From 63b3eec9cd5125c7bfe0c70743756c5c4d862e3c Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:37 +0200 Subject: [PATCH 1/9] push-release.sh: fix pushing to master branch --- helper/push-release.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/helper/push-release.sh b/helper/push-release.sh index 2648706..9e833a3 100755 --- a/helper/push-release.sh +++ b/helper/push-release.sh @@ -8,6 +8,8 @@ OAUTH_TOKEN= DRY_RUN= TAG_NAME= +trap 'echo "Error at ${BASH_SOURCE[0]}:$LINENO"' ERR + for arg in "$@"; do case $arg in --dry-run|-n) @@ -32,6 +34,8 @@ else fi fi +cd "${BASH_SOURCE[0]%/*}" + RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null) echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2) @@ -51,16 +55,17 @@ if [[ ! $DRY_RUN ]]; then trap "rm -rf $TMPDIR" EXIT; fi ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz ARCHIVE=$TMPDIR/$ARCHIVE_NAME -# Need to be in the repositories root directory for archiving +# Need to be in the repo root directory for archiving (cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH) SHA256SUMS=$TMPDIR/SHA256SUMS.txt -# Want to use relative path with sha256sums because it'll output the first +# Use relative path with sha256sums because it'll output the first # argument (cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS) gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS -cd $TMPDIR +pushd $TMPDIR >/dev/null + nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt @@ -90,6 +95,10 @@ post_asset $ARCHIVE post_asset $SHA256SUMS post_asset $SHA256SUMS.asc -git push $GIT_REMOTE $BRANCH:release +popd >/dev/null + +if [[ ! $DRY_RUN ]]; then + git push $GIT_REMOTE $BRANCH:release +fi echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name) From 84fe731c9476d8dae6ba519551dda584fc388411 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:38 +0200 Subject: [PATCH 2/9] treewide: curl: exit with error status on HTTP errors This makes scripts fail early on request errors. Previously, curl exited with status 0 when enountering HTTP error status codes. `-fsS` equals `--fail --silent --show-error`. --- helper/fetch-release | 6 +++--- modules/lnd.nix | 2 +- pkgs/lndinit/get-sha256.sh | 2 +- test/tests.py | 6 +++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/helper/fetch-release b/helper/fetch-release index cc3ffdb..ee14de8 100755 --- a/helper/fetch-release +++ b/helper/fetch-release @@ -8,7 +8,7 @@ trap 'echo "Error at ${BASH_SOURCE[0]}, line $LINENO"' ERR repo=fort-nix/nix-bitcoin if [[ ! -v version ]]; then - version=$(curl -s --show-error "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) + version=$(curl -fsS "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) fi TMPDIR=$(mktemp -d) @@ -27,8 +27,8 @@ gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null # Fetch nar-hash of release cd $TMPDIR baseUrl=https://github.com/$repo/releases/download/v$version -curl -s --show-error -L -O $baseUrl/nar-hash.txt -curl -s --show-error -L -O $baseUrl/nar-hash.txt.asc +curl -fsS -L -O $baseUrl/nar-hash.txt +curl -fsS -L -O $baseUrl/nar-hash.txt.asc # Verify signature for nar-hash gpg --verify nar-hash.txt.asc &> /dev/null || { diff --git a/modules/lnd.nix b/modules/lnd.nix index 8f0fe3a..8cdbcd4 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -234,7 +234,7 @@ in { RestartSec = "10s"; ReadWritePaths = [ cfg.dataDir ]; ExecStartPost = let - curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}"; + curl = "${pkgs.curl}/bin/curl -fsS --cacert ${cfg.certPath}"; restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1"; in # Setting macaroon permissions for other users needs root permissions diff --git a/pkgs/lndinit/get-sha256.sh b/pkgs/lndinit/get-sha256.sh index b2533c0..ba65d22 100755 --- a/pkgs/lndinit/get-sha256.sh +++ b/pkgs/lndinit/get-sha256.sh @@ -8,7 +8,7 @@ cd $TMPDIR echo "Fetching latest release" repo=lightninglabs/lndinit -latest=$(curl -s --show-error https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name) +latest=$(curl -fsS https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name) echo "Latest release is $latest" git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null cd lndinit diff --git a/test/tests.py b/test/tests.py index 3f56bb0..e1599ab 100644 --- a/test/tests.py +++ b/test/tests.py @@ -203,13 +203,13 @@ def _(): wait_for_open_port(ip("btcpayserver"), 23000) # test lnd custom macaroon assert_matches( - "runuser -u btcpayserver -- curl -s --cacert /secrets/lnd-cert " + "runuser -u btcpayserver -- curl -fsS --cacert /secrets/lnd-cert " '--header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /run/lnd/btcpayserver.macaroon)" ' f"-X GET https://{ip('lnd')}:8080/v1/getinfo | jq", '"version"', ) # Test web server response - assert_matches(f"curl -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay Server") + assert_matches(f"curl -fsS -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay Server") @test("rtl") def _(): @@ -230,7 +230,7 @@ def _(): assert_running("spark-wallet") wait_for_open_port(ip("spark-wallet"), 9737) spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] - assert_matches(f"curl -s {spark_auth}@{ip('spark-wallet')}:9737", "Spark") + assert_matches(f"curl -fsS {spark_auth}@{ip('spark-wallet')}:9737", "Spark") @test("joinmarket") def _(): From 15288d58e1d4456f569b49b859f152b3a4247a21 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:39 +0200 Subject: [PATCH 3/9] lnd: rename var `mnemonic` -> `seed` This matches lnd's terminology. --- modules/lnd.