Erik Arvstedt
145961c2de
fix operator authorized keys setup
...
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
...
These are generally useful and shouldn't be limited to secure-node.nix.
Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition
2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string
2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg'
2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
...
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
...
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals
2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
...
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
...
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf
2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions
2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
...
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility
2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix
2020-04-08 17:35:12 +02:00
Jonas Nick
0c4ba43ee8
Merge #149 : docs: update nix installation instructions
...
0ac7b1660b
docs: update nix installation instructions (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 34c4ef923d3893d1fb1245f6140bca844e44c1733edd781e88e848542360993658c70ae24519c9a49f7ffb64765c5353da5056f59d9d25a2b8d13fd02f9fe97a
2020-04-08 15:11:45 +00:00
Jonas Nick
0ac7b1660b
docs: update nix installation instructions
2020-04-08 15:10:34 +00:00
Jonas Nick
9239268ab6
Merge #136 : Change the nix-bitcoin deployment from forking this repo to importing the module
...
b2e15c17b8
docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9
Add fetch-release script (Jonas Nick)
c303cd47e4
Add push-release.sh helper (Jonas Nick)
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656
docs: Remove duplicate instructions (Jonas Nick)
455c5664c9
docs: Replace tabs with spaces (Jonas Nick)
8aa4714979
docs: Update NixOS version (Jonas Nick)
9df22a2764
add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994
README: Add Example section (Jonas Nick)
44ccbb91d0
Clean up development shell.nix (Jonas Nick)
abcee651d3
add deploy-container.sh (Erik Arvstedt)
5dadea310c
add deploy-nixops.sh (Erik Arvstedt)
0c74c365de
mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef
move main module import to configuration.nix (Erik Arvstedt)
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Jonas Nick
b2e15c17b8
docs: Update to new deployment method (import instead of fork)
...
Now you clone nix-bitcoin and start out from the examples.
2020-04-08 07:01:39 +00:00
Jonas Nick
5ed0284db9
Add fetch-release script
...
This allows getting the hash of the latest (or some other) release
using github releases and gpg verification.
2020-04-08 07:01:35 +00:00
Jonas Nick
b9fbb144ca
Merge #151 : readme: add travis badge
...
334e30a291
readme: add travis badge (William Casarin)
Pull request description:
ACKs for top commit:
jonasnick:
Neat, thanks. ACK 334e30a291
Tree-SHA512: 1cad880c4a147f9f2c68c377a872e48fc5ce01db8cfd3d3d78e23ee3e6336fdb69f0cff9f9e1fe9d4efb079675ead7a05a975ebf5d963403c78be3e6f9e5ed76
2020-04-06 20:03:12 +00:00
William Casarin
334e30a291
readme: add travis badge
...
Signed-off-by: William Casarin <jb55@jb55.com>
2020-04-04 15:00:11 -07:00
Jonas Nick
6ec8b1d2a3
Merge #148 : Misc. fixes
...
e398674964
run-tests.sh: fix leaking tmp files outside TMPDIR (Erik Arvstedt)
b07c77f4a4
secrets.nix: remove obsolete comment (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e398674964
Tree-SHA512: 08b61e40fc80d5d1af1d736dd5f27ff3785b07e481f179e525fec4d78d89795c6d572a3a4b9b5ad9afd47656530cbfb8cdc1da9204571eff41767cad7ae1276e
2020-03-30 20:33:12 +00:00
Jonas Nick
83e2437399
Merge #147 : remove custom no-upnp bitcoind builds
...
3a606608fb
remove custom no-upnp bitcoind builds (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 3a606608fb
Tree-SHA512: 4a3c1baadd6a8c6e31c0b7bf492548e4af4de753dc677d61f27f7bc35de53fd7013ae0c041a4b32ed015b9b91ece5664491356251e8792ab804724e9ca71bd81
2020-03-30 20:28:46 +00:00
Jonas Nick
c303cd47e4
Add push-release.sh helper
...
Prepares, signs and pushes a release to github.
2020-03-30 11:01:31 +02:00
Erik Arvstedt
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells
...
This avoids an extra delay and the unexpected creation of secrets when
run in another dir.
Needed for the 'fetch-release' script introduced in a later commit.
2020-03-30 11:00:31 +02:00
Jonas Nick
65039be656
docs: Remove duplicate instructions
2020-03-30 10:57:01 +02:00
Jonas Nick
455c5664c9
docs: Replace tabs with spaces
2020-03-30 10:57:01 +02:00
Jonas Nick
8aa4714979
docs: Update NixOS version
2020-03-30 10:57:00 +02:00
Erik Arvstedt
9df22a2764
add deploy-qemu-vm.sh example
2020-03-30 10:56:57 +02:00
Jonas Nick
548ced1994
README: Add Example section
2020-03-30 10:55:50 +02:00
Jonas Nick
44ccbb91d0
Clean up development shell.nix
2020-03-30 10:49:15 +02:00
Erik Arvstedt
abcee651d3
add deploy-container.sh
2020-03-30 10:49:15 +02:00
Erik Arvstedt
e398674964
run-tests.sh: fix leaking tmp files outside TMPDIR
...
- Move vm image (NIX_DISK_IMAGE) from $TMP to $TMPDIR
- Set $PWD
Also:
- Simplify mktemp command
- USE_TMPDIR=1: Don't create extra dir inside $TMPDIR
2020-03-29 18:51:35 +02:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment
2020-03-29 18:51:34 +02:00
Erik Arvstedt
3a606608fb
remove custom no-upnp bitcoind builds
...
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
2020-03-26 10:14:03 +01:00
Erik Arvstedt
5dadea310c
add deploy-nixops.sh
2020-03-24 21:43:22 +00:00
Erik Arvstedt
0c74c365de
mention performance loss with hardened kernel profile
2020-03-24 21:43:22 +00:00
Erik Arvstedt
f3121892ef
move main module import to configuration.nix
2020-03-24 21:43:21 +00:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir'
2020-03-24 21:43:21 +00:00
Jonas Nick
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module
...
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
2020-03-24 21:43:17 +00:00
Jonas Nick
2d51c722cc
Merge #146 : lnd: add package option
...
106dcacb61
lnd: add package option (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 95f4fa40c34421872ca8940c6ad87775a8c7e75e8b3d5df2ed3a348c1f6212ae7b090b889831bc9ee6ddbcb26e9e237bfbd08542a0a5b7f92b06f2591182710f
2020-03-09 09:04:17 +00:00
Jonas Nick
106dcacb61
lnd: add package option
2020-03-09 08:22:00 +00:00
Jonas Nick
3158e39009
Merge #137 : Add nixops19_09 to default pkgs.
...
28cf7ebe74
Add nixops19_09 to default pkgs. (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: e10f7d8d94df506cc5848477956da6cd3cc1c7ee87950df8c09da27e2fcac87b97c7dff1facafde5b114a9d7f6076f492956c2b684a7776b2566e86ba78a9d1d
2020-03-08 14:07:04 +00:00
Jonas Nick
28cf7ebe74
Add nixops19_09 to default pkgs.
...
It's helpful to be able to use this packages when importing nix-bitcoin.
2020-03-08 14:00:23 +00:00
Jonas Nick
d62dac450a
Merge #144 : Electrs fixes
...
5596bcf4fb
bitcoind: set default rpcuser (Erik Arvstedt)
c4cf323873
electrs: add option 'extraArgs' (Erik Arvstedt)
e731d71232
electrs: add option 'address' (Erik Arvstedt)
1e62456ed1
electrs: test RPC connection to bitcoind (Erik Arvstedt)
0be67c325e
electrs: use cfg.user, cfg.group (Erik Arvstedt)
48be5a79fa
electrs.enable: use mkEnableOption (Erik Arvstedt)
b75b2a1626
electrs: improve description (Erik Arvstedt)
fa3455d01f
electrs: don't leak bitcoinrpc secret through process ARGV (Erik Arvstedt)
f30aadbef2
electrs: enable unstable build, pin pkg to unstable (Erik Arvstedt)
5c6571654e
electrs: 0.7.1 -> 0.8.3 (Erik Arvstedt)
47481b2642
electrs: quote dataDir in shell cmd (Erik Arvstedt)
8fb33d1099
electrs: use bitcoind.dataDir option (Erik Arvstedt)
45ba1f1fb3
electrs: don't print timestamps to log (Erik Arvstedt)
88080a58bf
electrs: wrap long lines in preStart (Erik Arvstedt)
301bb91ae5
simplify setting high-memory options (Erik Arvstedt)
93fd2329b8
electrs: make nginx TLS proxy optional (Erik Arvstedt)
acde24ce43
electrs: move user/group definitions to bottom (Erik Arvstedt)
148327326b
electrs: formatting (Erik Arvstedt)
cce9932b62
make pinned pkgs accessible through pkgs/default.nix (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 5596bcf4fb
Tree-SHA512: 2064b352839a1787ccb05930ac2cf1f0d3596aaea81135086e8a91b9eebf319868087a27cdf9f2fd0152ab652d338680cdf9e866185e86777fcdd87931651b39
2020-03-04 21:03:48 +00:00
Erik Arvstedt
5596bcf4fb
bitcoind: set default rpcuser
...
We're already setting a default rpcpassword, so we should set an
accompanying rpcuser so that rpc clients like electrs work out of the box.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
c4cf323873
electrs: add option 'extraArgs'
...
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
e731d71232
electrs: add option 'address'
2020-03-04 18:09:52 +01:00
Erik Arvstedt
1e62456ed1
electrs: test RPC connection to bitcoind
2020-03-04 18:09:52 +01:00