Remove nixops examples and documentation

This commit is contained in:
Jonas Nick 2021-03-08 15:11:13 +01:00
parent b07185915a
commit a4dabc7390
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
12 changed files with 82 additions and 482 deletions

View File

@ -1,33 +1,3 @@
* **Q:** When deploying or trying to SSH into the machine I see
```
bitcoin-node> waiting for SSH...
Received disconnect from 10.1.1.200 port 22:2: Too many authentication failures
```
* **A:** Somehow ssh-agent and nixops don't play well together. Try killing the ssh-agent.
* **Q:** When deploying or trying to SSH into the machine I see
```
root@xxx.xxx.xxx.xxx: Permission denied (publickey,password,keyboard-interactive).
```
Make sure you don't have something like
```
Host *
PubkeyAuthentication no
```
in your ssh config.
* **Q:** When deploying to virtualbox for the first time I see
```
bitcoin-node> Mar 19 09:22:27 bitcoin-node systemd[1]: Started Get NixOps SSH Key.
bitcoin-node> Mar 19 09:22:27 bitcoin-node get-vbox-nixops-client-key-start[2226]: VBoxControl: error: Failed to connect to the guest property service, error VERR_INTERNAL_ERROR
bitcoin-node> Mar 19 09:22:27 bitcoin-node systemd[1]: get-vbox-nixops-client-key.service: Main process exited, code=exited, status=1/FAILURE
bitcoin-node> Mar 19 09:22:27 bitcoin-node systemd[1]: get-vbox-nixops-client-key.service: Failed with result 'exit-code'.
bitcoin-node> error: Traceback (most recent call last):
File "/nix/store/6zyvpi0q6mvprycadz2dpdqag4742y18-python2.7-nixops-1.6pre0_abcdef/lib/python2.7/site-packages/nixops/deployment.py", line 731, in worker
raise Exception("unable to activate new configuration")
Exception: unable to activate new configuration
```
* **A:** This is issue https://github.com/NixOS/nixops/issues/908. The machine needs to be rebooted. You can do that by running `nixops deploy` with the `--force-reboot` flag once.
* **Q:** I'm deploying to virtualbox it's not able to connect anymore.
* **A:** Maybe the IP address of the box changed. Run `nixops deploy --check` to update nixops with the new IP address. Sometimes you need to run `nixops modify -d <deployment> network/network.nix network/network-vbox.nix`. Sometimes you also need to remove the old IP address from `~/.ssh/known_hosts`.
* **Q:** The clightning service is running but when I try to use it (f.e. by running `lightning-cli getinfo` as user operator) all I get is `lightning-cli: Connecting to 'lightning-rpc': Connection refused`. * **Q:** The clightning service is running but when I try to use it (f.e. by running `lightning-cli getinfo` as user operator) all I get is `lightning-cli: Connecting to 'lightning-rpc': Connection refused`.
* **A:** Check your clightning logs with `journalctl -eu clightning`. Do you see something like `bitcoin-cli getblock ... false` failed? Are you using pruned mode? That means that clightning hasn't seen all the blocks it needs to and it can't get that block because your node is pruned. If you're just setting up a new node you can `systemctl stop clightning` and wipe your `/var/lib/clightning` directory. Otherwise you need to reindex the Bitcoin node. * **A:** Check your clightning logs with `journalctl -eu clightning`. Do you see something like `bitcoin-cli getblock ... false` failed? Are you using pruned mode? That means that clightning hasn't seen all the blocks it needs to and it can't get that block because your node is pruned. If you're just setting up a new node you can `systemctl stop clightning` and wipe your `/var/lib/clightning` directory. Otherwise you need to reindex the Bitcoin node.
* **Q:** My disk space is getting low due to nix. * **Q:** My disk space is getting low due to nix.

