|
|
|
@ -367,9 +367,10 @@ in {
|
|
|
|
|
proto.sam.enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
|
|
|
|
];
|
|
|
|
|
# Commented out to avoid trying to chown the nfs-mounted directory
|
|
|
|
|
# systemd.tmpfiles.rules = [
|
|
|
|
|
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
|
|
|
|
# ];
|
|
|
|
|
|
|
|
|
|
systemd.services.bitcoind = {
|
|
|
|
|
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
|
|
|
@ -412,9 +413,9 @@ in {
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
# Enable RPC access for group
|
|
|
|
|
postStart = ''
|
|
|
|
|
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
|
|
|
|
'';
|
|
|
|
|
# postStart = ''
|
|
|
|
|
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
|
|
|
|
# '';
|
|
|
|
|
|
|
|
|
|
serviceConfig = nbLib.defaultHardening // {
|
|
|
|
|
Type = "notify";
|
|
|
|
@ -426,7 +427,8 @@ in {
|
|
|
|
|
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
|
|
|
|
Restart = "on-failure";
|
|
|
|
|
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
|
|
|
|
ReadWritePaths = [ cfg.dataDir ];
|
|
|
|
|
#ReadWritePaths = [ cfg.dataDir ];
|
|
|
|
|
ReadWritePaths = [ "/dummy" ];
|
|
|
|
|
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
|
|
|
|
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
|
|
|
|
|
};
|
|
|
|
|