Erik Arvstedt
e3b47ce18a
add setup-secrets.service
2020-01-12 20:02:01 +01:00
Erik Arvstedt
437b268433
extract make-secrets.nix
...
Needed by the next commit.
2020-01-12 20:02:00 +01:00
Erik Arvstedt
f0a36fe0c7
add 'nix-bitcoin-services' option
...
1. Makes the content easily accessible for module users
2. Avoids needlessly recalculating the attrset in every client module
2020-01-12 20:02:00 +01:00
Erik Arvstedt
7aaf30501c
nix-bitcoin-services: simplify formatting
2020-01-09 10:43:30 +01:00
Erik Arvstedt
760da232e0
add nix-bitcoin pkgs namespace
...
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.
Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
2020-01-09 10:43:30 +01:00
Erik Arvstedt
6def181dbc
add modules.nix
...
Importing modules.nix enables the stand-alone use of the modules, without the
config presets of nix-bitcoin.nix.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
3b842e5fe7
add nix-bitcoin-secrets.target
...
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
units that depend on secrets. (To keep it simple, it's okay to meet
the secrets dependency indirectly by e.g. depending on bitcoind.)
Various secret deployment methods can use this target by
setting up the secrets before activating the target.
In case of nixops we just specify that nixops' keys.target comes
before nix-bitcoin-secrets.target.
If the target is left undefined in the case of manual secrets
deployment, systemd will simply ignore unit dependencies on
the target.
- Allow all users to access the secrets dir.
The access protection for the individual secret files is unchanged.
This allows us to drop the unit dependency on the nixops 'keys' group.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
07dc3e04ac
move bitcoinrpc group definition to bitcoind
...
services.bitcoind has a strict dependency on the 'bitcoinrpc' group
via the 'bitcoin-rpcpassword' secret.
2019-11-27 14:05:19 +01:00
Erik Arvstedt
d61b185c3a
simplify user and group definitions
2019-11-27 14:05:19 +01:00
Jonas Nick
43507a7ce5
Update assumevalid to block 605181
2019-11-24 05:19:19 +00:00
Erik Arvstedt
c36c496507
banlist: fail on unexpected errors
...
Also, don't output the 'already banned' error message
2019-11-14 13:06:21 +01:00
Erik Arvstedt
e0276503ed
fixup! ignore banlist errors (like in master)
2019-11-14 13:04:42 +01:00
Erik Arvstedt
d64156e485
banlist: don't wait in preStart until bitcoind is ready
...
preStart is meant for short-run scripts, but bitcoind can take a long
time until it accepts commands, especially on low-powered systems.
Fixes #122
2019-11-12 19:59:06 +01:00
Erik Arvstedt
d87c50a305
banlist: simplify unit, bind to bitcoind, fix wantedBy
...
Type = "simple" is the default unit type.
Being wanted by bitcoind instead of a system target is more appropriate.
By binding to bitcoind, the service is automatically stopped when
bitcoind exits. This eliminates the bitcoind liveness check in preStart.
2019-11-12 19:44:44 +01:00
Erik Arvstedt
39885d37c1
banlist: simplify script, remove package
...
We're now directly using Greg's unmodified banlist which
simplifies the update process.
The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.
We're now using the bitcoin-cli from `services.bitcoind.package`.
Fixes #129
2019-11-12 19:42:33 +01:00
Erik Arvstedt
55e73f32e3
bitcoind: add cli option
2019-11-12 19:41:29 +01:00
Erik Arvstedt
8807b9f6b2
bitcoind: remove 'StateDirectory'
...
This option is useless because we're doing our own state dir management
via 'dataDir'.
2019-11-12 19:41:29 +01:00
Jonas Nick
6157a79956
Merge #118 : Move zmq options from nix-bitcoin.nix to bitcoind module
...
0c22af03b7
Allow AnyProtocol for bitcoin if zmq options are set (and not if lnd is enabled) (Jonas Nick)
cf39d88c63
Move zmq options from nix-bitcoin.nix to bitcoind module (Jonas Nick)
Pull request description:
... which is a better place for this. CC @cypherpunk2140
Top commit has no ACKs.
