aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

All modules: Give service config precedence over defaultHardening

Browse source 
With '//' the latter takes precedence over the former in case of
equally named attributes.
This commit is contained in:
nixbitcoin 2020-05-05 15:18:41 +02:00
parent 0ac1e496b2
commit 7c70dd43ac
No known key found for this signature in database
GPG key ID: DD11F9AD5308B3BA
11 changed files with 24 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

5
modules/clightning.nix
View file

@ -93,14 +93,13 @@ in {
chmod 600 ${cfg.dataDir}/config
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
'';
serviceConfig = {
serviceConfig = nix-bitcoin-services.defaultHardening // {
PermissionsStartOnly = "true";
ExecStart = "${pkgs.nix-bitcoin.clightning}/bin/lightningd --lightning-dir=${cfg.dataDir}";
User = "clightning";
Restart = "on-failure";
RestartSec = "10s";
} // nix-bitcoin-services.defaultHardening
// (if cfg.enforceTor
} // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP
);