mirror of
https://github.com/fort-nix/nix-bitcoin.git
synced 2024-11-30 03:32:05 +03:00
0248e6493f
Mitigates a security issue that allows unprivileged users to read other unprivileged user's processes' credentials from CGroup using `systemctl status`.
48 lines
1.1 KiB
Nix
48 lines
1.1 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./bitcoind.nix
|
|
./clightning.nix
|
|
./lightning-charge.nix
|
|
./nanopos.nix
|
|
./liquid.nix
|
|
./spark-wallet.nix
|
|
./electrs.nix
|
|
./onion-chef.nix
|
|
./recurring-donations.nix
|
|
./hardware-wallets.nix
|
|
./lnd.nix
|
|
./secrets/secrets.nix
|
|
./netns-isolation.nix
|
|
./dbus.nix
|
|
];
|
|
|
|
disabledModules = [ "services/networking/bitcoind.nix" ];
|
|
|
|
options = {
|
|
nix-bitcoin-services = lib.mkOption {
|
|
readOnly = true;
|
|
default = import ./nix-bitcoin-services.nix lib pkgs;
|
|
};
|
|
};
|
|
|
|
config = {
|
|
assertions = [
|
|
# lnd.wantedBy == [] needed for `test/tests.nix` in which both clightning and lnd are enabled
|
|
{ assertion = config.services.lnd.enable -> (!config.services.clightning.enable || config.systemd.services.lnd.wantedBy == []);
|
|
message = ''
|
|
LND and clightning can't be run in parallel because they both bind to lightning port 9735.
|
|
'';
|
|
}
|
|
];
|
|
|
|
nixpkgs.overlays = [ (self: super: {
|
|
nix-bitcoin = let
|
|
pkgs = import ../pkgs { pkgs = super; };
|
|
in
|
|
pkgs // pkgs.pinned;
|
|
}) ];
|
|
};
|
|
}
|