Improve abstraction of deployment keys

This commit is contained in:
Jonas Nick 2018-12-03 22:16:01 +00:00
parent c79aaf9695
commit 9ed888b9c2
3 changed files with 28 additions and 23 deletions

View File

@ -5,7 +5,7 @@ with lib;
let let
cfg = config.services.clightning; cfg = config.services.clightning;
configFile = pkgs.writeText "config" '' configFile = pkgs.writeText "config" ''
autolisten=${toString cfg.autolisten} autolisten=${if cfg.autolisten then "true" else "false"}
network=bitcoin network=bitcoin
bitcoin-rpcuser=${cfg.bitcoin-rpcuser} bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
''; '';

View File

@ -116,10 +116,6 @@ in {
type = "oneshot"; type = "oneshot";
}; };
}; };
# This is required to have the deployment keys copied and chowned even if
# nanopos is not enabled
users.users.nanopos = {};
users.groups.nanopos = {};
services.liquidd.enable = cfg.modules == "all"; services.liquidd.enable = cfg.modules == "all";
services.lightning-charge.enable = cfg.modules == "all"; services.lightning-charge.enable = cfg.modules == "all";

View File

@ -1,31 +1,40 @@
let let
secrets = import ./secrets/secrets.nix; secrets = import ./secrets/secrets.nix;
bitcoin-rpcpassword = {
text = secrets.bitcoinrpcpassword;
destDir = "/secrets/";
user = "bitcoin";
group = "bitcoinrpc";
permissions = "0440";
};
lightning-charge-api-token = {
text = "API_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "clightning";
group = "clightning";
permissions = "0440";
};
# variable is called CHARGE_TOKEN instead of API_TOKEN
lightning-charge-api-token-for-nanopos = {
text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
destDir = "/secrets/";
user = "nanopos";
group = "nanopos";
permissions = "0440";
};
in in
{ {
bitcoin-node = bitcoin-node =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ deployment.targetEnv = "virtualbox"; {
deployment.targetEnv = "virtualbox";
deployment.virtualbox.memorySize = 2048; # megabytes deployment.virtualbox.memorySize = 2048; # megabytes
deployment.virtualbox.vcpu = 2; # number of cpus deployment.virtualbox.vcpu = 2; # number of cpus
deployment.virtualbox.headless = true; deployment.virtualbox.headless = true;
deployment.keys.bitcoin-rpcpassword.text = secrets.bitcoinrpcpassword;
deployment.keys.bitcoin-rpcpassword.destDir = "/secrets/";
deployment.keys.bitcoin-rpcpassword.user = "bitcoin";
deployment.keys.bitcoin-rpcpassword.group = "bitcoinrpc";
deployment.keys.bitcoin-rpcpassword.permissions = "0440";
deployment.keys.lightning-charge-api-token.text = "API_TOKEN=" + secrets.lightning-charge-api-token; deployment.keys = {
deployment.keys.lightning-charge-api-token.destDir = "/secrets/"; inherit bitcoin-rpcpassword lightning-charge-api-token;
deployment.keys.lightning-charge-api-token.user = "clightning"; } // (if (config.services.nanopos.enable) then { inherit lightning-charge-api-token-for-nanopos; } else { });
deployment.keys.lightning-charge-api-token.group = "clightning";
deployment.keys.lightning-charge-api-token.permissions = "0440";
# variable is called CHARGE_TOKEN instead of API_TOKEN
deployment.keys.lightning-charge-api-token-for-nanopos.text = "CHARGE_TOKEN=" + secrets.lightning-charge-api-token;
deployment.keys.lightning-charge-api-token-for-nanopos.destDir = "/secrets/";
deployment.keys.lightning-charge-api-token-for-nanopos.user = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.group = "nanopos";
deployment.keys.lightning-charge-api-token-for-nanopos.permissions = "0440";
}; };
} }