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/lnd.nix b/modules/lnd.nix index 8cdbcd4..25e26c6 100644 --- a/modules/lnd.nix +++ b/modules/lnd.nix @@ -205,16 +205,16 @@ in { } >> '${cfg.dataDir}/lnd.conf' if [[ ! -f ${networkDir}/wallet.db ]]; then - mnemonic='${cfg.dataDir}/lnd-seed-mnemonic' + seed='${cfg.dataDir}/lnd-seed-mnemonic' - if [[ ! -f "$mnemonic" ]]; then + if [[ ! -f "$seed" ]]; then echo "Create lnd seed" - (umask u=r,go=; ${lndinit} gen-seed > "$mnemonic") + (umask u=r,go=; ${lndinit} gen-seed > "$seed") fi echo "Create lnd wallet" ${lndinit} -v init-wallet \ - --file.seed="$mnemonic" \ + --file.seed="$seed" \ --file.wallet-password='${secretsDir}/lnd-wallet-password' \ --init-file.output-wallet-dir='${cfg.networkDir}' fi From e2721a9039e0dd545ca6b1406078b75b0f595d53 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:41 +0200 Subject: [PATCH 4/9] examples/configuration.nix: update system.stateVersion --- examples/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/configuration.nix b/examples/configuration.nix index bc1c990..1368813 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -274,7 +274,7 @@ # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "21.05"; # Did you read the comment? + system.stateVersion = "21.11"; # Did you read the comment? # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an From 107ee27be31ae88c595489248c864683493d5c91 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:42 +0200 Subject: [PATCH 5/9] docs/configuration: improve wording --- docs/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.md b/docs/configuration.md index f65446a..a9f1aea 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -178,7 +178,7 @@ Some services require extra steps: # Use bitcoind from another node -Use a bitcoind instance running on another node within a nix-bitcoin config. +Here's how to use a bitcoind instance running on another node within a nix-bitcoin config: ```nix imports = [ ]; From 3d32c0afeb4eaa5b71728604a04213f6af3ee4c6 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:43 +0200 Subject: [PATCH 6/9] docs/configuration: clarify description It's not entirely clear what 'updating the secrets' means (it refers to the previous step), so just remove this part. --- docs/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/configuration.md b/docs/configuration.md index a9f1aea..1e1a0ca 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -226,7 +226,7 @@ $secretsDir/bitcoin-rpcpassword-public ``` See: [Secrets dir](#secrets-dir) -Restart `bitcoind` after updating the secrets: `systemctl restart bitcoind`. +Afterwards, restart `bitcoind`: `systemctl restart bitcoind`. # Temporarily disable a service From 9649785dd5d2e588807a2ca96dc13792e46b12aa Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Tue, 17 May 2022 13:18:44 +0200 Subject: [PATCH 7/9] docs/configuration: improve formatting Join paragraphs that refer to the same topic. --- docs/configuration.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 1e1a0ca..98c0f53 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -22,8 +22,7 @@ This fetches the latest release, verifies its signatures and updates `nix-bitcoi ## Get started with Nix See [Nix - A One Pager](https://github.com/tazjin/nix-1p) for a short guide -to Nix, the language used in `configuration.nix`. - +to Nix, the language used in `configuration.nix`.\ You can follow along this guide by running command `nix repl` which allows you to interactively evaluate Nix expressions. From 571983a993058c07be6fb8a1673ff4eaa0c5ea0f Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Fri, 6 May 2022 17:03:21 +0200 Subject: [PATCH 8/9] docs/services: improve lndconnect section --- docs/services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/services.md b/docs/services.md index c2ceda6..90a71dc 100644 --- a/docs/services.md +++ b/docs/services.md @@ -44,7 +44,7 @@ You can find the `` with command `nodeinfo`. The default password location is `$secretsDir/rtl-password`. See: [Secrets dir](./configuration.md#secrets-dir) -# Use LND or clightning with Zeus (smartphone wallet) via Tor +# Use LND or clightning with Zeus (mobile wallet) via Tor 1. Install [Zeus](https://zeusln.app) 2. Edit your `configuration.nix` @@ -86,7 +86,7 @@ See: [Secrets dir](./configuration.md#secrets-dir) - Select `Scan lndconnect config` (at the bottom) and scan the QR code - For clightning: Set `Node interface` to `c-lightning-REST` - Click `Save node config` - - Start sending sats privately + - Start sending and stacking sats privately ### Additional lndconnect features Create plain text URLs or QR code images: From ef93a9a8bd8b14d3f50e4b4fd6564a50234b0e4a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Wed, 18 May 2022 13:33:45 +0200 Subject: [PATCH 9/9] rtl: formatting --- modules/rtl.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/rtl.nix b/modules/rtl.nix index 8dbab0c..919a077 100644 --- a/modules/rtl.nix +++ b/modules/rtl.nix @@ -3,7 +3,7 @@ with lib; let options.services.rtl = { - enable = mkEnableOption "Ride The Lightning, a web interface for lnd and clightning "; + enable = mkEnableOption "Ride The Lightning, a web interface for lnd and clightning"; address = mkOption { type = types.str; default = "127.0.0.1";