From 455c5664c9beefc3fc68491523481988801e9536 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Sat, 21 Mar 2020 19:42:59 +0000 Subject: [PATCH] docs: Replace tabs with spaces --- docs/install.md | 458 ++++++++++++++++++++++++------------------------ docs/usage.md | 274 ++++++++++++++--------------- 2 files changed, 366 insertions(+), 366 deletions(-) diff --git a/docs/install.md b/docs/install.md index 4c57e08..11015ac 100644 --- a/docs/install.md +++ b/docs/install.md @@ -18,35 +18,35 @@ The following steps are meant to be run on the machine you deploy from, not the 1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch) - ``` - echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list - ``` + ``` + echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list + ``` 2. Add Oracle VirtualBox public key - ``` - wget https://www.virtualbox.org/download/oracle_vbox_2016.asc - gpg2 oracle_vbox_2016.asc - ``` + ``` + wget https://www.virtualbox.org/download/oracle_vbox_2016.asc + gpg2 oracle_vbox_2016.asc + ``` - Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF + Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF - ``` - sudo apt-key add oracle_vbox_2016.asc - ``` + ``` + sudo apt-key add oracle_vbox_2016.asc + ``` 3. Install virtualbox-5.2 - ``` - sudo apt-get update - sudo apt-get install virtualbox-5.2 - ``` + ``` + sudo apt-get update + sudo apt-get install virtualbox-5.2 + ``` 3. Create Host Adapter in VirtualBox - ``` - vboxmanage hostonlyif create - ``` + ``` + vboxmanage hostonlyif create + ``` ## 2. Nix installation The following steps are meant to be run on the machine you deploy from, not the machine you deploy to. @@ -54,75 +54,75 @@ You can also build Nix from source by following the instructions at https://nixo 1. Install Dependencies (Debian 9 stretch) - ``` - sudo apt-get install curl git gnupg2 dirmngr - ``` + ``` + sudo apt-get install curl git gnupg2 dirmngr + ``` 2. Install latest Nix in "multi-user mode" with GPG Verification - ``` - curl -o install-nix https://nixos.org/nix/install - curl -o install-nix.sig https://nixos.org/nix/install.sig - gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE - gpg2 --verify ./install-nix.sig - sh ./install-nix --daemon - ``` + ``` + curl -o install-nix https://nixos.org/nix/install + curl -o install-nix.sig https://nixos.org/nix/install.sig + gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE + gpg2 --verify ./install-nix.sig + sh ./install-nix --daemon + ``` - Then follow the instructions. Open a new terminal window when you're done. + Then follow the instructions. Open a new terminal window when you're done. - If you get an error similar to - ``` - error: cloning builder process: Operation not permitted - error: unable to start build process - /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile - ``` - you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. + If you get an error similar to + ``` + error: cloning builder process: Operation not permitted + error: unable to start build process + /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile + ``` + you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. 3. Optional: Disallow substitutes - You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. - This eliminates an attack vector where nix's build server or binary cache is compromised. + You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. + This eliminates an attack vector where nix's build server or binary cache is compromised. ## 3. Nixops deployment 1. Clone this project - ``` - cd - git clone https://github.com/fort-nix/nix-bitcoin - cd ~/nix-bitcoin - ``` + ``` + cd + git clone https://github.com/fort-nix/nix-bitcoin + cd ~/nix-bitcoin + ``` 2. Setup environment - ``` - nix-shell - ``` + ``` + nix-shell + ``` - This will set up your nix-bitcoin environment and might take a while without giving an output. + This will set up your nix-bitcoin environment and might take a while without giving an output. 3. Create nixops deployment in nix-shell. - ``` - nixops create network/network.nix network/network-vbox.nix -d bitcoin-node - ``` + ``` + nixops create network/network.nix network/network-vbox.nix -d bitcoin-node + ``` 4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`. 5. Deploy Nixops in nix-shell - ``` - nixops deploy -d bitcoin-node - ``` + ``` + nixops deploy -d bitcoin-node + ``` - This will now create a nix-bitcoin node on the target machine. + This will now create a nix-bitcoin node on the target machine. 