lnd, joinmarket: don't write to secrets dir

Keeping the secrets dir read-only is more simple and robust. - lnd seed mnemonic creation and joinmarket wallet creation can be run as the regular service user instead of root. - It is easier to switch to a third-party secrets deployment method in the future. Don't create a seed mnemonic for lnd when a wallet exists. This avoids creating unused mnemonics and helps simplifying the migration command in `versioning.nix`.
2021-03-10 14:08:37 +01:00 · 2021-03-10 14:08:37 +01:00 · 03db1a61b1
commit 03db1a61b1
parent 55d87490ec
6 changed files with 56 additions and 33 deletions
--- a/modules/joinmarket.nix
+++ b/modules/joinmarket.nix
@ -240,20 +240,19 @@ in {
        '';
        # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
        ExecStartPost = mkIf (bitcoind.network == "mainnet")
-          (nbLib.privileged "joinmarket-create-wallet" ''
+          (nbLib.script "joinmarket-create-wallet" ''
            walletname=wallet.jmdat
            wallet=${cfg.dataDir}/wallets/$walletname
            if [[ ! -f $wallet ]]; then
              echo "Create wallet"
              pw=$(cat "${secretsDir}"/jm-wallet-password)
              cd ${cfg.dataDir}
-              if ! ${pkgs.utillinux}/bin/runuser -u ${cfg.user} -- \
-                     ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
+              if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
                     | grep 'recovery_seed' \
                     | cut -d ':' -f2 \
-                     | (umask u=r,go=; cat > "${secretsDir}/jm-wallet-seed"); then
+                     | (umask u=r,go=; cat > jm-wallet-seed); then
                echo "wallet creation failed"
-                rm -f "$wallet" "${secretsDir}/jm-wallet-seed"
+                rm -f "$wallet" jm-wallet-seed
                exit 1
              fi
            fi