View File

@ -1,204 +1,10 @@
Preliminary steps Preliminary steps
--- ---
Get a machine to deploy nix-bitcoin on. Get a machine to deploy nix-bitcoin on.
This could be a VirtualBox, a machine that is already running [NixOS](https://nixos.org/nixos/manual/index.html) or a cloud provider.
Have a look at the options in the [NixOps manual](https://nixos.org/nixops/manual/).
# Tutorials # Tutorials
1. [Install and configure NixOS for nix-bitcoin on VirtualBox](#tutorial-install-and-configure-nixos-for-nix-bitcoin-on-virtualbox)
2. [Install and configure NixOS for nix-bitcoin on VirtualBox (macOS host)](#tutorial-install-and-configure-nixos-for-nix-bitcoin-on-virtualbox-macOS-host)
3. [Install and configure NixOS for nix-bitcoin on your own hardware](#tutorial-install-and-configure-nixos-for-nix-bitcoin-on-your-own-hardware)
---- 1. [Install and configure NixOS for nix-bitcoin on your own hardware](#tutorial-install-and-configure-nixos-for-nix-bitcoin-on-your-own-hardware)
Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox
---
## 1. VirtualBox installation
1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch)
```
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
```
2. Add Oracle VirtualBox public key
```
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
gpg2 oracle_vbox_2016.asc
```
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
```
sudo apt-key add oracle_vbox_2016.asc
```
3. Install virtualbox-5.2
```
sudo apt-get update
sudo apt-get install virtualbox-5.2
```
3. Create Host Adapter in VirtualBox
```
vboxmanage hostonlyif create
```
## 2. Nix installation
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
You can also build Nix from source by following the instructions at https://nixos.org/nix/manual/#ch-installing-source.
1. Install Dependencies (Debian 9 stretch)
```
sudo apt-get install curl git gnupg2 dirmngr
```
2. Install latest Nix in "multi-user mode" with GPG Verification according to https://nixos.org/nix/download.html
```
curl -o install-nix-2.3.3 https://releases.nixos.org/nix/nix-2.3.3/install
curl -o install-nix-2.3.3.asc https://releases.nixos.org/nix/nix-2.3.3/install.asc
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg2 --verify ./install-nix-2.3.3.asc
sh ./install-nix-2.3.3 --daemon
```
Then follow the instructions. Open a new terminal window when you're done.
If you get an error similar to
```
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
```
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
3. Optional: Disallow substitutes
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
This eliminates an attack vector where nix's build server or binary cache is compromised.
## 3. Setup deployment directory
1. Clone this project
```
cd
git clone https://github.com/fort-nix/nix-bitcoin
```
2. Obtain the hash of the latest nix-bitcoin release
```
cd nix-bitcoin/examples
nix-shell
```
This will download the nix-bitcoin dependencies and might take a while without giving an output.
Now in the nix-shell run
```
fetch-release > nix-bitcoin-release.nix
```
3. Create a new directory for your nix-bitcoin deployment and copy initial files from nix-bitcoin
```
cd ../../
mkdir nix-bitcoin-node
cd nix-bitcoin-node
cp -r ../nix-bitcoin/examples/{configuration.nix,nixops,shell.nix,nix-bitcoin-release.nix} .
```
## 4. Deploy with NixOps
1. Enter `nix-shell`, which drops you into an environment with all the project dependencies loaded ([docs](https://nixos.wiki/wiki/Development_environment_with_nix-shell)).
```
nix-shell
```
Note that a new directory `secrets/` appeared which contains the secrets for your node.
2. Create a [nixops deployment](https://nixos.org/nixops/manual/#sec-deploying-to-physical-nixos) in nix-shell.
```
nixops create nixops/node.nix nixops/node-vbox.nix -d bitcoin-node
```
3. Adjust your configuration by opening the `configuration.nix` file and enable/disable the modules you want by editing this file. Pay particular attention to lines that are preceded by `FIXME` comments.
4. Deploy with nixops in nix-shell
```
nixops deploy -d bitcoin-node
```
This will now create a nix-bitcoin node on the target machine.
5. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
```
nixops ssh operator@bitcoin-node
```
For security reasons, all normal system management tasks can and should be performed with the `operator` user. Logging in as `root` should be done as rarely as possible.
See [usage.md](usage.md) for usage instructions, such as how to update.
To resize the VM disk image, you can use this helper script from within nix-shell:
```
../nix-bitcoin/helper/vbox-resize-disk1.sh --help
```
----
Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox (macOS host)
---
## 1. VirtualBox installation (macOS)
1. Download and install VirtualBox
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
2. Create Host Adapter in VirtualBox
```
vboxmanage hostonlyif create
```
## 2. Nix installation (macOS)
Follow the instructions from [Nix installation on debian](#2-nix-installation). You will may need to replace `gpg2` with `gpg`.
## 3. LinuxKit Nix installation
In order to build binaries for your linux (NixOS) virtual machine on a macOS host machine, you need to use [linuxkit-nix](https://github.com/nix-community/linuxkit-nix). It uses hyperkit to spin up a separate VM on which it builds binaries. An alternative solution is [nix-docker-build-slave](https://github.com/LnL7/nix-docker/blob/master/start-docker-nix-build-slave).
1. Installation
```
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
nix-linuxkit-configure
```
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
2. Confirm that nix-linuxkit works
```
nix-build ~/.cache/nix-linuxkit-builder/example.nix
```
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
## 4. Nixops deployment (macOS)
Follow the instructions from [Nixops deployment on debian](#3-nixops-deployment). Add `--option system x86_64-linux` to the `nixops deploy` command in step 5 to force your system to use linuxkit-nix.
---- ----
@ -344,33 +150,78 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
reboot reboot
``` ```
## 2. Nix installation ## 2. Nix installation
Follow the [Nix installation](#2-nix-installation) instructions from the tutorial above (on the machine you are going to deploy from). The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
You can also build Nix from source by following the instructions at https://nixos.org/nix/manual/#ch-installing-source.
1. Install Dependencies (Debian 9 stretch)
```
sudo apt-get install curl git gnupg2 dirmngr
```
2. Install latest Nix in "multi-user mode" with GPG Verification according to https://nixos.org/nix/download.html
```
curl -o install-nix-2.3.3 https://releases.nixos.org/nix/nix-2.3.3/install
curl -o install-nix-2.3.3.asc https://releases.nixos.org/nix/nix-2.3.3/install.asc
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg2 --verify ./install-nix-2.3.3.asc
sh ./install-nix-2.3.3 --daemon
```
Then follow the instructions. Open a new terminal window when you're done.
If you get an error similar to
```
error: cloning builder process: Operation not permitted
error: unable to start build process
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
```
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
3. Optional: Disallow substitutes
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
This eliminates an attack vector where nix's build server or binary cache is compromised.
## 3. Setup deployment directory ## 3. Setup deployment directory
Follow the [Setup deployment directory](#3-setup-deployment-directory) instructions from the tutorial above (on the machine you are going to deploy from).
1. Clone this project
## 4. Deploy with NixOps
1. Make sure you are in the deployment directory and create a nixops network file as follows
``` ```
nano nixops/node-nixos.nix cd
git clone https://github.com/fort-nix/nix-bitcoin
``` ```
2. Obtain the hash of the latest nix-bitcoin release
``` ```
{ cd nix-bitcoin/examples
bitcoin-node = nix-shell
{ config, pkgs, ... }:
{ deployment.targetHost = "1.2.3.4";
};
}
``` ```
Replace 1.2.3.4 with NixOS machine's IP address. This will download the nix-bitcoin dependencies and might take a while without giving an output.
Now in the nix-shell run
```
fetch-release > nix-bitcoin-release.nix
```
3. Create a new directory for your nix-bitcoin deployment and copy initial files from nix-bitcoin
```
cd ../../
mkdir nix-bitcoin-node
cd nix-bitcoin-node
# TODO
cp -r ../nix-bitcoin/examples/{configuration.nix,shell.nix,nix-bitcoin-release.nix} .
```
## 4. Deploy with TODO
1. TODO
2. Edit `configuration.nix` 2. Edit `configuration.nix`
``` ```
