Commit Graph

1352 Commits

Author SHA1 Message Date
nixbitcoin
1a8e7d6348
clightning: re-enable seccomp filtering 2021-12-08 12:38:10 +00:00
nixbitcoin
16f5aa0561
update to NixOS 21.11 2021-12-08 12:38:00 +00:00
Jonas Nick
729888c62a
Merge fort-nix/nix-bitcoin#428: Add presets/bitcoind-remote.nix
6b539627ee add presets/bitcoind-remote.nix (Erik Arvstedt)
5915a34891 configuration.md: fixes (Erik Arvstedt)
1596b3a5d2 minor fixes (Erik Arvstedt)
627b11d21b makeShell: use old nix tooling (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    utACK 6b539627ee

Tree-SHA512: 2abdeaef03773631aae54dccdb95c671a0140dfbec28ff554b52400b1656612fb23fd482154716601c1476599a915d6a06af28744d0ee8b61a94ffad3fa68468
2021-12-07 19:40:15 +00:00
Erik Arvstedt
6b539627ee
add presets/bitcoind-remote.nix
This simplifies integrating a remote bitcoind instance and
makes `bitcoin-cli` work with the remote node.

Add note regarding `whitelistedPort` to docs.
2021-12-07 15:35:33 +01:00
Erik Arvstedt
5915a34891
configuration.md: fixes
- Fix firewall.allowedTCPPorts settings

- Section `Allow bitcoind RPC connections`:
  Set catch-all listen for `rpc.address` instead of `address`.

- rpc.allowip: Set subnet zero to fix allowing all addresses
2021-12-07 15:35:33 +01:00
Erik Arvstedt
1596b3a5d2
minor fixes
- README: fix uppercase

- bitcoind: add whitespace

- hardware-wallets: remove unused variables
2021-12-07 15:35:33 +01:00
Erik Arvstedt
627b11d21b
makeShell: use old nix tooling
The `nix` command is an experimental feature and should be avoided in
user-facing code.

I recently saw `nix eval` failing for a user who was asking for help
via Matrix.
2021-12-07 15:35:33 +01:00
Jonas Nick
8a7ec27e6d
Merge fort-nix/nix-bitcoin#427: cl-rest: 0.5.2 -> 0.6.0
d3788e141d cl-rest: 0.5.2 -> 0.6.0 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK d3788e141d

Tree-SHA512: 48acb8c7dbabf15c6b0c595a9a5e6210ebd0314c219eb5e229045d794e01eb0fa4f0f5882b9d4a7c2170b6adb85463fa66fbfe828a39dcca0cc6c73ecd894ccf
2021-11-29 18:08:01 +00:00
Jonas Nick
747019a9e9
Merge fort-nix/nix-bitcoin#425: Misc. improvements
def64a73b8 treewide: use TODO-EXTERNAL (Erik Arvstedt)
6f37bef2a3 netns-isolation: simplify firewall setup (Erik Arvstedt)
f52059ce3c docs: add doc 'Configuration and maintenance' (Erik Arvstedt)
94aee8174d usage.md: add section `Managing services` (Erik Arvstedt)
8cc7b83da1 usage.md: convert to '#' heading syntax (Erik Arvstedt)
91fbcfcc77 faq.md: reformat (Erik Arvstedt)
9e4f4d6b0f bitcoind: add option `txindex` (Erik Arvstedt)
10a744a598 rtl: add option `extraCurrency` (Erik Arvstedt)
62a2602e78 electrs: use dataDir for storing extra config (Erik Arvstedt)
9bda7305fd services: add `tor.*` options (Erik Arvstedt)
ff24e73ad7 onion-addresses: fix files not being copied (Erik Arvstedt)
c6fe017aeb netns-isolation: avoid creating service files for disabled services (Erik Arvstedt)
017e08ca10 btcpayserver: move nbxplorer options to bottom (Erik Arvstedt)
e1d869d76c modules.nix: move rtl to fix topological sorting (Erik Arvstedt)
e44cd7ecdc rtl: improve descriptions (Erik Arvstedt)
bd275d3a9a minor improvements (Erik Arvstedt)
8aa28da110 remove `recurring-donations` module (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK def64a73b8
  jonasnick:
    ACK def64a73b8

