aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Use IPAddress{Allow,Deny} by default for systemd services

Browse source
This commit is contained in:
Jonas Nick 2019-04-27 23:53:26 +00:00
parent d9533edad1
commit eaaf8e9aab
No known key found for this signature in database
GPG key ID: 4861DBF262123605
12 changed files with 79 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

9
modules/liquid.nix
View file

@ -3,7 +3,7 @@
with lib;
let
nix-bitcoin-services = import ./nix-bitcoin-services.nix;
nix-bitcoin-services = pkgs.callPackage ./nix-bitcoin-services.nix { };
cfg = config.services.liquidd;
pidFile = "${cfg.dataDir}/liquidd.pid";
configFile = pkgs.writeText "liquid.conf" ''
@ -166,6 +166,7 @@ in {
to stay under the specified target size in MiB)
'';
};
enforceTor = nix-bitcoin-services.enforceTor;
};
};
@ -198,7 +199,11 @@ in {
# Permission for preStart
PermissionsStartOnly = "true";
} // nix-bitcoin-services.defaultHardening;
} // nix-bitcoin-services.defaultHardening
// (if cfg.enforceTor
then nix-bitcoin-services.allowTor
else nix-bitcoin-services.allowAnyIP
);
};
users.users.${cfg.user} = {
name = cfg.user;