aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

All modules: ProtectSystem = strict

Browse source 
Add ReadWritePaths in all modules, except lnd which has ProtectSystem =
full.
This commit is contained in:
nixbitcoin 2020-05-05 17:15:16 +02:00
parent adc71b892e
commit a040e52854
No known key found for this signature in database
GPG key ID: DD11F9AD5308B3BA
10 changed files with 11 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/bitcoind.nix
View file

@ -286,6 +286,7 @@ in {
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
Restart = "on-failure";
UMask = mkIf cfg.dataDirReadableByGroup "0027";
ReadWritePaths = "${cfg.dataDir}";
} // (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP)
@ -317,6 +318,7 @@ in {
serviceConfig = nix-bitcoin-services.defaultHardening // {
User = "${cfg.user}";
Group = "${cfg.group}";
ReadWritePaths = "${cfg.dataDir}";
} // nix-bitcoin-services.allowTor;
};