From 668d66085a3da797f636ca9eee8bb8abb164cc9d Mon Sep 17 00:00:00 2001
From: Jonas Nick <jonasd.nick@gmail.com>
Date: Thu, 22 Nov 2018 18:49:53 +0000
Subject: [PATCH] signed commit

---
 modules/bitcoind.nix   | 67 ++++++++++++++++++++-------------------
 modules/clightning.nix | 72 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+), 32 deletions(-)
 create mode 100644 modules/clightning.nix

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index 459e101..3c46f52 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -6,16 +6,16 @@ let
   cfg = config.services.bitcoin;
   home = "/var/lib/bitcoin";
   configFile = pkgs.writeText "bitcoin.conf" ''
-      listen=${if cfg.listen then "1" else "0"}
-      prune=1001
-      assumevalid=0000000000000000000726d186d6298b5054b9a5c49639752294b322a305d240
-      ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
-      addnode=ecoc5q34tmbq54wl.onion
-      discover=0
-      ${optionalString (cfg.port != null) "port=${toString cfg.port}"}
-      rpcuser=foo
-      rpcpassword=bar
-      '';
+    listen=${if cfg.listen then "1" else "0"}
+    prune=1001
+    assumevalid=0000000000000000000726d186d6298b5054b9a5c49639752294b322a305d240
+    ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
+    addnode=ecoc5q34tmbq54wl.onion
+    discover=0
+    ${optionalString (cfg.port != null) "port=${toString cfg.port}"}
+    rpcuser=foo
+    rpcpassword=bar
+    '';
 in {
   options.services.bitcoin = {
     enable = mkOption {
@@ -44,29 +44,32 @@ in {
         default = null;
         description = "Override the default port on which to listen for connections.";
     };
-
   };
-
   config = mkIf cfg.enable {
-      users.users.bitcoin =
-        {
-          description = "Bitcoind User";
-          createHome  = true;
-          inherit home;
-      };
-      systemd.services.bitcoind =
-        { description = "Run bitcoind";
-          path  = [ pkgs.bitcoin ];
-          wantedBy = [ "multi-user.target" ];
-          preStart = ''
-            mkdir -p ${home}/.bitcoin
-            ln -sf ${configFile} ${home}/.bitcoin/bitcoin.conf
-            '';
-          serviceConfig =
-            {
-              ExecStart = "${pkgs.bitcoin}/bin/bitcoind";
-              User = "bitcoin";
-            };
-        };
+    users.users.bitcoin = {
+        description = "Bitcoind User";
+        createHome  = true;
+        inherit home;
     };
+    systemd.services.bitcoind = {
+      description = "Run bitcoind";
+      path  = [ pkgs.bitcoin ];
+      wantedBy = [ "multi-user.target" ];
+      preStart = ''
+        mkdir -p ${home}/.bitcoin
+        ln -sf ${configFile} ${home}/.bitcoin/bitcoin.conf
+        '';
+      serviceConfig = {
+        ExecStart = "${pkgs.bitcoin}/bin/bitcoind";
+        User = "bitcoin";
+        Restart = "on-failure";
+
+        PrivateTmp = "true";
+        ProtectSystem = "full";
+        NoNewPrivileges = "true";
+        PrivateDevices = "true";
+        MemoryDenyWriteExecute = "true";
+      };
+    };
+  };
 }
diff --git a/modules/clightning.nix b/modules/clightning.nix
new file mode 100644
index 0000000..e9a97e9
--- /dev/null
+++ b/modules/clightning.nix
@@ -0,0 +1,72 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.clightning;
+  home = "/var/lib/clightning";
+  configFile = pkgs.writeText "config" ''
+    autolisten=false
+    network=bitcoin
+    bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
+    bitcoin-rpcpassword=${cfg.bitcoin-rpcpassword}
+  '';
+in {
+  options.services.clightning = {
+    enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If enabled, the clightning service will be installed.
+      '';
+    };
+    autolisten = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If enabled, the clightning service will listen.
+      '';
+    };
+    bitcoin-rpcuser = mkOption {
+      type = types.string;
+      description = ''
+        Bitcoin RPC user
+      '';
+    };
+    bitcoin-rpcpassword = mkOption {
+      type = types.string;
+      description = ''
+        Bitcoin RPC password
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+      users.users.clightning =
+        {
+          description = "clightning User";
+          createHome  = true;
+          inherit home;
+      };
+      systemd.services.clightning =
+        { description = "Run clightningd";
+          path  = [ pkgs.clightning pkgs.bitcoin ];
+          wantedBy = [ "multi-user.target" ];
+          preStart = ''
+            mkdir -p ${home}/.lightning
+            ln -sf ${configFile} ${home}/.lightning/config
+            '';
+          serviceConfig =
+            {
+              ExecStart = "${pkgs.clightning}/bin/lightningd";
+              User = "clightning";
+              Restart = "on-failure";
+              PrivateTmp = "true";
+              ProtectSystem = "full";
+              NoNewPrivileges = "true";
+              PrivateDevices = "true";
+              MemoryDenyWriteExecute = "true";
+            };
+        };
+    };
+}