add flake support
This change is fully backwards compatible. We continue to use the standard non-flake evaluation mode in our examples and internal tooling until the flakes design has stabilized. 'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is needed by flake-utils.lib.flattenTree in flake.nix. It transforms the packages in `clightning-plugins` to top-level packages named like `clightning-plugins/summary`. (The flake attr `packages` must be a non-nested attrset of derivations.)
This commit is contained in:
parent
de77281cba
commit
f7c2133250
@ -69,9 +69,17 @@ c systemctl status bitcoind
|
|||||||
```
|
```
|
||||||
See [`run-tests.sh`](../test/run-tests.sh) for a complete documentation.
|
See [`run-tests.sh`](../test/run-tests.sh) for a complete documentation.
|
||||||
|
|
||||||
|
|
||||||
### Real-world example
|
### Real-world example
|
||||||
Check the [server repo](https://github.com/fort-nix/nixbitcoin.org) for https://nixbitcoin.org
|
Check the [server repo](https://github.com/fort-nix/nixbitcoin.org) for https://nixbitcoin.org
|
||||||
to see the configuration of a nix-bitcoin node that's used in production.
|
to see the configuration of a nix-bitcoin node that's used in production.
|
||||||
|
|
||||||
The commands in `shell.nix` allow you to locally run the node in a VM or container.
|
The commands in `shell.nix` allow you to locally run the node in a VM or container.
|
||||||
|
|
||||||
|
### Flakes
|
||||||
|
|
||||||
|
Flakes make it easy to include `nix-bitcoin` in an existing NixOS config.
|
||||||
|
The [flakes example](./flakes/flake.nix) shows how to use `nix-bitcoin` as an input to a system flake.
|
||||||
|
|
||||||
|
Run `nix run` or `nix run .#vm` from the nix-bitcoin root directory to start an example
|
||||||
|
nix-bitcoin node VM.
|
||||||
|
This command is defined by the nix-bitcoin flake (in [flake.nix](../flake.nix)).
|
||||||
|
49
examples/flakes/flake.nix
Normal file
49
examples/flakes/flake.nix
Normal file
@ -0,0 +1,49 @@
|
|||||||
|
{
|
||||||
|
description = "A basic nix-bitcoin node";
|
||||||
|
|
||||||
|
inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin";
|
||||||
|
|
||||||
|
outputs = { self, nix-bitcoin }: {
|
||||||
|
|
||||||
|
nixosConfigurations.mynode = nix-bitcoin.inputs.nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
## Note:
|
||||||
|
## If you use a custom nixpkgs version for evaluating your system,
|
||||||
|
## consider using `withLockedPkgs` instead of `withSystemPkgs` to use the exact
|
||||||
|
## pkgs versions for nix-bitcoin services that are tested by nix-bitcoin.
|
||||||
|
## The downsides are increased evaluation times and increased system
|
||||||
|
## closure size.
|
||||||
|
#
|
||||||
|
# nix-bitcoin.nixosModules.withLockedPkgs
|
||||||
|
nix-bitcoin.nixosModules.withSystemPkgs
|
||||||
|
|
||||||
|
## Optional:
|
||||||
|
## Import the secure-node preset, an opinionated config to enhance security
|
||||||
|
## and privacy.
|
||||||
|
#
|
||||||
|
# "${nix-bitcoin}/modules/presets/secure-node.nix"
|
||||||
|
|
||||||
|
{
|
||||||
|
nix-bitcoin.generateSecrets = true;
|
||||||
|
|
||||||
|
services.bitcoind.enable = true;
|
||||||
|
|
||||||
|
# When using nix-bitcoin as part of a larger NixOS configuration, set the following to enable
|
||||||
|
# interactive access to nix-bitcoin features (like bitcoin-cli) for your system's main user
|
||||||
|
nix-bitcoin.operator = {
|
||||||
|
enable = true;
|
||||||
|
name = "main"; # Set this to your system's main user
|
||||||
|
};
|
||||||
|
|
||||||
|
# The system's main unprivileged user. This setting is usually part of your
|
||||||
|
# existing NixOS configuration.
|
||||||
|
users.users.main = {
|
||||||
|
isNormalUser = true;
|
||||||
|
password = "a";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
60
flake.lock
Normal file
60
flake.lock
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
{
|
||||||
|
"nodes": {
|
||||||
|
"flake-utils": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1623875721,
|
||||||
|
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1628865210,
|
||||||
|
"narHash": "sha256-dB3IA8AYUQDXH+Xy/6nbv4QpIbVl88DphbcxJSUYiX4=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a445f5829889959d65ad65e5c961d5c67e1cd677",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-21.05",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgsUnstable": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1628779307,
|
||||||
|
"narHash": "sha256-ErivbgE5SGvNdFpq+Q50lw1JGGmvxBR/d71aW41S+1A=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "4138cbd913fad85073e59007710e3f083d0eb7c6",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixpkgs-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": "nixpkgs",
|
||||||
|
"nixpkgsUnstable": "nixpkgsUnstable"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"root": "root",
|
||||||
|
"version": 7
|
||||||
|
}
|
106
flake.nix
Normal file
106
flake.nix
Normal file
@ -0,0 +1,106 @@
|
|||||||
|
{
|
||||||
|
description = ''
|
||||||
|
A collection of Nix packages and NixOS modules for easily
|
||||||
|
installing full-featured Bitcoin nodes with an emphasis on security.
|
||||||
|
'';
|
||||||
|
|
||||||
|
inputs = {
|
||||||
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
|
||||||
|
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||||
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = { self, nixpkgs, nixpkgsUnstable, flake-utils }:
|
||||||
|
let
|
||||||
|
supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
|
||||||
|
in
|
||||||
|
rec {
|
||||||
|
mkNbPkgs = {
|
||||||
|
system
|
||||||
|
, pkgs ? import nixpkgs { inherit system; }
|
||||||
|
, pkgsUnstable ? import nixpkgsUnstable { inherit system; }
|
||||||
|
}:
|
||||||
|
import ./pkgs { inherit pkgs pkgsUnstable; };
|
||||||
|
|
||||||
|
overlay = final: prev: let
|
||||||
|
nbPkgs = mkNbPkgs { inherit (final) system; pkgs = final; };
|
||||||
|
in removeAttrs nbPkgs [ "pinned" "nixops19_09" "krops" ];
|
||||||
|
|
||||||
|
nixosModules = {
|
||||||
|
# Uses the default system pkgs for nix-bitcoin.pkgs
|
||||||
|
withSystemPkgs = { pkgs, ... }: {
|
||||||
|
imports = [ ./modules/modules.nix ];
|
||||||
|
nix-bitcoin.pkgs = (mkNbPkgs { inherit (pkgs) system; inherit pkgs; }).modulesPkgs;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Uses the nixpkgs version locked by this flake for nix-bitcoin.pkgs.
|
||||||
|
# More stable, but slightly slower to evaluate and needs more space if the
|
||||||
|
# locked and the system nixpkgs versions differ.
|
||||||
|
withLockedPkgs = { config, ... }: {
|
||||||
|
imports = [ ./modules/modules.nix ];
|
||||||
|
nix-bitcoin.pkgs = (mkNbPkgs { inherit (config.nixpkgs) system; }).modulesPkgs;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultTemplate = {
|
||||||
|
description = "Basic node template";
|
||||||
|
path = ./examples/flakes;
|
||||||
|
};
|
||||||
|
|
||||||
|
} // (flake-utils.lib.eachSystem supportedSystems (system:
|
||||||
|
let
|
||||||
|
pkgs = import nixpkgs { inherit system; };
|
||||||
|
|
||||||
|
mkVMScript = vm: pkgs.writers.writeBash "run-vm" ''
|
||||||
|
set -euo pipefail
|
||||||
|
export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
|
||||||
|
trap "rm -rf $TMPDIR" EXIT
|
||||||
|
export NIX_DISK_IMAGE=$TMPDIR/nixos.qcow2
|
||||||
|
QEMU_OPTS="-smp $(nproc) -m 1500" ${vm}/bin/run-*-vm
|
||||||
|
'';
|
||||||
|
in rec {
|
||||||
|
nbPkgs = self.mkNbPkgs { inherit system pkgs; };
|
||||||
|
|
||||||
|
packages = flake-utils.lib.flattenTree (removeAttrs nbPkgs [
|
||||||
|
"pinned" "modulesPkgs" "nixops19_09" "krops"
|
||||||
|
]) // {
|
||||||
|
runVM = mkVMScript packages.vm;
