Indentation cleanups

2019-01-02 15:17:57 +00:00 · 2019-01-02 15:17:57 +00:00 · bca40e23b1
commit bca40e23b1
parent 877e163ce5
9 changed files with 118 additions and 128 deletions
--- a/modules/clightning.nix
+++ b/modules/clightning.nix
@ -39,48 +39,46 @@ in {
  };
  config = mkIf cfg.enable {
-      users.users.clightning =
+    users.users.clightning = {
-        {
+        description = "clightning User";
-          description = "clightning User";
+        group = "clightning";
-          group = "clightning";
+        extraGroups = [ "bitcoinrpc" "keys" ];
-          extraGroups = [ "bitcoinrpc" "keys" ];
+        home = cfg.dataDir;
          home = cfg.dataDir;
      };
      users.groups.clightning = {
        name = "clightning";
      };
      systemd.services.clightning =
        { description = "Run clightningd";
          path  = [ pkgs.bitcoin ];
          wantedBy = [ "multi-user.target" ];
          requires = [ "bitcoind.service" ];
          after = [ "bitcoind.service" ];
          preStart = ''
            mkdir -m 0770 -p ${cfg.dataDir}
            rm -f ${cfg.dataDir}/config
            chown 'clightning:clightning' '${cfg.dataDir}'
            cp ${configFile} ${cfg.dataDir}/config
            chown 'clightning:clightning' '${cfg.dataDir}/config'
            chmod +w ${cfg.dataDir}/config
            chmod o-rw ${cfg.dataDir}/config
            # The RPC socket has to be removed otherwise we might have stale sockets
            rm -f ${cfg.dataDir}/lightning-rpc
            echo "bitcoin-rpcpassword=$(cat /secrets/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
            '';
          serviceConfig =
            {
              PermissionsStartOnly = "true";
              ExecStart = "${pkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
              User = "clightning";
              Restart = "on-failure";
              RestartSec = "10s";
              PrivateTmp = "true";
              ProtectSystem = "full";
              NoNewPrivileges = "true";
              PrivateDevices = "true";
              MemoryDenyWriteExecute = "true";
            };
        };
    };
    users.groups.clightning = {
      name = "clightning";
    };
    systemd.services.clightning = {
      description = "Run clightningd";
      path  = [ pkgs.bitcoin ];
      wantedBy = [ "multi-user.target" ];
      requires = [ "bitcoind.service" ];
      after = [ "bitcoind.service" ];
      preStart = ''
        mkdir -m 0770 -p ${cfg.dataDir}
        rm -f ${cfg.dataDir}/config
        chown 'clightning:clightning' '${cfg.dataDir}'
        cp ${configFile} ${cfg.dataDir}/config
        chown 'clightning:clightning' '${cfg.dataDir}/config'
        chmod +w ${cfg.dataDir}/config
        chmod o-rw ${cfg.dataDir}/config
        # The RPC socket has to be removed otherwise we might have stale sockets
        rm -f ${cfg.dataDir}/lightning-rpc
        echo "bitcoin-rpcpassword=$(cat /secrets/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
        '';
      serviceConfig = {
        PermissionsStartOnly = "true";
        ExecStart = "${pkgs.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
        User = "clightning";
        Restart = "on-failure";
        RestartSec = "10s";
        PrivateTmp = "true";
        ProtectSystem = "full";
        NoNewPrivileges = "true";
        PrivateDevices = "true";
        MemoryDenyWriteExecute = "true";
      };
    };
  };
 }
--- a/modules/lightning-charge.nix
+++ b/modules/lightning-charge.nix
@ -23,26 +23,25 @@ in {
  };
  config = mkIf cfg.enable {
-      systemd.services.lightning-charge =
+    systemd.services.lightning-charge = {
-        { description = "Run lightning-charge";
+      description = "Run lightning-charge";
-          wantedBy = [ "multi-user.target" ];
+      wantedBy = [ "multi-user.target" ];
-          requires = [ "clightning.service" ];
+      requires = [ "clightning.service" ];
-          after = [ "clightning.service" ];
+      after = [ "clightning.service" ];
-          serviceConfig =
+      serviceConfig = {
-            {
+          EnvironmentFile = "/secrets/lightning-charge-api-token";
-              EnvironmentFile = "/secrets/lightning-charge-api-token";
+          ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
-              ExecStart = "${pkgs.lightning-charge.package}/bin/charged -l ${config.services.clightning.dataDir} -d ${config.services.clightning.dataDir}/lightning-charge.db";
+          # Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
-              # Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
+          # so this must run as the clightning user
-              # so this must run as the clightning user
+          # https://github.com/ElementsProject/lightning/issues/1366
-              # https://github.com/ElementsProject/lightning/issues/1366
+          User = "clightning";
-              User = "clightning";
+          Restart = "on-failure";
-              Restart = "on-failure";
+          RestartSec = "10s";
-              RestartSec = "10s";
+          PrivateTmp = "true";
-              PrivateTmp = "true";
+          ProtectSystem = "full";
-              ProtectSystem = "full";
+          NoNewPrivileges = "true";
