add option 'dataDirReadableByGroup'
These settings are now more accessible for users that don't use nix-bitcoin's default node config. Additionally, remove 'other' permissions via umask.
This commit is contained in:
parent
3e188238d0
commit
4dc6c3ba5d
|
@ -149,6 +149,14 @@ in {
|
||||||
If enabled, the bitcoin service will listen.
|
If enabled, the bitcoin service will listen.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
dataDirReadableByGroup = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = ''
|
||||||
|
If enabled, data dir content is readable by the bitcoind service group.
|
||||||
|
Warning: This disables bitcoind's wallet support.
|
||||||
|
'';
|
||||||
|
};
|
||||||
sysperms = mkOption {
|
sysperms = mkOption {
|
||||||
type = types.nullOr types.bool;
|
type = types.nullOr types.bool;
|
||||||
default = null;
|
default = null;
|
||||||
|
@ -241,6 +249,12 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
|
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
|
||||||
|
|
||||||
|
services.bitcoind = mkIf cfg.dataDirReadableByGroup {
|
||||||
|
disablewallet = true;
|
||||||
|
sysperms = true;
|
||||||
|
};
|
||||||
|
|
||||||
systemd.services.bitcoind = {
|
systemd.services.bitcoind = {
|
||||||
description = "Bitcoin daemon";
|
description = "Bitcoin daemon";
|
||||||
requires = [ "nix-bitcoin-secrets.target" ];
|
requires = [ "nix-bitcoin-secrets.target" ];
|
||||||
|
@ -273,6 +287,7 @@ in {
|
||||||
Group = "${cfg.group}";
|
Group = "${cfg.group}";
|
||||||
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
UMask = mkIf cfg.dataDirReadableByGroup "0027";
|
||||||
|
|
||||||
# Permission for preStart
|
# Permission for preStart
|
||||||
PermissionsStartOnly = "true";
|
PermissionsStartOnly = "true";
|
||||||
|
|
|
@ -81,7 +81,14 @@ in {
|
||||||
PermissionsStartOnly = "true";
|
PermissionsStartOnly = "true";
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${pkgs.nix-bitcoin.electrs}/bin/electrs -vvv \
|
${pkgs.nix-bitcoin.electrs}/bin/electrs -vvv \
|
||||||
${optionalString (!cfg.high-memory) "--jsonrpc-import --index-batch-size=10"} \
|
${if cfg.high-memory then
|
||||||
|
traceIf (!config.services.bitcoind.dataDirReadableByGroup) ''
|
||||||
|
Warning: For optimal electrs syncing performance, enable services.bitcoind.dataDirReadableByGroup.
|
||||||
|
Note that this disables wallet support in bitcoind.
|
||||||
|
'' ""
|
||||||
|
else
|
||||||
|
"--jsonrpc-import --index-batch-size=10"
|
||||||
|
} \
|
||||||
--db-dir '${cfg.dataDir}' --daemon-dir '${config.services.bitcoind.dataDir}' \
|
--db-dir '${cfg.dataDir}' --daemon-dir '${config.services.bitcoind.dataDir}' \
|
||||||
--electrum-rpc-addr=${toString cfg.address}:${toString cfg.port} ${cfg.extraArgs}
|
--electrum-rpc-addr=${toString cfg.address}:${toString cfg.port} ${cfg.extraArgs}
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -46,8 +46,7 @@ in {
|
||||||
services.bitcoind = {
|
services.bitcoind = {
|
||||||
enable = true;
|
enable = true;
|
||||||
listen = true;
|
listen = true;
|
||||||
sysperms = if cfg.electrs.enable then true else null;
|
dataDirReadableByGroup = mkIf cfg.electrs.enable true;
|
||||||
disablewallet = if cfg.electrs.enable then true else null;
|
|
||||||
proxy = cfg.tor.client.socksListenAddress;
|
proxy = cfg.tor.client.socksListenAddress;
|
||||||
enforceTor = true;
|
enforceTor = true;
|
||||||
port = 8333;
|
port = 8333;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user