fort-nix/nix-bitcoin
1
1
Fork 0
mirror of https://github.com/fort-nix/nix-bitcoin.git synced 2024-11-22 13:14:15 +03:00
Code Issues Packages Projects Releases Wiki Activity

treewide: ensure services are started after secrets setup

Browse Source 
Now all services that access secrets only run after the secrets setup
has finished.

Previously, we assumed that the systemd `after` dependency is
transitive, i.e. that adding an `after = [ "bitcoind.service" ]`
to a service implicitly pulled in the `after` dependency to
`nix-bitcoin-secrets.target` (which is defined for `bitcoind`).
This is not the case. Services could start before secrets setup
had finished, leading to service failure.
This commit is contained in:
Erik Arvstedt 2023-10-03 13:00:23 +02:00
parent 29a32ac53b
commit 90ce68cb16
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
11 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/backups.nix
View File

@ -106,7 +106,7 @@ in {
systemd.services.duplicity = { systemd.services.duplicity = {
wants = postgresqlBackupServices; wants = postgresqlBackupServices;
after = postgresqlBackupServices; after = postgresqlBackupServices ++ [ "nix-bitcoin-secrets.target" ];
}; };
services.postgresqlBackup = { services.postgresqlBackup = {

2
modules/btcpayserver.nix
View File

@ -174,7 +174,7 @@ in {
in rec { in rec {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" "postgresql.service" ] ++ optional cfg.btcpayserver.lbtc "liquidd.service"; requires = [ "bitcoind.service" "postgresql.service" ] ++ optional cfg.btcpayserver.lbtc "liquidd.service";
after = requires; after = requires ++ [ "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config' install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config'
{ {

2
modules/clightning.nix
View File

@ -168,7 +168,7 @@ in {
path = [ bitcoind.package ]; path = [ bitcoind.package ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
umask u=rw,g=r,o= umask u=rw,g=r,o=
{ {

2
modules/electrs.nix
View File

@ -68,7 +68,7 @@ in {
systemd.services.electrs = { systemd.services.electrs = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
echo "auth = \"${bitcoind.rpc.users.public.name}:$(cat ${secretsDir}/bitcoin-rpcpassword-public)\"" \ echo "auth = \"${bitcoind.rpc.users.public.name}:$(cat ${secretsDir}/bitcoin-rpcpassword-public)\"" \
> electrs.toml > electrs.toml

2
modules/fulcrum.nix
View File

@ -112,7 +112,7 @@ in {
systemd.services.fulcrum = { systemd.services.fulcrum = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
{ {
cat ${configFile} cat ${configFile}

2
modules/joinmarket-ob-watcher.nix
View File

@ -75,7 +75,7 @@ in {
systemd.services.joinmarket-ob-watcher = rec { systemd.services.joinmarket-ob-watcher = rec {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "tor.service" "bitcoind.service" ]; requires = [ "tor.service" "bitcoind.service" ];
after = requires; after = requires ++ [ "nix-bitcoin-secrets.target" ];
# The service writes to HOME/.config/matplotlib # The service writes to HOME/.config/matplotlib
environment.HOME = cfg.dataDir; environment.HOME = cfg.dataDir;
preStart = '' preStart = ''

4
modules/joinmarket.nix
View File

@ -303,7 +303,7 @@ in {
systemd.services.joinmarket = { systemd.services.joinmarket = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
{ {
cat ${configFile} cat ${configFile}
@ -387,7 +387,7 @@ in {
systemd.services.joinmarket-yieldgenerator = { systemd.services.joinmarket-yieldgenerator = {
wantedBy = [ "joinmarket.service" ]; wantedBy = [ "joinmarket.service" ];
requires = [ "joinmarket.service" ]; requires = [ "joinmarket.service" ];
after = [ "joinmarket.service" ]; after = [ "joinmarket.service" "nix-bitcoin-secrets.target" ];
script = '' script = ''
tr -d "\n" <"${secretsDir}/jm-wallet-password" \ tr -d "\n" <"${secretsDir}/jm-wallet-password" \
| ${nbPkgs.joinmarket}/bin/jm-yg-privacyenhanced --datadir='${cfg.dataDir}' \ | ${nbPkgs.joinmarket}/bin/jm-yg-privacyenhanced --datadir='${cfg.dataDir}' \

2
modules/lightning-loop.nix
View File

@ -126,7 +126,7 @@ in {
systemd.services.lightning-loop = { systemd.services.lightning-loop = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "lnd.service" ]; requires = [ "lnd.service" ];
after = [ "lnd.service" ]; after = [ "lnd.service" "nix-bitcoin-secrets.target" ];
serviceConfig = nbLib.defaultHardening // { serviceConfig = nbLib.defaultHardening // {
ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}"; ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
User = lnd.user; User = lnd.user;

2
modules/liquid.nix
View File

@ -256,7 +256,7 @@ in {
systemd.services.liquidd = { systemd.services.liquidd = {
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = '' preStart = ''
install -m 640 ${configFile} '${cfg.dataDir}/elements.conf' install -m 640 ${configFile} '${cfg.dataDir}/elements.conf'

2
modules/lnd.nix
View File

@ -229,7 +229,7 @@ in {
systemd.services.lnd = { systemd.services.lnd = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ]; requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ]; after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = '' preStart = ''
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf' install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
{ {

2
modules/rtl.nix
View File

@ -189,7 +189,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = optional cfg.nodes.clightning.enable "clightning-rest.service" ++ requires = optional cfg.nodes.clightning.enable "clightning-rest.service" ++
optional cfg.nodes.lnd.enable "lnd.service"; optional cfg.nodes.lnd.enable "lnd.service";
after = requires; after = requires ++ [ "nix-bitcoin-secrets.target" ];
environment.RTL_CONFIG_PATH = cfg.dataDir; environment.RTL_CONFIG_PATH = cfg.dataDir;
environment.DB_DIRECTORY_PATH = cfg.dataDir; environment.DB_DIRECTORY_PATH = cfg.dataDir;
serviceConfig = nbLib.defaultHardening // { serviceConfig = nbLib.defaultHardening // {