Erik Arvstedt
cb6e5ef702
netns-isolation: fix routing issues due to netns restarting
...
Previously, restarting a service implied restarting its netns.
For unknown reasons, this sometimes caused the netns-local address
to not be routable from the root netns for up to 20 s.
I.e., the service was sometimes unreachable after restarting.
Now the netns is no longer stopped when the service is stopped.
2021-11-08 12:46:27 +01:00
Erik Arvstedt
7f77147b60
makeShell: minor improvements
...
- import pkgs without the global config to avoid pulling in external state
- rename `path` -> `setPath`
- export `nixpkgsUnstable`
This avoids garbage collection of nixpkgs-unstable for gcrooted
shell environments (like those created by lorri)
2021-11-08 12:46:27 +01:00
Erik Arvstedt
a5730eb736
makeShell: make the help msg a shell derivation variable
...
- The message is now a nix string, which simplifies formatting.
- The message can be now be modified via overrideAttrs in client shells.
This is more effective than changing the message in Bash.
2021-11-08 12:46:27 +01:00
Jonas Nick
3f844c06f0
Merge fort-nix/nix-bitcoin#418 : update nixpkgs
...
b3e868d0af
tests/regtest: disable incompatible `validatepegin` for liquidd (Erik Arvstedt)
c30fe1919b
netns-isolation: don't auto-assign IPv6 addrs to peer links (Erik Arvstedt)
6584540828
makeShell: make help message extensible (Erik Arvstedt)
0478354477
versioning: move variable (Erik Arvstedt)
8616254d63
bitcoind-rpc-public-whitelist: remove waitfornewblock (Erik Arvstedt)
083e141e3e
tests/btcpayserver: test bitcoind P2P connection in regtest (Erik Arvstedt)
82c92df162
tests/regtest: fix restarting bitcoind (Erik Arvstedt)
49086abcc5
liquidd: use systemd startup notification (Erik Arvstedt)
b83fd845c2
update nixpkgs (nixbitcoin)
852c112603
Use HTTPS URL for spark-wallet GitHub node packages (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK b3e868d0af
jonasnick:
utACK b3e868d0af
Tree-SHA512: 300410157a54f90f40abda064ed9b8f2310e3002bd2eac0527404d5402cd7d87c2d2d1d79d68cf1569841645c333b281d706607deae9461e1ef07f6c20427297
2021-11-03 10:25:38 +00:00
Jonas Nick
2f9b9b674b
Merge fort-nix/nix-bitcoin#420 : missing sys import for error path set_onion_address
...
ae1c90997d
missing sys import for error path set_onion_address (cadwgan0)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK ae1c90997d
Tree-SHA512: 4fce73b3d5f15a7e8d809f6ccfc305539d6eb75f1248ca3f50284216db851ec0149f6888209000b22bb272842c331da0e955004f7e6eec1551e2d6e487a54ee8
2021-11-03 09:17:12 +00:00
cadwgan0
ae1c90997d
missing sys import for error path set_onion_address
2021-11-02 23:25:55 -04:00
Erik Arvstedt
b3e868d0af
tests/regtest: disable incompatible validatepegin
for liquidd
...
Otherwise liquidd startup fails. This bug was not covered by our tests,
because we're not combining `regtest` with `secure-node`.
But nixbitcoin.org does, which should suffice for now.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
c30fe1919b
netns-isolation: don't auto-assign IPv6 addrs to peer links
...
This simplifies the host's address configuration.
This also removes unused addresses that are returned when resolving
container hostnames via nss-mymachines:
`getent ahosts nb-test`
2021-11-02 17:40:43 +01:00
Erik Arvstedt
6584540828
makeShell: make help message extensible
...
Users can now override help and print more help messages alongside `nixBitcoinHelp`.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
0478354477
versioning: move variable
...
The variable is an internal implementation detail. Move it close to
where it's used.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
8616254d63
bitcoind-rpc-public-whitelist: remove waitfornewblock
...
