greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge #113: Simplify clightning preStart

Browse Source 
67a464d0972ce51b57b1501289a94a4b1a8b924d Mention problems with hardened kernel and NUCs in README (Jonas Nick)
7771a4c931f06c75f9f1f27091a67a28cd1cd0a8 Refer to systemd man pages for hardening options (Jonas Nick)
a5e10a82d89d3f486be61ac6902ec86fd64cb6d4 Simplify clightning preStart (Jonas Nick)

Pull request description:

  CC @cypherpunk2140

Top commit has no ACKs.

Tree-SHA512: aa726f29e499cc268b21cac8cd07617be591cfdaa89dd0495cb979ebd3e49cc01164af25924c554429a1d35d14167dea276f7d61877452b69f027143cc3eee97
This commit is contained in:
Jonas Nick 2019-08-21 14:58:00 +00:00
commit 5f567ee1ed
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
3 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -64,9 +64,10 @@ Hardware requirements
---
* Disk space: 300 GB (235GB for Bitcoin blockchain + some room)
* Bitcoin Core pruning is not supported at the moment because it's not supported by c-lightning. It's possible to use pruning but you need to know what you're doing.
* RAM: 2GB of memory. ECC memory is better.
* RAM: 2GB of memory. ECC memory is better. Additionally, it's recommended to use DDR4 memory with targeted row refresh (TRR) enabled (https://rambleed.com/).
Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov)
Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov).
Some hardware (including Intel NUCs) may not be compatible with the hardened kernel turned on by default (see https://github.com/fort-nix/nix-bitcoin/issues/39#issuecomment-517366093 for a workaround).
Usage
---

8
modules/clightning.nix
View File

@ -79,12 +79,10 @@ in {
after = [ "bitcoind.service" ];
preStart = ''
mkdir -m 0770 -p ${cfg.dataDir}
rm -f ${cfg.dataDir}/config
chown 'clightning:clightning' '${cfg.dataDir}'
cp ${configFile} ${cfg.dataDir}/config
chown 'clightning:clightning' '${cfg.dataDir}/config'
chmod +w ${cfg.dataDir}/config
chmod o-rw ${cfg.dataDir}/config
chown -R 'clightning:clightning' '${cfg.dataDir}'
# give group read access to allow using lightning-cli
chmod u=rw,g=r,o= ${cfg.dataDir}/config
# The RPC socket has to be removed otherwise we might have stale sockets
rm -f ${cfg.dataDir}/lightning-rpc
echo "bitcoin-rpcpassword=$(cat /secrets/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'

6
modules/nix-bitcoin-services.nix
View File

@ -1,3 +1,6 @@
# See `man systemd.exec` and `man systemd.resource-control` for an explanation
# of the various systemd options available through this module.
{ config, lib, pkgs, ... }:
with lib;
@ -42,6 +45,3 @@ in
'';
};
}