Tree-SHA512: 13acd2a3dd73c07f9c31874c8e961f12f39accb48847cbad08479b9a8154b79a6f186819272072dfb5c4768264b81f6e058e9afa57a729db2096784e48352dfd
2021-11-29 18:05:19 +00:00
Erik Arvstedt
def64a73b8
treewide: use TODO-EXTERNAL
Use TODO-EXTERNAL for TODOs that depend on external factors like
upstream fixes.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
6f37bef2a3
netns-isolation: simplify firewall setup
Set all allowed INPUT/OUTPUT addresses in a single `iptables` command.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
f52059ce3c
docs: add doc 'Configuration and maintenance'
- Move section `updating` from `usage.md` to `configuration.md` and
  rename `usage.md` -> `services.md`.
  `services.md` documents how enable and interact with node services.

- README: Move `docs` below `Get started`. The `docs` section is short and
  should be easily accessible.
2021-11-29 13:47:47 +01:00
Erik Arvstedt
94aee8174d
usage.md: add section Managing services 2021-11-29 13:22:44 +01:00
Erik Arvstedt
8cc7b83da1
usage.md: convert to '#' heading syntax
Like in other docs.
2021-11-29 13:22:44 +01:00
Erik Arvstedt
91fbcfcc77
faq.md: reformat
Improves readability in both the rendered and raw formats.

Also, mention that `doas` is enabled only via the `secure-node.nix` template.
2021-11-29 13:22:44 +01:00
Erik Arvstedt
9e4f4d6b0f
bitcoind: add option txindex 2021-11-29 13:22:44 +01:00
Erik Arvstedt
10a744a598
rtl: add option extraCurrency 2021-11-29 13:22:44 +01:00
Erik Arvstedt
62a2602e78
electrs: use dataDir for storing extra config
This is simpler and more memory-efficient.
We've also changed other services to use this appraoch.

Also remove unneded `wait_for_unit` in the electrs regtest test.
2021-11-29 13:22:44 +01:00
Erik Arvstedt
9bda7305fd
services: add tor.* options
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
2021-11-29 13:22:43 +01:00
Erik Arvstedt
ff24e73ad7
onion-addresses: fix files not being copied
When NixOS is already running and Tor is restarted due to config
changes, `/var/lib/tor/state` may be present even when Tor has not
yet finished setting up onion services.
This caused the previous version of `onion-addresses` to not wait for
Tor and to skip not yet present onion service files.

`onion-addresses` now waits until each required onion service file
has appeared.
2021-11-29 13:22:43 +01:00
Erik Arvstedt
c6fe017aeb
netns-isolation: avoid creating service files for disabled services
Only set the `serviceConfig` option when the service is enabled.
Otherwise a service file is created.
2021-11-29 13:22:43 +01:00
nixbitcoin
d3788e141d
cl-rest: 0.5.2 -> 0.6.0 2021-11-29 11:39:47 +00:00
Jonas Nick
2a5d98c4fc
Merge fort-nix/nix-bitcoin#426: update nixpkgs
daeea4012e tests: remove pkgsUnstable (Jonas Nick)
76737ead9f update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK daeea4012e

Tree-SHA512: b8b6e7397de413dd1137207cc1e614c7fca53d477e2484c73781abb824691ab7eee5ad849cd5af5666437cf0753aed4c38f02b6e3502f6a04f7efd401faddf55
2021-11-28 20:44:49 +00:00
Erik Arvstedt
017e08ca10
btcpayserver: move nbxplorer options to bottom
These are largely irrelevant to end users.
2021-11-28 21:18:49 +01:00
Erik Arvstedt
e1d869d76c
modules.nix: move rtl to fix topological sorting
rtl depends on lnd and lightning-loop.
2021-11-28 21:18:47 +01:00
Erik Arvstedt
e44cd7ecdc
rtl: improve descriptions
Also move cl-rest to the bottom.
2021-11-28 21:18:44 +01:00
Erik Arvstedt
bd275d3a9a
minor improvements
- README:
  - Add RTL

- examples/configuration.nix:
  - Fix comment

- btcpayserver.nix:
  - Use nbLib.addressWithPort
  - Embed optionalString like the other optionalStrings

