From 1b40956aae7eceb4cd219f5605645a611d2d2703 Mon Sep 17 00:00:00 2001 From: Casey Rodarmor Date: Thu, 26 Dec 2024 15:09:31 -0800 Subject: [PATCH] Set --disable-json-api with environment variable (#4154) --- Cargo.toml | 2 +- deploy/ord.service | 3 +-- deploy/setup | 16 ++++++++++++---- src/subcommand/server.rs | 2 +- 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ecee452933..ea4e075719 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,7 @@ boilerplate = { version = "1.0.0", features = ["axum"] } brotli = "7.0.0" chrono = { version = "0.4.19", features = ["serde"] } ciborium = "0.2.1" -clap = { version = "4.4.2", features = ["derive"] } +clap = { version = "4.4.2", features = ["derive", "env"] } colored = "2.0.4" ctrlc = { version = "3.2.1", features = ["termination"] } dirs = "5.0.0" diff --git a/deploy/ord.service b/deploy/ord.service index a9812d34f9..2ebda3882d 100644 --- a/deploy/ord.service +++ b/deploy/ord.service @@ -20,8 +20,7 @@ ExecStart=/usr/local/bin/ord \ --acme-contact mailto:casey@rodarmor.com \ --csp-origin https://${CSP_ORIGIN} \ --http \ - --https \ - --disable-json-api + --https Group=ord LimitNOFILE=65536 MemoryDenyWriteExecute=true diff --git a/deploy/setup b/deploy/setup index 206c4249ce..59f9f1d586 100755 --- a/deploy/setup +++ b/deploy/setup @@ -73,9 +73,17 @@ mkdir -p \ /etc/systemd/system/bitcoind.service.d \ /etc/systemd/system/ord.service.d -printf "[Service]\nEnvironment=CHAIN=%s\nEnvironment=CSP_ORIGIN=%s\n" $CHAIN $CSP_ORIGIN \ - | tee /etc/systemd/system/bitcoind.service.d/override.conf \ - > /etc/systemd/system/ord.service.d/override.conf +OVERRIDE=/etc/systemd/system/ord.service.d/override.conf + +echo '[Service]' > $OVERRIDE +echo "Environment=CHAIN=$CHAIN" >> $OVERRIDE +echo "Environment=CSP_ORIGIN=$CSP_ORIGIN" >> $OVERRIDE + +if [[ $CHAIN == main ]]; then + echo Environment=ORD_SERVER_DISABLE_JSON_API=true >> $OVERRIDE +fi + +cp $OVERRIDE /etc/systemd/system/bitcoind.service.d/override.conf sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config sshd -t @@ -89,7 +97,7 @@ fi bitcoind --version -chown bitcoin:bitcoin /var/lib/bitcoind/settings.json +rm -f /var/lib/bitcoind/settings.json if [[ ! -e ~/.cargo/env ]]; then curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y diff --git a/src/subcommand/server.rs b/src/subcommand/server.rs index 547060ea0f..c715d2a932 100644 --- a/src/subcommand/server.rs +++ b/src/subcommand/server.rs @@ -100,7 +100,7 @@ pub struct Server { help = "Decompress encoded content. Currently only supports brotli. Be careful using this on production instances. A decompressed inscription may be arbitrarily large, making decompression a DoS vector." )] pub(crate) decompress: bool, - #[arg(long, help = "Disable JSON API.")] + #[arg(long, env = "ORD_SERVER_DISABLE_JSON_API", help = "Disable JSON API.")] pub(crate) disable_json_api: bool, #[arg( long,