Erik Arvstedt
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec
...
The new definition is equivalent to the old one.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
a587a2b02a
defaultHardening: explain where @system-service is defined
2021-02-07 22:39:06 +01:00
Erik Arvstedt
bb3a69797e
README: minor improvements
...
- Simplify examples link text.
That the examples README is located in a subdirectory is not relevant here.
- The backup frequency is freely configurable.
It's set to 'daily' only by secure-node.nix.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
13fc9dfabf
examples: improve introductory comments
2021-02-07 22:39:05 +01:00
Erik Arvstedt
af2040f4c4
netns-isolation: use 'true' for systemd option
2021-02-07 22:39:05 +01:00
Erik Arvstedt
c246bbb36e
bitcoind, clightning, lnd: improve descriptions
...
bitcoind: The previous description of 'prune' didn't match the int-only
values supported by our option.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring
...
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
2021-02-07 22:39:05 +01:00
Erik Arvstedt
41fe9b0c1d
elementsd: minor refactoring
...
- Use pname
- urls -> url
2021-02-07 22:39:05 +01:00
Erik Arvstedt
f0850d3f23
btcpayserver: reorder config settings
...
Move 'bind' and 'port' next to each other and to the top.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency
...
btcpayserver fails if it starts before postgresql.
2021-02-07 22:39:05 +01:00
Jonas Nick
9cd52e04b5
Merge #316 : lndconnect: add preconfigured lndconnect-rest script
...
891a69ee8e
docs: add zeus usage instructions (nixbitcoin)
ebd478fd0d
lnd: add option 'restOnionService' (nixbitcoin)
a344ae95c9
move mkHiddenService to lib (Erik Arvstedt)
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 891a69ee8e
Tree-SHA512: 91bae39f92aed5bdd44499bf861c434b983b02e90fae317ee2f293df710cf101faecaabbe316821dc1a5b5bfb1db68195f05c9984d93e2d279c76c1cde061d95
2021-02-05 22:10:35 +00:00
nixbitcoin
891a69ee8e
docs: add zeus usage instructions
2021-02-05 09:17:15 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService'
2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib
2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
Jonas Nick
c0abae97a4
Merge #314 : bitcoind: add uptime to the public API whitelist
...
86d7db9940
bitcoind: add uptime to the public api whitelist (Martin Milata)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 86d7db9940
Tree-SHA512: cba7427e99998dee9f83bee2c1793b17518401b4505bebdb8dfc144429c9861fd8358a4633176fc11860a8377071fbbd56e7feefa0171e37525cb7002e296f27
2021-02-03 09:12:47 +00:00
Martin Milata
86d7db9940
bitcoind: add uptime to the public api whitelist
...
It is needed by lnd to check bitcoind health status since lnd-0.12.0.
2021-02-02 22:32:20 +01:00
Jonas Nick
0c9613d013
Merge #310 : update nixpkgs-unstable
...
a33c678d3b
update nixpkgs-unstable (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK a33c678d3b
jonasnick:
ACK a33c678d3b
Tree-SHA512: 25e89e41b512bf8baeb0838c8dd833e832a77e41b1d39995f80612ef5d27154138260f0b168402d6f77351104b1d1766d9a365ae63fee236c227fcd2cbdf0e2a
2021-02-01 12:19:37 +00:00
nixbitcoin
a33c678d3b
update nixpkgs-unstable
...
Includes c-lightning 0.9.3 and lnd 0.12.0-beta
2021-02-01 10:11:30 +00:00
Jonas Nick
cba1188db8
Merge #308 : Update nixpkgs-unstable, bitcoind
...
b114d0c3b1
bitcoind: use systemd startup notification (Erik Arvstedt)
332d0e70c8
bitcoind: support onion address announcing (Erik Arvstedt)
9662c19ab1
onionServices: use actual user name of services (Erik Arvstedt)
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor (Erik Arvstedt)
8f9ea61d6e
update nixpkgs-unstable (Erik Arvstedt)
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable (Erik Arvstedt)
44546561fc
run-tests: allow defining scenarios via cmdline args (Erik Arvstedt)
fc40776689
improve backup test (Erik Arvstedt)
9a67a32779
fix build-to-cachix (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK b114d0c3b1
nixbitcoin:
ACK b114d0c3b1
Tree-SHA512: fbf4810fb0e1aeb46618c53cea3d6bde582eb92837afabe77e5bbf5c4add82277af4eba6bfeae6331f8992902e5dbe5081f2a016121a02dab3e797d53f232dd2
2021-02-01 10:07:22 +00:00
Erik Arvstedt
b114d0c3b1
bitcoind: use systemd startup notification
2021-01-31 22:26:49 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing
2021-01-31 22:26:49 +01:00
Erik Arvstedt
9662c19ab1
onionServices: use actual user name of services
...