@ -390,10 +241,13 @@ Follow the [Setup deployment directory](#3-setup-deployment-directory) instructi
4. Add boot option to `hardware-configuration.nix` 4. Add boot option to `hardware-configuration.nix`
Option 1: Enable systemd boot for UEFI Option 1: Enable systemd boot for UEFI
``` ```
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
``` ```
Option 2: Set grub device for Legacy Boot (MBR) Option 2: Set grub device for Legacy Boot (MBR)
``` ```
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
``` ```
@ -404,29 +258,12 @@ Follow the [Setup deployment directory](#3-setup-deployment-directory) instructi
nix-shell nix-shell
``` ```
Note that a new directory `secrets/` appeared which contains the secrets for your node. NOTE that a new directory `secrets/` appeared which contains the secrets for your node.
6. Create nixops [deployment](https://nixos.org/nixops/manual/#sec-deploying-to-physical-nixos) in nix-shell.
```
nixops create nixops/node.nix nixops/node-nixos.nix -d bitcoin-node
```
6. TODO
7. Adjust configuration by opening the `configuration.nix` file and enable/disable the modules you want by editing this file. Pay particular attention to lines that are preceded by `FIXME` comments. 7. Adjust configuration by opening the `configuration.nix` file and enable/disable the modules you want by editing this file. Pay particular attention to lines that are preceded by `FIXME` comments.
8. Deploy with nixops in nix-shell 8. TODO
```
nixops deploy -d bitcoin-node
```
This will now create a nix-bitcoin node on the target machine.
9. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
```
nixops ssh operator@bitcoin-node
```
For security reasons, all normal system management tasks can and should be performed with the `operator` user. Logging in as `root` should be done as rarely as possible. For security reasons, all normal system management tasks can and should be performed with the `operator` user. Logging in as `root` should be done as rarely as possible.

View File

@ -30,10 +30,6 @@ Connect to spark-wallet
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
```
nixops deploy -d bitcoin-node
```
3. Enable Orbot VPN for spark-wallet 3. Enable Orbot VPN for spark-wallet
``` ```
@ -123,10 +119,6 @@ Connect to electrs
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
```
nixops deploy -d bitcoin-node
```
3. Get electrs onion address with format `<onion-address>:<port>` 3. Get electrs onion address with format `<onion-address>:<port>`
``` ```
@ -156,7 +148,7 @@ Connect to nix-bitcoin node through the SSH onion service
1. Get the SSH onion address (excluding the port suffix) 1. Get the SSH onion address (excluding the port suffix)
``` ```
nixops ssh operator@bitcoin-node ssh operator@bitcoin-node
nodeinfo | jq -r .sshd.onion_address | sed 's/:.*//' nodeinfo | jq -r .sshd.onion_address | sed 's/:.*//'
``` ```
@ -182,19 +174,9 @@ Connect to nix-bitcoin node through the SSH onion service
ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:localhost:22 root@<SSH onion address> ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:localhost:22 root@<SSH onion address>
``` ```
5. Edit your `network-nixos.nix` to look like this 5. Edit your network to change the node's address to `localhost` and the ssh port to `[random port of your choosing]`
``` 6. After deploying the new configuration, it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that some deployment tools don't support. An example would be authenticating with [Trezor's SSH agent](https://github.com/romanz/trezor-agent), which provides extra security.
{
bitcoin-node =
{ config, pkgs, ... }:
{ deployment.targetHost = "127.0.0.1";
deployment.targetPort = <random port of your choosing>;
};
}
```
6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's SSH agent](https://github.com/romanz/trezor-agent), which provides extra security.
Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
--- ---
@ -212,14 +194,10 @@ Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
```
nixops deploy -d bitcoin-node
```
3. Check that your nix-bitcoin node recognizes your Trezor 3. Check that your nix-bitcoin node recognizes your Trezor
``` ```
nixops ssh operator@bitcoin-node ssh operator@bitcoin-node
lsusb lsusb
``` ```
Should show something relating to your Trezor Should show something relating to your Trezor

