docs: Replace tabs with spaces
This commit is contained in:
parent
8aa4714979
commit
455c5664c9
450
docs/install.md
450
docs/install.md
@ -18,35 +18,35 @@ The following steps are meant to be run on the machine you deploy from, not the
|
||||
|
||||
1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch)
|
||||
|
||||
```
|
||||
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
|
||||
```
|
||||
```
|
||||
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
|
||||
```
|
||||
|
||||
2. Add Oracle VirtualBox public key
|
||||
|
||||
```
|
||||
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
|
||||
gpg2 oracle_vbox_2016.asc
|
||||
```
|
||||
```
|
||||
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
|
||||
gpg2 oracle_vbox_2016.asc
|
||||
```
|
||||
|
||||
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
|
||||
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
|
||||
|
||||
```
|
||||
sudo apt-key add oracle_vbox_2016.asc
|
||||
```
|
||||
```
|
||||
sudo apt-key add oracle_vbox_2016.asc
|
||||
```
|
||||
|
||||
3. Install virtualbox-5.2
|
||||
|
||||
```
|
||||
sudo apt-get update
|
||||
sudo apt-get install virtualbox-5.2
|
||||
```
|
||||
```
|
||||
sudo apt-get update
|
||||
sudo apt-get install virtualbox-5.2
|
||||
```
|
||||
|
||||
3. Create Host Adapter in VirtualBox
|
||||
|
||||
```
|
||||
vboxmanage hostonlyif create
|
||||
```
|
||||
```
|
||||
vboxmanage hostonlyif create
|
||||
```
|
||||
|
||||
## 2. Nix installation
|
||||
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
||||
@ -54,75 +54,75 @@ You can also build Nix from source by following the instructions at https://nixo
|
||||
|
||||
1. Install Dependencies (Debian 9 stretch)
|
||||
|
||||
```
|
||||
sudo apt-get install curl git gnupg2 dirmngr
|
||||
```
|
||||
```
|
||||
sudo apt-get install curl git gnupg2 dirmngr
|
||||
```
|
||||
|
||||
2. Install latest Nix in "multi-user mode" with GPG Verification
|
||||
|
||||
```
|
||||
curl -o install-nix https://nixos.org/nix/install
|
||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||
gpg2 --verify ./install-nix.sig
|
||||
sh ./install-nix --daemon
|
||||
```
|
||||
```
|
||||
curl -o install-nix https://nixos.org/nix/install
|
||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||
gpg2 --verify ./install-nix.sig
|
||||
sh ./install-nix --daemon
|
||||
```
|
||||
|
||||
Then follow the instructions. Open a new terminal window when you're done.
|
||||
Then follow the instructions. Open a new terminal window when you're done.
|
||||
|
||||
If you get an error similar to
|
||||
```
|
||||
error: cloning builder process: Operation not permitted
|
||||
error: unable to start build process
|
||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
If you get an error similar to
|
||||
```
|
||||
error: cloning builder process: Operation not permitted
|
||||
error: unable to start build process
|
||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
|
||||
3. Optional: Disallow substitutes
|
||||
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
|
||||
|
||||
## 3. Nixops deployment
|
||||
|
||||
1. Clone this project
|
||||
|
||||
```
|
||||
cd
|
||||
git clone https://github.com/fort-nix/nix-bitcoin
|
||||
cd ~/nix-bitcoin
|
||||
```
|
||||
```
|
||||
cd
|
||||
git clone https://github.com/fort-nix/nix-bitcoin
|
||||
cd ~/nix-bitcoin
|
||||
```
|
||||
|
||||
2. Setup environment
|
||||
|
||||
```
|
||||
nix-shell
|
||||
```
|
||||
```
|
||||
nix-shell
|
||||
```
|
||||
|
||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||
|
||||
3. Create nixops deployment in nix-shell.
|
||||
|
||||
```
|
||||
nixops create network/network.nix network/network-vbox.nix -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops create network/network.nix network/network-vbox.nix -d bitcoin-node
|
||||
```
|
||||
|
||||
4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||
|
||||
5. Deploy Nixops in nix-shell
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
|
||||
This will now create a nix-bitcoin node on the target machine.