Tree-SHA512: 47d1b95fef78ee31711b5ad5a59000adfb0fcd3bbfe82c7321d87f5a6d7c998646d3428a1c86ff9b0103b167501c8cf3b16e00d4e2b5c09425ab09f732f75a57
2019-11-09 19:47:47 +00:00
Jonas Nick
0c22af03b7
Allow AnyProtocol for bitcoin if zmq options are set (and not if lnd is enabled)
2019-11-09 19:44:06 +00:00
Jonas Nick
664c5c6762
Switch from python 3.5 to python 3.x for trezor
2019-10-28 20:59:15 +00:00
Jonas Nick
8dd27b6334
Use types.str instead of types.string to avoid warning
2019-10-28 20:59:15 +00:00
Jonas Nick
09d2df1a81
Use stable tor module instead of unstable which we had to use because stable didn't support v3 onion services
2019-10-28 20:59:15 +00:00
Jonas Nick
b2fb83c910
Use our own bitcoind module instead of nixpkgs'
2019-10-28 20:59:07 +00:00
Jonas Nick
c1d67c4cee
Update nixpkgs
2019-10-07 11:53:05 +00:00
Jonas Nick
cf39d88c63
Move zmq options from nix-bitcoin.nix to bitcoind module
2019-09-30 07:18:02 +00:00
Jonas Nick
e4d2aab561
Merge #107 : Add LND support
...
9d029fd1af
Remove lnd explicit tor onion service config (Ștefan D. Mihăilă)
1f407ef22c
Remove lnd user from onion-chef (Ștefan D. Mihăilă)
5880023158
Increase xxd column size (Ștefan D. Mihăilă)
101ae3c370
Instruct user to backup channel.backup (Ștefan D. Mihăilă)
fccd91972a
Fix "value is a list [...]" error when lnd is not enabled (Ștefan D. Mihăilă)
700fdf6feb
Add logdir and tor.privatekeypath to lnd.conf (Ștefan D. Mihăilă)
5a2517b926
Check for existing secrets and create them more granularly (Ștefan D. Mihăilă)
d6f961db89
Reuse lnd seed (Ștefan D. Mihăilă)
9b0753135c
Add LND support (Ștefan D. Mihăilă)
4acf5cd32c
Remove unused nginx.csr file (Ștefan D. Mihăilă)
19b971f21f
Rename nginx certificate files (Ștefan D. Mihăilă)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 9d029fd1af
Tree-SHA512: 58ee80bcab6c3a1c4642a5d40b94e10d28311557ae7c69539fee90d6f252a6afc70b8066cc7d7ddc0a45e2675978718a369b0341c518f8ce7590cbde1403eaeb
2019-08-31 15:21:38 +00:00
Ștefan D. Mihăilă
9d029fd1af
Remove lnd explicit tor onion service config
2019-08-25 02:25:35 +02:00
Ștefan D. Mihăilă
1f407ef22c
Remove lnd user from onion-chef
2019-08-25 02:11:45 +02:00
Ștefan D. Mihăilă
5880023158
Increase xxd column size
2019-08-25 02:01:05 +02:00
Ștefan D. Mihăilă
fccd91972a
Fix "value is a list [...]" error when lnd is not enabled
2019-08-24 22:05:41 +02:00
Ștefan D. Mihăilă
700fdf6feb
Add logdir and tor.privatekeypath to lnd.conf
...
This will put the logs dir and tor priv keys directly in the
datadir of lnd. Before this commit, they were stored in a .lnd
dir inside the datadir.
2019-08-23 03:45:32 +02:00
Ștefan D. Mihăilă
d6f961db89
Reuse lnd seed
2019-08-22 17:03:39 +02:00
Jonas Nick
5f567ee1ed
Merge #113 : Simplify clightning preStart
...
67a464d097
Mention problems with hardened kernel and NUCs in README (Jonas Nick)
7771a4c931
Refer to systemd man pages for hardening options (Jonas Nick)
a5e10a82d8
Simplify clightning preStart (Jonas Nick)
Pull request description:
CC @cypherpunk2140
Top commit has no ACKs.