View File

@ -20,10 +20,6 @@ By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `cli
- [`./deploy-qemu-vm.sh`](deploy-qemu-vm.sh) creates a QEMU VM.\ - [`./deploy-qemu-vm.sh`](deploy-qemu-vm.sh) creates a QEMU VM.\
Requires: [Nix](https://nixos.org/nix/) Requires: [Nix](https://nixos.org/nix/)
- [`./deploy-nixops.sh`](deploy-nixops.sh) creates a VirtualBox VM via [NixOps](https://github.com/NixOS/nixops).\
NixOps can be used to deploy to various other backends like cloud providers.\
Requires: [Nix](https://nixos.org/nix/), [VirtualBox](https://www.virtualbox.org)
- [`./deploy-container-minimal.sh`](deploy-container-minimal.sh) creates a - [`./deploy-container-minimal.sh`](deploy-container-minimal.sh) creates a
container defined by [minimal-configuration.nix](minimal-configuration.nix) that container defined by [minimal-configuration.nix](minimal-configuration.nix) that
doesn't use the [secure-node.nix](../modules/presets/secure-node.nix) preset. doesn't use the [secure-node.nix](../modules/presets/secure-node.nix) preset.

View File

@ -13,7 +13,6 @@
# FIXME: Uncomment next line to import your hardware configuration. If so, # FIXME: Uncomment next line to import your hardware configuration. If so,
# add the hardware configuration file to the same directory as this file. # add the hardware configuration file to the same directory as this file.
# This is not needed when deploying to a virtual box.
#./hardware-configuration.nix #./hardware-configuration.nix
]; ];
# FIXME: Enable modules by uncommenting their respective line. Disable # FIXME: Enable modules by uncommenting their respective line. Disable
@ -73,10 +72,10 @@
# If you use lnd, you should manually backup your wallet mnemonic # If you use lnd, you should manually backup your wallet mnemonic
# seed. This will allow you to recover on-chain funds. You can run the # seed. This will allow you to recover on-chain funds. You can run the
# following command after the lnd service starts: # following command after the lnd service starts:
# nixops scp --from bitcoin-node /secrets/lnd-seed-mnemonic ./secrets/lnd-seed-mnemonic # scp bitcoin-node:/secrets/lnd-seed-mnemonic ./secrets/lnd-seed-mnemonic
# You should also backup your channel state after opening new channels. # You should also backup your channel state after opening new channels.
# This will allow you to recover off-chain funds, by force-closing channels. # This will allow you to recover off-chain funds, by force-closing channels.
# nixops scp --from bitcoin-node /var/lib/lnd/chain/bitcoin/mainnet/channel.backup /my-backup-path/channel.backup # scp bitcoin-node:/var/lib/lnd/chain/bitcoin/mainnet/channel.backup /my-backup-path/channel.backup
### SPARK WALLET ### SPARK WALLET
# Enable this module to use spark-wallet, a minimalistic wallet GUI for # Enable this module to use spark-wallet, a minimalistic wallet GUI for
@ -176,7 +175,7 @@
# /var/lib/localBackups once a day. # /var/lib/localBackups once a day.
# services.backups.enable = true; # services.backups.enable = true;
# You can pull the localBackups folder with # You can pull the localBackups folder with
# `nixops scp --from bitcoin-node /var/lib/localBackups /my-backup-path/` # `scp bitcoin-node:/var/lib/localBackups /my-backup-path/`
# Alternatively, you can also set a remote target url, for example # Alternatively, you can also set a remote target url, for example
# services.backups.destination = "sftp://user@host[:port]/[relative|/absolute]_path"; # services.backups.destination = "sftp://user@host[:port]/[relative|/absolute]_path";
# Supply the sftp password by appending the FTP_PASSWORD environment variable # Supply the sftp password by appending the FTP_PASSWORD environment variable

