lightning-loop: allow RPC access from main netns
Note that this also exposes the REST server, which is secured by macaroon auth like the RPC server.
This commit is contained in:
parent
d76b080b74
commit
8da01fe8a6
|
@ -74,14 +74,13 @@ in {
|
||||||
};
|
};
|
||||||
cli = mkOption {
|
cli = mkOption {
|
||||||
default = pkgs.writeScriptBin "loop" ''
|
default = pkgs.writeScriptBin "loop" ''
|
||||||
${cfg.cliExec} ${cfg.package}/bin/loop \
|
${cfg.package}/bin/loop \
|
||||||
--rpcserver ${rpclisten} \
|
--rpcserver ${rpclisten} \
|
||||||
--macaroonpath '${cfg.dataDir}/${network}/loop.macaroon' \
|
--macaroonpath '${cfg.dataDir}/${network}/loop.macaroon' \
|
||||||
--tlscertpath '${secretsDir}/loop-cert' "$@"
|
--tlscertpath '${secretsDir}/loop-cert' "$@"
|
||||||
'';
|
'';
|
||||||
description = "Binary to connect with the lightning-loop instance.";
|
description = "Binary to connect with the lightning-loop instance.";
|
||||||
};
|
};
|
||||||
inherit (nix-bitcoin-services) cliExec;
|
|
||||||
enforceTor = nix-bitcoin-services.enforceTor;
|
enforceTor = nix-bitcoin-services.enforceTor;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -291,7 +291,7 @@ in {
|
||||||
host = netns.nanopos.address;
|
host = netns.nanopos.address;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.lightning-loop.cliExec = mkCliExec "lightning-loop";
|
services.lightning-loop.rpcAddress = netns.lightning-loop.address;
|
||||||
|
|
||||||
services.nbxplorer.bind = netns.nbxplorer.address;
|
services.nbxplorer.bind = netns.nbxplorer.address;
|
||||||
services.btcpayserver.bind = netns.btcpayserver.address;
|
services.btcpayserver.bind = netns.btcpayserver.address;
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
#include <sys/capability.h>
|
#include <sys/capability.h>
|
||||||
|
|
||||||
static char *allowed_netns[] = {
|
static char *allowed_netns[] = {
|
||||||
"nb-lightning-loop",
|
|
||||||
"nb-joinmarket"
|
"nb-joinmarket"
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user