All modules with preStart: Use systemd.tmpfiles.rules
This is NixOS' recommended way to setup service dirs https://github.com/NixOS/nixpkgs/pull/56265. This commit hands off the initial data directory creation to systemd.tmpfiles.rules. All other preStart scripts are left intact to limit this changes' scope.
This commit is contained in:
parent
423ebf862b
commit
91b6b2c370
|
@ -255,19 +255,17 @@ in {
|
||||||
sysperms = true;
|
sysperms = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
"d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.bitcoind = {
|
systemd.services.bitcoind = {
|
||||||
description = "Bitcoin daemon";
|
description = "Bitcoin daemon";
|
||||||
requires = [ "nix-bitcoin-secrets.target" ];
|
requires = [ "nix-bitcoin-secrets.target" ];
|
||||||
after = [ "network.target" "nix-bitcoin-secrets.target" ];
|
after = [ "network.target" "nix-bitcoin-secrets.target" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
if [[ ! -e ${cfg.dataDir} ]]; then
|
|
||||||
mkdir -m 0770 -p '${cfg.dataDir}'
|
|
||||||
fi
|
|
||||||
if [[ ! -e ${cfg.dataDir}/blocks ]]; then
|
|
||||||
mkdir -m 0770 -p '${cfg.dataDir}/blocks'
|
|
||||||
fi
|
|
||||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
|
||||||
${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"}
|
${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"}
|
||||||
|
|
||||||
cfg=$(cat ${configFile}; printf "rpcpassword="; cat "${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword")
|
cfg=$(cat ${configFile}; printf "rpcpassword="; cat "${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword")
|
||||||
|
|
|
@ -78,6 +78,10 @@ in {
|
||||||
};
|
};
|
||||||
users.groups.clightning = {};
|
users.groups.clightning = {};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 ${config.users.users.clightning.name} ${config.users.users.clightning.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.clightning = {
|
systemd.services.clightning = {
|
||||||
description = "Run clightningd";
|
description = "Run clightningd";
|
||||||
path = [ pkgs.nix-bitcoin.bitcoind ];
|
path = [ pkgs.nix-bitcoin.bitcoind ];
|
||||||
|
@ -85,7 +89,6 @@ in {
|
||||||
requires = [ "bitcoind.service" ];
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ];
|
after = [ "bitcoind.service" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0770 -p ${cfg.dataDir}
|
|
||||||
cp ${configFile} ${cfg.dataDir}/config
|
cp ${configFile} ${cfg.dataDir}/config
|
||||||
chown -R 'clightning:clightning' '${cfg.dataDir}'
|
chown -R 'clightning:clightning' '${cfg.dataDir}'
|
||||||
# The RPC socket has to be removed otherwise we might have stale sockets
|
# The RPC socket has to be removed otherwise we might have stale sockets
|
||||||
|
|
|
@ -63,14 +63,16 @@ in {
|
||||||
config = mkIf cfg.enable (mkMerge [{
|
config = mkIf cfg.enable (mkMerge [{
|
||||||
environment.systemPackages = [ pkgs.nix-bitcoin.electrs ];
|
environment.systemPackages = [ pkgs.nix-bitcoin.electrs ];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.electrs = {
|
systemd.services.electrs = {
|
||||||
description = "Electrs Electrum Server";
|
description = "Electrs Electrum Server";
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
requires = [ "bitcoind.service" ];
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ];
|
after = [ "bitcoind.service" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0770 -p ${cfg.dataDir}
|
|
||||||
chown -R '${cfg.user}:${cfg.group}' ${cfg.dataDir}
|
|
||||||
echo "cookie = \"${config.services.bitcoind.rpcuser}:$(cat ${secretsDir}/bitcoin-rpcpassword)\"" \
|
echo "cookie = \"${config.services.bitcoind.rpcuser}:$(cat ${secretsDir}/bitcoin-rpcpassword)\"" \
|
||||||
> electrs.toml
|
> electrs.toml
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -200,15 +200,17 @@ in {
|
||||||
(hiPrio cfg.cli)
|
(hiPrio cfg.cli)
|
||||||
(hiPrio cfg.swap-cli)
|
(hiPrio cfg.swap-cli)
|
||||||
];
|
];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.liquidd = {
|
systemd.services.liquidd = {
|
||||||
