Allow operator to access liquid-cli

This commit is contained in:
Jonas Nick 2018-12-03 22:33:21 +00:00
parent 9ed888b9c2
commit 1927fda514
4 changed files with 14 additions and 2 deletions

View File

@ -14,6 +14,7 @@ echo Write secrets to $SECRETSFILE
echo \{ echo \{
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" echo " lightning-charge-api-token = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo " liquidrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";"
echo \} echo \}
} >> $SECRETSFILE } >> $SECRETSFILE
echo Done echo Done

View File

@ -185,6 +185,7 @@ in {
cp '${configFile}' '${cfg.dataDir}/liquid.conf' cp '${configFile}' '${cfg.dataDir}/liquid.conf'
chmod o-rw '${cfg.dataDir}/liquid.conf' chmod o-rw '${cfg.dataDir}/liquid.conf'
chown '${cfg.user}:${cfg.group}' '${cfg.dataDir}/liquid.conf' chown '${cfg.user}:${cfg.group}' '${cfg.dataDir}/liquid.conf'
echo "rpcpassword=$(cat /secrets/liquid-rpcpassword)" >> '${cfg.dataDir}/liquid.conf'
''; '';
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";

View File

@ -118,6 +118,8 @@ in {
}; };
services.liquidd.enable = cfg.modules == "all"; services.liquidd.enable = cfg.modules == "all";
services.liquidd.rpcuser = "liquidrpc";
services.lightning-charge.enable = cfg.modules == "all"; services.lightning-charge.enable = cfg.modules == "all";
services.nanopos.enable = cfg.modules == "all"; services.nanopos.enable = cfg.modules == "all";
services.nixbitcoin-webindex.enable = cfg.modules == "all"; services.nixbitcoin-webindex.enable = cfg.modules == "all";

View File

@ -22,6 +22,13 @@ let
group = "nanopos"; group = "nanopos";
permissions = "0440"; permissions = "0440";
}; };
liquid-rpcpassword = {
text = secrets.liquidrpcpassword;
destDir = "/secrets/";
user = "liquid";
group = "liquid";
permissions = "0440";
};
in in
{ {
bitcoin-node = bitcoin-node =
@ -32,9 +39,10 @@ in
deployment.virtualbox.vcpu = 2; # number of cpus deployment.virtualbox.vcpu = 2; # number of cpus
deployment.virtualbox.headless = true; deployment.virtualbox.headless = true;
deployment.keys = { deployment.keys = {
inherit bitcoin-rpcpassword lightning-charge-api-token; inherit bitcoin-rpcpassword lightning-charge-api-token;
} // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { }); }
// (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { })
// (if (config.services.liquidd.enable) then { inherit liquid-rpcpassword; } else { });
}; };
} }