|
||||
This will now create a nix-bitcoin node on the target machine.
|
||||
|
||||
6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
```
|
||||
|
||||
See [usage.md](usage.md) for usage instructions, such as how to update.
|
||||
|
||||
@ -138,15 +138,15 @@ Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox (macOS host)
|
||||
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
||||
|
||||
1. Download and install VirtualBox
|
||||
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
|
||||
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
|
||||
|
||||
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
|
||||
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
|
||||
|
||||
2. Create Host Adapter in VirtualBox
|
||||
|
||||
```
|
||||
vboxmanage hostonlyif create
|
||||
```
|
||||
```
|
||||
vboxmanage hostonlyif create
|
||||
```
|
||||
|
||||
## 2. Nix installation (macOS)
|
||||
|
||||
@ -157,20 +157,20 @@ In order to build binaries for your linux (NixOS) virtual machine on a macOS hos
|
||||
|
||||
1. Installation
|
||||
|
||||
```
|
||||
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
|
||||
```
|
||||
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
|
||||
nix-linuxkit-configure
|
||||
```
|
||||
```
|
||||
|
||||
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
|
||||
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
|
||||
|
||||
2. Confirm that nix-linuxkit works
|
||||
|
||||
```
|
||||
nix-build ~/.cache/nix-linuxkit-builder/example.nix
|
||||
```
|
||||
nix-build ~/.cache/nix-linuxkit-builder/example.nix
|
||||
```
|
||||
|
||||
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
|
||||
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
|
||||
|
||||
## 4. Nixops deployment (macOS)
|
||||
|
||||
@ -195,53 +195,53 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
||||
|
||||
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
|
||||
|
||||
```
|
||||
wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||
sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||
# output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e
|
||||
```
|
||||
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
||||
```
|
||||
wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||
sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||
# output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e
|
||||
```
|
||||
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
||||
|
||||
2. Write NixOS iso to install media (USB/CD). For example:
|
||||
|
||||
```
|
||||
cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX
|
||||
```
|
||||
```
|
||||
cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX
|
||||
```
|
||||
|
||||
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
|
||||
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
|
||||
|
||||
3. Boot the system
|
||||
|
||||
You will have to find out if your hardware uses UEFI or Legacy Boot for the next step.
|
||||
You will have to find out if your hardware uses UEFI or Legacy Boot for the next step.
|
||||
|
||||
4. Option 1: Partition and format for UEFI
|
||||
|
||||
```
|
||||
parted /dev/sda -- mklabel gpt
|
||||
parted /dev/sda -- mkpart primary 512MiB -8GiB
|
||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
||||
parted /dev/sda -- set 3 boot on
|
||||
mkfs.ext4 -L nixos /dev/sda1
|
||||
mkswap -L swap /dev/sda2
|
||||
mkfs.fat -F 32 -n boot /dev/sda3
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
mkdir -p /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
swapon /dev/sda2
|
||||
```
|
||||
```
|
||||
parted /dev/sda -- mklabel gpt
|
||||
parted /dev/sda -- mkpart primary 512MiB -8GiB
|
||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
||||
parted /dev/sda -- set 3 boot on
|
||||
mkfs.ext4 -L nixos /dev/sda1
|
||||
mkswap -L swap /dev/sda2
|
||||
mkfs.fat -F 32 -n boot /dev/sda3
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
mkdir -p /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
swapon /dev/sda2
|
||||
```
|
||||
|
||||
4. Option 2: Partition and format for Legacy Boot (MBR)
|
||||
|
||||
```
|
||||
parted /dev/sda -- mklabel msdos
|
||||
parted /dev/sda -- mkpart primary 1MiB -8GiB
|
||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
mkfs.ext4 -L nixos /dev/sda1
|
||||
mkswap -L swap /dev/sda2
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
swapon /dev/sda2
|
||||
```
|
||||
```
|
||||
parted /dev/sda -- mklabel msdos
|
||||
parted /dev/sda -- mkpart primary 1MiB -8GiB
|
||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||
mkfs.ext4 -L nixos /dev/sda1
|
||||
mkswap -L swap /dev/sda2
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
swapon /dev/sda2
|
||||
```
|
||||
|
||||
4. Option 3: Set up encrypted partitions:
|
||||
|
||||
@ -249,76 +249,76 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
||||
|
||||
5. Generate NixOS config
|
||||
|
||||
```
|
||||
nixos-generate-config --root /mnt
|
||||
nano /mnt/etc/nixos/configuration.nix
|
||||
```
|
||||
```
|
||||
nixos-generate-config --root /mnt
|
||||
nano /mnt/etc/nixos/configuration.nix
|
||||
```
|
||||
|
||||
Option 1: Edit NixOS configuration for UEFI
|
||||
Option 1: Edit NixOS configuration for UEFI
|
||||
|
||||
```
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
```
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# Note: setting fileSystems is generally not
