configuration.md: fixes

- Fix firewall.allowedTCPPorts settings

- Section `Allow bitcoind RPC connections`:
  Set catch-all listen for `rpc.address` instead of `address`.

- rpc.allowip: Set subnet zero to fix allowing all addresses
This commit is contained in:
Erik Arvstedt 2021-12-07 15:28:11 +01:00
parent 1596b3a5d2
commit 5915a34891
No known key found for this signature in database
GPG Key ID: 33312B944DD97846

View File

@ -89,21 +89,21 @@ services.bitcoind = {
}; };
# Open the p2p port in the firewall # Open the p2p port in the firewall
networking.firewall.allowedTCPPorts = [ config.services.nix-bitcoin.port ]; networking.firewall.allowedTCPPorts = [ config.services.bitcoind.port ];
``` ```
## Allow bitcoind RPC connections from LAN ## Allow bitcoind RPC connections from LAN
```nix ```nix
services.bitcoind = { services.bitcoind = {
# Listen to connections on all interfaces # Listen to RPC connections on all interfaces
address = "0.0.0.0"; rpc.address = "0.0.0.0";
# Allow RPC connections from external addresses # Allow RPC connections from external addresses
rpc.allowip = [ rpc.allowip = [
"10.10.0.0/24" # Allow a subnet "10.10.0.0/24" # Allow a subnet
"10.50.0.3" # Allow a specific address "10.50.0.3" # Allow a specific address
"0.0.0.0" # Allow all addresses "0.0.0.0/0" # Allow all addresses
]; ];
# Set this if you're using the `secure-node.nix` template # Set this if you're using the `secure-node.nix` template
@ -111,7 +111,7 @@ services.bitcoind = {
}; };
# Open the RPC port in the firewall # Open the RPC port in the firewall
networking.firewall.allowedTCPPorts = [ config.services.nix-bitcoin.rpc.port ]; networking.firewall.allowedTCPPorts = [ config.services.bitcoind.rpc.port ];
``` ```
## Allow connections to electrs ## Allow connections to electrs
@ -221,7 +221,8 @@ Use the following approach:
``` ```
systemd.services.<service>.wantedBy = mkForce []; systemd.services.<service>.wantedBy = mkForce [];
``` ```
This way, the systemd service still exists, but is not automatically started. This way, the systemd service still exists, but is not automatically started.\
Note: This only works for services that are not required by other active services.
# Appendix # Appendix