Previously, onionAddresses definitions in onionServices were of the form
onionAddresses.access.<service> = [<service>];
This caused failures for configurations where a service user name was
overridden or for bitcoind whose default user is 'bitcoin' instead of 'bitcoind'.
Now set the equivalent of:
onionAddresses.access.<actualServiceUser> = [<service>];
Implement this via a new option `onionAddresses.services` to make things more
readable and to work around an infinite recursion error in onionServices.
2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor
2021-01-31 22:26:49 +01:00
Erik Arvstedt
8f9ea61d6e
update nixpkgs-unstable
...
- bitcoind 0.20.1 -> 0.21.0
Manually create a wallet in the backup test because bitcoind
does not create a default wallet anymore
- disable the failing elementsd build on unstable
2021-01-31 22:26:30 +01:00
Erik Arvstedt
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable
...
Building with nixBitcoinPkgsUnstable was only a temporary measure to
fix build errors on stable.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
44546561fc
run-tests: allow defining scenarios via cmdline args
...
This simplifies running self-contained scenarios for testing and debugging.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
fc40776689
improve backup test
...
Only check enabled services. This allows running the backup test with a custom subset of other
tests.
Also, show a meaningful error on test failure.
Previously, just an AssertionError without a message was shown.
Because the test code is evaluated from a string and not a file, there
was also no backtrace to the tests file.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
9a67a32779
fix build-to-cachix
...
- Don't fail on `kill $cachixPid` when cachix has already exited.
This fixes some failing CI builds.
- Stop the cachix background worker before the final `cachix push`.
This can avoid unneeded reuploads.
Use the coreutils version of tail on cirrus which supports
argument --pid.
2021-01-30 11:38:47 +01:00
Jonas Nick
58a88619ae
Merge #306 : Update nixpkgs
...
f96591c030
Update nixpkgs (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK f96591c030
Tree-SHA512: 41e79c1660108a7f6d879a11eecdcfd01135079f664794c198eef08c542dd0e829a6033cfc0851d3d9d5fb0f154db7933efa11a3e3d808dd40ef6d89dee0c58a
2021-01-27 16:17:11 +00:00
nixbitcoin
f96591c030
Update nixpkgs
...
Includes CVE-2021-3156 patch
2021-01-27 15:15:47 +00:00
Jonas Nick
0de91d1b03
Merge #302 : electrs: v0.8.6 -> v0.8.7
...
69da6f94f1
electrs: v0.8.6 -> v0.8.7 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 69da6f94f1
Tree-SHA512: 773c37cbd48e62e123cbc439e395d4dd1320199b22bd64066680429245ce9638cc210c35043f1edbc3030f96b5ce97fe464dc4bc9c9a89f1265ed72d66f2bc49
2021-01-20 21:20:50 +00:00
nixbitcoin
69da6f94f1
electrs: v0.8.6 -> v0.8.7
2021-01-20 13:20:18 +00:00
Jonas Nick
035438d427
Merge #290 : JoinMarket Orderbook Watcher
...
8c125ec48c
joinmarket-obwatcher: add pkg & module (nixbitcoin)
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 (Erik Arvstedt)
254246cf39
joinmarket: use installPhase (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 8c125ec48c
Tree-SHA512: 5e4ba14a2a90c505b7cd7e09c33548d06ec466502c48f8d551a4437c5542dab427ec7f9cb7a15c849cc7ce11685c493b9773ec08591e1980ebe2a84abef17141
2021-01-17 20:00:13 +00:00
Jonas Nick
ecf119d545
Merge #300 : Fix lnd nodeinfo
...
9480ada135
nodeinfo fix lnd (kon)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 9480ada135
Tree-SHA512: 5da72fa8b6341b8248348acf23916d5325cf8f1d58606103aee2881824f83249d128e84d92cd2ca51cea3e6b64b1a6e457bde4689335998e5f8525d7f366bfdc
2021-01-17 19:59:38 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
Erik Arvstedt
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879
2021-01-17 17:40:01 +00:00
kon
9480ada135
nodeinfo fix lnd
2021-01-17 17:13:09 +01:00
Erik Arvstedt
254246cf39
joinmarket: use installPhase
...
This simplifies the build.
2021-01-17 14:17:14 +01:00
Jonas Nick
c6c14889eb
Merge #293 : Module refactorings, onionServices
...
e2922eb4ce
move rpc thread count setting to lightning modules (Erik Arvstedt)
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword' (Erik Arvstedt)
757a66b9bd
liquid: move rpcuser definition to module (Erik Arvstedt)
0e00c39d47
secure-node: improve layout (Erik Arvstedt)
5f7a7962f7
backups: remove redundant option 'program' (Erik Arvstedt)
04d8560f86
secure-node: remove qrencode, tor from systemPackages (Erik Arvstedt)
323a431aba
improve nodeinfo (Erik Arvstedt)
f6b883a9ac
remove webindex (Erik Arvstedt)
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver (Erik Arvstedt)
18c7842e1a
modules: show warnings for obsolete options (Erik Arvstedt)
45c40c4eb9
versioning: simplify assertion evaluation (Erik Arvstedt)
bed00fe937
lnd: use onionServices for address announcing (Erik Arvstedt)
3980cd5a41
clightning: use onionServices for address announcing (Erik Arvstedt)
bd2a46cb73
spark-wallet: use onionServices (Erik Arvstedt)
87fb9f246b
add 'enable-tor' preset (Erik Arvstedt)
05b5402bb1
add nix-bitcoin.onionServices (Erik Arvstedt)
fffe988248
onionAddresses: add readonly option 'dataDir' (Erik Arvstedt)
5f34b094d3
onionAddresses: improve script (Erik Arvstedt)
b266f23251
onionAddresses: use service 'script' option (Erik Arvstedt)
6d13b26d0a
onionAddresses: add more precise type for option 'access' (Erik Arvstedt)
93562f76dd
onionAddresses: remove redundant option 'enable' (Erik Arvstedt)
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles (Erik Arvstedt)
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses (Erik Arvstedt)
55073eee70
remove nix-bitcoin.pkgs.lib (Erik Arvstedt)
09e0042aa8
spark-wallet: add consistent address options (Erik Arvstedt)
39f16c0b4a
liquidd: add consistent address options (Erik Arvstedt)
b5d76ba1b3
electrs: add consistent address options (Erik Arvstedt)
8fa32b7f91
btcpayserver: add consistent address options (Erik Arvstedt)
e78a609687
clightning: add consistent address options (Erik Arvstedt)
b41a720c28
lnd: add consistent address options (Erik Arvstedt)
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' (Erik Arvstedt)
5b7e0d09b2
bitcoind: add consistent address options (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK e2922eb4ce
jonasnick:
ACK e2922eb4ce
Tree-SHA512: a85b33efe66048f06699b3997f83c9427f70f278fa66d30ee9a29c91f50723ff8bd1ffb9d968d7f08818742c8c6afb0b40dbfc14b95a4b8c3302caf9bede4198
2021-01-14 20:42:23 +00:00
Erik Arvstedt
e2922eb4ce
move rpc thread count setting to lightning modules
2021-01-14 13:25:12 +01:00
Erik Arvstedt
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword'
2021-01-14 13:25:11 +01:00
Erik Arvstedt
757a66b9bd
liquid: move rpcuser definition to module
2021-01-14 13:25:11 +01:00
Erik Arvstedt
0e00c39d47
secure-node: improve layout
2021-01-14 13:25:11 +01:00
Erik Arvstedt
5f7a7962f7
backups: remove redundant option 'program'
...
Not needed until we support other backup backends.
2021-01-14 13:25:11 +01:00
Erik Arvstedt
04d8560f86
secure-node: remove qrencode, tor from systemPackages
...
Keep jq which is useful for analyzing service cli output.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
323a431aba
improve nodeinfo
...
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00