Merge fort-nix/nix-bitcoin#498: clightning/lnd: allow connections to remote bitcoind in systemd service

8cac828534 doc: remote-bitcoind: allowing external connections when tor.enforce is active (Otto Sabart)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 8cac828534

Tree-SHA512: b2a8739911f96c76515838820a2ffc2f773cb68e5216f4a3d135c79aada7fa0a1f02e3de67ef7fe5833614cdae58e92d2ea39ae1fcfda25e50eb9da3402ab31a
This commit is contained in:
Jonas Nick 2022-07-17 19:42:02 +00:00
commit 0c4a7177e0
No known key found for this signature in database
GPG Key ID: 4861DBF262123605

View File

@ -214,6 +214,21 @@ services.bitcoind = {
};
```
If a `secure-node.nix` or `tor-enable.nix` preset is imported in your
configuration or a `tor.enforce` option is explicitly enabled, you also need to
allow remote connections for **every** service which needs to connect to the
remote bitcoind:
```
systemd.services.<service>.serviceConfig = {
IPAddressAllow = [ ${services.bitcoind.rpc.address} ];
};
```
> Please note that configuration above applies only if the remote bitcoind **is
> not** accessed via Tor.
Now save the password of the RPC user to the following files on your nix-bitcoin node:
```shell
$secretsDir/bitcoin-rpcpassword-privileged