Merge fort-nix/nix-bitcoin#512: Remove bitcoind banlist

8dc4858872 bitcoind: remove banlist loader (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 8dc4858872
  jonasnick:
    ACK 8dc4858872

Tree-SHA512: a3002863b1bcf97f2553d977006bffe0d0554df4d27f6a50898e9dc3a200a5a95878ba2038d5a32d8c3e54ced7a1bf6a8735e954b496fecb20af42637844329e
This commit is contained in:
Jonas Nick 2022-07-17 19:57:45 +00:00
commit 7a40c39d5c
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
6 changed files with 4 additions and 3885 deletions

View File

@ -65,7 +65,7 @@ A [configuration preset](modules/presets/secure-node.nix) for setting up a secur
NixOS modules ([src](modules/modules.nix))
* Application services
* [bitcoind](https://github.com/bitcoin/bitcoin), with a default banlist against spy nodes
* [bitcoind](https://github.com/bitcoin/bitcoin)
* [clightning](https://github.com/ElementsProject/lightning) with support for announcing an onion service\
Available plugins:
* [clboss](https://github.com/ZmnSCPxj/clboss): automated C-Lightning Node Manager

File diff suppressed because it is too large Load Diff

View File

@ -428,31 +428,6 @@ in {
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
};
# Use this to update the banlist:
# wget https://people.xiph.org/~greg/banlist.cli.txt
systemd.services.bitcoind-import-banlist = {
description = "Bitcoin daemon banlist importer";
wantedBy = [ "bitcoind.service" ];
bindsTo = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
script = ''
cd ${cfg.cli}/bin
echo "Importing node banlist..."
cat ${./banlist.cli.txt} | while read line; do
if ! err=$(eval "$line" 2>&1) && [[ $err != *already\ banned* ]]; then
# unexpected error
echo "$err"
exit 1
fi
done
'';
serviceConfig = nbLib.defaultHardening // {
User = cfg.user;
Group = cfg.group;
ReadWritePaths = [ cfg.dataDir ];
} // nbLib.allowLocalIPAddresses;
};
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;

View File

@ -303,7 +303,6 @@ in {
netns.bitcoind.address
] ++ map (n: netns.${n}.address) netns.bitcoind.availableNetns;
};
systemd.services.bitcoind-import-banlist.serviceConfig.NetworkNamespacePath = "/var/run/netns/nb-bitcoind";
services.clightning.address = netns.clightning.address;

View File

@ -214,7 +214,7 @@ let
../modules/presets/secure-node.nix
];
tests.secure-node = true;
tests.banlist-and-restart = true;
tests.restart-bitcoind = true;
# Stop electrs from spamming the test log with 'WARN - wait until IBD is over' messages
tests.stop-electrs = true;

View File

@ -361,31 +361,18 @@ def _():
assert_file_exists("secrets/lnd-wallet-password")
# Impure: restarts services
@test("banlist-and-restart")
@test("restart-bitcoind")
def _():
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
assert_no_failure("bitcoind-import-banlist")
# Current time in µs
pre_restart = succeed("date +%s.%6N").rstrip()
# Sanity-check system by restarting bitcoind.
# This also restarts all services depending on bitcoind.
succeed("systemctl restart bitcoind")
# Now that the bitcoind restart triggered a banlist import restart, check that
# re-importing already banned addresses works
machine.wait_until_succeeds(
log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist")
)
assert_no_failure("bitcoind-import-banlist")
@test("regtest")
def _():
def enabled(unit):
if unit in enabled_tests:
# Wait because the unit might have been restarted in the preceding
# 'banlist-and-restart' test
# 'restart-bitcoind' test
machine.wait_for_unit(unit)
return True
else: