Merge fort-nix/nix-bitcoin#486: Minor improvements

ef93a9a8bd rtl: formatting (Erik Arvstedt)
571983a993 docs/services: improve lndconnect section (Erik Arvstedt)
9649785dd5 docs/configuration: improve formatting (Erik Arvstedt)
3d32c0afeb docs/configuration: clarify description (Erik Arvstedt)
107ee27be3 docs/configuration: improve wording (Erik Arvstedt)
e2721a9039 examples/configuration.nix: update system.stateVersion (Erik Arvstedt)
15288d58e1 lnd: rename var `mnemonic` -> `seed` (Erik Arvstedt)
84fe731c94 treewide: curl: exit with error status on HTTP errors (Erik Arvstedt)
63b3eec9cd push-release.sh: fix pushing to master branch (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK ef93a9a8bd

Tree-SHA512: 5031f6fbeb6c6a57a34f3d483bc100e0035ff382ef7a03ed600276756aa040d19513d28b8dbd9406d75c18b3f7776381e46a4b6c6b9a1a33ef6990b71d1da1a7
This commit is contained in:
Jonas Nick 2022-05-20 11:51:16 +00:00
commit 19d44c6508
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
9 changed files with 32 additions and 24 deletions

View File

@ -22,8 +22,7 @@ This fetches the latest release, verifies its signatures and updates `nix-bitcoi
## Get started with Nix ## Get started with Nix
See [Nix - A One Pager](https://github.com/tazjin/nix-1p) for a short guide See [Nix - A One Pager](https://github.com/tazjin/nix-1p) for a short guide
to Nix, the language used in `configuration.nix`. to Nix, the language used in `configuration.nix`.\
You can follow along this guide by running command `nix repl` which allows you to interactively You can follow along this guide by running command `nix repl` which allows you to interactively
evaluate Nix expressions. evaluate Nix expressions.
@ -178,7 +177,7 @@ Some services require extra steps:
# Use bitcoind from another node # Use bitcoind from another node
Use a bitcoind instance running on another node within a nix-bitcoin config. Here's how to use a bitcoind instance running on another node within a nix-bitcoin config:
```nix ```nix
imports = [ <nix-bitcoin/modules/presets/bitcoind-remote.nix> ]; imports = [ <nix-bitcoin/modules/presets/bitcoind-remote.nix> ];
@ -226,7 +225,7 @@ $secretsDir/bitcoin-rpcpassword-public
``` ```
See: [Secrets dir](#secrets-dir) See: [Secrets dir](#secrets-dir)
Restart `bitcoind` after updating the secrets: `systemctl restart bitcoind`. Afterwards, restart `bitcoind`: `systemctl restart bitcoind`.
# Temporarily disable a service # Temporarily disable a service

View File

@ -44,7 +44,7 @@ You can find the `<onion-address>` with command `nodeinfo`.
The default password location is `$secretsDir/rtl-password`. The default password location is `$secretsDir/rtl-password`.
See: [Secrets dir](./configuration.md#secrets-dir) See: [Secrets dir](./configuration.md#secrets-dir)
# Use LND or clightning with Zeus (smartphone wallet) via Tor # Use LND or clightning with Zeus (mobile wallet) via Tor
1. Install [Zeus](https://zeusln.app) 1. Install [Zeus](https://zeusln.app)
2. Edit your `configuration.nix` 2. Edit your `configuration.nix`
@ -86,7 +86,7 @@ See: [Secrets dir](./configuration.md#secrets-dir)
- Select `Scan lndconnect config` (at the bottom) and scan the QR code - Select `Scan lndconnect config` (at the bottom) and scan the QR code
- For clightning: Set `Node interface` to `c-lightning-REST` - For clightning: Set `Node interface` to `c-lightning-REST`
- Click `Save node config` - Click `Save node config`
- Start sending sats privately - Start sending and stacking sats privately
### Additional lndconnect features ### Additional lndconnect features
Create plain text URLs or QR code images: Create plain text URLs or QR code images:

View File

@ -274,7 +274,7 @@
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you
# should. # should.
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.11"; # Did you read the comment?
# The nix-bitcoin release version that your config is compatible with. # The nix-bitcoin release version that your config is compatible with.
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an # When upgrading to a backwards-incompatible release, nix-bitcoin will display an

View File

@ -8,7 +8,7 @@ trap 'echo "Error at ${BASH_SOURCE[0]}, line $LINENO"' ERR
repo=fort-nix/nix-bitcoin repo=fort-nix/nix-bitcoin
if [[ ! -v version ]]; then if [[ ! -v version ]]; then
version=$(curl -s --show-error "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2) version=$(curl -fsS "https://api.github.com/repos/$repo/releases/latest" | jq -r '.tag_name' | tail -c +2)
fi fi
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
@ -27,8 +27,8 @@ gpg --list-keys "36C7 1A37 C9D9 88BD E825 08D9 B1A7 0E4F 8DCD 0366" > /dev/null
# Fetch nar-hash of release # Fetch nar-hash of release
cd $TMPDIR cd $TMPDIR
baseUrl=https://github.com/$repo/releases/download/v$version baseUrl=https://github.com/$repo/releases/download/v$version
curl -s --show-error -L -O $baseUrl/nar-hash.txt curl -fsS -L -O $baseUrl/nar-hash.txt
curl -s --show-error -L -O $baseUrl/nar-hash.txt.asc curl -fsS -L -O $baseUrl/nar-hash.txt.asc
# Verify signature for nar-hash # Verify signature for nar-hash
gpg --verify nar-hash.txt.asc &> /dev/null || { gpg --verify nar-hash.txt.asc &> /dev/null || {

View File

@ -8,6 +8,8 @@ OAUTH_TOKEN=
DRY_RUN= DRY_RUN=
TAG_NAME= TAG_NAME=
trap 'echo "Error at ${BASH_SOURCE[0]}:$LINENO"' ERR
for arg in "$@"; do for arg in "$@"; do
case $arg in case $arg in
--dry-run|-n) --dry-run|-n)
@ -32,6 +34,8 @@ else
fi fi
fi fi
cd "${BASH_SOURCE[0]%/*}"
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null) RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2) echo "Latest release" $(echo $RESPONSE | jq -r '.tag_name' | tail -c +2)
@ -51,16 +55,17 @@ if [[ ! $DRY_RUN ]]; then trap "rm -rf $TMPDIR" EXIT; fi
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
ARCHIVE=$TMPDIR/$ARCHIVE_NAME ARCHIVE=$TMPDIR/$ARCHIVE_NAME
# Need to be in the repositories root directory for archiving # Need to be in the repo root directory for archiving
(cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH) (cd $(git rev-parse --show-toplevel); git archive --format=tar.gz -o $ARCHIVE $BRANCH)
SHA256SUMS=$TMPDIR/SHA256SUMS.txt SHA256SUMS=$TMPDIR/SHA256SUMS.txt
# Want to use relative path with sha256sums because it'll output the first # Use relative path with sha256sums because it'll output the first
# argument # argument
(cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS) (cd $TMPDIR; sha256sum $ARCHIVE_NAME > $SHA256SUMS)
gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS gpg -o $SHA256SUMS.asc -a --detach-sig $SHA256SUMS
cd $TMPDIR pushd $TMPDIR >/dev/null
nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt nix hash to-sri --type sha256 $(nix-prefetch-url --unpack file://$ARCHIVE 2> /dev/null) > nar-hash.txt
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
@ -90,6 +95,10 @@ post_asset $ARCHIVE
post_asset $SHA256SUMS post_asset $SHA256SUMS
post_asset $SHA256SUMS.asc post_asset $SHA256SUMS.asc
popd >/dev/null
if [[ ! $DRY_RUN ]]; then
git push $GIT_REMOTE $BRANCH:release git push $GIT_REMOTE $BRANCH:release
fi
echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name) echo "Successfully created" $(echo $POST_DATA | jq -r .tag_name)

