Merge fort-nix/nix-bitcoin#512: Remove bitcoind banlist
8dc4858872
bitcoind: remove banlist loader (Erik Arvstedt) Pull request description: ACKs for top commit: nixbitcoin: ACK8dc4858872
jonasnick: ACK8dc4858872
Tree-SHA512: a3002863b1bcf97f2553d977006bffe0d0554df4d27f6a50898e9dc3a200a5a95878ba2038d5a32d8c3e54ced7a1bf6a8735e954b496fecb20af42637844329e
This commit is contained in:
commit
7a40c39d5c
@ -65,7 +65,7 @@ A [configuration preset](modules/presets/secure-node.nix) for setting up a secur
|
||||
|
||||
NixOS modules ([src](modules/modules.nix))
|
||||
* Application services
|
||||
* [bitcoind](https://github.com/bitcoin/bitcoin), with a default banlist against spy nodes
|
||||
* [bitcoind](https://github.com/bitcoin/bitcoin)
|
||||
* [clightning](https://github.com/ElementsProject/lightning) with support for announcing an onion service\
|
||||
Available plugins:
|
||||
* [clboss](https://github.com/ZmnSCPxj/clboss): automated C-Lightning Node Manager
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -428,31 +428,6 @@ in {
|
||||
// optionalAttrs zmqServerEnabled nbLib.allowNetlink;
|
||||
};
|
||||
|
||||
# Use this to update the banlist:
|
||||
# wget https://people.xiph.org/~greg/banlist.cli.txt
|
||||
systemd.services.bitcoind-import-banlist = {
|
||||
description = "Bitcoin daemon banlist importer";
|
||||
wantedBy = [ "bitcoind.service" ];
|
||||
bindsTo = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
script = ''
|
||||
cd ${cfg.cli}/bin
|
||||
echo "Importing node banlist..."
|
||||
cat ${./banlist.cli.txt} | while read line; do
|
||||
if ! err=$(eval "$line" 2>&1) && [[ $err != *already\ banned* ]]; then
|
||||
# unexpected error
|
||||
echo "$err"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
} // nbLib.allowLocalIPAddresses;
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
|
@ -303,7 +303,6 @@ in {
|
||||
netns.bitcoind.address
|
||||
] ++ map (n: netns.${n}.address) netns.bitcoind.availableNetns;
|
||||
};
|
||||
systemd.services.bitcoind-import-banlist.serviceConfig.NetworkNamespacePath = "/var/run/netns/nb-bitcoind";
|
||||
|
||||
services.clightning.address = netns.clightning.address;
|
||||
|
||||
|
@ -214,7 +214,7 @@ let
|
||||
../modules/presets/secure-node.nix
|
||||
];
|
||||
tests.secure-node = true;
|
||||
tests.banlist-and-restart = true;
|
||||
tests.restart-bitcoind = true;
|
||||
|
||||
# Stop electrs from spamming the test log with 'WARN - wait until IBD is over' messages
|
||||
tests.stop-electrs = true;
|
||||
|
@ -361,31 +361,18 @@ def _():
|
||||
assert_file_exists("secrets/lnd-wallet-password")
|
||||
|
||||
# Impure: restarts services
|
||||
@test("banlist-and-restart")
|
||||
@test("restart-bitcoind")
|
||||
def _():
|
||||
machine.wait_until_succeeds(log_has_string("bitcoind-import-banlist", "Importing node banlist"))
|
||||
assert_no_failure("bitcoind-import-banlist")
|
||||
|
||||
# Current time in µs
|
||||
pre_restart = succeed("date +%s.%6N").rstrip()
|
||||
|
||||
# Sanity-check system by restarting bitcoind.
|
||||
# This also restarts all services depending on bitcoind.
|
||||
succeed("systemctl restart bitcoind")
|
||||
|
||||
# Now that the bitcoind restart triggered a banlist import restart, check that
|
||||
# re-importing already banned addresses works
|
||||
machine.wait_until_succeeds(
|
||||
log_has_string(f"bitcoind-import-banlist --since=@{pre_restart}", "Importing node banlist")
|
||||
)
|
||||
assert_no_failure("bitcoind-import-banlist")
|
||||
|
||||
@test("regtest")
|
||||
def _():
|
||||
def enabled(unit):
|
||||
if unit in enabled_tests:
|
||||
# Wait because the unit might have been restarted in the preceding
|
||||
# 'banlist-and-restart' test
|
||||
# 'restart-bitcoind' test
|
||||
machine.wait_for_unit(unit)
|
||||
return True
|
||||
else:
|
||||
|
Loading…
Reference in New Issue
Block a user