityBoundingSet = "CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER";
} // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP
);
};
};
}
Reference in New Issue View Git Blame Copy Permalink