|
||||
# necessary, since nixos-generate-config figures them out
|
||||
# automatically in hardware-configuration.nix.
|
||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||
# Note: setting fileSystems is generally not
|
||||
# necessary, since nixos-generate-config figures them out
|
||||
# automatically in hardware-configuration.nix.
|
||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||
|
||||
# Enable the OpenSSH server.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
}
|
||||
```
|
||||
# Enable the OpenSSH server.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
Option 2: Edit NixOS configuration for Legacy Boot (MBR)
|
||||
Option 2: Edit NixOS configuration for Legacy Boot (MBR)
|
||||
|
||||
```
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
```
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
# Note: setting fileSystems is generally not
|
||||
# necessary, since nixos-generate-config figures them out
|
||||
# automatically in hardware-configuration.nix.
|
||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||
# Note: setting fileSystems is generally not
|
||||
# necessary, since nixos-generate-config figures them out
|
||||
# automatically in hardware-configuration.nix.
|
||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||
|
||||
# Enable the OpenSSH server.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
}
|
||||
```
|
||||
# Enable the OpenSSH server.
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
permitRootLogin = "yes";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
6. Do the installation
|
||||
|
||||
```
|
||||
nixos-install
|
||||
```
|
||||
Set root password
|
||||
```
|
||||
setting root password...
|
||||
Enter new UNIX password:
|
||||
Retype new UNIX password:
|
||||
```
|
||||
```
|
||||
nixos-install
|
||||
```
|
||||
Set root password
|
||||
```
|
||||
setting root password...
|
||||
Enter new UNIX password:
|
||||
Retype new UNIX password:
|
||||
```
|
||||
|
||||
7. If everything went well
|
||||
|
||||
```
|
||||
reboot
|
||||
```
|
||||
```
|
||||
reboot
|
||||
```
|
||||
|
||||
## 2. nix-bitcoin installation
|
||||
|
||||
@ -327,115 +327,115 @@ You can also build Nix from source by following the instructions at https://nixo
|
||||
|
||||
1. Install Dependencies (Debian 9 stretch)
|
||||
|
||||
```
|
||||
sudo apt-get install curl git gnupg2 dirmngr
|
||||
```
|
||||
```
|
||||
sudo apt-get install curl git gnupg2 dirmngr
|
||||
```
|
||||
|
||||
2. Install Latest Nix with GPG Verification
|
||||
|
||||
```
|
||||
curl -o install-nix https://nixos.org/nix/install
|
||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||
gpg2 --verify ./install-nix.sig
|
||||
sh ./install-nix --daemon
|
||||
. /home/user/.nix-profile/etc/profile.d/nix.sh
|
||||
```
|
||||
```
|
||||
curl -o install-nix https://nixos.org/nix/install
|
||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||
gpg2 --verify ./install-nix.sig
|
||||
sh ./install-nix --daemon
|
||||
. /home/user/.nix-profile/etc/profile.d/nix.sh
|
||||
```
|
||||
|
||||
Then follow the instructions. Open a new terminal window when you're done.
|
||||
Then follow the instructions. Open a new terminal window when you're done.
