From 9ed888b9c260697741520adba084a0a2b0c25ab9 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Mon, 3 Dec 2018 22:16:01 +0000 Subject: [PATCH] Improve abstraction of deployment keys --- modules/clightning.nix | 2 +- modules/nixbitcoin.nix | 4 ---- network-vbox.nix | 45 +++++++++++++++++++++++++----------------- 3 files changed, 28 insertions(+), 23 deletions(-) diff --git a/modules/clightning.nix b/modules/clightning.nix index 59febba..17503d7 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -5,7 +5,7 @@ with lib; let cfg = config.services.clightning; configFile = pkgs.writeText "config" '' - autolisten=${toString cfg.autolisten} + autolisten=${if cfg.autolisten then "true" else "false"} network=bitcoin bitcoin-rpcuser=${cfg.bitcoin-rpcuser} ''; diff --git a/modules/nixbitcoin.nix b/modules/nixbitcoin.nix index 26255fd..4e90d02 100644 --- a/modules/nixbitcoin.nix +++ b/modules/nixbitcoin.nix @@ -116,10 +116,6 @@ in { type = "oneshot"; }; }; - # This is required to have the deployment keys copied and chowned even if - # nanopos is not enabled - users.users.nanopos = {}; - users.groups.nanopos = {}; services.liquidd.enable = cfg.modules == "all"; services.lightning-charge.enable = cfg.modules == "all"; diff --git a/network-vbox.nix b/network-vbox.nix index a914499..43aca5b 100644 --- a/network-vbox.nix +++ b/network-vbox.nix @@ -1,31 +1,40 @@ let secrets = import ./secrets/secrets.nix; + bitcoin-rpcpassword = { + text = secrets.bitcoinrpcpassword; + destDir = "/secrets/"; + user = "bitcoin"; + group = "bitcoinrpc"; + permissions = "0440"; + }; + lightning-charge-api-token = { + text = "API_TOKEN=" + secrets.lightning-charge-api-token; + destDir = "/secrets/"; + user = "clightning"; + group = "clightning"; + permissions = "0440"; + }; + # variable is called CHARGE_TOKEN instead of API_TOKEN + lightning-charge-api-token-for-nanopos = { + text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token; + destDir = "/secrets/"; + user = "nanopos"; + group = "nanopos"; + permissions = "0440"; + }; in { bitcoin-node = { config, pkgs, ... }: - { deployment.targetEnv = "virtualbox"; + { + deployment.targetEnv = "virtualbox"; deployment.virtualbox.memorySize = 2048; # megabytes deployment.virtualbox.vcpu = 2; # number of cpus deployment.virtualbox.headless = true; - deployment.keys.bitcoin-rpcpassword.text = secrets.bitcoinrpcpassword; - deployment.keys.bitcoin-rpcpassword.destDir = "/secrets/"; - deployment.keys.bitcoin-rpcpassword.user = "bitcoin"; - deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc"; - deployment.keys.bitcoin-rpcpassword.permissions = "0440"; - deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token; - deployment.keys.lightning-charge-api-token.destDir = "/secrets/"; - deployment.keys.lightning-charge-api-token.user = "clightning"; - deployment.keys.lightning-charge-api-token.group = "clightning"; - deployment.keys.lightning-charge-api-token.permissions = "0440"; - - # variable is called CHARGE_TOKEN instead of API_TOKEN - deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token; - deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/"; - deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos"; - deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos"; - deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440"; + deployment.keys = { + inherit bitcoin-rpcpassword lightning-charge-api-token; + } // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { }); }; }