add flake support
This change is fully backwards compatible. We continue to use the standard non-flake evaluation mode in our examples and internal tooling until the flakes design has stabilized. 'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is needed by flake-utils.lib.flattenTree in flake.nix. It transforms the packages in `clightning-plugins` to top-level packages named like `clightning-plugins/summary`. (The flake attr `packages` must be a non-nested attrset of derivations.)
This commit is contained in:
parent
de77281cba
commit
f7c2133250
@ -69,9 +69,17 @@ c systemctl status bitcoind
|
||||
```
|
||||
See [`run-tests.sh`](../test/run-tests.sh) for a complete documentation.
|
||||
|
||||
|
||||
### Real-world example
|
||||
Check the [server repo](https://github.com/fort-nix/nixbitcoin.org) for https://nixbitcoin.org
|
||||
to see the configuration of a nix-bitcoin node that's used in production.
|
||||
|
||||
The commands in `shell.nix` allow you to locally run the node in a VM or container.
|
||||
|
||||
### Flakes
|
||||
|
||||
Flakes make it easy to include `nix-bitcoin` in an existing NixOS config.
|
||||
The [flakes example](./flakes/flake.nix) shows how to use `nix-bitcoin` as an input to a system flake.
|
||||
|
||||
Run `nix run` or `nix run .#vm` from the nix-bitcoin root directory to start an example
|
||||
nix-bitcoin node VM.
|
||||
This command is defined by the nix-bitcoin flake (in [flake.nix](../flake.nix)).
|
||||
|
49
examples/flakes/flake.nix
Normal file
49
examples/flakes/flake.nix
Normal file
@ -0,0 +1,49 @@
|
||||
{
|
||||
description = "A basic nix-bitcoin node";
|
||||
|
||||
inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin";
|
||||
|
||||
outputs = { self, nix-bitcoin }: {
|
||||
|
||||
nixosConfigurations.mynode = nix-bitcoin.inputs.nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
## Note:
|
||||
## If you use a custom nixpkgs version for evaluating your system,
|
||||
## consider using `withLockedPkgs` instead of `withSystemPkgs` to use the exact
|
||||
## pkgs versions for nix-bitcoin services that are tested by nix-bitcoin.
|
||||
## The downsides are increased evaluation times and increased system
|
||||
## closure size.
|
||||
#
|
||||
# nix-bitcoin.nixosModules.withLockedPkgs
|
||||
nix-bitcoin.nixosModules.withSystemPkgs
|
||||
|
||||
## Optional:
|
||||
## Import the secure-node preset, an opinionated config to enhance security
|
||||
## and privacy.
|
||||
#
|
||||
# "${nix-bitcoin}/modules/presets/secure-node.nix"
|
||||
|
||||
{
|
||||
nix-bitcoin.generateSecrets = true;
|
||||
|
||||
services.bitcoind.enable = true;
|
||||
|
||||
# When using nix-bitcoin as part of a larger NixOS configuration, set the following to enable
|
||||
# interactive access to nix-bitcoin features (like bitcoin-cli) for your system's main user
|
||||
nix-bitcoin.operator = {
|
||||
enable = true;
|
||||
name = "main"; # Set this to your system's main user
|
||||
};
|
||||
|
||||
# The system's main unprivileged user. This setting is usually part of your
|
||||
# existing NixOS configuration.
|
||||
users.users.main = {
|
||||
isNormalUser = true;
|
||||
password = "a";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
60
flake.lock
Normal file
60
flake.lock
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1623875721,
|
||||
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1628865210,
|
||||
"narHash": "sha256-dB3IA8AYUQDXH+Xy/6nbv4QpIbVl88DphbcxJSUYiX4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a445f5829889959d65ad65e5c961d5c67e1cd677",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-21.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgsUnstable": {
|
||||
"locked": {
|
||||
"lastModified": 1628779307,
|
||||
"narHash": "sha256-ErivbgE5SGvNdFpq+Q50lw1JGGmvxBR/d71aW41S+1A=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4138cbd913fad85073e59007710e3f083d0eb7c6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgsUnstable": "nixpkgsUnstable"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
106
flake.nix
Normal file
106
flake.nix
Normal file
@ -0,0 +1,106 @@
|
||||
{
|
||||
description = ''
|
||||
A collection of Nix packages and NixOS modules for easily
|
||||
installing full-featured Bitcoin nodes with an emphasis on security.
|
||||
'';
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
|
||||
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgsUnstable, flake-utils }:
|
||||
let
|
||||
supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||
in
|
||||
rec {
|
||||
mkNbPkgs = {
|
||||
system
|
||||
, pkgs ? import nixpkgs { inherit system; }
|
||||
, pkgsUnstable ? import nixpkgsUnstable { inherit system; }
|
||||
}:
|
||||
import ./pkgs { inherit pkgs pkgsUnstable; };
|
||||
|
||||
overlay = final: prev: let
|
||||
nbPkgs = mkNbPkgs { inherit (final) system; pkgs = final; };
|
||||
in removeAttrs nbPkgs [ "pinned" "nixops19_09" "krops" ];
|
||||
|
||||
nixosModules = {
|
||||
# Uses the default system pkgs for nix-bitcoin.pkgs
|
||||
withSystemPkgs = { pkgs, ... }: {
|
||||
imports = [ ./modules/modules.nix ];
|
||||
nix-bitcoin.pkgs = (mkNbPkgs { inherit (pkgs) system; inherit pkgs; }).modulesPkgs;
|
||||
};
