Merge #218: Fix typos
df89ceed39
Fix typos (practicalswift) Pull request description: ACKs for top commit: jonasnick: ACKdf89ceed39
Tree-SHA512: 8cd04469dd0c46259790f00f380a840c22f10424c2504a7667e70cfdb03f30801e34f3c53aeffc9259a971484d4a12f1dbe5ceade493c8559e8c00ec011e7c73
This commit is contained in:
commit
62f83a71b8
@ -76,7 +76,7 @@ See [install.md](docs/install.md) for a detailed tutorial.
|
|||||||
|
|
||||||
Security
|
Security
|
||||||
---
|
---
|
||||||
* **Simplicity:** Only services you select in `configuration.nix` and their dependencies are installed, packages and dependencies are [pinned](pkgs/nixpkgs-pinned.nix), most packages are built from the [nixos stable channel](https://github.com/NixOS/nixpkgs-channels/tree/nixos-19.03), with a few exceptions that are built from the nixpkgs unstable channel, builds happen in a [sandboxed environment](https://nixos.org/nix/manual/), code is continiously reviewed and refined.
|
* **Simplicity:** Only services you select in `configuration.nix` and their dependencies are installed, packages and dependencies are [pinned](pkgs/nixpkgs-pinned.nix), most packages are built from the [nixos stable channel](https://github.com/NixOS/nixpkgs-channels/tree/nixos-19.03), with a few exceptions that are built from the nixpkgs unstable channel, builds happen in a [sandboxed environment](https://nixos.org/nix/manual/), code is continuously reviewed and refined.
|
||||||
* **Integrity:** Nix package manager, NixOS and packages can be built from source to reduce reliance on binary caches, nix-bitcoin merge commits are signed, all commits are approved by multiple nix-bitcoin developers, upstream packages are cryptographically verified where possible, we use this software ourselves.
|
* **Integrity:** Nix package manager, NixOS and packages can be built from source to reduce reliance on binary caches, nix-bitcoin merge commits are signed, all commits are approved by multiple nix-bitcoin developers, upstream packages are cryptographically verified where possible, we use this software ourselves.
|
||||||
* **Principle of Least Privilege:** Services operate with least privileges; they each have their own user and are restricted further with [systemd options](modules/nix-bitcoin-services.nix), there's a non-root user *operator* to interact with the various services.
|
* **Principle of Least Privilege:** Services operate with least privileges; they each have their own user and are restricted further with [systemd options](modules/nix-bitcoin-services.nix), there's a non-root user *operator* to interact with the various services.
|
||||||
* **Defense-in-depth:** nix-bitcoin is built with a [hardened kernel](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix) by default, services are confined through discretionary access control, Linux namespaces, and seccomp-bpf with continuous improvements.
|
* **Defense-in-depth:** nix-bitcoin is built with a [hardened kernel](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix) by default, services are confined through discretionary access control, Linux namespaces, and seccomp-bpf with continuous improvements.
|
||||||
|
@ -48,7 +48,7 @@ Connect to spark-wallet
|
|||||||
```
|
```
|
||||||
journalctl -eu spark-wallet
|
journalctl -eu spark-wallet
|
||||||
```
|
```
|
||||||
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
|
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlighting the entire output to invert the colors.
|
||||||
|
|
||||||
5. Connect to spark-wallet android app
|
5. Connect to spark-wallet android app
|
||||||
|
|
||||||
|
@ -136,7 +136,7 @@ in {
|
|||||||
};
|
};
|
||||||
}));
|
}));
|
||||||
description = ''
|
description = ''
|
||||||
RPC user information for JSON-RPC connnections.
|
RPC user information for JSON-RPC connections.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -117,7 +117,7 @@ in {
|
|||||||
};
|
};
|
||||||
type = with types; loaOf (submodule rpcUserOpts);
|
type = with types; loaOf (submodule rpcUserOpts);
|
||||||
description = ''
|
description = ''
|
||||||
RPC user information for JSON-RPC connnections.
|
RPC user information for JSON-RPC connections.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -18,7 +18,7 @@ in
|
|||||||
deployment.secretsDir = mkOption {
|
deployment.secretsDir = mkOption {
|
||||||
type = types.path;
|
type = types.path;
|
||||||
description = ''
|
description = ''
|
||||||
Directory of local secrets that are transfered to the nix-bitcoin node on deployment
|
Directory of local secrets that are transferred to the nix-bitcoin node on deployment
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -12,7 +12,7 @@ import ./make-test.nix rec {
|
|||||||
|
|
||||||
hardened = {
|
hardened = {
|
||||||
imports = [ <nixpkgs/nixos/modules/profiles/hardened.nix> ];
|
imports = [ <nixpkgs/nixos/modules/profiles/hardened.nix> ];
|
||||||
security.allowUserNamespaces = true; # reenable disabled option
|
security.allowUserNamespaces = true; # re-enable disabled option
|
||||||
};
|
};
|
||||||
|
|
||||||
machine = { pkgs, lib, ... }: with lib; {
|
machine = { pkgs, lib, ... }: with lib; {
|
||||||
|
Loading…
Reference in New Issue
Block a user