greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge fort-nix/nix-bitcoin#560: Update nixpgks

Browse Source 
c88acbb1bb btcpayserver: use new option `certfilepath` for lnd (Erik Arvstedt)
13a835e88f Revert "pkgs: add lnd 0.15.2" (Erik Arvstedt)
3549725b51 update nixpkgs (Erik Arvstedt)
61c539d5b6 defaultHardening: allow syscall `set_mempolicy` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK c88acbb1bb

Tree-SHA512: 450fc27bb738d7465be829bc6ceda0030cdfc6bb75d15001986450c8189d675fe0fd0a0e6875c0224a239be0aae3acbecb74fb3b970fb6a8dfedd1d463a93d55
This commit is contained in:
Jonas Nick 2022-10-25 07:56:54 +00:00
commit 9d074e1985
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
6 changed files with 22 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
flake.lock
View File

@ -17,11 +17,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1663760840, "lastModified": 1666528161,
"narHash": "sha256-ym5Iycs5H4cOaLfE2/vC0tsLp8XuBJQIHGV8/uXSy8M=", "narHash": "sha256-PFOQSC0x4xPD1p/GZIbpKuoEBu6M8HnEOeNRiBUCELA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9bdbbaa634aa666eb6a27096bdcb991c59181244", "rev": "471d92178b978fcbad8db27c2e8a4e737d4e0e27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -33,11 +33,11 @@
}, },
"nixpkgsUnstable": { "nixpkgsUnstable": {
"locked": { "locked": {
"lastModified": 1663757063, "lastModified": 1666570118,
"narHash": "sha256-H+BPgoXuVcdi3g5BH4cact4osjfjntaTQTdA/HNiCYE=", "narHash": "sha256-MTXmIYowHM1wyIYyqPdBLia5SjGnxETv0YkIbDsbkx4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a0e390471362e27349abc1090197e09fe8c59d16", "rev": "1e684b371cf05300bc2b432f958f285855bac8fb",
"type": "github" "type": "github"
}, },
"original": { "original": {

29
modules/btcpayserver.nix
View File

@ -200,7 +200,7 @@ in {
systemd.services.btcpayserver = let systemd.services.btcpayserver = let
nbExplorerUrl = "http://${nbLib.addressWithPort cfg.nbxplorer.address cfg.nbxplorer.port}/"; nbExplorerUrl = "http://${nbLib.addressWithPort cfg.nbxplorer.address cfg.nbxplorer.port}/";
nbExplorerCookie = "${cfg.nbxplorer.dataDir}/${bitcoind.makeNetworkName "Main" "RegTest"}/.cookie"; nbExplorerCookie = "${cfg.nbxplorer.dataDir}/${bitcoind.makeNetworkName "Main" "RegTest"}/.cookie";
configFile = builtins.toFile "config" ('' configFile = builtins.toFile "btcpayserver-config" (''
network=${bitcoind.network} network=${bitcoind.network}
bind=${cfg.btcpayserver.address} bind=${cfg.btcpayserver.address}
port=${toString cfg.btcpayserver.port} port=${toString cfg.btcpayserver.port}
@ -212,34 +212,27 @@ in {
rootpath=${cfg.btcpayserver.rootpath} rootpath=${cfg.btcpayserver.rootpath}
'' + optionalString (cfg.btcpayserver.lightningBackend == "clightning") '' '' + optionalString (cfg.btcpayserver.lightningBackend == "clightning") ''
btclightning=type=clightning;server=unix:///${cfg.clightning.dataDir}/${bitcoind.makeNetworkName "bitcoin" "regtest"}/lightning-rpc btclightning=type=clightning;server=unix:///${cfg.clightning.dataDir}/${bitcoind.makeNetworkName "bitcoin" "regtest"}/lightning-rpc
'' + optionalString cfg.btcpayserver.lbtc '' '' + optionalString (cfg.btcpayserver.lightningBackend == "lnd")
(
"btclightning=type=lnd-rest;" +
"server=https://${cfg.lnd.restAddress}:${toString cfg.lnd.restPort}/;" +
"macaroonfilepath=/run/lnd/btcpayserver.macaroon;" +
"certfilepath=${config.services.lnd.certPath}" +
"\n"
)
+ optionalString cfg.btcpayserver.lbtc ''
chains=btc,lbtc chains=btc,lbtc
lbtcexplorerurl=${nbExplorerUrl} lbtcexplorerurl=${nbExplorerUrl}
lbtcexplorercookiefile=${nbExplorerCookie} lbtcexplorercookiefile=${nbExplorerCookie}
''); '');
lndConfig =
"btclightning=type=lnd-rest;" +
"server=https://${cfg.lnd.restAddress}:${toString cfg.lnd.restPort}/;" +
"macaroonfilepath=/run/lnd/btcpayserver.macaroon;" +
"certthumbprint=";
in let self = { in let self = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
requires = [ "nbxplorer.service" "postgresql.service" ] requires = [ "nbxplorer.service" "postgresql.service" ]
++ optional (cfg.btcpayserver.lightningBackend != null) "${cfg.btcpayserver.lightningBackend}.service"; ++ optional (cfg.btcpayserver.lightningBackend != null) "${cfg.btcpayserver.lightningBackend}.service";
after = self.requires; after = self.requires;
preStart = ''
install -m 600 ${configFile} '${cfg.btcpayserver.dataDir}/settings.config'
${optionalString (cfg.btcpayserver.lightningBackend == "lnd") ''
{
echo -n "${lndConfig}"
${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.services.lnd.certPath} \
| sed -e 's/.*=//;s/://g'
} >> '${cfg.btcpayserver.dataDir}/settings.config'
''}
'';
serviceConfig = nbLib.defaultHardening // { serviceConfig = nbLib.defaultHardening // {
ExecStart = '' ExecStart = ''
${cfg.btcpayserver.package}/bin/btcpayserver --conf='${cfg.btcpayserver.dataDir}/settings.config' \ ${cfg.btcpayserver.package}/bin/btcpayserver --conf=${configFile} \
--datadir='${cfg.btcpayserver.dataDir}' --datadir='${cfg.btcpayserver.dataDir}'
''; '';
User = cfg.btcpayserver.user; User = cfg.btcpayserver.user;