Tree-SHA512: aa726f29e499cc268b21cac8cd07617be591cfdaa89dd0495cb979ebd3e49cc01164af25924c554429a1d35d14167dea276f7d61877452b69f027143cc3eee97
2019-08-21 14:58:22 +00:00
Ștefan D. Mihăilă
9b0753135c
Add LND support
2019-08-20 23:54:47 +02:00
Ștefan D. Mihăilă
19b971f21f
Rename nginx certificate files
2019-08-20 16:26:35 +02:00
Jonas Nick
1c8dadd876
Add allowAnyProtocol option to nix-bitcoin-services
2019-08-19 21:11:08 +00:00
Jonas Nick
7771a4c931
Refer to systemd man pages for hardening options
2019-08-19 20:44:10 +00:00
Jonas Nick
a5e10a82d8
Simplify clightning preStart
2019-08-19 20:39:13 +00:00
Ștefan D. Mihăilă
161ee02550
style: remove extra space
2019-08-18 12:53:09 +02:00
Ștefan D. Mihăilă
4e6e05a4a8
Improve electrs ports descriptions
2019-08-18 12:53:08 +02:00
Ștefan D. Mihăilă
cd722cac1a
Fix identation
2019-08-18 12:53:08 +02:00
Ștefan D. Mihăilă
df784b341e
Expose electrs high-memory option in configuration.nix
2019-08-18 12:53:08 +02:00
Jonas Nick
b9f51e3f70
Add liquid-swap tool
2019-08-07 14:51:15 +00:00
Jonas Nick
923939fe57
Clarify liquid/elements relation
2019-08-05 20:37:29 +00:00
Jonas Nick
5edf0d7240
Replace liquidd with elementsd package
2019-08-03 14:26:31 +00:00
Jonas Nick
f58a2e62e3
Fix liquid data directory permission
2019-08-01 15:19:02 +00:00
Jonas Nick
30b04d075f
Merge remote-tracking branch 'upstream-pull/99/head'
2019-08-01 12:53:51 +00:00
nixbitcoin
8f9082f893
Enable validatepegin for Liquid
2019-08-01 10:38:05 +02:00
Jonas Nick
684a57211c
Merge remote-tracking branch 'upstream-pull/96/head'
2019-07-29 09:52:05 +00:00
nixbitcoin
d9fbb9aff2
Move electrs startscript to tempdir and fix nits
2019-07-28 17:29:52 +02:00
Jonas Nick
f707d970ae
Always chown bitcoin/liquid data directories
2019-07-12 15:32:34 +00:00
Jonas Nick
5fd3875646
Fix spark-wallet rate lookup
2019-06-16 22:27:31 +00:00
Jonas Nick
0cca1d4df8
Merge branch 'hwi-better'
2019-05-21 22:59:33 +00:00
Jonas Nick
9e913263df
Merge branch 'fix-packages'
2019-05-21 22:55:28 +00:00
Jonas Nick
2554cde92a
Add qrencode package
2019-05-18 00:00:35 +00:00
Jonas Nick
7b4cf2c450
bech32 by default
2019-05-17 23:59:15 +00:00
Jonas Nick
4ecb77250f
Merge remote-tracking branch 'upstream-pull/59/head'
2019-05-17 23:09:29 +00:00
Jonas Nick
f1445c396e
Use bitcoind consistently without GUI. The 'bitcoin' package includes the GUI.
2019-05-17 22:39:00 +00:00
Jonas Nick
3f9a2aec68
Disable miniupnpc. It's only useful for introducing vulnerabilities.
