From 33ff8d82bea9cdda1169a8279851547eb02dacec Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 18 Oct 2020 13:41:54 +0200 Subject: [PATCH 1/4] examples: fix running outside of examples dir --- examples/deploy-container.sh | 2 +- examples/deploy-nixops.sh | 2 +- examples/deploy-qemu-vm.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh index 535e246..1cc1030 100755 --- a/examples/deploy-container.sh +++ b/examples/deploy-container.sh @@ -17,7 +17,7 @@ fi if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "${BASH_SOURCE[0]}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/}" fi # Uncomment to start a container shell session diff --git a/examples/deploy-nixops.sh b/examples/deploy-nixops.sh index 780fc00..1f54901 100755 --- a/examples/deploy-nixops.sh +++ b/examples/deploy-nixops.sh @@ -11,7 +11,7 @@ set -euo pipefail if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "${BASH_SOURCE[0]}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/}" fi # Cleanup on exit diff --git a/examples/deploy-qemu-vm.sh b/examples/deploy-qemu-vm.sh index 7545807..6a7541f 100755 --- a/examples/deploy-qemu-vm.sh +++ b/examples/deploy-qemu-vm.sh @@ -14,7 +14,7 @@ set -euo pipefail if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "${BASH_SOURCE[0]}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/}" fi tmpDir=/tmp/nix-bitcoin-qemu-vm From c19f7ebb01a80daba2872402f40a5711631d1cad Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 18 Oct 2020 13:41:55 +0200 Subject: [PATCH 2/4] examples: add option --interactive|-i --- README.md | 6 ++++++ examples/deploy-container.sh | 18 +++++++++--------- examples/deploy-nixops.sh | 10 +++++++--- examples/deploy-qemu-vm.sh | 9 ++++++--- examples/start-bash-session.sh | 6 +++++- 5 files changed, 33 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index b7242f7..c064cc6 100644 --- a/README.md +++ b/README.md @@ -48,6 +48,12 @@ shut down immediately. They leave no traces (outside of `/nix/store`) on the hos NixOps can be used to deploy to various other backends like cloud providers.\ Requires: [Nix](https://nixos.org/nix/), [VirtualBox](https://www.virtualbox.org) +Run the examples with option `--interactive` or `-i` to start a shell for interacting with +the node: +```bash +./deploy-qemu-vm.sh -i +``` + #### Tests The internal test suite is also useful for exploring features. The following `run-tests.sh` commands leave no traces (outside of `/nix/store`) on diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh index 1cc1030..17c3496 100755 --- a/examples/deploy-container.sh +++ b/examples/deploy-container.sh @@ -17,12 +17,9 @@ fi if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "./${BASH_SOURCE[0]##*/}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*" fi -# Uncomment to start a container shell session -# interactive=1 - # These commands can also be executed interactively in a shell session demoCmds=' echo @@ -42,11 +39,14 @@ echo "Bitcoind data dir:" sudo ls -al /var/lib/containers/demo-node/var/lib/bitcoind ' -if [[ ${interactive:-} ]]; then - runCmd= -else - runCmd=(--run bash -c "$demoCmds") -fi +case ${1:-} in + -i|--interactive) + runCmd= + ;; + *) + runCmd=(--run bash -c "$demoCmds") + ;; +esac # Build container. # Learn more: https://github.com/erikarvstedt/extra-container diff --git a/examples/deploy-nixops.sh b/examples/deploy-nixops.sh index 1f54901..568bbcd 100755 --- a/examples/deploy-nixops.sh +++ b/examples/deploy-nixops.sh @@ -11,7 +11,7 @@ set -euo pipefail if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "./${BASH_SOURCE[0]##*/}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*" fi # Cleanup on exit @@ -40,7 +40,11 @@ nixops deploy -d bitcoin-node nixops ssh bitcoin-node systemctl status bitcoind c() { nixops ssh bitcoin-node "$@"; } -# Uncomment to start a shell session here -# . start-bash-session.sh + +case ${1:-} in + -i|--interactive) + . start-bash-session.sh + ;; +esac # Cleanup happens at exit (see above) diff --git a/examples/deploy-qemu-vm.sh b/examples/deploy-qemu-vm.sh index 6a7541f..e155126 100755 --- a/examples/deploy-qemu-vm.sh +++ b/examples/deploy-qemu-vm.sh @@ -14,7 +14,7 @@ set -euo pipefail if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" - exec nix-shell --run "./${BASH_SOURCE[0]##*/}" + exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*" fi tmpDir=/tmp/nix-bitcoin-qemu-vm @@ -91,7 +91,10 @@ echo echo "Node info:" c nodeinfo -# Uncomment to start a shell session here -# . start-bash-session.sh +case ${1:-} in + -i|--interactive) + . start-bash-session.sh + ;; +esac # Cleanup happens at exit (see above) diff --git a/examples/start-bash-session.sh b/examples/start-bash-session.sh index 37ba4fc..a91d91f 100644 --- a/examples/start-bash-session.sh +++ b/examples/start-bash-session.sh @@ -3,7 +3,11 @@ USAGE_INFO=' Starting shell... Run "c COMMAND" to execute a command on the bitcoin node -Run "c" to start a shell session inside the node' +Run "c" to start a shell session inside the node + +Example: +c systemctl status bitcoind +' # BASH_ENVIRONMENT contains definitions of read-only variables like 'BASHOPTS' that # cause warnings on evaluation. Suppress these warnings while sourcing. From e6340426c1d14808c5e24e03b8d5ce5481c4b37a Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 18 Oct 2020 13:41:56 +0200 Subject: [PATCH 3/4] deploy-container.sh: fix sudo The 'echo sudo' approach used previously failed when PATH or NIX_PATH contains spaces. Exec the script with sudo instead. --- examples/deploy-container.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh index 17c3496..c672fd0 100755 --- a/examples/deploy-container.sh +++ b/examples/deploy-container.sh @@ -20,6 +20,11 @@ if [[ ! -v IN_NIX_SHELL ]]; then exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*" fi +if [[ $EUID != 0 ]]; then + # NixOS containers require root permissions + exec sudo "PATH=$PATH" "NIX_PATH=$NIX_PATH" "IN_NIX_SHELL=$IN_NIX_SHELL" "${BASH_SOURCE[0]}" "$@" +fi + # These commands can also be executed interactively in a shell session demoCmds=' echo @@ -65,7 +70,6 @@ read -d '' src <<'EOF' || true }; } EOF -$([[ $EUID = 0 ]] || echo sudo "PATH=$PATH" "NIX_PATH=$NIX_PATH") \ - $(type -P extra-container) shell -E "$src" "${runCmd[@]}" +extra-container shell -E "$src" "${runCmd[@]}" # The container is automatically deleted at exit From b574cb097f27e82fdcfa39b5705855993a600464 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sun, 18 Oct 2020 13:41:57 +0200 Subject: [PATCH 4/4] examples: add deploy-container-minimal.sh --- README.md | 10 ++++- examples/deploy-container-minimal.sh | 3 ++ examples/deploy-container.sh | 57 ++++++++++++++++++---------- examples/minimal-configuration.nix | 22 +++++++++++ 4 files changed, 71 insertions(+), 21 deletions(-) create mode 100755 examples/deploy-container-minimal.sh create mode 100644 examples/minimal-configuration.nix diff --git a/README.md b/README.md index c064cc6..08ddb14 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ cd nix-bitcoin/examples/ nix-shell ``` -The following example scripts set up a nix-bitcoin node according to `examples/configuration.nix` and then +The following example scripts set up a nix-bitcoin node according to [`examples/configuration.nix`](examples/configuration.nix) and then shut down immediately. They leave no traces (outside of `/nix/store`) on the host system. - [`./deploy-container.sh`](examples/deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\ @@ -48,6 +48,12 @@ shut down immediately. They leave no traces (outside of `/nix/store`) on the hos NixOps can be used to deploy to various other backends like cloud providers.