6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with - ``` - nixops ssh operator@bitcoin-node - ``` + ``` + nixops ssh operator@bitcoin-node + ``` See [usage.md](usage.md) for usage instructions, such as how to update. @@ -138,15 +138,15 @@ Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox (macOS host) The following steps are meant to be run on the machine you deploy from, not the machine you deploy to. 1. Download and install VirtualBox - Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads) + Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads) - Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle. + Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle. 2. Create Host Adapter in VirtualBox - ``` - vboxmanage hostonlyif create - ``` + ``` + vboxmanage hostonlyif create + ``` ## 2. Nix installation (macOS) @@ -157,20 +157,20 @@ In order to build binaries for your linux (NixOS) virtual machine on a macOS hos 1. Installation - ``` - nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder + ``` + nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder nix-linuxkit-configure - ``` + ``` - You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs. + You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs. 2. Confirm that nix-linuxkit works ``` - nix-build ~/.cache/nix-linuxkit-builder/example.nix - ``` + nix-build ~/.cache/nix-linuxkit-builder/example.nix + ``` - As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards. + As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards. ## 4. Nixops deployment (macOS) @@ -195,53 +195,53 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht 1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example: - ``` - wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso - sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso - # output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e - ``` - Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd. + ``` + wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso + sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso + # output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e + ``` + Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd. 2. Write NixOS iso to install media (USB/CD). For example: - ``` - cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX - ``` + ``` + cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX + ``` - Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l` + Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l` 3. Boot the system - You will have to find out if your hardware uses UEFI or Legacy Boot for the next step. + You will have to find out if your hardware uses UEFI or Legacy Boot for the next step. 4. Option 1: Partition and format for UEFI - ``` - parted /dev/sda -- mklabel gpt - parted /dev/sda -- mkpart primary 512MiB -8GiB - parted /dev/sda -- mkpart primary linux-swap -8GiB 100% - parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB - parted /dev/sda -- set 3 boot on - mkfs.ext4 -L nixos /dev/sda1 - mkswap -L swap /dev/sda2 - mkfs.fat -F 32 -n boot /dev/sda3 - mount /dev/disk/by-label/nixos /mnt - mkdir -p /mnt/boot - mount /dev/disk/by-label/boot /mnt/boot - swapon /dev/sda2 - ``` + ``` + parted /dev/sda -- mklabel gpt + parted /dev/sda -- mkpart primary 512MiB -8GiB + parted /dev/sda -- mkpart primary linux-swap -8GiB 100% + parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB + parted /dev/sda -- set 3 boot on + mkfs.ext4 -L nixos /dev/sda1 + mkswap -L swap /dev/sda2 + mkfs.fat -F 32 -n boot /dev/sda3 + mount /dev/disk/by-label/nixos /mnt + mkdir -p /mnt/boot + mount /dev/disk/by-label/boot /mnt/boot + swapon /dev/sda2 + ``` 4. Option 2: Partition and format for Legacy Boot (MBR) - ``` - parted /dev/sda -- mklabel msdos - parted /dev/sda -- mkpart primary 1MiB -8GiB - parted /dev/sda -- mkpart primary linux-swap -8GiB 100% - mkfs.ext4 -L nixos /dev/sda1 - mkswap -L swap /dev/sda2 - mount /dev/disk/by-label/nixos /mnt - swapon /dev/sda2 - ``` + ``` + parted /dev/sda -- mklabel msdos + parted /dev/sda -- mkpart primary 1MiB -8GiB + parted /dev/sda -- mkpart primary linux-swap -8GiB 100% + mkfs.ext4 -L nixos /dev/sda1 + mkswap -L swap /dev/sda2 + mount /dev/disk/by-label/nixos /mnt + swapon /dev/sda2 + ``` 4. Option 3: Set up encrypted partitions: @@ -249,76 +249,76 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht 5. Generate NixOS config - ``` - nixos-generate-config --root /mnt - nano /mnt/etc/nixos/configuration.nix - ``` + ``` + nixos-generate-config --root /mnt + nano /mnt/etc/nixos/configuration.nix + ``` - Option 1: Edit NixOS configuration for UEFI + Option 1: Edit NixOS configuration for UEFI - ``` - { config, pkgs, ... }: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + ``` + { config, pkgs, ... }: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; - boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.enable = true; - # Note: setting fileSystems is generally not - # necessary, since nixos-generate-config figures them out - # automatically in hardware-configuration.nix. - #fileSystems."