From 5915a348911734b383bba30471d78f2faa02fb5f Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 7 Dec 2021 15:28:11 +0100 Subject: [PATCH] configuration.md: fixes - Fix firewall.allowedTCPPorts settings - Section `Allow bitcoind RPC connections`: Set catch-all listen for `rpc.address` instead of `address`. - rpc.allowip: Set subnet zero to fix allowing all addresses --- docs/configuration.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index fa872d5..2f76578 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -89,21 +89,21 @@ services.bitcoind = { }; # Open the p2p port in the firewall -networking.firewall.allowedTCPPorts = [ config.services.nix-bitcoin.port ]; +networking.firewall.allowedTCPPorts = [ config.services.bitcoind.port ]; ``` ## Allow bitcoind RPC connections from LAN ```nix services.bitcoind = { - # Listen to connections on all interfaces - address = "0.0.0.0"; + # Listen to RPC connections on all interfaces + rpc.address = "0.0.0.0"; # Allow RPC connections from external addresses rpc.allowip = [ "10.10.0.0/24" # Allow a subnet "10.50.0.3" # Allow a specific address - "0.0.0.0" # Allow all addresses + "0.0.0.0/0" # Allow all addresses ]; # Set this if you're using the `secure-node.nix` template @@ -111,7 +111,7 @@ services.bitcoind = { }; # Open the RPC port in the firewall -networking.firewall.allowedTCPPorts = [ config.services.nix-bitcoin.rpc.port ]; +networking.firewall.allowedTCPPorts = [ config.services.bitcoind.rpc.port ]; ``` ## Allow connections to electrs @@ -221,7 +221,8 @@ Use the following approach: ``` systemd.services..wantedBy = mkForce []; ``` -This way, the systemd service still exists, but is not automatically started. +This way, the systemd service still exists, but is not automatically started.\ +Note: This only works for services that are not required by other active services. # Appendix