netns-liquidd: allow RPC access from main netns

2020-10-29 21:20:31 +01:00 · 2020-10-29 21:20:31 +01:00 · 6903e8afcc
parent 82f4901880
commit 6903e8afcc
3 changed files with 7 additions and 11 deletions
--- a/modules/liquid.nix
+++ b/modules/liquid.nix
@ -27,6 +27,7 @@ let
      (attrValues cfg.rpc.users)
    }
    ${lib.concatMapStrings (rpcbind: "rpcbind=${rpcbind}\n") cfg.rpcbind}
+    rpcconnect=${builtins.elemAt cfg.rpcbind 0}
    ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
    ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
    ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
@ -205,17 +206,16 @@ in {
      cli = mkOption {
        readOnly = true;
        default = pkgs.writeScriptBin "elements-cli" ''
-          ${cfg.cliExec} ${pkgs.nix-bitcoin.elementsd}/bin/elements-cli -datadir='${cfg.dataDir}' "$@"
+          ${pkgs.nix-bitcoin.elementsd}/bin/elements-cli -datadir='${cfg.dataDir}' "$@"
        '';
        description = "Binary to connect with the liquidd instance.";
      };
      swapCli = mkOption {
        default = pkgs.writeScriptBin "liquidswap-cli" ''
-          ${cfg.cliExec} ${pkgs.nix-bitcoin.liquid-swap}/bin/liquidswap-cli -c '${cfg.dataDir}/elements.conf' "$@"
+          ${pkgs.nix-bitcoin.liquid-swap}/bin/liquidswap-cli -c '${cfg.dataDir}/elements.conf' "$@"
        '';
        description = "Binary for managing liquid swaps.";
      };
-      inherit (nix-bitcoin-services) cliExec;
      enforceTor =  nix-bitcoin-services.enforceTor;
    };
  };
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@ -270,14 +270,11 @@ in {

    services.liquidd = {
      bind = netns.liquidd.address;
-      rpcbind = [
-        "${netns.liquidd.address}"
-        "127.0.0.1"
-      ];
+      rpcbind = [ netns.liquidd.address ];
      rpcallowip = [
-        "127.0.0.1"
-      ] ++ map (n: "${netns.${n}.address}") netns.liquidd.availableNetns;
-      cliExec = mkCliExec "liquidd";
+        bridgeIp # For operator user
+        netns.liquidd.address
+      ] ++ map (n: netns.${n}.address) netns.liquidd.availableNetns;
    };

    services.electrs.address = netns.electrs.address;
--- a/pkgs/netns-exec/src/main.c
+++ b/pkgs/netns-exec/src/main.c
@ -11,7 +11,6 @@

 static char *allowed_netns[] = {
    "nb-lightning-loop",
-    "nb-liquidd",
    "nb-joinmarket"
 };