lnd, joinmarket: don't write to secrets dir

Keeping the secrets dir read-only is more simple and robust. - lnd seed mnemonic creation and joinmarket wallet creation can be run as the regular service user instead of root. - It is easier to switch to a third-party secrets deployment method in the future. Don't create a seed mnemonic for lnd when a wallet exists. This avoids creating unused mnemonics and helps simplifying the migration command in `versioning.nix`.
2021-03-10 14:08:37 +01:00 · 2021-03-10 14:08:37 +01:00 · 03db1a61b1
commit 03db1a61b1
parent 55d87490ec
6 changed files with 56 additions and 33 deletions
--- a/modules/versioning.nix
+++ b/modules/versioning.nix
@ -69,6 +69,28 @@ let
    (mkOnionServiceChange "clightning")
    (mkOnionServiceChange "lnd")
    (mkOnionServiceChange "btcpayserver")
+    {
+      version = "0.0.41";
+      condition = config.services.lnd.enable || config.services.joinmarket.enable;
+      message = let
+        secretsDir = config.nix-bitcoin.secretsDir;
+        lnd = config.services.lnd;
+        jm = config.services.joinmarket;
+      in ''
+        Secret files generated by services at runtime are now stored in the service
+        data dirs instead of the global secrets dir.
+
+        To migrate, run the following Bash script as root on your nix-bitcoin node:
+
+          if [[ -e ${secretsDir}/lnd-seed-mnemonic ]]; then
+            install -o ${lnd.user} -g ${lnd.group} -m400 "${secretsDir}/lnd-seed-mnemonic" "${lnd.dataDir}"
+          fi
+          if [[ -e ${secretsDir}/jm-wallet-seed ]]; then
+            install -o ${jm.user} -g ${jm.group} -m400 "${secretsDir}/jm-wallet-seed" "${jm.dataDir}"
+          fi
+          rm -f "${secretsDir}"/{lnd-seed-mnemonic,jm-wallet-seed}
+      '';
+    }
  ];

  incompatibleChanges = optionals