|
||||
|
||||
If you get an error similar to
|
||||
```
|
||||
error: cloning builder process: Operation not permitted
|
||||
error: unable to start build process
|
||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
If you get an error similar to
|
||||
```
|
||||
error: cloning builder process: Operation not permitted
|
||||
error: unable to start build process
|
||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||
```
|
||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||
|
||||
3. Optional: Disallow substitutes
|
||||
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||
|
||||
4. Clone this project
|
||||
|
||||
```
|
||||
cd
|
||||
git clone https://github.com/fort-nix/nix-bitcoin
|
||||
cd ~/nix-bitcoin
|
||||
```
|
||||
```
|
||||
cd
|
||||
git clone https://github.com/fort-nix/nix-bitcoin
|
||||
cd ~/nix-bitcoin
|
||||
```
|
||||
|
||||
5. Create network file
|
||||
|
||||
```
|
||||
nano network/network-nixos.nix
|
||||
```
|
||||
```
|
||||
nano network/network-nixos.nix
|
||||
```
|
||||
|
||||
```
|
||||
{
|
||||
bitcoin-node =
|
||||
{ config, pkgs, ... }:
|
||||
{ deployment.targetHost = "1.2.3.4";
|
||||
};
|
||||
}
|
||||
```
|
||||
```
|
||||
{
|
||||
bitcoin-node =
|
||||
{ config, pkgs, ... }:
|
||||
{ deployment.targetHost = "1.2.3.4";
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
Replace 1.2.3.4 with NixOS machine's IP address.
|
||||
Replace 1.2.3.4 with NixOS machine's IP address.
|
||||
|
||||
6. Edit `configuration.nix`
|
||||
|
||||
```
|
||||
nano configuration.nix
|
||||
```
|
||||
```
|
||||
nano configuration.nix
|
||||
```
|
||||
|
||||
Uncomment `./hardware-configuration.nix` line by removing #.
|
||||
Uncomment `./hardware-configuration.nix` line by removing #.
|
||||
|
||||
7. Create `hardware-configuration.nix`
|
||||
|
||||
```
|
||||
nano hardware-configuration.nix
|
||||
```
|
||||
Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file.
|
||||
```
|
||||
nano hardware-configuration.nix
|
||||
```
|
||||
Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file.
|
||||
|
||||
8. Add boot option to `hardware-configuration.nix`
|
||||
|
||||
Option 1: Enable systemd boot for UEFI
|
||||
```
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
```
|
||||
Option 2: Set grub device for Legacy Boot (MBR)
|
||||
```
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
```
|
||||
Option 1: Enable systemd boot for UEFI
|
||||
```
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
```
|
||||
Option 2: Set grub device for Legacy Boot (MBR)
|
||||
```
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
```
|
||||
|
||||
9. Setup environment
|
||||
|
||||
```
|
||||
nix-shell
|
||||
```
|
||||
```
|
||||
nix-shell
|
||||
```
|
||||
|
||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||
|
||||
10. Create nixops deployment in nix-shell.
|
||||
|
||||
```
|
||||
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
|
||||
```
|
||||
|
||||
11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||
|
||||
12. Deploy Nixops in nix-shell
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
|
||||
This will now create a nix-bitcoin node on the target machine.
|
||||
This will now create a nix-bitcoin node on the target machine.
|
||||
|
||||
13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
```
|
||||
|
||||
See [usage.md](usage.md) for usage instructions, such as how to update.