/".device = "/dev/disk/by-label/nixos"; - - # Enable the OpenSSH server. - services.openssh = { - enable = true; - permitRootLogin = "yes"; - }; - } - ``` + # Note: setting fileSystems is generally not + # necessary, since nixos-generate-config figures them out + # automatically in hardware-configuration.nix. + #fileSystems."/".device = "/dev/disk/by-label/nixos"; - Option 2: Edit NixOS configuration for Legacy Boot (MBR) + # Enable the OpenSSH server. + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; + } + ``` - ``` - { config, pkgs, ... }: { - imports = [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - boot.loader.grub.device = "/dev/sda"; - - # Note: setting fileSystems is generally not - # necessary, since nixos-generate-config figures them out - # automatically in hardware-configuration.nix. - #fileSystems."/".device = "/dev/disk/by-label/nixos"; - - # Enable the OpenSSH server. - services.openssh = { - enable = true; - permitRootLogin = "yes"; - }; - } - ``` + Option 2: Edit NixOS configuration for Legacy Boot (MBR) + + ``` + { config, pkgs, ... }: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.grub.device = "/dev/sda"; + + # Note: setting fileSystems is generally not + # necessary, since nixos-generate-config figures them out + # automatically in hardware-configuration.nix. + #fileSystems."/".device = "/dev/disk/by-label/nixos"; + + # Enable the OpenSSH server. + services.openssh = { + enable = true; + permitRootLogin = "yes"; + }; + } + ``` 6. Do the installation - ``` - nixos-install - ``` - Set root password - ``` - setting root password... - Enter new UNIX password: - Retype new UNIX password: - ``` + ``` + nixos-install + ``` + Set root password + ``` + setting root password... + Enter new UNIX password: + Retype new UNIX password: + ``` 7. If everything went well - ``` - reboot - ``` + ``` + reboot + ``` ## 2. nix-bitcoin installation @@ -327,115 +327,115 @@ You can also build Nix from source by following the instructions at https://nixo 1. Install Dependencies (Debian 9 stretch) - ``` - sudo apt-get install curl git gnupg2 dirmngr - ``` + ``` + sudo apt-get install curl git gnupg2 dirmngr + ``` 2. Install Latest Nix with GPG Verification - ``` - curl -o install-nix https://nixos.org/nix/install - curl -o install-nix.sig https://nixos.org/nix/install.sig - gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE - gpg2 --verify ./install-nix.sig - sh ./install-nix --daemon - . /home/user/.nix-profile/etc/profile.d/nix.sh - ``` + ``` + curl -o install-nix https://nixos.org/nix/install + curl -o install-nix.sig https://nixos.org/nix/install.sig + gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE + gpg2 --verify ./install-nix.sig + sh ./install-nix --daemon + . /home/user/.nix-profile/etc/profile.d/nix.sh + ``` - Then follow the instructions. Open a new terminal window when you're done. + Then follow the instructions. Open a new terminal window when you're done. - If you get an error similar to - ``` - error: cloning builder process: Operation not permitted - error: unable to start build process - /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile - ``` - you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. + If you get an error similar to + ``` + error: cloning builder process: Operation not permitted + error: unable to start build process + /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile + ``` + you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. 3. Optional: Disallow substitutes - You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. - This eliminates an attack vector where nix's build server or binary cache is compromised. + You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. + This eliminates an attack vector where nix's build server or binary cache is compromised. 4. Clone this project - ``` - cd - git clone https://github.com/fort-nix/nix-bitcoin - cd ~/nix-bitcoin - ``` + ``` + cd + git clone https://github.com/fort-nix/nix-bitcoin + cd ~/nix-bitcoin + ``` 5. Create network file - ``` - nano network/network-nixos.nix - ``` + ``` + nano network/network-nixos.nix + ``` - ``` - { - bitcoin-node = - { config, pkgs, ... }: - { deployment.targetHost = "1.2.3.4"; - }; - } - ``` + ``` + { + bitcoin-node = + { config, pkgs, ... }: + { deployment.targetHost = "1.2.3.4"; + }; + } + ``` - Replace 1.2.3.4 with NixOS machine's IP address. + Replace 1.2.3.4 with NixOS machine's IP address. 6. Edit `configuration.nix` - ``` - nano configuration.nix - ``` + ``` + nano configuration.nix + ``` - Uncomment `./hardware-configuration.nix` line by removing #. + Uncomment `./hardware-configuration.nix` line by removing #. 7. Create `hardware-configuration.nix` - ``` - nano hardware-configuration.nix - ``` - Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file. + ``` + nano hardware-configuration.nix + ``` + Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file. 8. Add boot option to `hardware-configuration.nix` - Option 1: Enable systemd boot for UEFI - ``` - boot.loader.grub.device = "/dev/sda"; - ``` - Option 2: Set grub device for Legacy Boot (MBR) - ``` - boot.loader.grub.device = "/dev/sda"; - ``` + Option 1: Enable systemd boot for UEFI + ``` + boot.loader.grub.device = "/dev/sda"; + ``` + Option 2: Set grub device for Legacy Boot (MBR) + ``` + boot.loader.grub.device = "/dev/sda"; + ``` 9. Setup environment - ``` - nix-shell - ``` + ``` + nix-shell + ``` - This will set up your nix-bitcoin environment and might take a while without giving an output. + This will set up your nix-bitcoin environment and might take a while without giving an output. 10. Create nixops deployment in nix-shell. - ``` - nixops create network/network.nix network/network-nixos.nix -d bitcoin-node - ``` + ``` + nixops create network/network.nix network/network-nixos.nix -d bitcoin-node + ``` 11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`. 12. Deploy Nixops in nix-shell - ``` - nixops deploy -d bitcoin-node - ``` + ``` + nixops deploy -d bitcoin-node + ``` - This will now create a nix-bitcoin node on the target machine. + This will now create a nix-bitcoin node on the target machine. 13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with - ``` - nixops ssh operator@bitcoin-node - ``` + ``` + nixops ssh operator@bitcoin-node + ``` See [usage.md](usage.md) for usage instructions, such as how to update. diff --git a/docs/usage.md b/docs/usage.md index bffca25..377f5a1 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -5,24 +5,24 @@ Run `git pull` in the nix-bitcoin directory, enter the nix shell with `nix-shell ### Verifying GPG Signatures (recommended) 1. Import jonasnick's gpg key - ``` - gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 - ``` + ``` + gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 + ``` 2. Trust jonasnick's gpg key - - ``` - gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 - trust - 4 - quit - ``` + + ``` + gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 + trust + 4 + quit + ``` 3. Verify commit after `git pull` - ``` - git verify-commit - ``` + ``` + git verify-commit + ``` Nodeinfo --- @@ -36,45 +36,45 @@ Connect to spark-wallet * [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet) 1. Enable spark-wallet in `configuration.nix` - - Change - ``` - # services.spark-wallet.enable = true; - ``` - to - ``` - services.spark-wallet.enable = true; - ``` + + Change + ``` + # services.spark-wallet.enable = true; + ``` + to + ``` + services.spark-wallet.enable = true; + ``` 2. Deploy new `configuration.nix` - ``` - nixops deploy -d bitcoin-node - ``` + ``` + nixops deploy -d bitcoin-node + ``` 3. Enable Orbot VPN for spark-wallet - ``` - Open Orbot app - Turn on "VPN Mode" - Select Gear icon under "Tor-Enabled Apps" - Toggle checkbox under Spark icon - ``` + ``` + Open Orbot app + Turn on "VPN Mode" + Select Gear icon under "Tor-Enabled Apps" + Toggle checkbox under Spark icon + ``` 4. Get the onion address, access key and QR access code for the spark wallet android app - ``` - journalctl -eu spark-wallet - ``` - Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors. + ``` + journalctl -eu spark-wallet + ``` + Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors. 5. Connect to spark-wallet android app - ``` - Server Settings - Scan QR - Done - ``` + ``` + Server Settings + Scan QR + Done + ``` Connect to electrs --- @@ -88,90 +88,90 @@ Connect to electrs * [Electrum](https://electrum.org/#download) installed 1. Enable electrs in `configuration.nix` - - Change - ``` - # services.electrs.enable = true; - ``` - to - ``` - services.electrs.enable = true; - ``` + + Change + ``` + # services.electrs.enable = true; + ``` + to + ``` + services.electrs.enable = true; + ``` 2. Deploy new `configuration.nix` - ``` - nixops deploy -d bitcoin-node - ``` + ``` + nixops deploy -d bitcoin-node + ``` 3. Get electrs onion address - ``` - nodeinfo | grep 'ELECTRS_ONION' - ``` + ``` + nodeinfo | grep 'ELECTRS_ONION' + ``` 4. Connect to electrs - On electrum wallet laptop - ``` - electrum --oneserver --server=:50002:s --proxy=socks5:localhost:9050 - ``` + On electrum wallet laptop + ``` + electrum --oneserver --server=:50002:s --proxy=socks5:localhost:9050 + ``` - On electrum android phone - ``` - Three dots in the upper-right-hand corner - Network - Proxy mode: socks5, Host: 127.0.0.1, Port: 9050 - Ok - Server - Host: , Port: 50002 - Ok - Auto-connect: OFF - One-server mode: ON - ``` + On electrum android phone + ``` + Three dots in the upper-right-hand corner + Network + Proxy mode: socks5, Host: 127.0.0.1, Port: 9050 + Ok + Server + Host: , Port: 50002 + Ok + Auto-connect: OFF + One-server mode: ON + ``` Connect to nix-bitcoin node through ssh Tor Hidden Service --- 1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION` - ``` - nixops ssh operator@bitcoin-node - nodeinfo | grep 'SSHD_ONION' - ``` + ``` + nixops ssh operator@bitcoin-node + nodeinfo | grep 'SSHD_ONION' + ``` -2. Create a SSH key +2. Create a SSH key - ``` - ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 - ``` + ``` + ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 + ``` 3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so - ``` - # FIXME: Add your SSH pubkey - services.openssh.enable = true; - users.users.root = { - openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ]; - }; - ``` + ``` + # FIXME: Add your SSH pubkey + services.openssh.enable = true; + users.users.root = { + openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ]; + }; + ``` 4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server - ``` - ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION] - ``` + ``` + ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION] + ``` 5. Edit your `network-nixos.nix` to look like this - ``` - { - bitcoin-node = - { config, pkgs, ... }: - { deployment.targetHost = "127.0.0.1"; - deployment.targetPort = [random port of your choosing]; - }; - } - ``` + ``` + { + bitcoin-node = + { config, pkgs, ... }: + { deployment.targetHost = "127.0.0.1"; + deployment.targetPort = [random port of your choosing]; + }; + } + ``` 6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security. @@ -180,64 +180,64 @@ Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface 1. Enable Trezor in `configuration.nix` - Change - ``` - # services.hardware-wallets.trezor = true; - ``` - to - ``` - services.hardware-wallets.trezor = true; - ``` + Change + ``` + # services.hardware-wallets.trezor = true; + ``` + to + ``` + services.hardware-wallets.trezor = true; + ``` 2. Deploy new `configuration.nix` - ``` - nixops deploy -d bitcoin-node - ``` + ``` + nixops deploy -d bitcoin-node + ``` 3. Check that your nix-bitcoin node recognizes your Trezor - ``` - nixops ssh operator@bitcoin-node - lsusb - ``` - Should show something relating to your Trezor + ``` + nixops ssh operator@bitcoin-node + lsusb + ``` + Should show something relating to your Trezor 4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode - Trezor v1 - ``` - Plug in your Trezor with both buttons depressed - ``` + Trezor v1 + ``` + Plug in your Trezor with both buttons depressed + ``` - Trezor v2 - ``` - Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through - ``` + Trezor v2 + ``` + Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through + ``` 5. If your Trezor's firmware is outdated: Update your Trezor's firmware - ``` - trezorctl firmware-update - ``` - Follow the on-screen instructions + ``` + trezorctl firmware-update + ``` + Follow the on-screen instructions - **Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.** + **Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.** 6. If your Trezor is not yet initialized: Set up your Trezor - ``` - trezorctl reset-device -p - ``` - Follow the on-screen instructions + ``` + trezorctl reset-device -p + ``` + Follow the on-screen instructions 7. Find your Trezor - ``` - hwi enumerate - hwi -t trezor -d promptpin - hwi -t trezor -d sendpin - hwi enumerate - ``` + ``` + hwi enumerate + hwi -t trezor -d promptpin + hwi -t trezor -d sendpin + hwi enumerate + ``` 8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node