From 423ebf862b2cf0731ee7602fe8a26697e06fbdb4 Mon Sep 17 00:00:00 2001
From: nixbitcoin <nixbitcoin@i2pmail.org>
Date: Tue, 5 May 2020 16:28:30 +0200
Subject: [PATCH] lnd: only enable bitcoind zmqpub if lnd.enable

In conjuction with secure-node.nix, this sets sane
RestrictAddressFamilies unless lnd is enabled. Before, we were
constantly exposing unnecessary Address Families, not just when lnd is
enabled.

However, zmqpub* must always be enabled for lnd, even when used
outside of secure-node.nix, so we make this change in the lnd module.
---
 modules/lnd.nix                 | 6 ++++++
 modules/presets/secure-node.nix | 2 --
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/modules/lnd.nix b/modules/lnd.nix
index d5d41e3..03fbd93 100644
--- a/modules/lnd.nix
+++ b/modules/lnd.nix
@@ -78,6 +78,12 @@ in {
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
+
+    services.bitcoind = {
+      zmqpubrawblock = "tcp://127.0.0.1:28332";
+      zmqpubrawtx = "tcp://127.0.0.1:28333";
+    };
+
     systemd.services.lnd = {
       description = "Run LND";
       path  = [ pkgs.nix-bitcoin.bitcoind ];
diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix
index d010c0f..7e1704f 100644
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -60,8 +60,6 @@ in {
       proxy = cfg.tor.client.socksListenAddress;
       enforceTor = true;
       port = 8333;
-      zmqpubrawblock = "tcp://127.0.0.1:28332";
-      zmqpubrawtx = "tcp://127.0.0.1:28333";
       assumevalid = "00000000000000000000e5abc3a74fe27dc0ead9c70ea1deb456f11c15fd7bc6";
       addnodes = [ "ecoc5q34tmbq54wl.onion" ];
       discover = false;