This is an internal testing function and it's no longer used by electrs.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
083e141e3e
tests/btcpayserver: test bitcoind P2P connection in regtest
...
nbxplorer requires at least 100 blocks (coinbase maturity) in regtest.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
82c92df162
tests/regtest: fix restarting bitcoind
...
Previously, the test wallet was not loaded after restarting bitcoind and
generating blocks failed.
2021-11-02 17:40:43 +01:00
Erik Arvstedt
49086abcc5
liquidd: use systemd startup notification
2021-11-02 17:40:43 +01:00
nixbitcoin
b83fd845c2
update nixpkgs
...
Includes
- update stable
- btcpayserver: 1.2.4 -> 1.3.1
- electrs: 0.9.1 -> 0.9.2
- nbxplorer: 2.2.11 -> 2.2.16
2021-11-02 14:07:32 +00:00
nixbitcoin
852c112603
Use HTTPS URL for spark-wallet GitHub node packages
...
Manually patch spark-wallet until
https://github.com/svanderburg/node2nix/pull/269 is merged
2021-11-02 14:07:28 +00:00
Jonas Nick
42258feac3
Merge fort-nix/nix-bitcoin#417 : btcpayserver: fix liquidd whitelistedPort
...
c2eb81b57e
btcpayserver: fix liquidd whitelistedPort (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK c2eb81b57e
jonasnick:
utACK c2eb81b57e
Tree-SHA512: 452e3767fb23f4ed0a1a3c93322eae7517efbe73a8302b91bf2a1143b9d5e358f2ec3f31b1b37b6fe357407850d9b85e044df7184e890563b9ce29a8716a7732
2021-11-01 13:08:47 +00:00
nixbitcoin
c2eb81b57e
btcpayserver: fix liquidd whitelistedPort
2021-11-01 11:59:05 +00:00
Jonas Nick
41514b8667
Merge fort-nix/nix-bitcoin#416 : secure-node: stop pruning liquidd
...
bac8518e7c
secure-node: stop pruning liquidd (Jonas Nick)
347a0f3aee
secure-node: add dummy option to determine if the preset is enabled (Jonas Nick)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK bac8518e7c
Tree-SHA512: df09889933355e97ccfa0cbbe3e5776e6984c492d52dd51e97220e7efbac0248599ee1187773d0db4f314b47def7cb6c5cd1074ec92cd4cfa824c8f1ee11d547
2021-10-31 15:41:58 +00:00
Jonas Nick
bac8518e7c
secure-node: stop pruning liquidd
...
There is no security reason why pruning should be enabled and therefore it
surprises users. Turning on pruning in the first place was simply a mistake.
2021-10-31 14:37:56 +00:00
Jonas Nick
347a0f3aee
secure-node: add dummy option to determine if the preset is enabled
...
This is useful for versioning.nix.
2021-10-31 14:00:46 +00:00
Jonas Nick
3e018d0263
Merge fort-nix/nix-bitcoin#414 : Update nixpkgs-unstable, fix whitelisting local services
...
aada35fc7b
minor improvements (Erik Arvstedt)
1da23cd933
bitcoind, liquidd: add whitelisted socket (Erik Arvstedt)
8c3a88b2e8
update nixpkgs-unstable (Erik Arvstedt)
cc3d43f4e9
bitcoind: set onionPort in bitcoind module (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK aada35fc7b
Tree-SHA512: cd9ea2386bd28b0b1fc6a9c1691022f9c4ce40bb92acc6606b4ca55cf8cc57fe20e9bd3d19255c345c4015b1a13d2f292c035c2a05a421031859026f50c7ce20
2021-10-30 15:37:12 +00:00
Erik Arvstedt
aada35fc7b
minor improvements
...
- README: add matrix room
- examples/configuration.nix: explain why bitcoind is enabled by default
- btcpayserver: group lnd service settings
- clightning:
Use public onion port only when the onion service is public
This allows users to enable the onion service while announcing a
non-onion public address.
- netns-isolation: move `readOnly` attr to the top
- tests: use mkDefault to allow for easier overriding
- tests/btcpayserver: test web server response
2021-10-30 15:34:48 +02:00
Erik Arvstedt
1da23cd933
bitcoind, liquidd: add whitelisted socket
...
This allows whitelisting local services without implicitly
whitelisting all inbound onion connections, which would happen when
setting bitcoind/liquidd option `whitelist=localhost`.
Used by electrs and nbxplorer, which requires the unsafe `mempool`
permission.
2021-10-29 18:28:31 +02:00
Erik Arvstedt
8c3a88b2e8
update nixpkgs-unstable
...
Switch back from nixpkgs master to unstable.
Pkg updates:
btcpayserver: 1.2.3 -> 1.2.4
electrs: 0.9.0 -> 0.9.1
elementsd: 0.18.1.12 -> 0.21.0
lightning-pool: 0.5.0-alpha -> 0.5.1-alpha
nbxplorer: 2.2.5 -> 2.2.11
- liquidd:
add `onionPort` like in bitcoind
- tests/electrs:
remove KillSignal workaround
2021-10-29 17:59:25 +02:00
Erik Arvstedt
cc3d43f4e9
bitcoind: set onionPort in bitcoind module
...
This removes the module-level dependency from onion-services to
bitcoind.
Due to the `or false` fallback, there's no dependency added in
the reverse direction.
In particular, this allows us to not add a dependency on liquidd in
the following commit.
2021-10-28 22:24:24 +02:00
Jonas Nick
20d4240919
Merge fort-nix/nix-bitcoin#410 : joinmarket: 0.9.2 -> 0.9.3
...
d5ce1c43a8
test: make joinmarket work with regtest (nixbitcoin)
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3 (nixbitcoin)
721ba1aeba
python-packages: separate `specific-versions` pkgs (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK d5ce1c43a8
jonasnick:
light utACK d5ce1c43a8
Tree-SHA512: 5ddccbf9a88640086d14051283b59e704364d4d5f3f6aa6c698d88d8a6634ac9a7b525b11cf1670c9aaa6a797635bc23e135972d9bc8c909ec51b58fe57e8f5c
2021-10-28 09:50:22 +00:00
nixbitcoin
d5ce1c43a8
test: make joinmarket work with regtest
2021-10-27 16:08:28 +02:00
nixbitcoin
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3
2021-10-27 16:02:59 +02:00
Jonas Nick
c40a7a75cc
Merge fort-nix/nix-bitcoin#412 : clightning: fix announce addr
...
b6d1928e90
clightning: add public port (kon)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK b6d1928e90
jonasnick:
ACK b6d1928e90
Tree-SHA512: 78955c453af54d7da42dc7f31474509f6cafe61fae0c3943fc8bd3353d3927b3ed5c2db8bd22600daf2cfd266ef390ead7f6be1c6de7e530f77b091a5285e08a
2021-10-26 19:53:55 +00:00
kon
b6d1928e90
clightning: add public port
...
Co-authored-by: Erik Arvstedt <erik.arvstedt@gmail.com>
2021-10-26 21:34:33 +02:00
Erik Arvstedt
721ba1aeba
python-packages: separate specific-versions
pkgs
...
This simplifies maintenance.
2021-10-24 21:18:56 +02:00
Jonas Nick
bfe8ac972c
Merge fort-nix/nix-bitcoin#405 : bitcoind: add separate p2p socket for tor connections
...
ec4a4dbe41
btcpayserver: fix whitelist security issue (Erik Arvstedt)
df2070b44a
bitcoind: add separate p2p socket for tor connections (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK ec4a4dbe41
Tree-SHA512: 457bfb5806dca65507261c1868ca89c86a39f63bd10833b7531fd74dd779816083270c8ccc95ad08a5306e9b31c440904e3cba35464d47c0d87418d0be3e732d
2021-10-21 12:17:17 +00:00
Erik Arvstedt
ec4a4dbe41
btcpayserver: fix whitelist security issue
...
