From 423ebf862b2cf0731ee7602fe8a26697e06fbdb4 Mon Sep 17 00:00:00 2001 From: nixbitcoin Date: Tue, 5 May 2020 16:28:30 +0200 Subject: [PATCH] lnd: only enable bitcoind zmqpub if lnd.enable In conjuction with secure-node.nix, this sets sane RestrictAddressFamilies unless lnd is enabled. Before, we were constantly exposing unnecessary Address Families, not just when lnd is enabled. However, zmqpub* must always be enabled for lnd, even when used outside of secure-node.nix, so we make this change in the lnd module. --- modules/lnd.nix | 6 ++++++ modules/presets/secure-node.nix | 2 -- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/lnd.nix b/modules/lnd.nix index d5d41e3..03fbd93 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -78,6 +78,12 @@ in { config = mkIf cfg.enable { environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ]; + + services.bitcoind = { + zmqpubrawblock = "tcp://127.0.0.1:28332"; + zmqpubrawtx = "tcp://127.0.0.1:28333"; + }; + systemd.services.lnd = { description = "Run LND"; path = [ pkgs.nix-bitcoin.bitcoind ]; diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index d010c0f..7e1704f 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -60,8 +60,6 @@ in { proxy = cfg.tor.client.socksListenAddress; enforceTor = true; port = 8333; - zmqpubrawblock = "tcp://127.0.0.1:28332"; - zmqpubrawtx = "tcp://127.0.0.1:28333"; assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6"; addnodes = [ "ecoc5q34tmbq54wl.onion" ]; discover = false;