- clboss.nix:
  - Improve description

- clightning.nix:
  - Option `extraConfig`: Add example, improve description.
  - Disable `log-timestamps`. Timestamps are already logged via journald.
  - Simplify `preStart` script

- electrs.nix:
  - Use `port` description wording like in other services.
2021-11-28 21:18:40 +01:00
Erik Arvstedt
8aa28da110
remove recurring-donations module
This module has failed to evaluate for quite some time.
We might bring it back someday with bolt12 and LNURL support.
2021-11-28 21:18:39 +01:00
Jonas Nick
daeea4012e
tests: remove pkgsUnstable
The latest nixpkgs-unstable update would require node-based packages to
distinguish between stable and unstable when building. Instead of dealing with
that complexity, we will only guarantee compatability of our packages with
stable.
2021-11-28 19:16:21 +00:00
Jonas Nick
76737ead9f
update nixpkgs
btcpayserver: 1.3.3 -> 1.3.6
electrs: 0.9.2 -> 0.9.3
lnd: 0.13.3-beta -> 0.14.1-beta
nbxplorer: 2.2.16 -> 2.2.18

electrs does not accept command line argument -vv anymore, so we have to use
--log-filter instead.
2021-11-28 17:34:10 +00:00
Jonas Nick
9a31cc7d5a
Merge fort-nix/nix-bitcoin#424: spark-wallet: 0.2.17 -> 0.3.1
f739bc5174 spark-wallet: 0.2.17 -> 0.3.1 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK f739bc5174

Tree-SHA512: bfcc5bc076f90037d76757a23f26936f5a1c7331695a0ad31f5e4f69ee3b2cf8f46c984aa8a79926cafc6f195d81e6bd457e88768bd0e657e7300c2614ec556f
2021-11-10 21:58:40 +00:00
Jonas Nick
6673c8245c
Merge fort-nix/nix-bitcoin#423: Misc. improvements
4a74b7de08 clightning: work around unsupported seccomp syscall (Erik Arvstedt)
38a843d005 clightning: update python pkgs to new version (Erik Arvstedt)
6ad7107ddb update nixpkgs (Erik Arvstedt)
f58d67677e netns-isolation: separate host and netns setup (Erik Arvstedt)
cb6e5ef702 netns-isolation: fix routing issues due to netns restarting (Erik Arvstedt)
7f77147b60 makeShell: minor improvements (Erik Arvstedt)
a5730eb736 makeShell: make the help msg a shell derivation variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 4a74b7de08

Tree-SHA512: 75454b51db6d7ab41590d8579e0a5136e5ac1be78d5c2f547c6ef1982c0de679968879bb9bac57dd66413f59a4659236601ab75414486b0137c7c43d73d22759
2021-11-10 21:57:16 +00:00
Erik Arvstedt
4a74b7de08
clightning: work around unsupported seccomp syscall 2021-11-10 21:26:56 +01:00
Erik Arvstedt
38a843d005
clightning: update python pkgs to new version 2021-11-10 21:26:11 +01:00
Erik Arvstedt
6ad7107ddb
update nixpkgs
btcpayserver: 1.3.1 -> 1.3.3
clightning: 0.10.1 -> 0.10.2
2021-11-10 21:26:10 +01:00
Jonas Nick
d5d64ace29
Merge fort-nix/nix-bitcoin#419: Add RTL
030f649009 docs: remove obsolete nixops deploy instructions (nixbitcoin)
0a6324e9de docs: add usage instructions for connecting to RTL (nixbitcoin)
41c4dd041e test: add rtl & cl-rest (nixbitcoin)
f569227410 rtl: add module (nixbitcoin)
0e1e2a1b3c cl-rest: init at 0.5.2 (nixbitcoin)
83196f5545 rtl: init at 0.11.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 030f649009

