modules: use user & group options

I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
This commit is contained in:
nixbitcoin 2021-02-16 16:52:45 +00:00
parent ccef870b74
commit e873326bfe
No known key found for this signature in database
GPG Key ID: DD11F9AD5308B3BA
7 changed files with 16 additions and 16 deletions

View File

@ -385,13 +385,13 @@ in {
users.groups.bitcoinrpc = {};
nix-bitcoin.operator.groups = [ cfg.group ];
nix-bitcoin.secrets.bitcoin-rpcpassword-privileged.user = "bitcoin";
nix-bitcoin.secrets.bitcoin-rpcpassword-privileged.user = cfg.user;
nix-bitcoin.secrets.bitcoin-rpcpassword-public = {
user = "bitcoin";
user = cfg.user;
group = "bitcoinrpc";
};
nix-bitcoin.secrets.bitcoin-HMAC-privileged.user = "bitcoin";
nix-bitcoin.secrets.bitcoin-HMAC-public.user = "bitcoin";
nix-bitcoin.secrets.bitcoin-HMAC-privileged.user = cfg.user;
nix-bitcoin.secrets.bitcoin-HMAC-public.user = cfg.user;
};
}

View File

@ -218,7 +218,7 @@ in {
users.groups.${cfg.nbxplorer.group} = {};
users.users.${cfg.btcpayserver.user} = {
group = cfg.btcpayserver.group;
extraGroups = [ "nbxplorer" ]
extraGroups = [ cfg.nbxplorer.group ]
++ optional (cfg.btcpayserver.lightningBackend == "clightning") cfg.clightning.user;
home = cfg.btcpayserver.dataDir;
};
@ -226,10 +226,10 @@ in {
nix-bitcoin.secrets = {
bitcoin-rpcpassword-btcpayserver = {
user = "bitcoin";
group = "nbxplorer";
user = cfg.bitcoind.user;
group = cfg.nbxplorer.group;
};
bitcoin-HMAC-btcpayserver.user = "bitcoin";
bitcoin-HMAC-btcpayserver.user = cfg.bitcoind.user;
};
};
}

View File

@ -110,7 +110,7 @@ in {
users.users.${cfg.user} = {
group = cfg.group;
extraGroups = [ "bitcoinrpc" ] ++ optionals cfg.high-memory [ "bitcoin" ];
extraGroups = [ "bitcoinrpc" ] ++ optionals cfg.high-memory [ bitcoind.user ];
};
users.groups.${cfg.group} = {};
};

View File

@ -89,7 +89,7 @@ in {
environment.systemPackages = [ cfg.package (hiPrio cfg.cli) ];
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 lnd lnd - -"
"d '${cfg.dataDir}' 0770 ${config.services.lnd.user} ${config.services.lnd.group} - -"
];
systemd.services.lightning-loop = {
@ -98,7 +98,7 @@ in {
after = [ "lnd.service" ];
serviceConfig = nbLib.defaultHardening // {
ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
User = "lnd";
User = config.services.lnd.user;
Restart = "on-failure";
RestartSec = "10s";
ReadWritePaths = cfg.dataDir;
@ -108,8 +108,8 @@ in {
};
nix-bitcoin.secrets = {
loop-key.user = "lnd";
loop-cert.user = "lnd";
loop-key.user = config.services.lnd.user;
loop-cert.user = config.services.lnd.user;
};
};
}

View File

@ -252,6 +252,6 @@ in {
users.groups.${cfg.group} = {};
nix-bitcoin.operator.groups = [ cfg.group ];
nix-bitcoin.secrets.liquid-rpcpassword.user = "liquid";
nix-bitcoin.secrets.liquid-rpcpassword.user = cfg.user;
};
}

View File

@ -11,7 +11,7 @@ let
lnd = config.services.lnd;
bin = pkgs.writeScriptBin "lndconnect-rest-onion" ''
#!/usr/bin/env -S ${runAsUser} lnd ${pkgs.bash}/bin/bash
#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash
exec ${cfg.package}/bin/lndconnect \
--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/lnd/lnd-rest) \

View File

@ -100,7 +100,7 @@ in {
users.users.recurring-donations = {
group = "recurring-donations";
extraGroups = [ "clightning" ];
extraGroups = [ config.services.clightning.group ];
};
users.groups.recurring-donations = {};
};