aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Use IPAddress{Allow,Deny} by default for systemd services

Browse source
This commit is contained in:
Jonas Nick 2019-04-27 23:53:26 +00:00
parent d9533edad1
commit eaaf8e9aab
No known key found for this signature in database
GPG key ID: 4861DBF262123605
12 changed files with 79 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

12
modules/bitcoind.nix
View file

@ -3,7 +3,7 @@
with lib;
let
nix-bitcoin-services = import ./nix-bitcoin-services.nix;
nix-bitcoin-services = pkgs.callPackage ./nix-bitcoin-services.nix { };
cfg = config.services.bitcoind;
pidFile = "${cfg.dataDir}/bitcoind.pid";
configFile = pkgs.writeText "bitcoin.conf" ''
@ -193,6 +193,7 @@ in {
to stay under the specified target size in MiB)
'';
};
enforceTor = nix-bitcoin-services.enforceTor;
};
};
@ -236,7 +237,11 @@ in {
# Permission for preStart
PermissionsStartOnly = "true";
} // nix-bitcoin-services.defaultHardening;
} // nix-bitcoin-services.defaultHardening
// (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP
);
};
systemd.services.bitcoind-import-banlist = {
description = "Bitcoin daemon banlist importer";
@ -272,7 +277,8 @@ in {
# Permission for preStart
PermissionsStartOnly = "true";
} // nix-bitcoin-services.defaultHardening;
} // nix-bitcoin-services.defaultHardening
// nix-bitcoin-services.allowTor;
};
users.users.${cfg.user} = {