2019-05-17 22:30:16 +00:00
Jonas Nick
2a4e5fb16f
Merge branch 'hwi'
2019-05-12 18:09:17 +00:00
nixbitcoin
48f6bc5f81
Fix clightning port typo (9375 instead of 9735)
2019-05-12 18:29:22 +02:00
nixbitcoin
7416ec4a29
Limit syscalls with Docker whitelist
2019-05-10 12:42:06 +02:00
Jonas Nick
c2f8bf8067
Add support for ledger and trezor with bitcoin-core/HWI
2019-05-05 20:49:31 +00:00
Jonas Nick
54a6a3363e
Merge branch 'service-hardening'
2019-05-03 15:51:38 +00:00
Jonas Nick
e1ee5023e2
Rename service settings for 'node' to 'nodejs' to avoid confusion
2019-05-03 10:44:16 +00:00
Jonas Nick
469c1de6a9
Fix electrum after disallowing anything but localhost by adding ipv6 local address
2019-04-28 18:54:13 +00:00
Jonas Nick
7fb1cc1e93
Add security section to README
2019-04-28 13:15:17 +00:00
Jonas Nick
6f8dac6e07
Restrict namespaces for systemd services by default
2019-04-28 13:15:17 +00:00
Jonas Nick
eaaf8e9aab
Use IPAddress{Allow,Deny} by default for systemd services
2019-04-28 13:15:17 +00:00
Jonas Nick
d9533edad1
Fix memory deny write execute for nodejs services
2019-04-28 13:15:16 +00:00
Jonas Nick
a089d65d25
Move service hardening flags into separate file
2019-04-28 13:15:12 +00:00
0xB10C
a79c4db7a9
added missing semicolon to recurring-donations
2019-04-28 12:30:59 +02:00
nixbitcoin
37b71d87b8
electrs ssl
2019-04-26 23:41:55 +02:00
Jonas Nick
bb9aa8fb29
Fix invoice amount check in recurring-donations
2019-04-22 00:37:45 +00:00
Jonas Nick
492eab0e26
Add recurring donations module
2019-04-17 22:11:55 +00:00
Jonas Nick
c9e6397763
Merge branch 'user-config' of https://github.com/nixbitcoin/nix-bitcoin into nixbitcoin-user-config
2019-04-12 09:03:59 +00:00
Jonas Nick
58ba467ffd
Stop assuming that clightning is always enabled
2019-04-10 15:48:55 +00:00
nixbitcoin
6d723e896f
Remove profiles and replace with options to enable/disable each module separately in configuration.nix
2019-04-10 11:13:39 +02:00
Jonas Nick
0b364718d3
Make deployment faster by importing banlist in background instead of waiting for it to finish
2019-04-08 08:36:28 +00:00
nixbitcoin
8b9972f078
Fix typo "ngninx" in nix-bitcoin.nix services.onion-chef.access.operator
2019-04-06 18:56:58 +02:00
Jonas Nick
c440dfba9f
Merge branch 'electrum-server' of https://github.com/nixbitcoin/nix-bitcoin into nixbitcoin-electrum-server
2019-04-02 15:35:09 +00:00
Jonas Nick
0d5c67c1cf
Fix spark wallet QR code display by providing the onion hostname as public url
2019-04-02 15:10:21 +00:00
Jonas Nick
aba1b7dfc2
Give operator access to onion hostnames through new onion-manager module
2019-04-02 15:02:31 +00:00
nixbitcoin
4000829002
Use rust stable 1.31 instead of rust nightly for electrs, update electrs, specify electrum-rpc
2019-04-01 17:43:07 +02:00
Clemens Fruhwirth
687bf8017d
Make repository importable as NUR (including an overlay)
...
https://github.com/nix-community/NUR is a Nix community project that
aims to make out of tree derivations more easily discoverable and
accessible to Nix users. Converting the nix-bitcoin repo to conform to
that style is a minor change and enhances reusability of its
components. For instance, I could slap on the clightning module more
easily onto my existing bitcoin node without having to redeploy the
whole as nixops driven installation. Having the repo in NUR style
would make that easier.
2019-03-29 11:12:05 +01:00
Clemens Fruhwirth
95b42b62a8
Give pkgs their own directory and convert everything to callPackage.
2019-03-29 11:12:05 +01:00
Jonas Nick
bf184c17e0
fix making banlist importer wait for bitcoind to start up
2019-03-29 09:44:30 +00:00
Jonas Nick
e2f3f38876
Import bitcoind banlist in separate service
2019-03-27 10:46:36 +00:00
Clemens Fruhwirth
66d9650f48
Create /var/lib/bitcoind/blocks
...
Otherwise:
Mar 25 13:33:22 nix-bitcoin systemd[1]: Starting Bitcoin daemon...
