a71f69cb3a hwi: replace local version with upstream (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
reACK a71f69cb3a
Tree-SHA512: 4a6b76855ded40af1fb00b51651f89f5356517d2baa3cbbcefae7a65d620c569bc8a82762599b2cc64b176896e010f8530c31e6d61315bc602fec97eeaa3b3bd
The result of `import tests.nix {}` is now an attrset of tests.
This makes it easier and more efficient to evaluate or build multiple
tests in one call to `nix build`.
Simplify tests.nix by removing the large module args scope in favor of
self-contained scenario module definitions.
Add CPU core and memory size defaults to the test configuration to
enable building tests without `run-tests.sh`.
Add the following top-level args to tests.nix:
- `extraScenarios` to provide a nix-level way to define extra scenarios.
- `pkgs` to allow building tests with custom pkgs or systems.
1. fixedTest: Remove some unneeded layers of function calls.
2. Don't add a modified version of `black` to the global pkgs set.
Tests should not affect the pkgs of the tested system modules.
Fix the driver build script instead by adding an extra arg to the
call to `black`.
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.
bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.
lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.
lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
- Improve readability by using minutes
- set `TimeoutStopSec` like in bitcoin/contrib/init/bitcoind.service.
Stopping bitcoind can exceed the default timeout during IBD.
This script is potentially fetched from an untrusted source and should
be in good shape to be easily auditable.
- Create just one TMPDIR
- Improve comments
- Use `cut` to extract sha256
- Use camelCase var names like in other scripts
- Use idiomatic var name `pkgs` for the imported nixpkgs.
- Don't add `figlet` to PATH because it's only used internally.
- Only print figlet in interactive shells to avoid interfering with
stdout when running `nix-shell --run <cmd>`.
- Define `fetch-release` as a function to enable running it via
`nix-shell --run fetch-release`
- The scripts now work within arbitrary nix-shells.
Previously, they failed when run from nix shells other than
`examples/shell.nix`.
- The scripts now work from arbitrary working dirs.
- Update nixos iso
- Make sure to be root before parting and give instructions for checking
UEFI vs. legacy
- Instead of making user replace automatically generated nixos config,
explain how to add options.
- Add boot.loader options directly to hardware-configuration.nix
- Copy .gitignore when setting up a deployment dir
- Stress that the first config that is deployed remotely must include ssh key.
- Debian: 9 Strech -> Debian 10 Buster
- nix: 2.3.3 -> 2.3.10
Keeping the secrets dir read-only is more simple and robust.
- lnd seed mnemonic creation and joinmarket wallet creation can be
run as the regular service user instead of root.
- It is easier to switch to a third-party secrets deployment
method in the future.
Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
- Fail at evaluation when secrets setup is not configured.
Previously, bitcoind failed at runtime due to the missing secrets target.
- Fail at evaluation when conflicting secrets setup methods are used.
This happens when `secretsSetupMethod` has more than one definition.
With krops or nixops the secrets target is always restarted during
the deployment process.
This previously caused unnecessary restarts of all nix-bitcoin services.
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.
Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.
Also rename option setup-secrets -> setupSecrets.
