spark-wallet: Run under spark-wallet user
This commit is contained in:
parent
205fca3576
commit
563b210835
@ -12,7 +12,7 @@ let
|
||||
${optionalString cfg.onion-service
|
||||
''
|
||||
echo Getting onion hostname
|
||||
CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/clightning/spark-wallet)"
|
||||
CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/spark-wallet/spark-wallet)"
|
||||
''
|
||||
}
|
||||
# Use rate provide wasabi because default (bitstamp) doesn't accept
|
||||
@ -48,6 +48,13 @@ in {
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.nix-bitcoin.spark-wallet ];
|
||||
users.users.spark-wallet = {
|
||||
description = "spark-wallet User";
|
||||
group = "spark-wallet";
|
||||
extraGroups = [ "clightning" ];
|
||||
};
|
||||
users.groups.spark-wallet = {};
|
||||
|
||||
services.tor.enable = cfg.onion-service;
|
||||
# requires client functionality for Bitcoin rate lookup
|
||||
services.tor.client.enable = true;
|
||||
@ -58,7 +65,7 @@ in {
|
||||
version = 3;
|
||||
};
|
||||
services.onion-chef.enable = cfg.onion-service;
|
||||
services.onion-chef.access.clightning = if cfg.onion-service then [ "spark-wallet" ] else [];
|
||||
services.onion-chef.access.spark-wallet = if cfg.onion-service then [ "spark-wallet" ] else [];
|
||||
systemd.services.spark-wallet = {
|
||||
description = "Run spark-wallet";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
@ -67,13 +74,13 @@ in {
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = "true";
|
||||
ExecStart = "${pkgs.bash}/bin/bash ${run-spark-wallet}";
|
||||
User = "clightning";
|
||||
User = "spark-wallet";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
} // nix-bitcoin-services.defaultHardening
|
||||
// nix-bitcoin-services.nodejs
|
||||
// nix-bitcoin-services.allowTor;
|
||||
};
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = "clightning";
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user