lightning-loop: allow RPC access from main netns

Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.

modules/lightning-loop.nix

@@ -74,14 +74,13 @@ in {
     };
     cli = mkOption {
       default = pkgs.writeScriptBin "loop" ''
-        ${cfg.cliExec} ${cfg.package}/bin/loop \
+        ${cfg.package}/bin/loop \
         --rpcserver ${rpclisten} \
         --macaroonpath '${cfg.dataDir}/${network}/loop.macaroon' \
         --tlscertpath '${secretsDir}/loop-cert' "$@"
       '';
       description = "Binary to connect with the lightning-loop instance.";
     };
-    inherit (nix-bitcoin-services) cliExec;
     enforceTor = nix-bitcoin-services.enforceTor;
   };
 

modules/netns-isolation.nix

@@ -291,7 +291,7 @@ in {
       host = netns.nanopos.address;
     };
 
-    services.lightning-loop.cliExec = mkCliExec "lightning-loop";
+    services.lightning-loop.rpcAddress = netns.lightning-loop.address;
 
     services.nbxplorer.bind = netns.nbxplorer.address;
     services.btcpayserver.bind = netns.btcpayserver.address;

pkgs/netns-exec/src/main.c

@@ -10,7 +10,6 @@
 #include <sys/capability.h>
 
 static char *allowed_netns[] = {
-    "nb-lightning-loop",
     "nb-joinmarket"
 };