lnd, joinmarket: don't write to secrets dir
Keeping the secrets dir read-only is more simple and robust. - lnd seed mnemonic creation and joinmarket wallet creation can be run as the regular service user instead of root. - It is easier to switch to a third-party secrets deployment method in the future. Don't create a seed mnemonic for lnd when a wallet exists. This avoids creating unused mnemonics and helps simplifying the migration command in `versioning.nix`.
This commit is contained in:
Erik Arvstedt
parent
55d87490ec
commit
03db1a61b1
6 changed files with 56 additions and 33 deletions
|
|
@ -4,7 +4,6 @@ with lib;
|
|||
|
||||
let
|
||||
cfg = config.services.backups;
|
||||
secretsDir = config.nix-bitcoin.secretsDir;
|
||||
|
||||
filelist = pkgs.writeText "filelist.txt" ''
|
||||
${optionalString (!cfg.with-bulk-data) "- ${config.services.bitcoind.dataDir}/blocks"}
|
||||
|
|
@ -12,7 +11,6 @@ let
|
|||
${config.services.bitcoind.dataDir}
|
||||
${config.services.clightning.dataDir}
|
||||
${config.services.lnd.dataDir}
|
||||
${secretsDir}/lnd-seed-mnemonic
|
||||
${optionalString (!cfg.with-bulk-data) "- ${config.services.liquidd.dataDir}/*/blocks"}
|
||||
${optionalString (!cfg.with-bulk-data) "- ${config.services.liquidd.dataDir}/*/chainstate"}
|
||||
${config.services.liquidd.dataDir}
|
||||
|
|
@ -20,8 +18,8 @@ let
|
|||
${config.services.nbxplorer.dataDir}
|
||||
${config.services.btcpayserver.dataDir}
|
||||
${config.services.joinmarket.dataDir}
|
||||
${secretsDir}/jm-wallet-seed
|
||||
${config.services.postgresqlBackup.location}/btcpaydb.sql.gz
|
||||
${optionalString config.nix-bitcoin.generateSecrets "${config.nix-bitcoin.secretsDir}"}
|
||||
/var/lib/tor
|
||||
# Extra files
|
||||
${cfg.extraFiles}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue