This avoids an extra delay and the unexpected creation of secrets when
run in another dir.
Needed for the 'fetch-release' script introduced in a later commit.
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
28cf7ebe74 Add nixops19_09 to default pkgs. (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: e10f7d8d94df506cc5848477956da6cd3cc1c7ee87950df8c09da27e2fcac87b97c7dff1facafde5b114a9d7f6076f492956c2b684a7776b2566e86ba78a9d1d
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
Use buildRustPackage instead of buildRustCrate (via crate2nix).
buildRustPackage builds the whole executable and its libraries in a
single `cargo build` process.
With the create2nix approach each library is built in a separate derivation,
directly using rustc instead of the cargo wrapper.
Benefits of buildRustPackage:
- Much simpler to maintain
- Package derivation evaluates much faster
Benefits of crate2nix:
- Build can be distributed over multiple build hosts
- Better sharing of common dependencies between different builds
- More fine-grained rebuilding on build failures
In nixpkgs buildRustPackage is used for almost all Rust pkgs, it's
also a better fit for our use case.
323b2a7f17 Allow adding multiple nodes to bitcoind with the addnodes option and improve bitcoin module option descriptions (Jonas Nick)
ed6511c96e Document how to override attributes in configuration.nix (Jonas Nick)
9d3588e1de Convert nix-bitcoin extraConfig options to regular options (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 02d7a38e41742f76979e2e12ae2195304a11a86c6547f5e1f3ff82b6031ad36b80d006a78cb4ec03fdfc4227ffdd60c5cc15bf898c32a3f213acaf2598da8eaf
ProtectSystem=full disables writing to /etc which is the default
secrets location.
Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
31ad56950f CI build: print number of VM CPUs (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 31ad56950f
Tree-SHA512: ff6c43d24f4121d0f1a89e82bb58e182ba044662cb00e7fc879168e7f697d171bc6fbed5d22d983fc6ded11fadbbb4e433133709bf4512882412ac8908e15156