Add rpc user and password as secrets

This commit is contained in:
Jonas Nick 2018-11-22 23:51:16 +00:00
parent 83eabcf952
commit 79aab1255a
7 changed files with 36 additions and 6 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
secrets/

View File

@ -24,7 +24,6 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim tmux clightning bitcoin vim tmux clightning bitcoin
nodeinfo nodeinfo
jq
]; ];
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
inherit nodeinfo; inherit nodeinfo;
@ -48,8 +47,6 @@ in {
#services.bitcoin.proxy = services.tor.client.socksListenAddress; #services.bitcoin.proxy = services.tor.client.socksListenAddress;
services.nixbitcoin.enable = true; services.nixbitcoin.enable = true;
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

16
generate_secrets.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
SECRETSFILE=secrets/secrets.nix
if [ -e "$SECRETSFILE" ]; then
echo $SECRETSFILE already exists
exit 1
fi
echo Installing apg through nix-env
nix-env -i apg
echo Creating bitcoin RPC password
echo \{ >> $SECRETSFILE
echo " bitcoinrpcpassword = \"$(apg -m 20 -x 20 -M Ncl -n 1)\";" >> $SECRETSFILE
echo \} >> $SECRETSFILE
echo Done

13
load-secrets.nix Normal file
View File

@ -0,0 +1,13 @@
if builtins.pathExists ./secrets/secrets.nix then import ./secrets/secrets.nix else {
prophet-openvpn-config = "";
prophet-guest-openvpn-config = "";
centrallake-openvpn-config = "";
bower-openvpn-config = "";
unifi_password_ro = "";
alertmanager_smtp_pw = "";
alertmanager_pushover_user = "";
alertmanager_pushover_token = "";
mpd_pw = "";
mpd_icecast_pw = "";
github_token = "";
}

View File

@ -14,7 +14,7 @@ let
discover=0 discover=0
${optionalString (cfg.port != null) "port=${toString cfg.port}"} ${optionalString (cfg.port != null) "port=${toString cfg.port}"}
${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"} ${optionalString (cfg.rpcuser != null) "rpcuser=${cfg.rpcuser}"}
${optionalString (cfg.rpcpassword != null) "rpcuser=${cfg.rpcpassword}"} ${optionalString (cfg.rpcpassword != null) "rpcpassword=${cfg.rpcpassword}"}
''; '';
in { in {
options.services.bitcoin = { options.services.bitcoin = {

View File

@ -4,6 +4,7 @@ with lib;
let let
cfg = config.services.nixbitcoin; cfg = config.services.nixbitcoin;
secrets = import ../load-secrets.nix;
in { in {
imports = imports =
[ [
@ -39,7 +40,7 @@ in {
services.bitcoin.proxy = config.services.tor.client.socksListenAddress; services.bitcoin.proxy = config.services.tor.client.socksListenAddress;
services.bitcoin.port = 8333; services.bitcoin.port = 8333;
services.bitcoin.rpcuser = "bitcoinrpc"; services.bitcoin.rpcuser = "bitcoinrpc";
services.bitcoin.rpcpassword = "bitcoinrpc"; services.bitcoin.rpcpassword = secrets.bitcoinrpcpassword;
# clightning # clightning
services.clightning.enable = true; services.clightning.enable = true;

View File

@ -1,4 +1,6 @@
{ let
secrets = import ./load-secrets.nix;
in {
network.description = "Bitcoin Core node"; network.description = "Bitcoin Core node";
bitcoin-node = import ./configuration.nix; bitcoin-node = import ./configuration.nix;