Commit Graph

17 Commits

Author SHA1 Message Date
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
These are generally useful and shouldn't be limited to secure-node.nix.

Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
826245484e
make secrets dir location configurable
Users of the nix-bitcoin modules shouldn't be forced to add an extra
dir under root.
The secrets location is unchanged for the default node config.
2020-01-13 00:25:12 +01:00
Erik Arvstedt
b1e13e9415
simplify secrets file format
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.

Old secrets are automatically converted to the new format when running
nix-shell.

Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
314272a228
lnd, nanopos: move user and group definitions to the bottom
This is the default service formatting style in nixpkgs.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
f0a36fe0c7
add 'nix-bitcoin-services' option
1. Makes the content easily accessible for module users
2. Avoids needlessly recalculating the attrset in every client module
2020-01-12 20:02:00 +01:00
Erik Arvstedt
760da232e0
add nix-bitcoin pkgs namespace
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.

Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
2020-01-09 10:43:30 +01:00
Erik Arvstedt
3b842e5fe7
add nix-bitcoin-secrets.target
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
  units that depend on secrets. (To keep it simple, it's okay to meet
  the secrets dependency indirectly by e.g. depending on bitcoind.)

  Various secret deployment methods can use this target by
  setting up the secrets before activating the target.
  In case of nixops we just specify that nixops' keys.target comes
  before nix-bitcoin-secrets.target.

  If the target is left undefined in the case of manual secrets
  deployment, systemd will simply ignore unit dependencies on
  the target.

- Allow all users to access the secrets dir.
  The access protection for the individual secret files is unchanged.
  This allows us to drop the unit dependency on the nixops 'keys' group.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
d61b185c3a
simplify user and group definitions 2019-11-27 14:05:19 +01:00
Jonas Nick
e1ee5023e2
Rename service settings for 'node' to 'nodejs' to avoid confusion 2019-05-03 10:44:16 +00:00
Jonas Nick
eaaf8e9aab
Use IPAddress{Allow,Deny} by default for systemd services 2019-04-28 13:15:17 +00:00
Jonas Nick
d9533edad1
Fix memory deny write execute for nodejs services 2019-04-28 13:15:16 +00:00
Jonas Nick
a089d65d25
Move service hardening flags into separate file 2019-04-28 13:15:12 +00:00
Clemens Fruhwirth
5e40066c7f nanopos, lightning-charge and spark-wallet: Package via node2nix
The strategy of invoking node2nix inside a derivation (installPhase in
this case) does not work, as under NixOS installations there is no
network traffic allowed during a derivation build. Hence, we move
node2nix outside and rewrite the packaging into the modules.

Also switch to callPackage instead of plain imports. This could
probably be done on all other imported packages inside of
nix-bitcoin-pkgs.nix.
2019-03-25 14:32:55 +01:00
Jonas Nick
bca40e23b1
Indentation cleanups 2019-01-02 15:17:57 +00:00
Jonas Nick
5e4e959e26
Switch to stable channel but pull the bitcoind and clightning packages and the tor module from unstable 2019-01-01 19:16:24 +00:00
Jonas Nick
b108198dc0 Update nanopos 2018-12-06 15:58:41 +00:00
Jonas Nick
b0594aaacd Add nanopos package and module and make clightning service 2018-12-01 17:26:29 +00:00