|
||||||
|
|
||||||
|
# This is a simple demo VM.
|
||||||
|
# See ./examples/flakes/flake.nix on how to use nix-bitcoin with flakes.
|
||||||
|
vm = let
|
||||||
|
nix-bitcoin = self;
|
||||||
|
in
|
||||||
|
(import "${nixpkgs}/nixos" {
|
||||||
|
inherit system;
|
||||||
|
configuration = {
|
||||||
|
imports = [
|
||||||
|
nix-bitcoin.nixosModules.withSystemPkgs
|
||||||
|
"${nix-bitcoin}/modules/presets/secure-node.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
nix-bitcoin.generateSecrets = true;
|
||||||
|
services.clightning.enable = true;
|
||||||
|
# For faster startup in offline VMs
|
||||||
|
services.clightning.extraConfig = "disable-dns";
|
||||||
|
|
||||||
|
nixpkgs.pkgs = pkgs;
|
||||||
|
virtualisation.graphics = false;
|
||||||
|
services.getty.autologinUser = "root";
|
||||||
|
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
|
||||||
|
};
|
||||||
|
}).vm;
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultApp = apps.vm;
|
||||||
|
|
||||||
|
apps = {
|
||||||
|
# Run a basic nix-bitcoin node in a VM
|
||||||
|
vm = {
|
||||||
|
type = "app";
|
||||||
|
program = toString packages.runVM;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
));
|
||||||
|
}
|
@ -14,7 +14,7 @@ let self = {
|
|||||||
krops = import ./krops { };
|
krops = import ./krops { };
|
||||||
netns-exec = pkgs.callPackage ./netns-exec { };
|
netns-exec = pkgs.callPackage ./netns-exec { };
|
||||||
extra-container = pkgs.callPackage ./extra-container { };
|
extra-container = pkgs.callPackage ./extra-container { };
|
||||||
clightning-plugins = import ./clightning-plugins pkgs self.nbPython3Packages;
|
clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
|
||||||
clboss = pkgs.callPackage ./clboss { };
|
clboss = pkgs.callPackage ./clboss { };
|
||||||
secp256k1 = pkgs.callPackage ./secp256k1 { };
|
secp256k1 = pkgs.callPackage ./secp256k1 { };
|
||||||
|
|
||||||
|
@ -1,19 +1,20 @@
|
|||||||
let
|
let
|
||||||
fetch = { rev, sha256 }:
|
fetchNixpkgs = { rev, sha256 }:
|
||||||
builtins.fetchTarball {
|
builtins.fetchTarball {
|
||||||
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
url = "https://github.com/nixos/nixpkgs/archive/${rev}.tar.gz";
|
||||||
inherit sha256;
|
inherit sha256;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
fetch = input: let
|
||||||
|
inherit (input) locked;
|
||||||
|
in fetchNixpkgs {
|
||||||
|
inherit (locked) rev;
|
||||||
|
sha256 = locked.narHash;
|
||||||
|
};
|
||||||
|
|
||||||
|
lockedInputs = (builtins.fromJSON (builtins.readFile ../flake.lock)).nodes;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
# To update, run ../helper/fetch-channel REV
|
nixpkgs = fetch lockedInputs.nixpkgs;
|
||||||
nixpkgs = fetch {
|
nixpkgs-unstable = fetch lockedInputs.nixpkgsUnstable;
|
||||||
# nixos-21.05 (2021-08-14)
|
|
||||||
rev = "a445f5829889959d65ad65e5c961d5c67e1cd677";
|
|
||||||
sha256 = "0zl930jjacdphplw1wv5nlhjk15zvflzzwp53zbh0l8qq01wh7bl";
|
|
||||||
};
|
|
||||||
nixpkgs-unstable = fetch {
|
|
||||||
rev = "4138cbd913fad85073e59007710e3f083d0eb7c6";
|
|
||||||
sha256 = "0l7vaa6mnnmxfxzi9i5gd4c4j3cpfh7gjsjsfk6nnj1r05pazf0j";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
@ -281,9 +281,18 @@ examples() {
|
|||||||
(cd "$scriptDir/../examples" && nix-shell --run "$script")
|
(cd "$scriptDir/../examples" && nix-shell --run "$script")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
flake() {
|
||||||
|
if [[ $(nix flake 2>&1) != *"requires a sub-command"* ]]; then
|
||||||
|
echo "Skipping flake test. Nix flake support is not enabled."
|
||||||
|
else
|
||||||
|
nix flake check "$scriptDir/.."
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
all() {
|
all() {
|
||||||
buildable
|
buildable
|
||||||
examples
|
examples
|
||||||
|
flake
|
||||||
}
|
}
|
||||||
|
|
||||||
# An alias for buildTest
|
# An alias for buildTest
|
||||||
|
Loading…
Reference in New Issue
Block a user