\ Requires: [Nix](https://nixos.org/nix/), [VirtualBox](https://www.virtualbox.org) +- [`./deploy-container-minimal.sh`](examples/deploy-container-minimal.sh) creates a + container defined by [minimal-configuration.nix](examples/minimal-configuration.nix) that + doesn't use the [secure-node.nix](modules/presets/secure-node.nix) preset. + Also shows how to use nix-bitcoin in an existing NixOS config.\ + Requires: [Nix](https://nixos.org/), a systemd-based Linux distro and root privileges + Run the examples with option `--interactive` or `-i` to start a shell for interacting with the node: ```bash @@ -55,7 +61,7 @@ the node: ``` #### Tests -The internal test suite is also useful for exploring features. +The internal test suite is also useful for exploring features.\ The following `run-tests.sh` commands leave no traces (outside of `/nix/store`) on the host system. diff --git a/examples/deploy-container-minimal.sh b/examples/deploy-container-minimal.sh new file mode 100755 index 0000000..3e7f7eb --- /dev/null +++ b/examples/deploy-container-minimal.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +exec "${BASH_SOURCE[0]%/*}/deploy-container.sh" --minimal-config "$@" diff --git a/examples/deploy-container.sh b/examples/deploy-container.sh index c672fd0..f57df31 100755 --- a/examples/deploy-container.sh +++ b/examples/deploy-container.sh @@ -8,23 +8,36 @@ set -euo pipefail # Feel free to modify or to run nix-shell and execute individual statements of this # script in the interactive shell. -if [[ $(sysctl -n net.ipv4.ip_forward) != 1 ]]; then - echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled." - echo "Needed for container WAN access." - exit 1 -fi - if [[ ! -v IN_NIX_SHELL ]]; then echo "Running script in nix shell env..." cd "${BASH_SOURCE[0]%/*}" exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*" fi +if [[ $(sysctl -n net.ipv4.ip_forward || sudo sysctl -n net.ipv4.ip_forward) != 1 ]]; then + echo "Error: IP forwarding (net.ipv4.ip_forward) is not enabled." + echo "Needed for container WAN access." + exit 1 +fi + if [[ $EUID != 0 ]]; then # NixOS containers require root permissions exec sudo "PATH=$PATH" "NIX_PATH=$NIX_PATH" "IN_NIX_SHELL=$IN_NIX_SHELL" "${BASH_SOURCE[0]}" "$@" fi +interactive= +minimalConfig= +for arg in "$@"; do + case $arg in + -i|--interactive) + interactive=1 + ;; + --minimal-config) + minimalConfig=1 + ;; + esac +done + # These commands can also be executed interactively in a shell session demoCmds=' echo @@ -37,33 +50,39 @@ echo echo "lightning-cli state:" c lightning-cli getinfo echo -echo "Node info:" -c nodeinfo -echo echo "Bitcoind data dir:" sudo ls -al /var/lib/containers/demo-node/var/lib/bitcoind ' +nodeInfoCmd=' +echo +echo "Node info:" +c nodeinfo +' -case ${1:-} in - -i|--interactive) - runCmd= - ;; - *) - runCmd=(--run bash -c "$demoCmds") - ;; -esac +if [[ $minimalConfig ]]; then + configuration=minimal-configuration.nix +else + configuration=configuration.nix + demoCmds="${demoCmds}${nodeInfoCmd}" +fi + +if [[ $interactive ]]; then + runCmd= +else + runCmd=(--run bash -c "$demoCmds") +fi # Build container. # Learn more: https://github.com/erikarvstedt/extra-container # -read -d '' src <<'EOF' || true +read -d '' src < + ]; }; diff --git a/examples/minimal-configuration.nix b/examples/minimal-configuration.nix new file mode 100644 index 0000000..db6cc66 --- /dev/null +++ b/examples/minimal-configuration.nix @@ -0,0 +1,22 @@ +{ config, pkgs, lib, ... }: { + imports = [ + + + ]; + + services.bitcoind.enable = true; + services.clightning.enable = true; + + # When using nix-bitcoin as part of a larger NixOS configuration, set the following to enable + # interactive access to nix-bitcoin features (like bitcoin-cli) for your system's main user + nix-bitcoin.operator = { + enable = true; + name = "main"; # Set this to your system's main user + }; + + # The system's main unprivileged user + users.users.main = { + isNormalUser = true; + password = "a"; + }; +}