secure-node: don't set nix-bitcoin.secretsDir

This simplifies the docs and the secure-node module. This change doesn't affect users that deploy via krops.
2022-02-03 20:46:33 +01:00
parent 7b0c3d48c9
commit d959d5b558
5 changed files with 27 additions and 12 deletions
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -18,9 +18,6 @@ in {
  };

  config =  {
-    # For backwards compatibility only
-    nix-bitcoin.secretsDir = mkDefault "/secrets";
-
    networking.firewall.enable = true;

    nix-bitcoin.security.dbusHideProcessInformation = true;
--- a/modules/versioning.nix
+++ b/modules/versioning.nix
@@ -181,6 +181,27 @@ let
            once.
      '';
    }
+    {
+      version = "0.0.65";
+      condition = config.nix-bitcoin ? secure-node-preset-enabled &&
+                  config.nix-bitcoin.secretsDir == "/etc/nix-bitcoin-secrets";
+      message = ''
+        The `secure-node.nix` preset does not set the secrets directory
+        to "/secrets" anymore.
+        Instead, the default location "/etc/nix-bitcoin-secrets" is used.
+
+        To upgrade, choose one of the following:
+
+        - Continue using "/secrets":
+          Add `nix-bitcoin.secretsDir = "/secrets";` to your configuration.nix.
+
+        - Move your secrets to the default location:
+          Run the following command as root on your node:
+          `rsync -a /secrets/ /etc/nix-bitcoin-secrets`.
+          You can delete the old "/secrets" directory after deploying the new system
+          config to your node.
+      '';
+    }
  ];

  mkOnionServiceChange = service: {