description = "Elements daemon providing access to the Liquid sidechain";
|
description = "Elements daemon providing access to the Liquid sidechain";
|
||||||
requires = [ "bitcoind.service" ];
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ];
|
after = [ "bitcoind.service" ];
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
if ! test -e ${cfg.dataDir}; then
|
|
||||||
mkdir -m 0770 -p '${cfg.dataDir}'
|
|
||||||
fi
|
|
||||||
cp '${configFile}' '${cfg.dataDir}/elements.conf'
|
cp '${configFile}' '${cfg.dataDir}/elements.conf'
|
||||||
chmod o-rw '${cfg.dataDir}/elements.conf'
|
chmod o-rw '${cfg.dataDir}/elements.conf'
|
||||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
||||||
|
|
|
@ -79,6 +79,10 @@ in {
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
|
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${cfg.dataDir}' 0770 lnd lnd - -"
|
||||||
|
];
|
||||||
|
|
||||||
services.bitcoind = {
|
services.bitcoind = {
|
||||||
zmqpubrawblock = "tcp://127.0.0.1:28332";
|
zmqpubrawblock = "tcp://127.0.0.1:28332";
|
||||||
zmqpubrawtx = "tcp://127.0.0.1:28333";
|
zmqpubrawtx = "tcp://127.0.0.1:28333";
|
||||||
|
@ -91,7 +95,6 @@ in {
|
||||||
requires = [ "bitcoind.service" ];
|
requires = [ "bitcoind.service" ];
|
||||||
after = [ "bitcoind.service" ];
|
after = [ "bitcoind.service" ];
|
||||||
preStart = ''
|
preStart = ''
|
||||||
mkdir -m 0770 -p ${cfg.dataDir}
|
|
||||||
cp ${configFile} ${cfg.dataDir}/lnd.conf
|
cp ${configFile} ${cfg.dataDir}/lnd.conf
|
||||||
chown -R 'lnd:lnd' '${cfg.dataDir}'
|
chown -R 'lnd:lnd' '${cfg.dataDir}'
|
||||||
chmod u=rw,g=r,o= ${cfg.dataDir}/lnd.conf
|
chmod u=rw,g=r,o= ${cfg.dataDir}/lnd.conf
|
||||||
|
|
|
@ -28,9 +28,8 @@ let
|
||||||
'';
|
'';
|
||||||
createWebIndex = pkgs.writeText "make-index.sh" ''
|
createWebIndex = pkgs.writeText "make-index.sh" ''
|
||||||
set -e
|
set -e
|
||||||
mkdir -p /var/www/
|
|
||||||
cp ${indexFile} /var/www/index.html
|
cp ${indexFile} /var/www/index.html
|
||||||
chown -R nginx /var/www/
|
chown -R nginx:nginx /var/www/
|
||||||
nodeinfo
|
nodeinfo
|
||||||
. <(nodeinfo)
|
. <(nodeinfo)
|
||||||
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
|
sed -i "s/CLIGHTNING_ID/$CLIGHTNING_ID/g" /var/www/index.html
|
||||||
|
@ -48,6 +47,10 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/www 0755 nginx nginx - -"
|
||||||
|
];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
virtualHosts."_" = {
|
virtualHosts."_" = {
|
||||||
|
|
|
@ -15,7 +15,6 @@ let
|
||||||
# wait until tor is up
|
# wait until tor is up
|
||||||
until ls -l /var/lib/tor/state; do sleep 1; done
|
until ls -l /var/lib/tor/state; do sleep 1; done
|
||||||
|
|
||||||
mkdir -p -m 0755 ${dataDir}
|
|
||||||
cd ${dataDir}
|
cd ${dataDir}
|
||||||
|
|
||||||
# Create directory for every user and set permissions
|
# Create directory for every user and set permissions
|
||||||
|
@ -68,6 +67,10 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '${dataDir}' 0755 root root - -"
|
||||||
|
];
|
||||||
|
|
||||||
systemd.services.onion-chef = {
|
systemd.services.onion-chef = {
|
||||||
description = "Run onion-chef";
|
description = "Run onion-chef";
|
||||||
wantedBy = [ "tor.service" ];
|
wantedBy = [ "tor.service" ];
|
||||||
|
|
|
@ -5,7 +5,6 @@ with lib;
|
||||||
let
|
let
|
||||||
cfg = config.services.spark-wallet;
|
cfg = config.services.spark-wallet;
|
||||||
inherit (config) nix-bitcoin-services;
|
inherit (config) nix-bitcoin-services;
|
||||||
dataDir = "/var/lib/spark-wallet/";
|
|
||||||
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
onion-chef-service = (if cfg.onion-service then [ "onion-chef.service" ] else []);
|
||||||
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
run-spark-wallet = pkgs.writeScript "run-spark-wallet" ''
|
||||||
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
|
CMD="${pkgs.nix-bitcoin.spark-wallet}/bin/spark-wallet --ln-path ${cfg.ln-path} -Q -k -c ${config.nix-bitcoin.secretsDir}/spark-wallet-login"
|
||||||
|
|
Loading…
Reference in New Issue
Block a user