5
pkgs/default.nix
View File

@ -37,10 +37,5 @@ let self = {
pinned = import ./pinned.nix pkgs pkgsUnstable; pinned = import ./pinned.nix pkgs pkgsUnstable;
# TODO-EXTERNAL:
# Remove this when https://github.com/NixOS/nixpkgs/pull/195337 is available in the
# nixpkgs-unstable channel
lnd = pkgsUnstable.callPackage ./lnd-0.15.2.nix {};
modulesPkgs = self // self.pinned; modulesPkgs = self // self.pinned;
}; in self }; in self

2
pkgs/lib.nix
View File

@ -33,7 +33,7 @@ let self = {
# @system-service whitelist and docker seccomp blacklist (except for "clone" # @system-service whitelist and docker seccomp blacklist (except for "clone"
# which is a core requirement for systemd services) # which is a core requirement for systemd services)
# @system-service is defined in src/shared/seccomp-util.c (systemd source) # @system-service is defined in src/shared/seccomp-util.c (systemd source)
SystemCallFilter = [ "@system-service" "~add_key kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key set_mempolicy setns unshare userfaultfd" ]; SystemCallFilter = [ "@system-service" "~add_key kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key setns unshare userfaultfd" ];
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
}; };

40
pkgs/lnd-0.15.2.nix
View File

@ -1,40 +0,0 @@
{ buildGoModule
, fetchFromGitHub
, lib
, tags ? [ "autopilotrpc" "signrpc" "walletrpc" "chainrpc" "invoicesrpc" "watchtowerrpc" "routerrpc" "monitoring" "kvdb_postgres" "kvdb_etcd" ]
}:
buildGoModule rec {
pname = "lnd";
version = "0.15.2-beta";
src = fetchFromGitHub {
owner = "lightningnetwork";
repo = "lnd";
rev = "v${version}";
sha256 = "sha256-C7BZ6awY2v5Uvvh12YEosoEQyJoetWzH/1wIQSVjtEk=";
};
vendorSha256 = "sha256-rCdcPkgrFcDfLfF8wipFws7YTKEgotuVqVIJYLMOxbs=";
subPackages = [ "cmd/lncli" "cmd/lnd" ];
preBuild = let
buildVars = {
RawTags = lib.concatStringsSep "," tags;
GoVersion = "$(go version | egrep -o 'go[0-9]+[.][^ ]*')";
};
buildVarsFlags = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "-X github.com/lightningnetwork/lnd/build.${k}=${v}") buildVars);
in
lib.optionalString (tags != []) ''
buildFlagsArray+=("-tags=${lib.concatStringsSep " " tags}")
buildFlagsArray+=("-ldflags=${buildVarsFlags}")
'';
meta = with lib; {
description = "Lightning Network Daemon";
homepage = "https://github.com/lightningnetwork/lnd";
license = licenses.mit;
maintainers = with maintainers; [ cypherpunk2140 prusnak ];
};
}

7
pkgs/pinned.nix
View File

@ -6,8 +6,8 @@ pkgs: pkgsUnstable:
bitcoind bitcoind
extra-container extra-container
lightning-pool lightning-pool
lndconnect lnd
nbxplorer; lndconnect;
inherit (pkgsUnstable) inherit (pkgsUnstable)
btcpayserver btcpayserver
@ -17,7 +17,8 @@ pkgs: pkgsUnstable:
elementsd elementsd
fulcrum fulcrum
hwi hwi
lightning-loop; lightning-loop
nbxplorer;
inherit pkgs pkgsUnstable; inherit pkgs pkgsUnstable;
} }