|
||||
|
266
docs/usage.md
266
docs/usage.md
@ -5,24 +5,24 @@ Run `git pull` in the nix-bitcoin directory, enter the nix shell with `nix-shell
|
||||
### Verifying GPG Signatures (recommended)
|
||||
1. Import jonasnick's gpg key
|
||||
|
||||
```
|
||||
gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||
```
|
||||
```
|
||||
gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||
```
|
||||
|
||||
2. Trust jonasnick's gpg key
|
||||
|
||||
```
|
||||
gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||
trust
|
||||
4
|
||||
quit
|
||||
```
|
||||
```
|
||||
gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||
trust
|
||||
4
|
||||
quit
|
||||
```
|
||||
|
||||
3. Verify commit after `git pull`
|
||||
|
||||
```
|
||||
git verify-commit <hash of latest commit>
|
||||
```
|
||||
```
|
||||
git verify-commit <hash of latest commit>
|
||||
```
|
||||
|
||||
Nodeinfo
|
||||
---
|
||||
@ -37,44 +37,44 @@ Connect to spark-wallet
|
||||
|
||||
1. Enable spark-wallet in `configuration.nix`
|
||||
|
||||
Change
|
||||
```
|
||||
# services.spark-wallet.enable = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.spark-wallet.enable = true;
|
||||
```
|
||||
Change
|
||||
```
|
||||
# services.spark-wallet.enable = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.spark-wallet.enable = true;
|
||||
```
|
||||
|
||||
2. Deploy new `configuration.nix`
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
|
||||
3. Enable Orbot VPN for spark-wallet
|
||||
|
||||
```
|
||||
Open Orbot app
|
||||
Turn on "VPN Mode"
|
||||
Select Gear icon under "Tor-Enabled Apps"
|
||||
Toggle checkbox under Spark icon
|
||||
```
|
||||
```
|
||||
Open Orbot app
|
||||
Turn on "VPN Mode"
|
||||
Select Gear icon under "Tor-Enabled Apps"
|
||||
Toggle checkbox under Spark icon
|
||||
```
|
||||
|
||||
4. Get the onion address, access key and QR access code for the spark wallet android app
|
||||
|
||||
```
|
||||
journalctl -eu spark-wallet
|
||||
```
|
||||
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
|
||||
```
|
||||
journalctl -eu spark-wallet
|
||||
```
|
||||
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
|
||||
|
||||
5. Connect to spark-wallet android app
|
||||
|
||||
```
|
||||
Server Settings
|
||||
Scan QR
|
||||
Done
|
||||
```
|
||||
```
|
||||
Server Settings
|
||||
Scan QR
|
||||
Done
|
||||
```
|
||||
|
||||
Connect to electrs
|
||||
---
|
||||
@ -89,89 +89,89 @@ Connect to electrs
|
||||
|
||||
1. Enable electrs in `configuration.nix`
|
||||
|
||||
Change
|
||||
```
|
||||
# services.electrs.enable = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.electrs.enable = true;
|
||||
```
|
||||
Change
|
||||
```
|
||||
# services.electrs.enable = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.electrs.enable = true;
|
||||
```
|
||||
|
||||
2. Deploy new `configuration.nix`
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
|
||||
3. Get electrs onion address
|
||||
|
||||
```
|
||||
nodeinfo | grep 'ELECTRS_ONION'
|
||||
```
|
||||
```
|
||||
nodeinfo | grep 'ELECTRS_ONION'
|
||||
```
|
||||
|
||||
4. Connect to electrs
|
||||
|
||||
On electrum wallet laptop
|
||||
```
|
||||
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
|
||||
```
|
||||
On electrum wallet laptop
|
||||
```
|
||||
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
|
||||
```
|
||||
|
||||
On electrum android phone
|
||||
```
|
||||
Three dots in the upper-right-hand corner
|
||||
Network
|
||||
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
||||
Ok
|
||||
Server
|
||||
Host: <ELECTRS_ONION>, Port: 50002
|
||||
Ok
|
||||
Auto-connect: OFF
|
||||
One-server mode: ON
|
||||
```
|
||||
On electrum android phone
|
||||
```
|
||||
Three dots in the upper-right-hand corner
|
||||
Network
|
||||
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
||||
Ok
|
||||
Server
|
||||
Host: <ELECTRS_ONION>, Port: 50002
|
||||
Ok
|
||||
Auto-connect: OFF
|
||||
One-server mode: ON
|
||||
```
|
||||
|
||||
Connect to nix-bitcoin node through ssh Tor Hidden Service
|
||||
---
|
||||
1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION`
|
||||
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
nodeinfo | grep 'SSHD_ONION'
|
||||
```
