jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

services: use doas if enabled

Browse Source 
- Remove sudo from recurring-donations path because it's not used by
  the service

- Use doas instead of sudo in secure-node.nix
This commit is contained in:
nixbitcoin
2021-01-30 23:08:43 +01:00
parent ce2b445777
commit 2ca92a34a5
7 changed files with 31 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/lnd.nix
View File

@@ -6,6 +6,7 @@ let
cfg = config.services.lnd;
nbLib = config.nix-bitcoin.lib;
secretsDir = config.nix-bitcoin.secretsDir;
runAsUser = config.nix-bitcoin.runAsUserCmd;
bitcoind = config.services.bitcoind;
bitcoindRpcAddress = bitcoind.rpc.address;
@@ -123,7 +124,7 @@ in {
default = pkgs.writeScriptBin "lncli"
# Switch user because lnd makes datadir contents readable by user only
''
sudo -u lnd ${cfg.package}/bin/lncli \
${runAsUser} lnd ${cfg.package}/bin/lncli \
--rpcserver ${cfg.rpcAddress}:${toString cfg.rpcPort} \
--tlscertpath '${secretsDir}/lnd-cert' \
--macaroonpath '${networkDir}/admin.macaroon' "$@"
@@ -270,7 +271,7 @@ in {
users.groups.lnd = {};
nix-bitcoin.operator = {
groups = [ "lnd" ];
sudoUsers = [ "lnd" ];
allowRunAsUsers = [ "lnd" ];
};
nix-bitcoin.secrets = {