From a43534dda0c52c9d070aa30c4cc60ad3ef6a26d6 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Mon, 1 Feb 2021 22:53:21 +0100 Subject: [PATCH] services: improve config file setup - btcpayserver, nbxplorer: Add quotes to the dataDir arg. (dataDir can contain spaces.) - clightning, liquidd: use 'install' --- modules/btcpayserver.nix | 6 +++--- modules/clightning.nix | 6 ++---- modules/liquid.nix | 9 +++++---- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/modules/btcpayserver.nix b/modules/btcpayserver.nix index 82628b7..d501e11 100644 --- a/modules/btcpayserver.nix +++ b/modules/btcpayserver.nix @@ -127,7 +127,7 @@ in { requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; preStart = '' - install -m 600 ${configFile} ${cfg.nbxplorer.dataDir}/settings.config + install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config' echo "btcrpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-btcpayserver)" \ >> '${cfg.nbxplorer.dataDir}/settings.config' ''; @@ -171,13 +171,13 @@ in { ++ optional (cfg.btcpayserver.lightningBackend != null) "${cfg.btcpayserver.lightningBackend}.service"; after = self.requires; preStart = '' - install -m 600 ${configFile} ${cfg.btcpayserver.dataDir}/settings.config + install -m 600 ${configFile} '${cfg.btcpayserver.dataDir}/settings.config' ${optionalString (cfg.btcpayserver.lightningBackend == "lnd") '' { echo -n "${lndConfig}"; ${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.nix-bitcoin.secretsDir}/lnd-cert \ | sed -e 's/.*=//;s/://g'; - } >> ${cfg.btcpayserver.dataDir}/settings.config + } >> '${cfg.btcpayserver.dataDir}/settings.config' ''} ''; serviceConfig = nbLib.defaultHardening // { diff --git a/modules/clightning.nix b/modules/clightning.nix index db39498..ffa765c 100644 --- a/modules/clightning.nix +++ b/modules/clightning.nix @@ -117,19 +117,17 @@ in { requires = [ "bitcoind.service" ]; after = [ "bitcoind.service" ]; preStart = '' - cp ${configFile} ${cfg.dataDir}/config chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' # The RPC socket has to be removed otherwise we might have stale sockets rm -f ${cfg.networkDir}/lightning-rpc - chmod 640 ${cfg.dataDir}/config + install -m 640 ${configFile} '${cfg.dataDir}/config' { echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)" ${optionalString (cfg.getPublicAddressCmd != "") '' echo "announce-addr=$(${cfg.getPublicAddressCmd})" ''} } >> '${cfg.dataDir}/config' - - ''; + ''; serviceConfig = nbLib.defaultHardening // { ExecStart = "${nbPkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}"; User = cfg.user; diff --git a/modules/liquid.nix b/modules/liquid.nix index d49b08f..a5ee67e 100644 --- a/modules/liquid.nix +++ b/modules/liquid.nix @@ -224,11 +224,12 @@ in { after = [ "bitcoind.service" ]; wantedBy = [ "multi-user.target" ]; preStart = '' - cp '${configFile}' '${cfg.dataDir}/elements.conf' - chmod 640 '${cfg.dataDir}/elements.conf' chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}' - echo "rpcpassword=$(cat ${secretsDir}/liquid-rpcpassword)" >> '${cfg.dataDir}/elements.conf' - echo "mainchainrpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" >> '${cfg.dataDir}/elements.conf' + install -m 640 ${configFile} '${cfg.dataDir}/elements.conf' + { + echo "rpcpassword=$(cat ${secretsDir}/liquid-rpcpassword)" + echo "mainchainrpcpassword=$(cat ${secretsDir}/bitcoin-rpcpassword-public)" + } >> '${cfg.dataDir}/elements.conf' ''; serviceConfig = nbLib.defaultHardening // { Type = "simple";