|
||||
|
||||
# Uses the nixpkgs version locked by this flake for nix-bitcoin.pkgs.
|
||||
# More stable, but slightly slower to evaluate and needs more space if the
|
||||
# locked and the system nixpkgs versions differ.
|
||||
withLockedPkgs = { config, ... }: {
|
||||
imports = [ ./modules/modules.nix ];
|
||||
nix-bitcoin.pkgs = (mkNbPkgs { inherit (config.nixpkgs) system; }).modulesPkgs;
|
||||
};
|
||||
};
|
||||
|
||||
defaultTemplate = {
|
||||
description = "Basic node template";
|
||||
path = ./examples/flakes;
|
||||
};
|
||||
|
||||
} // (flake-utils.lib.eachSystem supportedSystems (system:
|
||||
let
|
||||
pkgs = import nixpkgs { inherit system; };
|
||||
|
||||
mkVMScript = vm: pkgs.writers.writeBash "run-vm" ''
|
||||
set -euo pipefail
|
||||
export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
|
||||
trap "rm -rf $TMPDIR" EXIT
|
||||
export NIX_DISK_IMAGE=$TMPDIR/nixos.qcow2
|
||||
QEMU_OPTS="-smp $(nproc) -m 1500" ${vm}/bin/run-*-vm
|
||||
'';
|
||||
in rec {
|
||||
nbPkgs = self.mkNbPkgs { inherit system pkgs; };
|
||||
|
||||
packages = flake-utils.lib.flattenTree (removeAttrs nbPkgs [
|
||||
"pinned" "modulesPkgs" "nixops19_09" "krops"
|
||||
]) // {
|
||||
runVM = mkVMScript packages.vm;
|
||||
|
||||
# This is a simple demo VM.
|
||||
# See ./examples/flakes/flake.nix on how to use nix-bitcoin with flakes.
|
||||
vm = let
|
||||
nix-bitcoin = self;
|
||||
in
|
||||
(import "${nixpkgs}/nixos" {
|
||||
inherit system;
|
||||
configuration = {
|
||||
imports = [
|
||||
nix-bitcoin.nixosModules.withSystemPkgs
|
||||
"${nix-bitcoin}/modules/presets/secure-node.nix"
|
||||
];
|
||||
|
||||
nix-bitcoin.generateSecrets = true;
|
||||
services.clightning.enable = true;
|
||||
# For faster startup in offline VMs
|
||||
services.clightning.extraConfig = "disable-dns";
|
||||
|
||||
nixpkgs.pkgs = pkgs;
|
||||
virtualisation.graphics = false;
|
||||
services.getty.autologinUser = "root";
|
||||
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||
};
|
||||
}).vm;
|
||||
};
|
||||
|
||||
defaultApp = apps.vm;
|
||||
|
||||
apps = {
|
||||
# Run a basic nix-bitcoin node in a VM
|
||||
vm = {
|
||||
type = "app";
|
||||
program = toString packages.runVM;
|
||||
};
|
||||
};
|
||||
}
|
||||
));
|
||||
}
|
@ -14,7 +14,7 @@ let self = {
|
||||
krops = import ./krops { };
|
||||
netns-exec = pkgs.callPackage ./netns-exec { };
|
||||
extra-container = pkgs.callPackage ./extra-container { };
|
||||
clightning-plugins = import ./clightning-plugins pkgs self.nbPython3Packages;
|
||||
clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
|
||||
clboss = pkgs.callPackage ./clboss { };
|
||||
secp256k1 = pkgs.callPackage ./secp256k1 { };
|
||||
|
||||
|
@ -1,19 +1,20 @@
|
||||
let
|
||||
fetch = { rev, sha256 }:
|
||||
fetchNixpkgs = { rev, sha256 }:
|
||||
builtins.fetchTarball {
|
||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||
inherit sha256;
|
||||
};
|
||||
|
||||
fetch = input: let
|
||||
inherit (input) locked;
|
||||
in fetchNixpkgs {
|
||||
inherit (locked) rev;
|
||||
sha256 = locked.narHash;
|
||||
};
|
||||
|
||||
lockedInputs = (builtins.fromJSON (builtins.readFile ../flake.lock)).nodes;
|
||||
in
|
||||
{
|
||||
# To update, run ../helper/fetch-channel REV
|
||||
nixpkgs = fetch {
|
||||
# nixos-21.05 (2021-08-14)
|
||||
rev = "a445f5829889959d65ad65e5c961d5c67e1cd677";
|
||||
sha256 = "0zl930jjacdphplw1wv5nlhjk15zvflzzwp53zbh0l8qq01wh7bl";
|
||||
};
|
||||
nixpkgs-unstable = fetch {
|
||||
rev = "4138cbd913fad85073e59007710e3f083d0eb7c6";
|
||||
sha256 = "0l7vaa6mnnmxfxzi9i5gd4c4j3cpfh7gjsjsfk6nnj1r05pazf0j";
|
||||
};
|
||||
nixpkgs = fetch lockedInputs.nixpkgs;
|
||||
nixpkgs-unstable = fetch lockedInputs.nixpkgsUnstable;
|
||||
}
|
||||
|
@ -281,9 +281,18 @@ examples() {
|
||||
(cd "$scriptDir/../examples" && nix-shell --run "$script")
|
||||
}
|
||||
|
||||
flake() {
|
||||
if [[ $(nix flake 2>&1) != *"requires a sub-command"* ]]; then
|
||||
echo "Skipping flake test. Nix flake support is not enabled."
|
||||
else
|
||||
nix flake check "$scriptDir/.."
|
||||
fi
|
||||
}
|
||||
|
||||
all() {
|
||||
buildable
|
||||
examples
|
||||
flake
|
||||
}
|
||||
|
||||
# An alias for buildTest
|
||||
|
Loading…
Reference in New Issue
Block a user