Whitelisting localhost implicitly whitelists all inbound onion
connections. This prevents banning misbehaving inbound onion peers
and enables message `mempool` which can cause privacy leaks.
Instead, grant `download` as the single bitcoind whitelist permission, which
should be safe for onion peers.
Remove liquidd whitelisting because it doesn't support fine-grained permissions.
After a cursory glance at the nbxplorer code I think that nbxplorer
requires none of the other default whitelist permissions (noban, mempool,
relay).
Details: https://github.com/dgarage/NBXplorer/issues/344
2021-10-21 11:40:40 +02:00
Erik Arvstedt
df2070b44a
bitcoind: add separate p2p socket for tor connections
...
This re-enables onion tagging while still supporting untagged connections.
Onion sockets are not yet supported in the latest liquidd/elements
version 0.18.1.12 available on nixpkgs.
2021-10-21 11:40:40 +02:00
Jonas Nick
8b1b06311d
Merge fort-nix/nix-bitcoin#406 : bitcoind: one-option i2p support
...
63836127c9
bitcoind: one-option i2p support (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 63836127c9
jonasnick:
utACK 63836127c9
Tree-SHA512: be7806657885ba455e7137dfc8c20ea4d58898b04db030a964aafbde1c505041a1f9e700654ad9c75ab2bb9267174bdbe84c9d7e4de63a09508b72fbd5c8f1a1
2021-10-15 11:02:09 +00:00
Jonas Nick
2250b9bcb7
Merge fort-nix/nix-bitcoin#408 : joinmarket: 0.9.1 -> 0.9.2
...
3781a85c9b
joinmarket: enable Agora as a third IRC server (nixbitcoin)
ced1637d07
joinmarket: share IRC server definitions between jm and ob-watcher (Erik Arvstedt)
59fc003ebd
joinmarket: 0.9.1 -> 0.9.2 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 3781a85c9b
Tree-SHA512: 5ec919d2291ecf96fb4ca880f3dbeabff13f2bab71822db893ebbaba1b95463666b098ccc1412a1b56f327a231e10c1f2d47feb0f520fce349ab243d398bf7b4
2021-10-15 10:58:01 +00:00
Jonas Nick
8f25bb72bd
Merge fort-nix/nix-bitcoin#407 : lnd: Add TimoutStartSec
...
40ab4b368a
add lnd TimoutSec (kon)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 40ab4b368a
Tree-SHA512: b6db4f2fd4b367c53c2a7a0b10140ac718ebf8b4d6b12e693ea1c2c3e5d2f4630d854d134268c1061c5d639169eba23b9ff3944f06bb2fa2f305838fdc617480
2021-10-15 10:57:04 +00:00
nixbitcoin
3781a85c9b
joinmarket: enable Agora as a third IRC server
2021-10-13 14:45:52 +02:00
Erik Arvstedt
ced1637d07
joinmarket: share IRC server definitions between jm and ob-watcher
...
Also add server name comments.
2021-10-13 14:44:36 +02:00
nixbitcoin
59fc003ebd
joinmarket: 0.9.1 -> 0.9.2
...
Remove "improve-genwallet" patch
2021-10-13 11:52:42 +00:00
kon
40ab4b368a
add lnd TimoutSec
2021-10-12 21:56:59 +02:00
nixbitcoin
63836127c9
bitcoind: one-option i2p support
2021-10-12 10:22:09 +00:00
Jonas Nick
06a971dfa9
Merge fort-nix/nix-bitcoin#404 : Electrs 0.9.0
...