Mar 25 13:33:22 nix-bitcoin f3ickn20fqrz5gd0zm7hgm247b9ajdl8-unit-script-bitcoind-pre-start[1883]: chmod: cannot access '/var/lib/bitcoind/blocks': No such fi>
Mar 25 13:33:22 nix-bitcoin systemd[1]: bitcoind.service: Control process exited, code=exited status=1
Mar 25 13:33:22 nix-bitcoin systemd[1]: bitcoind.service: Failed with result 'exit-code'.
2019-03-25 14:59:36 +01:00
Clemens Fruhwirth
5e40066c7f
nanopos, lightning-charge and spark-wallet: Package via node2nix
...
The strategy of invoking node2nix inside a derivation (installPhase in
this case) does not work, as under NixOS installations there is no
network traffic allowed during a derivation build. Hence, we move
node2nix outside and rewrite the packaging into the modules.
Also switch to callPackage instead of plain imports. This could
probably be done on all other imported packages inside of
nix-bitcoin-pkgs.nix.
2019-03-25 14:32:55 +01:00
Jonas Nick
0c83f87233
Don't include electrs in 'all' profile
2019-03-24 20:46:33 +00:00
Jonas Nick
d39a253d20
Fix definition of high memory systems
2019-03-24 20:46:29 +00:00
Jonas Nick
7eed67278d
Merge branch 'electrum-server' of https://github.com/nixbitcoin/nix-bitcoin into nixbitcoin-electrum-server
2019-03-24 20:45:26 +00:00
nixbitcoin
eb4968d292
Add high-memory description
2019-03-24 11:38:37 +01:00
nixbitcoin
fca4af59ac
Remove mentions of electrs in the bitcoind module, set sysperms & disablewallet only when electrs is enabled, electrs enabled in "all" setting, remove
...
unnecessary newline, make sysperms & disablewallet optional
2019-03-21 11:27:28 +01:00
nixbitcoin
fbc78ce6ed
Add Greg Maxwell's banlist to bitcoind postStart
2019-03-21 10:11:18 +01:00
nixbitcoin
d6facee486
Add config.services.liquidd.port
2019-03-18 14:17:38 +01:00
nixbitcoin
eacd057963
Fix electrs and add electrs hidden service
2019-03-16 16:11:54 +01:00
nixbitcoin
de889d584f
Add proxy and hidden service to liquidd
2019-03-14 11:19:28 +01:00
nixbitcoin
132703637c
Tor proxy, always-use-proxy, bind to localhost clightning
2019-03-07 13:37:00 +01:00
Jonas Nick
6005307129
Enable validatepegin in liquid module
2019-02-11 08:02:11 +00:00
Jonas Nick
5404907e3e
Turn off pruning
2019-02-10 18:46:07 +00:00
Jonas Nick
52b8cae70d
update README
2019-01-26 22:16:26 +00:00
Jonas Nick
1d020a7ca8
move nixpkgs-pinned.nix
2019-01-26 18:12:08 +00:00
Jonas Nick
6763459b62
Move nix-bitcoin.nix into modules
2019-01-26 18:06:25 +00:00
Jonas Nick
2dd5e4e8b0
Disable pruning
2019-01-26 17:44:36 +00:00
Jonas Nick
8a56a994fd
Fix spark-wallet login
2019-01-21 12:24:17 +00:00
Jonas Nick
ead037c753
Disable electrs while it's not working
2019-01-13 20:21:40 +00:00
nixbitcoin
197155fb0b
Fixed typo and replaced tab with spaces
2019-01-04 10:47:06 +01:00
nixbitcoin
9ada1d32f3
Incorproate PR comments, correct erroneous description in clightning module, add electrs module, add electrs package, add electrs to nix-bitcoin.nix, add electrs to modules/nix-bitcoin.nix
2019-01-04 10:44:03 +01:00
Jonas Nick
bca40e23b1
Indentation cleanups
2019-01-02 15:17:57 +00:00
Jonas Nick
d2e203918b
Fix 'Remove unused paths in modules'
