services: add names for systemd helper scripts
The systemd journal now shows a specific script name instead of the generic name "script" before script output.
This commit is contained in:
Erik Arvstedt
parent
6982699613
commit
6a32812412
|
|
@ -168,30 +168,31 @@ in {
|
||||||
after = [ "bitcoind.service" ];
|
after = [ "bitcoind.service" ];
|
||||||
path = [ pkgs.sudo ];
|
path = [ pkgs.sudo ];
|
||||||
serviceConfig = nbLib.defaultHardening // {
|
serviceConfig = nbLib.defaultHardening // {
|
||||||
ExecStartPre = nbLib.privileged ''
|
ExecStartPre = nbLib.privileged "joinmarket-create-config" ''
|
||||||
install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
|
install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
|
||||||
sed -i \
|
sed -i \
|
||||||
"s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
|
"s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
|
||||||
'${cfg.dataDir}/joinmarket.cfg'
|
'${cfg.dataDir}/joinmarket.cfg'
|
||||||
'';
|
'';
|
||||||
# Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
|
# Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
|
||||||
ExecStartPost = mkIf (bitcoind.network == "mainnet") (nbLib.privileged ''
|
ExecStartPost = mkIf (bitcoind.network == "mainnet")
|
||||||
walletname=wallet.jmdat
|
(nbLib.privileged "joinmarket-create-wallet" ''
|
||||||
wallet=${cfg.dataDir}/wallets/$walletname
|
walletname=wallet.jmdat
|
||||||
if [[ ! -f $wallet ]]; then
|
wallet=${cfg.dataDir}/wallets/$walletname
|
||||||
echo "Create wallet"
|
if [[ ! -f $wallet ]]; then
|
||||||
pw=$(cat "${secretsDir}"/jm-wallet-password)
|
echo "Create wallet"
|
||||||
cd ${cfg.dataDir}
|
pw=$(cat "${secretsDir}"/jm-wallet-password)
|
||||||
if ! sudo -u ${cfg.user} ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
|
cd ${cfg.dataDir}
|
||||||
| grep 'recovery_seed' \
|
if ! sudo -u ${cfg.user} ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
|
||||||
| cut -d ':' -f2 \
|
| grep 'recovery_seed' \
|
||||||
| (umask u=r,go=; cat > "${secretsDir}/jm-wallet-seed"); then
|
| cut -d ':' -f2 \
|
||||||
echo "wallet creation failed"
|
| (umask u=r,go=; cat > "${secretsDir}/jm-wallet-seed"); then
|
||||||
rm -f "$wallet" "${secretsDir}/jm-wallet-seed"
|
echo "wallet creation failed"
|
||||||
exit 1
|
rm -f "$wallet" "${secretsDir}/jm-wallet-seed"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
'');
|
||||||
'');
|
|
||||||
ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";
|
ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";
|
||||||
WorkingDirectory = cfg.dataDir; # The service creates 'commitmentlist' in the working dir
|
WorkingDirectory = cfg.dataDir; # The service creates 'commitmentlist' in the working dir
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
|
|
|
||||||
|
|
@ -190,7 +190,7 @@ in {
|
||||||
restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
|
restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
|
||||||
in [
|
in [
|
||||||
# Run fully privileged for secrets dir write access
|
# Run fully privileged for secrets dir write access
|
||||||
"+${nbLib.script ''
|
(nbLib.privileged "lnd-create-mnemonic" ''
|
||||||
attempts=250
|
attempts=250
|
||||||
while ! { exec 3>/dev/tcp/${cfg.restAddress}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do
|
while ! { exec 3>/dev/tcp/${cfg.restAddress}/${toString cfg.restPort} && exec 3>&-; } &>/dev/null; do
|
||||||
((attempts-- == 0)) && { echo "lnd REST service unreachable"; exit 1; }
|
((attempts-- == 0)) && { echo "lnd REST service unreachable"; exit 1; }
|
||||||
|
|
@ -206,8 +206,8 @@ in {
|
||||||
-X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
|
-X GET ${restUrl}/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > "$mnemonic"
|
||||||
fi
|
fi
|
||||||
chown lnd: "$mnemonic"
|
chown lnd: "$mnemonic"
|
||||||
''}"
|
'')
|
||||||
"${nbLib.script ''
|
(nbLib.script "lnd-create-wallet" ''
|
||||||
if [[ ! -f ${networkDir}/wallet.db ]]; then
|
if [[ ! -f ${networkDir}/wallet.db ]]; then
|
||||||
echo Create lnd wallet
|
echo Create lnd wallet
|
||||||
|
|
||||||
|
|
@ -240,7 +240,7 @@ in {
|
||||||
|
|
||||||
'')
|
'')
|
||||||
# Run fully privileged for chown
|
# Run fully privileged for chown
|
||||||
"+${nbLib.script ''
|
(nbLib.privileged "lnd-create-macaroons" ''
|
||||||
umask ug=r,o=
|
umask ug=r,o=
|
||||||
${lib.concatMapStrings (macaroon: ''
|
${lib.concatMapStrings (macaroon: ''
|
||||||
echo "Create custom macaroon ${macaroon}"
|
echo "Create custom macaroon ${macaroon}"
|
||||||
|
|
@ -254,7 +254,7 @@ in {
|
||||||
${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath"
|
${pkgs.jq}/bin/jq -c '.macaroon' | ${pkgs.xxd}/bin/xxd -p -r > "$macaroonPath"
|
||||||
chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath"
|
chown ${cfg.macaroons.${macaroon}.user}: "$macaroonPath"
|
||||||
'') (attrNames cfg.macaroons)}
|
'') (attrNames cfg.macaroons)}
|
||||||
''}"
|
'')
|
||||||
];
|
];
|
||||||
} // (if cfg.enforceTor
|
} // (if cfg.enforceTor
|
||||||
then nbLib.allowTor
|
then nbLib.allowTor
|
||||||
|
|
|
||||||
|
|
@ -52,13 +52,13 @@ let self = {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
script = src: pkgs.writers.writeBash "script" ''
|
script = name: src: pkgs.writers.writeBash name ''
|
||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
${src}
|
${src}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Used for ExecStart*
|
# Used for ExecStart*
|
||||||
privileged = src: "+${self.script src}";
|
privileged = name: src: "+${self.script name src}";
|
||||||
|
|
||||||
cliExec = mkOption {
|
cliExec = mkOption {
|
||||||
# Used by netns-isolation to execute the cli in the service's private netns
|
# Used by netns-isolation to execute the cli in the service's private netns
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue