d56a363d3d
services: improve default hardening
2021-04-02 10:59:17 +00:00
08fe9ba84a
services: add finer-grained address family restrictions
...
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.
bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.
lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.
lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
2021-03-22 14:35:29 +01:00
020433cec6
services: add helper fn setAllowedIPAddresses
...
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
6a32812412
services: add names for systemd helper scripts
...
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
2021-02-07 22:45:36 +01:00
e774c045de
treewide: fix formatting
2021-02-07 22:40:10 +01:00
a587a2b02a
defaultHardening: explain where @system-service is defined
2021-02-07 22:39:06 +01:00
a344ae95c9
move mkHiddenService to lib
2021-02-04 12:39:54 +00:00
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
55073eee70
remove nix-bitcoin.pkgs.lib
...
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
322ba5bfff
Add nix-bitcoin.lib for utility functions and types
2020-08-20 21:31:24 +00:00
nixbitcoin
Erik Arvstedt
Jonas Nick