Merge #165: Electrs fixes

e95f5981aa Remove KN countrycode (nixbitcoin)
742aef1e0f Only set dataDirReadableByGroup if cfg.high-memory is enabled (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e95f5981aa

Tree-SHA512: e8253b934211e6fc6be11917f8acb05a05e390caafdf86f90670f9299d9c0d98596758ff021c65aae199c9a5a3f86f87854e1b8f50a53bab8ad28d9a7003d98e

examples/configuration.nix

@@ -63,7 +63,8 @@
   # Electrum Server in Rust. Only enable this if hardware wallets are
   # disabled.
   # services.electrs.enable = true;
-  # If you have ≥8GB memory, enable this option so electrs will sync faster.
+  # If you have more than 8GB memory, enable this option so electrs will
+  # sync faster.
   # services.electrs.high-memory = true;
 
   ### LIQUIDD

modules/presets/secure-node.nix

@@ -46,7 +46,7 @@ in {
     services.bitcoind = {
       enable = true;
       listen = true;
-      dataDirReadableByGroup = mkIf cfg.electrs.enable true;
+      dataDirReadableByGroup = mkIf cfg.electrs.high-memory true;
       proxy = cfg.tor.client.socksListenAddress;
       enforceTor = true;
       port = 8333;

pkgs/generate-secrets/generate-secrets.sh

@@ -18,7 +18,7 @@ makePasswordSecret spark-wallet-password
 
 if [[ ! -e nginx-key || ! -e nginx-cert ]]; then
     openssl genrsa -out nginx-key 2048
-    openssl req -new -key nginx-key -out nginx.csr -subj "/C=KN"
+    openssl req -new -key nginx-key -out nginx.csr -subj '/CN=localhost/O=electrs'
     openssl x509 -req -days 1825 -in nginx.csr -signkey nginx-key -out nginx-cert
     rm nginx.csr
 fi