jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use IPAddress{Allow,Deny} by default for systemd services

Browse Source
This commit is contained in:
Jonas Nick
2019-04-27 23:53:26 +00:00
parent d9533edad1
commit eaaf8e9aab
12 changed files with 79 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/clightning.nix
View File

@@ -3,7 +3,7 @@
with lib;
let
nix-bitcoin-services = import ./nix-bitcoin-services.nix;
nix-bitcoin-services = pkgs.callPackage ./nix-bitcoin-services.nix { };
cfg = config.services.clightning;
configFile = pkgs.writeText "config" ''
autolisten=${if cfg.autolisten then "true" else "false"}
@@ -57,6 +57,7 @@ in {
default = "/var/lib/clightning";
description = "The data directory for clightning.";
};
enforceTor = nix-bitcoin-services.enforceTor;
};
config = mkIf cfg.enable {
@@ -94,7 +95,11 @@ in {
User = "clightning";
Restart = "on-failure";
RestartSec = "10s";
} // nix-bitcoin-services.defaultHardening;
} // nix-bitcoin-services.defaultHardening
// (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP
);
};
};
}