2019-01-02 11:23:43 +00:00
Jonas Nick
1c756379fb
Remove unused paths in modules
2019-01-02 11:05:25 +00:00
Jonas Nick
5e4e959e26
Switch to stable channel but pull the bitcoind and clightning packages and the tor module from unstable
2019-01-01 19:16:24 +00:00
Jonas Nick
ffcd311b70
Add sshd onion service
2018-12-27 21:22:52 +00:00
Jonas Nick
95dcf26f68
Don't assume virtual box deployments when copying authorized keys
2018-12-10 23:11:44 +00:00
Jonas Nick
25d52c4d10
Add spark-wallet
2018-12-10 16:34:41 +00:00
Jonas Nick
0210da091d
Cleanups
2018-12-06 15:59:41 +00:00
Jonas Nick
b108198dc0
Update nanopos
2018-12-06 15:58:41 +00:00
Jonas Nick
f58dab36d1
Add missing nixbitcoin webindex
2018-12-06 11:39:54 +00:00
Jonas Nick
6209873994
Use nixpkgs tor module
2018-12-06 11:37:26 +00:00
Jonas Nick
3c7d0c66fb
Add liquidd pruning
2018-12-06 10:45:45 +00:00
Jonas Nick
1927fda514
Allow operator to access liquid-cli
2018-12-03 22:33:21 +00:00
Jonas Nick
9ed888b9c2
Improve abstraction of deployment keys
2018-12-03 22:16:01 +00:00
Jonas Nick
c79aaf9695
Add liquid
2018-12-03 21:43:15 +00:00
Jonas Nick
4c55b8395c
Add 'minimal' and 'all' profiles
2018-12-03 15:31:44 +00:00
Jonas Nick
da1148595f
Clean up a bit
2018-12-01 22:00:39 +00:00
Jonas Nick
36327ae89e
Move webindex in own module
2018-12-01 21:38:08 +00:00
Jonas Nick
8fae70b80a
Add index page with nginx
2018-12-01 20:49:23 +00:00
Jonas Nick
b0594aaacd
Add nanopos package and module and make clightning service
2018-12-01 17:26:29 +00:00
Jonas Nick
21f9462651
Add lightning charge module
2018-12-01 16:36:07 +00:00
Jonas Nick
c61c21e2e1
fix nodeinfo.sh
2018-11-29 00:30:12 +00:00
Jonas Nick
95c706b1b0
Add operator user
2018-11-28 23:54:19 +00:00
Jonas Nick
94258c505e
Make RPC password a secret
2018-11-28 22:58:36 +00:00
Jonas Nick
c4935008dc
add lightning charge package
2018-11-24 22:34:39 +00:00
Jonas Nick
ab438a4d51
Another type correction in tor module
2018-11-23 22:15:27 +00:00
Jonas Nick
080251f060
fix tor module hidden service version type
2018-11-23 20:38:30 +00:00
Jonas Nick
c226ddce1f
fix bitcoind extraConfig and prune
2018-11-23 20:37:50 +00:00
Jonas Nick
ac2be00c7f
Add guest user with same ssh keys as root and fix nodeinfo not waiting for clightning to warm up
2018-11-23 15:49:13 +00:00
Jonas Nick
eca9864cf3
fix bitcoind config file linking bug in module
2018-11-23 01:05:53 +00:00
Jonas Nick
b1375df03a
Add Carl's bitcoind module
2018-11-23 00:48:13 +00:00
Jonas Nick
79aab1255a
Add rpc user and password as secrets
2018-11-22 23:51:16 +00:00
Jonas Nick
83eabcf952
Make bitcoin rpcuser and pass configurable
2018-11-22 23:06:41 +00:00
Jonas Nick
668d66085a
signed commit
2018-11-22 23:06:07 +00:00
Jonas Nick
aec819db81
add clightning
2018-11-22 18:32:26 +00:00
Jonas Nick
63e2c6d270
cleanups
2018-11-20 22:21:45 +00:00
Jonas Nick
986217d5d3
add nodeinfo package
2018-11-20 22:14:40 +00:00
Jonas Nick
14a073c35a
Add bitcoind onion service
2018-11-20 00:22:16 +00:00
Jonas Nick
cad0763c70
Add onion listening node with tor HS v3
2018-11-19 23:09:57 +00:00
Jonas Nick
d943e11647
non-working tor support
2018-11-14 00:33:34 +00:00