From 6e58beae8a27908f9e3e6afbe0e620b5c964c791 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Wed, 27 Nov 2019 14:04:39 +0100 Subject: [PATCH] lnd: use postStart option for script - set -e is implicit - coreutils are in PATH and don't have to be explicitly referenced (echo is a shell builtin anyways) - exit 0 is unneeded ('if' statements never fail) --- modules/lnd.nix | 74 +++++++++++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 40 deletions(-) diff --git a/modules/lnd.nix b/modules/lnd.nix index 589d5ea..712d3d0 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -26,45 +26,6 @@ let ${cfg.extraConfig} ''; - init-lnd-wallet-script = pkgs.writeScript "init-lnd-wallet.sh" '' -#!/bin/sh - -set -e -umask 377 - -${pkgs.coreutils}/bin/sleep 5 - -if [ ! -f /secrets/lnd-seed-mnemonic ] -then - ${pkgs.coreutils}/bin/echo Creating lnd seed - - ${pkgs.curl}/bin/curl -s \ - --cacert /secrets/lnd_cert \ - -X GET https://127.0.0.1:8080/v1/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > /secrets/lnd-seed-mnemonic -fi - -if [ ! -f ${cfg.dataDir}/chain/bitcoin/mainnet/wallet.db ] -then - ${pkgs.coreutils}/bin/echo Creating lnd wallet - - ${pkgs.curl}/bin/curl -s \ - --cacert /secrets/lnd_cert \ - -X POST -d "{\"wallet_password\": \"$(${pkgs.coreutils}/bin/cat /secrets/lnd-wallet-password | ${pkgs.coreutils}/bin/tr -d '\n' | ${pkgs.coreutils}/bin/base64 -w0)\", \ - \"cipher_seed_mnemonic\": $(${pkgs.coreutils}/bin/cat /secrets/lnd-seed-mnemonic | ${pkgs.coreutils}/bin/tr -d '\n')}" \ - https://127.0.0.1:8080/v1/initwallet -else - ${pkgs.coreutils}/bin/echo Unlocking lnd wallet - - ${pkgs.curl}/bin/curl -s \ - -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 ${cfg.dataDir}/chain/bitcoin/mainnet/admin.macaroon)" \ - --cacert /secrets/lnd_cert \ - -X POST \ - -d "{\"wallet_password\": \"$(${pkgs.coreutils}/bin/cat /secrets/lnd-wallet-password | ${pkgs.coreutils}/bin/tr -d '\n' | ${pkgs.coreutils}/bin/base64 -w0)\"}" \ - https://127.0.0.1:8080/v1/unlockwallet -fi - -exit 0 -''; in { options.services.lnd = { @@ -126,7 +87,6 @@ in { serviceConfig = { PermissionsStartOnly = "true"; ExecStart = "${pkgs.nix-bitcoin.lnd}/bin/lnd --configfile=${cfg.dataDir}/lnd.conf"; - ExecStartPost = "${pkgs.bash}/bin/bash ${init-lnd-wallet-script}"; User = "lnd"; Restart = "on-failure"; RestartSec = "10s"; @@ -135,6 +95,40 @@ in { then nix-bitcoin-services.allowTor else nix-bitcoin-services.allowAnyIP ) // nix-bitcoin-services.allowAnyProtocol; # For ZMQ + postStart = '' + umask 377 + + sleep 5 + + if [ ! -f /secrets/lnd-seed-mnemonic ] + then + echo Creating lnd seed + + ${pkgs.curl}/bin/curl -s \ + --cacert /secrets/lnd_cert \ + -X GET https://127.0.0.1:8080/v1/genseed | ${pkgs.jq}/bin/jq -c '.cipher_seed_mnemonic' > /secrets/lnd-seed-mnemonic + fi + + if [ ! -f ${cfg.dataDir}/chain/bitcoin/mainnet/wallet.db ] + then + echo Creating lnd wallet + + ${pkgs.curl}/bin/curl -s \ + --cacert /secrets/lnd_cert \ + -X POST -d "{\"wallet_password\": \"$(cat /secrets/lnd-wallet-password | tr -d '\n' |base64 -w0)\", \ + \"cipher_seed_mnemonic\": $(cat /secrets/lnd-seed-mnemonic | tr -d '\n')}" \ + https://127.0.0.1:8080/v1/initwallet + else + echo Unlocking lnd wallet + + ${pkgs.curl}/bin/curl -s \ + -H "Grpc-Metadata-macaroon: $(${pkgs.xxd}/bin/xxd -ps -u -c 99999 ${cfg.dataDir}/chain/bitcoin/mainnet/admin.macaroon)" \ + --cacert /secrets/lnd_cert \ + -X POST \ + -d "{\"wallet_password\": \"$(cat /secrets/lnd-wallet-password | tr -d '\n' | base64 -w0)\"}" \ + https://127.0.0.1:8080/v1/unlockwallet + fi + ''; }; }; }