8938eadf0c
bitcoind: don't tag all incoming connections as 'Tor' (Erik Arvstedt)
b9301ce0d9
emergency fix: lnd: 0.13.1-beta -> 0.13.3-beta (Erik Arvstedt)
265fc1911d
extra-container: pin to nixpkgs-unstable (Erik Arvstedt)
75b89f3957
electrs: adapt to version 0.9.0 (Erik Arvstedt)
6f42fa8181
update nixpkgs (electrs: 0.8.11 -> 0.9.0) (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 8938eadf0c
jonasnick:
ACK 8938eadf0c
Tree-SHA512: 4d5dcb451e5cb50ec66121b9f9bb69bc96e45c2b2160b92f6cbc76e18d8619483a06e14fe6fa9df85d3cf6a31254953b2055229902ae861e7c1031755bc82b51
2021-10-06 15:10:34 +00:00
Erik Arvstedt
8938eadf0c
bitcoind: don't tag all incoming connections as 'Tor'
...
We're also accepting local, non-Tor connections.
2021-10-06 16:55:41 +02:00
Erik Arvstedt
b9301ce0d9
emergency fix: lnd: 0.13.1-beta -> 0.13.3-beta
...
Fixes CVE-2021-41593.
Temporarily switch to nixpkgs/master.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
265fc1911d
extra-container: pin to nixpkgs-unstable
...
extra-container is now part of nixpkgs.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
75b89f3957
electrs: adapt to version 0.9.0
...
- `waitfornewblock` was previously not included in the public RPC
whitelist because it's reserved for testing and marked as hidden
in bitcoind.
- electrs changed its verbosity settings. `-vv` is now the best choice
for normal usage.
- bitcoind option `dataDirReadableByGroup` is now unused.
Because it can be valuable for other use cases and implementing
it is intricate, we're keeping it for now.
- test: keep `nc` connection open because otherwise the electrs
RPC server would now close the connection before sending a response.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
6f42fa8181
update nixpkgs (electrs: 0.8.11 -> 0.9.0)
2021-10-06 15:34:24 +02:00
Jonas Nick
693c646c49
Merge fort-nix/nix-bitcoin#402 : Misc. improvements
...
6d694a6269
backups: allow extraFiles to override default settings (Erik Arvstedt)
0c45415c86
backups: exclude bitcoind, liquidd txindex data (Erik Arvstedt)
0853dedc43
tests/regtest: don't fail when restarting bitcoind (Erik Arvstedt)
b73c093d3d
joinmarket-ob-watcher: require nix-bitcoin.service (Erik Arvstedt)
27905e2c3a
tests: disable restarting joinmarket-ob-watcher (Erik Arvstedt)
c8251cdad7
onion-services: don't always enable Tor (Erik Arvstedt)
3c6a664b7b
examples/configuration: show how to enable sudo/doas for `operator` (Erik Arvstedt)
4d5bc810eb
secrets: fix setup-secrets in case of no secrets (Erik Arvstedt)
e61c743644
test: add option `extraTestScript` (Erik Arvstedt)
2cf12d8765
README: minor fixes (Erik Arvstedt)
e57ab83a51
docs/hardware: update (Erik Arvstedt)
1b597f92a6
docs/hardware: add line breaks (Erik Arvstedt)
a92d6a8e80
netns: expose bridgeIp as an option (Erik Arvstedt)
f36df8f563
secure-node: remove redundant bitcoind settings (Erik Arvstedt)
09169365d8
liquid: remove unused features (Erik Arvstedt)
82d910e937
nbxplorer: fix bitcoind, liquidd settings (Erik Arvstedt)
f61e928139
services: support 0.0.0.0/:: in `address` options (Erik Arvstedt)
1848c3dd98
btcpayserver: minor improvements (Erik Arvstedt)
e561637600
minor fixes (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 6d694a6269
jonasnick:
ACK 6d694a6269
Tree-SHA512: 9a409e05e75284a27b94ef489ab0bce8bf49b50fa01e31c7c3430e388e273e7186f74794b979b625db9cd7ec2861e9933cc93e4c54139314f7f9d54d9b5f39f2
2021-10-06 13:21:56 +00:00