View File

@ -1,50 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
# This script demonstrates how to setup a VirtualBox nix-bitcoin node with nixops.
# Running this script leaves no traces on your host system.
# This demo is a template for your own experiments.
# Run with option `--interactive` or `-i` to start a shell for interacting with
# the node.
if [[ ! -v IN_NIX_SHELL ]]; then
echo "Running script in nix shell env..."
cd "${BASH_SOURCE[0]%/*}"
exec nix-shell --run "./${BASH_SOURCE[0]##*/} $*"
fi
# Cleanup on exit
cleanup() {
set +e
if nixops list | grep -q bitcoin-node; then
nixops destroy --confirm -d bitcoin-node
fi
rm -rf $tmpDir
}
trap "cleanup" EXIT
tmpDir=/tmp/nix-bitcoin-nixops
mkdir -p $tmpDir
# Don't write nixops and VirtualBox data to the $USER's home
export HOME=$tmpDir
# Disable interactive queries and don't write to the $USER's known_hosts file
export NIXOPS_SSH_OPTS="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
nixops create nixops/node.nix nixops/node-vbox.nix -d bitcoin-node
nixops deploy -d bitcoin-node
# Connect to node
nixops ssh bitcoin-node systemctl status bitcoind
c() { nixops ssh bitcoin-node "$@"; }
case ${1:-} in
-i|--interactive)
. start-bash-session.sh
;;
esac
# Cleanup happens at exit (see above)

View File

@ -1,30 +0,0 @@
{
bitcoin-node =
{ config, pkgs, ... }:
{
deployment.targetEnv = "libvirtd";
deployment.libvirtd.memorySize = 8192; # megabytes
deployment.libvirtd.vcpu = 4; # number of cpus
deployment.libvirtd.headless = true;
deployment.libvirtd.baseImageSize = 400;
boot.kernelParams = [ "console=ttyS0,115200" ];
deployment.libvirtd.extraDevicesXML = ''
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
'';
# Remove when fixed: https://github.com/NixOS/nixops/issues/931
system.activationScripts.nixops-vm-fix-931 = {
text = ''
if ls -l /nix/store | grep sudo | grep -q nogroup; then
mount -o remount,rw /nix/store
chown -R root:nixbld /nix/store
fi
'';
deps = [];
};
};
}

View File

@ -1,13 +0,0 @@
{
bitcoin-node =
{ config, pkgs, ... }:
{
deployment.targetEnv = "virtualbox";
deployment.virtualbox = {
memorySize = 4096; # megabytes
vcpu = 4; # number of cpus
disks.disk1.size = 358400; # 350 GiB
headless = true;
};
};
}

View File

@ -1,5 +1,8 @@
# This is an example network definition for deploying a nix-bitcoin node via NixOps.
# NixOps deployment is currently untested.
{ {
network.description = "Bitcoin Core node"; network.description = "Bitcoin node";
bitcoin-node = { config, pkgs, lib, ... }: { bitcoin-node = { config, pkgs, lib, ... }: {
imports = [ imports = [
@ -8,5 +11,9 @@
]; ];
nix-bitcoin.deployment.secretsDir = toString ../secrets; nix-bitcoin.deployment.secretsDir = toString ../secrets;
#FIXME:
# Set `deployment.*` options like
# deployment.targetHost = "<address_or_hostname>";
}; };
} }