Tree-SHA512: a6c7694ec945d44f0adfa2e651987301e895d4947dfdd6967cea188c967667f7d97849579189c1043ed9ef6d524c688202ca54a6ce7c2c7ee46b8a59c1c9903d
2021-11-09 15:51:30 +00:00
nixbitcoin
f739bc5174
spark-wallet: 0.2.17 -> 0.3.1 2021-11-09 15:19:14 +00:00
nixbitcoin
030f649009
docs: remove obsolete nixops deploy instructions 2021-11-09 14:15:27 +00:00
nixbitcoin
0a6324e9de
docs: add usage instructions for connecting to RTL 2021-11-09 14:15:22 +00:00
nixbitcoin
41c4dd041e
test: add rtl & cl-rest 2021-11-09 14:13:49 +00:00
nixbitcoin
f569227410
rtl: add module 2021-11-09 14:13:42 +00:00
nixbitcoin
0e1e2a1b3c
cl-rest: init at 0.5.2 2021-11-09 13:07:27 +00:00
nixbitcoin
83196f5545
rtl: init at 0.11.2 2021-11-09 13:07:16 +00:00
Erik Arvstedt
f58d67677e
netns-isolation: separate host and netns setup
- Improves readability

- `netns exec ...` (called via `netnsIptables`) incurs a large
  overhead: In addition to netns switching, a mount namespace
  is setup and populated with the contents of /etc/netns/<ns>/.
  Instead, simply run `nsenter`.
2021-11-08 12:46:28 +01:00
Erik Arvstedt
cb6e5ef702
netns-isolation: fix routing issues due to netns restarting
Previously, restarting a service implied restarting its netns.
For unknown reasons, this sometimes caused the netns-local address
to not be routable from the root netns for up to 20 s.
I.e., the service was sometimes unreachable after restarting.

Now the netns is no longer stopped when the service is stopped.
2021-11-08 12:46:27 +01:00
Erik Arvstedt
7f77147b60
makeShell: minor improvements
- import pkgs without the global config to avoid pulling in external state
- rename `path` -> `setPath`
- export `nixpkgsUnstable`
  This avoids garbage collection of nixpkgs-unstable for gcrooted
  shell environments (like those created by lorri)
2021-11-08 12:46:27 +01:00
Erik Arvstedt
a5730eb736
makeShell: make the help msg a shell derivation variable
- The message is now a nix string, which simplifies formatting.
- The message can be now be modified via overrideAttrs in client shells.
  This is more effective than changing the message in Bash.
2021-11-08 12:46:27 +01:00
Jonas Nick
3f844c06f0
Merge fort-nix/nix-bitcoin#418: update nixpkgs
b3e868d0af tests/regtest: disable incompatible `validatepegin` for liquidd (Erik Arvstedt)
c30fe1919b netns-isolation: don't auto-assign IPv6 addrs to peer links (Erik Arvstedt)
6584540828 makeShell: make help message extensible (Erik Arvstedt)
0478354477 versioning: move variable (Erik Arvstedt)
8616254d63 bitcoind-rpc-public-whitelist: remove waitfornewblock (Erik Arvstedt)
083e141e3e tests/btcpayserver: test bitcoind P2P connection in regtest (Erik Arvstedt)
82c92df162 tests/regtest: fix restarting bitcoind (Erik Arvstedt)
49086abcc5 liquidd: use systemd startup notification (Erik Arvstedt)
b83fd845c2 update nixpkgs (nixbitcoin)
852c112603 Use HTTPS URL for spark-wallet GitHub node packages (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK b3e868d0af
  jonasnick:
    utACK b3e868d0af

Tree-SHA512: 300410157a54f90f40abda064ed9b8f2310e3002bd2eac0527404d5402cd7d87c2d2d1d79d68cf1569841645c333b281d706607deae9461e1ef07f6c20427297
2021-11-03 10:25:38 +00:00
Jonas Nick
2f9b9b674b
Merge fort-nix/nix-bitcoin#420: missing sys import for error path set_onion_address
ae1c90997d missing sys import for error path set_onion_address (cadwgan0)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK ae1c90997d

Tree-SHA512: 4fce73b3d5f15a7e8d809f6ccfc305539d6eb75f1248ca3f50284216db851ec0149f6888209000b22bb272842c331da0e955004f7e6eec1551e2d6e487a54ee8
2021-11-03 09:17:12 +00:00
cadwgan0
ae1c90997d missing sys import for error path set_onion_address 2021-11-02 23:25:55 -04:00