jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bitcoind, liquidd: add whitelisted socket

Browse Source 
This allows whitelisting local services without implicitly
whitelisting all inbound onion connections, which would happen when
setting bitcoind/liquidd option `whitelist=localhost`.

Used by electrs and nbxplorer, which requires the unsafe `mempool`
permission.
This commit is contained in:
Erik Arvstedt
2021-10-29 17:56:57 +02:00
parent 8c3a88b2e8
commit 1da23cd933
4 changed files with 54 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/electrs.nix
View File

@@ -58,9 +58,7 @@ in {
services.bitcoind = {
enable = true;
# Enable p2p connections
listen = true;
extraConfig = "whitelist=download@${nbLib.address cfg.address}";
listenWhitelisted = true;
};
systemd.tmpfiles.rules = [
@@ -88,7 +86,7 @@ in {
--electrum-rpc-addr=${cfg.address}:${toString cfg.port} \
--monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \
--daemon-rpc-addr=${nbLib.addressWithPort bitcoind.rpc.address bitcoind.rpc.port} \
--daemon-p2p-addr=${nbLib.addressWithPort bitcoind.address bitcoind.port} \
--daemon-p2p-addr=${nbLib.addressWithPort bitcoind.address bitcoind.whitelistedPort} \
${cfg.extraArgs}
'';
User = cfg.user;