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
nodeinfo | grep 'SSHD_ONION'
|
||||
```
|
||||
|
||||
2. Create a SSH key
|
||||
|
||||
```
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
|
||||
```
|
||||
```
|
||||
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
|
||||
```
|
||||
|
||||
3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so
|
||||
|
||||
```
|
||||
# FIXME: Add your SSH pubkey
|
||||
services.openssh.enable = true;
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ];
|
||||
};
|
||||
```
|
||||
```
|
||||
# FIXME: Add your SSH pubkey
|
||||
services.openssh.enable = true;
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ];
|
||||
};
|
||||
```
|
||||
|
||||
4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server
|
||||
|
||||
```
|
||||
ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION]
|
||||
```
|
||||
```
|
||||
ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION]
|
||||
```
|
||||
|
||||
5. Edit your `network-nixos.nix` to look like this
|
||||
|
||||
```
|
||||
{
|
||||
bitcoin-node =
|
||||
{ config, pkgs, ... }:
|
||||
{ deployment.targetHost = "127.0.0.1";
|
||||
deployment.targetPort = [random port of your choosing];
|
||||
};
|
||||
}
|
||||
```
|
||||
```
|
||||
{
|
||||
bitcoin-node =
|
||||
{ config, pkgs, ... }:
|
||||
{ deployment.targetHost = "127.0.0.1";
|
||||
deployment.targetPort = [random port of your choosing];
|
||||
};
|
||||
}
|
||||
```
|
||||
|
||||
6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security.
|
||||
|
||||
@ -180,64 +180,64 @@ Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
|
||||
|
||||
1. Enable Trezor in `configuration.nix`
|
||||
|
||||
Change
|
||||
```
|
||||
# services.hardware-wallets.trezor = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.hardware-wallets.trezor = true;
|
||||
```
|
||||
Change
|
||||
```
|
||||
# services.hardware-wallets.trezor = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.hardware-wallets.trezor = true;
|
||||
```
|
||||
|
||||
2. Deploy new `configuration.nix`
|
||||
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
```
|
||||
nixops deploy -d bitcoin-node
|
||||
```
|
||||
|
||||
3. Check that your nix-bitcoin node recognizes your Trezor
|
||||
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
lsusb
|
||||
```
|
||||
Should show something relating to your Trezor
|
||||
```
|
||||
nixops ssh operator@bitcoin-node
|
||||
lsusb
|
||||
```
|
||||
Should show something relating to your Trezor
|
||||
|
||||
4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode
|
||||
|
||||
Trezor v1
|
||||
```
|
||||
Plug in your Trezor with both buttons depressed
|
||||
```
|
||||
Trezor v1
|
||||
```
|
||||
Plug in your Trezor with both buttons depressed
|
||||
```
|
||||
|
||||
Trezor v2
|
||||
```
|
||||
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
|
||||
```
|
||||
Trezor v2
|
||||
```
|
||||
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
|
||||
```
|
||||
|
||||
5. If your Trezor's firmware is outdated: Update your Trezor's firmware
|
||||
|
||||
```
|
||||
trezorctl firmware-update
|
||||
```
|
||||
Follow the on-screen instructions
|
||||
```
|
||||
trezorctl firmware-update
|
||||
```
|
||||
Follow the on-screen instructions
|
||||
|
||||
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
|
||||
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
|
||||
|
||||
6. If your Trezor is not yet initialized: Set up your Trezor
|
||||
|
||||
```
|
||||
trezorctl reset-device -p
|
||||
```
|
||||
Follow the on-screen instructions
|
||||
```
|
||||
trezorctl reset-device -p
|
||||
```
|
||||
Follow the on-screen instructions
|
||||
|
||||
7. Find your Trezor
|
||||
|
||||
```
|
||||
hwi enumerate
|
||||
hwi -t trezor -d <path from previous command> promptpin
|
||||
hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen>
|
||||
hwi enumerate
|
||||
```
|
||||
```
|
||||
hwi enumerate
|
||||
hwi -t trezor -d <path from previous command> promptpin
|
||||
hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen>
|
||||
hwi enumerate
|
||||
```
|
||||
|
||||
8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node
|
||||
|
Loading…
Reference in New Issue
Block a user