View File

@ -205,16 +205,16 @@ in {
} >> '${cfg.dataDir}/lnd.conf' } >> '${cfg.dataDir}/lnd.conf'
if [[ ! -f ${networkDir}/wallet.db ]]; then if [[ ! -f ${networkDir}/wallet.db ]]; then
mnemonic='${cfg.dataDir}/lnd-seed-mnemonic' seed='${cfg.dataDir}/lnd-seed-mnemonic'
if [[ ! -f "$mnemonic" ]]; then if [[ ! -f "$seed" ]]; then
echo "Create lnd seed" echo "Create lnd seed"
(umask u=r,go=; ${lndinit} gen-seed > "$mnemonic") (umask u=r,go=; ${lndinit} gen-seed > "$seed")
fi fi
echo "Create lnd wallet" echo "Create lnd wallet"
${lndinit} -v init-wallet \ ${lndinit} -v init-wallet \
--file.seed="$mnemonic" \ --file.seed="$seed" \
--file.wallet-password='${secretsDir}/lnd-wallet-password' \ --file.wallet-password='${secretsDir}/lnd-wallet-password' \
--init-file.output-wallet-dir='${cfg.networkDir}' --init-file.output-wallet-dir='${cfg.networkDir}'
fi fi
@ -234,7 +234,7 @@ in {
RestartSec = "10s"; RestartSec = "10s";
ReadWritePaths = [ cfg.dataDir ]; ReadWritePaths = [ cfg.dataDir ];
ExecStartPost = let ExecStartPost = let
curl = "${pkgs.curl}/bin/curl -s --show-error --cacert ${cfg.certPath}"; curl = "${pkgs.curl}/bin/curl -fsS --cacert ${cfg.certPath}";
restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1"; restUrl = "https://${nbLib.addressWithPort cfg.restAddress cfg.restPort}/v1";
in in
# Setting macaroon permissions for other users needs root permissions # Setting macaroon permissions for other users needs root permissions

View File

@ -8,7 +8,7 @@ cd $TMPDIR
echo "Fetching latest release" echo "Fetching latest release"
repo=lightninglabs/lndinit repo=lightninglabs/lndinit
latest=$(curl -s --show-error https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name) latest=$(curl -fsS https://api.github.com/repos/$repo/releases/latest | jq -r .tag_name)
echo "Latest release is $latest" echo "Latest release is $latest"
git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null git clone --depth 1 --branch $latest https://github.com/lightninglabs/lndinit 2>/dev/null
cd lndinit cd lndinit

View File

@ -203,13 +203,13 @@ def _():
wait_for_open_port(ip("btcpayserver"), 23000) wait_for_open_port(ip("btcpayserver"), 23000)
# test lnd custom macaroon # test lnd custom macaroon
assert_matches( assert_matches(
"runuser -u btcpayserver -- curl -s --cacert /secrets/lnd-cert " "runuser -u btcpayserver -- curl -fsS --cacert /secrets/lnd-cert "
'--header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /run/lnd/btcpayserver.macaroon)" ' '--header "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /run/lnd/btcpayserver.macaroon)" '
f"-X GET https://{ip('lnd')}:8080/v1/getinfo | jq", f"-X GET https://{ip('lnd')}:8080/v1/getinfo | jq",
'"version"', '"version"',
) )
# Test web server response # Test web server response
assert_matches(f"curl -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay&nbsp;Server") assert_matches(f"curl -fsS -L {ip('btcpayserver')}:23000", "Welcome to your BTCPay&nbsp;Server")
@test("rtl") @test("rtl")
def _(): def _():
@ -230,7 +230,7 @@ def _():
assert_running("spark-wallet") assert_running("spark-wallet")
wait_for_open_port(ip("spark-wallet"), 9737) wait_for_open_port(ip("spark-wallet"), 9737)
spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1] spark_auth = re.search("login=(.*)", succeed("cat /secrets/spark-wallet-login"))[1]
assert_matches(f"curl -s {spark_auth}@{ip('spark-wallet')}:9737", "Spark") assert_matches(f"curl -fsS {spark_auth}@{ip('spark-wallet')}:9737", "Spark")
@test("joinmarket") @test("joinmarket")
def _(): def _():