lnd: extract option certPath
Improves service encapsulation.
This commit is contained in:
parent
be12a49933
commit
2c8e29b35b
|
@ -211,7 +211,7 @@ in {
|
|||
${optionalString (cfg.btcpayserver.lightningBackend == "lnd") ''
|
||||
{
|
||||
echo -n "${lndConfig}"
|
||||
${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.nix-bitcoin.secretsDir}/lnd-cert \
|
||||
${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.services.lnd.certPath} \
|
||||
| sed -e 's/.*=//;s/://g'
|
||||
} >> '${cfg.btcpayserver.dataDir}/settings.config'
|
||||
''}
|
||||
|
|
|
@ -105,7 +105,7 @@ in
|
|||
macaroonDir=${dataDir}/lnddir-proxy/data/chain/bitcoin/mainnet
|
||||
mkdir -p $macaroonDir
|
||||
ln -sf /run/lnd/charge-lnd.macaroon $macaroonDir
|
||||
ln -sf ${config.nix-bitcoin.secretsDir}/lnd-cert ${dataDir}/lnddir-proxy/tls.cert
|
||||
ln -sf ${lnd.certPath} ${dataDir}/lnddir-proxy/tls.cert
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
ExecStart = ''
|
||||
|
|
|
@ -22,7 +22,7 @@ let
|
|||
|
||||
lnd.host=${lnd.rpcAddress}:${toString lnd.rpcPort}
|
||||
lnd.macaroonpath=${lnd.networkDir}/admin.macaroon
|
||||
lnd.tlspath=${secretsDir}/lnd-cert
|
||||
lnd.tlspath=${lnd.certPath}
|
||||
|
||||
${optionalString (cfg.proxy != null) "server.proxy=${cfg.proxy}"}
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@ with lib;
|
|||
let
|
||||
cfg = config.services.lightning-pool;
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
secretsDir = config.nix-bitcoin.secretsDir;
|
||||
|
||||
lnd = config.services.lnd;
|
||||
|
||||
|
@ -18,7 +17,7 @@ let
|
|||
|
||||
lnd.host=${lnd.rpcAddress}:${toString lnd.rpcPort}
|
||||
lnd.macaroondir=${lnd.networkDir}
|
||||
lnd.tlspath=${secretsDir}/lnd-cert
|
||||
lnd.tlspath=${lnd.certPath}
|
||||
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
|
|
@ -5,7 +5,6 @@ with lib;
|
|||
let
|
||||
cfg = config.services.lnd.restOnionService;
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
secretsDir = config.nix-bitcoin.secretsDir;
|
||||
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
||||
|
||||
lnd = config.services.lnd;
|
||||
|
@ -17,7 +16,7 @@ let
|
|||
--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/lnd/lnd-rest) \
|
||||
--port=${toString lnd.restPort} \
|
||||
--lnddir=${lnd.dataDir} \
|
||||
--tlscertpath=${secretsDir}/lnd-cert "$@"
|
||||
--tlscertpath=${lnd.certPath} "$@"
|
||||
'';
|
||||
in {
|
||||
options.services.lnd.restOnionService = {
|
||||
|
|
|
@ -14,7 +14,7 @@ let
|
|||
configFile = pkgs.writeText "lnd.conf" ''
|
||||
datadir=${cfg.dataDir}
|
||||
logdir=${cfg.dataDir}/logs
|
||||
tlscertpath=${secretsDir}/lnd-cert
|
||||
tlscertpath=${cfg.certPath}
|
||||
tlskeypath=${secretsDir}/lnd-key
|
||||
|
||||
listen=${toString cfg.address}:${toString cfg.port}
|
||||
|
@ -126,7 +126,7 @@ in {
|
|||
''
|
||||
${runAsUser} ${cfg.user} ${cfg.package}/bin/lncli \
|
||||
--rpcserver ${cfg.rpcAddress}:${toString cfg.rpcPort} \
|
||||
--tlscertpath '${secretsDir}/lnd-cert' \
|
||||
--tlscertpath '${cfg.certPath}' \
|
||||
--macaroonpath '${networkDir}/admin.macaroon' "$@"
|
||||
'';
|
||||
description = "Binary to connect with the lnd instance.";
|
||||
|
@ -149,6 +149,11 @@ in {
|
|||
default = cfg.user;
|
||||
description = "The group as which to run LND.";
|
||||
};
|
||||
certPath = mkOption {
|
||||
readOnly = true;
|
||||
default = "${secretsDir}/lnd-cert";
|
||||
description = "LND TLS certificate path.";
|
||||
};
|
||||
inherit (nbLib) enforceTor;
|
||||
};
|
||||
|
||||
|
@ -211,7 +216,7 @@ in {
|
|||
# Retrying is necessary because it can happen that the lnd socket is
|
||||
# existing, but the RPC service isn't yet, which results in error
|
||||
# "waiting to start, RPC services not available".
|
||||
curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10 --cacert ${secretsDir}/lnd-cert";
|
||||
curl = "${pkgs.curl}/bin/curl -s --show-error --retry 10 --cacert ${cfg.certPath}";
|
||||
restUrl = "https://${cfg.restAddress}:${toString cfg.restPort}/v1";
|
||||
in [
|
||||
(nbLib.script "lnd-create-wallet" ''
|
||||
|
|
Loading…
Reference in New Issue
Block a user