aiolabs/nix-bitcoin
2
0
Fork 0
Code Issues Pull requests Projects Releases 2 Packages Wiki Activity Actions

Fix macaroon permission error by copying with root script
Some checks failed
nix-bitcoin tests / build_test_drivers (push) Has been cancelled
Details
nix-bitcoin tests / check_flake (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (default) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (joinmarket-bitcoind-29) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netns) (push) Has been cancelled
Details
nix-bitcoin tests / test_scenario (netnsRegtest) (push) Has been cancelled
Details

Browse source 
The LND admin macaroon is only readable by the lnd user, not the lnd
group. Copy it to the lightning-pub data dir via ExecStartPre root
script, matching the pattern used by RTL.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Patrick Mulligan 2026-02-27 09:56:02 -05:00
parent dd399773da
commit 966d668f4d
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/lightning-pub.nix
View file

@ -198,10 +198,17 @@ in {
WATCHDOG_MAX_DIFF_SATS = toString cfg.watchdogMaxDiffSats;
LND_ADDRESS = "${lnd.rpcAddress}:${toString lnd.rpcPort}";
LND_CERT_PATH = lnd.certPath;
LND_MACAROON_PATH = "${lnd.networkDir}/admin.macaroon";
LND_MACAROON_PATH = "${cfg.dataDir}/admin.macaroon";
} // cfg.extraEnv;
serviceConfig = nbLib.defaultHardening // {
# Copy the admin macaroon (only readable by lnd user, not group)
ExecStartPre = [
(nbLib.rootScript "lightning-pub-copy-macaroon" ''
install --compare -m 640 -o ${cfg.user} -g ${cfg.group} \
${lnd.networkDir}/admin.macaroon '${cfg.dataDir}/admin.macaroon'
'')
];
ExecStart = "${lightningPubEnv} ${pkgs.nodejs_22}/bin/node build/src/index.js";
SyslogIdentifier = "lightning-pub";
User = cfg.user;