aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

bitcoind: add rpcwhitelist feature

Browse source 
Default behavior for rpc whitelisting is set to 0, which means that
rpcwhitelisting is only enforced for rpc users for whom an `rpcwhitelist`
exists.
This commit is contained in:
nixbitcoin 2020-06-22 12:12:50 +00:00
parent 5a978a2836
commit 1bf45a9547
No known key found for this signature in database
GPG key ID: DD11F9AD5308B3BA
2 changed files with 73 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

14
modules/bitcoind.nix
View file

@ -28,8 +28,12 @@ let
# RPC server options
rpcport=${toString cfg.rpc.port}
rpcwhitelistdefault=0
${concatMapStringsSep "\n"
(rpcUser: "rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}")
(rpcUser: ''
rpcauth=${rpcUser.name}:${rpcUser.passwordHMAC}
${optionalString (rpcUser.rpcwhitelist != []) "rpcwhitelist=${rpcUser.name}:${lib.strings.concatStringsSep "," rpcUser.rpcwhitelist}"}
'')
(attrValues cfg.rpc.users)
}
${lib.concatMapStrings (rpcbind: "rpcbind=${rpcbind}\n") cfg.rpcbind}
@ -118,6 +122,14 @@ in {
format <SALT-HEX>$<HMAC-HEX>.
'';
};
rpcwhitelist = mkOption {
type = types.listOf types.str;
default = [];
description = ''
List of allowed rpc calls for each user.
If empty list, rpcwhitelist is disabled for that user.
'';
};
};
config = {
name = mkDefault name;