-              NoNewPrivileges = "true";
+          PrivateDevices = "true";
-              PrivateDevices = "true";
+      };
            };
        };
    };
  };
 }
--- a/modules/nanopos.nix
+++ b/modules/nanopos.nix
@ -51,34 +51,33 @@ in {
  };
  config = mkIf cfg.enable {
-      users.users.nanopos =
+    users.users.nanopos =
-        {
+      {
-          description = "nanopos User";
+        description = "nanopos User";
-          group = "nanopos";
+        group = "nanopos";
-          extraGroups = [ "keys" ];
+        extraGroups = [ "keys" ];
      };
      users.groups.nanopos = {
        name = "nanopos";
      };
      systemd.services.nanopos =
        { description = "Run nanopos";
          wantedBy = [ "multi-user.target" ];
          requires = [ "lightning-charge.service" ];
          after = [ "lightning-charge.service" ];
          serviceConfig =
            {
              EnvironmentFile = "/secrets/lightning-charge-api-token-for-nanopos";
              ExecStart = "${pkgs.nanopos.package}/bin/nanopos -y ${cfg.itemsFile} -p ${toString cfg.port} --show-bolt11";
              User = "nanopos";
              Restart = "on-failure";
              RestartSec = "10s";
              PrivateTmp = "true";
              ProtectSystem = "full";
              NoNewPrivileges = "true";
              PrivateDevices = "true";
            };
        };
    };
    users.groups.nanopos = {
      name = "nanopos";
    };
    systemd.services.nanopos = {
      description = "Run nanopos";
      wantedBy = [ "multi-user.target" ];
      requires = [ "lightning-charge.service" ];
      after = [ "lightning-charge.service" ];
      serviceConfig = {
        EnvironmentFile = "/secrets/lightning-charge-api-token-for-nanopos";
        ExecStart = "${pkgs.nanopos.package}/bin/nanopos -y ${cfg.itemsFile} -p ${toString cfg.port} --show-bolt11";
        User = "nanopos";
        Restart = "on-failure";
        RestartSec = "10s";
        PrivateTmp = "true";
        ProtectSystem = "full";
        NoNewPrivileges = "true";
        PrivateDevices = "true";
      };
    };
  };
 }
--- a/modules/nix-bitcoin.nix
+++ b/modules/nix-bitcoin.nix
@ -30,16 +30,15 @@ let
    chown -R operator ${config.users.users.operator.home}/.ssh
  '';
 in {
-  imports =
+  imports = [
-    [
+    ./bitcoind.nix
-      ./bitcoind.nix
+    ./clightning.nix
-      ./clightning.nix
+    ./lightning-charge.nix
-      ./lightning-charge.nix
+    ./nanopos.nix
-      ./nanopos.nix
+    ./nix-bitcoin-webindex.nix
-      ./nix-bitcoin-webindex.nix
+    ./liquid.nix
-      ./liquid.nix
+    ./spark-wallet.nix
-      ./spark-wallet.nix
+  ];
    ];
  options.services.nix-bitcoin = {
    enable = mkOption {
--- a/modules/spark-wallet.nix
+++ b/modules/spark-wallet.nix
@ -23,22 +23,21 @@ in {
  };
  config = mkIf cfg.enable {
-      systemd.services.spark-wallet =
+    systemd.services.spark-wallet = {
-        { description = "Run spark-wallet";
+      description = "Run spark-wallet";
-          wantedBy = [ "multi-user.target" ];
+      wantedBy = [ "multi-user.target" ];
-          requires = [ "clightning.service" ];
+      requires = [ "clightning.service" ];
-          after = [ "clightning.service" ];
+      after = [ "clightning.service" ];
-          serviceConfig =
+      serviceConfig = {
-            {
+        ExecStart = "${pkgs.spark-wallet.package}/bin/spark-wallet --ln-path ${cfg.ln-path} -k -c /secrets/spark-wallet-password";
-              ExecStart = "${pkgs.spark-wallet.package}/bin/spark-wallet --ln-path ${cfg.ln-path} -k -c /secrets/spark-wallet-password";
+        User = "clightning";
-              User = "clightning";
+        Restart = "on-failure";
-              Restart = "on-failure";
+        RestartSec = "10s";
-              RestartSec = "10s";
+        PrivateTmp = "true";
-              PrivateTmp = "true";
+        ProtectSystem = "full";
-              ProtectSystem = "full";
+        NoNewPrivileges = "true";
-              NoNewPrivileges = "true";
+        PrivateDevices = "true";
-              PrivateDevices = "true";
+      };
            };
        };
    };
  };
 }
--- a/nix-bitcoin.nix
+++ b/nix-bitcoin.nix
@ -15,11 +15,10 @@
   liquidd = pkgs.callPackage (import pkgs/liquidd.nix) { };
 in {
  disabledModules = [ "services/security/tor.nix" ];
-  imports =
+  imports = [
-    [
+    ./modules/nix-bitcoin.nix
-      ./modules/nix-bitcoin.nix
+    (unstable-pkgs-git + "/nixos/modules/services/security/tor.nix")
-      (unstable-pkgs-git + "/nixos/modules/services/security/tor.nix")
+  ];
    ];
  nixpkgs.config.packageOverrides = pkgs: {
    # Use bitcoin and clightning from unstable
--- a/pkgs/lightning-charge.nix
+++ b/pkgs/lightning-charge.nix
@ -1,6 +1,5 @@
 {pkgs, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}:
 with pkgs;
 let
 d1 = stdenv.mkDerivation {
--- a/pkgs/nanopos.nix
+++ b/pkgs/nanopos.nix
@ -1,6 +1,5 @@
 {pkgs, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}:
 with pkgs;
 let
 d1 = stdenv.mkDerivation {
--- a/pkgs/spark-wallet.nix
+++ b/pkgs/spark-wallet.nix
@ -1,6 +1,5 @@
 {pkgs, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-8_x"}:
 with pkgs;
 let
 d1 = stdenv.mkDerivation {