Merge fort-nix/nix-bitcoin#498: clightning/lnd: allow connections to remote bitcoind in systemd service

8cac828534 doc: remote-bitcoind: allowing external connections when tor.enforce is active (Otto Sabart)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 8cac828534

Tree-SHA512: b2a8739911f96c76515838820a2ffc2f773cb68e5216f4a3d135c79aada7fa0a1f02e3de67ef7fe5833614cdae58e92d2ea39ae1fcfda25e50eb9da3402ab31a

docs/configuration.md

@@ -214,6 +214,21 @@ services.bitcoind = {
 };
 ```
 
+If a `secure-node.nix` or `tor-enable.nix` preset is imported in your
+configuration or a `tor.enforce` option is explicitly enabled, you also need to
+allow remote connections for **every** service which needs to connect to the
+remote bitcoind:
+
+```
+systemd.services.<service>.serviceConfig = {
+  IPAddressAllow = [ ${services.bitcoind.rpc.address} ];
+};
+```
+
+> Please note that configuration above applies only if the remote bitcoind **is
+> not** accessed via Tor.
+
+
 Now save the password of the RPC user to the following files on your nix-bitcoin node:
 ```shell
 $secretsDir/bitcoin-rpcpassword-privileged