aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

All modules: Give service config precedence over defaultHardening

Browse source 
With '//' the latter takes precedence over the former in case of
equally named attributes.
This commit is contained in:
nixbitcoin 2020-05-05 15:18:41 +02:00
parent 0ac1e496b2
commit 7c70dd43ac
No known key found for this signature in database
GPG key ID: DD11F9AD5308B3BA
11 changed files with 24 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/bitcoind.nix
View file

@ -282,7 +282,7 @@ in {
sleep 0.05
done
'';
serviceConfig = {
serviceConfig = nix-bitcoin-services.defaultHardening // {
User = "${cfg.user}";
Group = "${cfg.group}";
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
@ -291,8 +291,7 @@ in {
# Permission for preStart
PermissionsStartOnly = "true";
} // nix-bitcoin-services.defaultHardening
// (if cfg.enforceTor
} // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP)
// optionalAttrs (cfg.zmqpubrawblock != null || cfg.zmqpubrawtx != null) nix-bitcoin-services.allowAnyProtocol;
@ -320,11 +319,10 @@ in {
fi
done
'';
serviceConfig = {
serviceConfig = nix-bitcoin-services.defaultHardening // {
User = "${cfg.user}";
Group = "${cfg.group}";
} // nix-bitcoin-services.defaultHardening
// nix-bitcoin-services.allowTor;
} // nix-bitcoin-services.allowTor;
};
users.users.${cfg.user} = {