View File

@ -20,7 +20,7 @@ with nixpkgs;
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "nix-bitcoin-environment"; name = "nix-bitcoin-environment";
path = lib.makeBinPath [ nix-bitcoin.nixops19_09 nix-bitcoin.extra-container figlet ]; path = lib.makeBinPath [ nix-bitcoin.extra-container figlet ];
shellHook = '' shellHook = ''
export NIX_PATH="nixpkgs=${nixpkgs-path}:nix-bitcoin=${toString nix-bitcoin-path}:." export NIX_PATH="nixpkgs=${nixpkgs-path}:nix-bitcoin=${toString nix-bitcoin-path}:."
@ -28,12 +28,6 @@ stdenv.mkDerivation rec {
alias fetch-release="${toString nix-bitcoin-path}/helper/fetch-release" alias fetch-release="${toString nix-bitcoin-path}/helper/fetch-release"
# ssh-agent and nixops don't play well together (see
# https://github.com/NixOS/nixops/issues/256). I'm getting `Received disconnect
# from 10.1.1.200 port 22:2: Too many authentication failures` if I have a few
# keys already added to my ssh-agent.
export SSH_AUTH_SOCK=""
figlet "nix-bitcoin" figlet "nix-bitcoin"
(mkdir -p secrets; cd secrets; env -i ${nix-bitcoin.generate-secrets}) (mkdir -p secrets; cd secrets; env -i ${nix-bitcoin.generate-secrets})

View File

@ -1,81 +0,0 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p jq
while getopts ":d:m:s:f:yh" opt; do
case $opt in
d)
DEPLOYMENT="$OPTARG"
;;
m)
MACHINE="$OPTARG"
;;
s)
NEW_SIZE="$OPTARG"
;;
f)
DISK_FILE="$OPTARG"
;;
y)
YES="yes"
;;
h)
echo "Usage: $0 [-d <deployment>] [-m <machine>] [-s <size>] [-f <file>] [-y]"
echo ""
echo "Options:"
echo " -d <deployment> NixOps deployment name. Default: bitcoin-node."
echo " -m <machine> NixOps machine name. Default: bitcoin-node."
echo " -s <size> New disk size in megabytes. Default: 358400 (350gb)."
echo " -f <file> Path to vbox disk file/VDI. Default: read from nixops export."
echo " -y Don't ask for confirmation."
exit 0
;;
\?)
echo "Invalid option: -$OPTARG" >&2
exit 1
;;
:)
echo "Option -$OPTARG requires an argument." >&2
exit 1
;;
esac
done
DEPLOYMENT=${DEPLOYMENT:-"bitcoin-node"}
MACHINE=${MACHINE:-"bitcoin-node"}
NEW_SIZE=${NEW_SIZE:-358400}
DISK_FILE=${DISK_FILE:-$(nixops export -d $DEPLOYMENT | jq -r '..|."virtualbox.disks"?|select(.!=null)' | jq -r .disk1.path)}
echo "Resizing virtualbox disk for use with nixops and nix-bitcoin."
echo "Using deployment: $DEPLOYMENT"
echo "Using machine: $MACHINE"
echo "Using size: $NEW_SIZE"
echo "Using disk file: $DISK_FILE"
if [ "$YES" != "yes" ]; then
read -p "Continue? [Y/n] " -n 1 -r
echo
if [[ ! "$REPLY" =~ ^[Yy]$ ]]; then
exit 1
fi
fi
set -ex
nixops stop -d $DEPLOYMENT
VBoxManage modifyhd --resize $NEW_SIZE "$DISK_FILE"
nixops start -d $DEPLOYMENT
# (
# echo d # [d]elete 50gb partition
# echo n # [n]ew partition
# echo p # [p]rimary partition
# echo # partition number (Accept default: 1)
# echo # first sector (Accept default: 1)
# echo # last sector (Accept default: determined by $NEW_SIZE)
# echo w # [w]rite changes
# ) | fdisk
nixops ssh -d $DEPLOYMENT $MACHINE -- '(echo d; echo n; echo p; echo; echo; echo; echo w; ) | fdisk /dev/sda'
nixops reboot -d $DEPLOYMENT
nixops ssh -d $DEPLOYMENT $MACHINE -- resize2fs /dev/sda1
nixops ssh -d $DEPLOYMENT $MACHINE -- df -h

View File

@ -57,12 +57,5 @@ in {
users.users.${operatorName} = { users.users.${operatorName} = {
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys; openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
}; };
# Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
systemd.services.get-vbox-nixops-client-key =
mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
postStart = ''
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.${operatorName}.home}"
'';
};
}; };
} }