Commit Graph

388 Commits

Author SHA1 Message Date
Erik Arvstedt
826245484e
make secrets dir location configurable
Users of the nix-bitcoin modules shouldn't be forced to add an extra
dir under root.
The secrets location is unchanged for the default node config.
2020-01-13 00:25:12 +01:00
Erik Arvstedt
b1e13e9415
simplify secrets file format
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.

Old secrets are automatically converted to the new format when running
nix-shell.

Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
314272a228
lnd, nanopos: move user and group definitions to the bottom
This is the default service formatting style in nixpkgs.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
766fa4f300
travis: cache all build outputs with cachix
This further speeds up builds, in particular the modules test in the
next commit. By checking if the expected final build output has already
been cached, we can even skip the download of cached builds.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
b0e759160d
travis: set NIX_PATH as early as possible
This avoids some unneded downloads when installing cachix.
2020-01-12 20:53:35 +01:00
Erik Arvstedt
c51bbcf104
travis: move comment 2020-01-12 20:53:35 +01:00
Erik Arvstedt
7092dce0c7
travis: remove use of deprecated statements 2020-01-12 20:53:34 +01:00
Erik Arvstedt
190a92507c
travis: split up scripts into statements
Advantages:
- The build fails if a statement fails.
  Previously, errors in all but the last statement were silently
  ignored.
- The Travis log gives a fine-grained view of the output of each
  statement.

Add if statements because the '[…] &&' prefix results in YAML syntax
errors.
2020-01-12 20:02:04 +01:00
Erik Arvstedt
10d6b04ac8
support enabling clightning and lnd simultaneously
Needed for testing.
2020-01-12 20:02:04 +01:00
Erik Arvstedt
ad7a519284
bitcoind: wait until RPC port is open
This fixes rare failures in clightning which requires an open bitcoind
RPC port
2020-01-12 20:02:04 +01:00
Erik Arvstedt
5536b64fb3
lnd: wait until wallet is created 2020-01-12 20:02:04 +01:00
Erik Arvstedt
6f2a55d63c
lnd: wait until RPC port is open 2020-01-12 20:02:03 +01:00
Erik Arvstedt
1868bef462
lnd: add option 'rpcPort'
10009 is lnd's default port.
Needed for the following commit.
2020-01-12 20:02:03 +01:00
Erik Arvstedt
120e3e8cfe
lnd postStart: suppress curl response output
Errors are still shown
2020-01-12 20:02:03 +01:00
Erik Arvstedt
3e86637327
lnd postStart: poll for REST service availability
Improves service startup time compared to just sleeping
2020-01-12 20:02:03 +01:00
Erik Arvstedt
795c51dc01
lnd postStart: make more idiomatic
- [[]]-style tests
- indent all multi-line statements the same way
2020-01-12 20:02:03 +01:00
Erik Arvstedt
6e58beae8a
lnd: use postStart option for script
- set -e is implicit
- coreutils are in PATH and don't have to be explicitly referenced (echo is a shell builtin anyways)
- exit 0 is unneeded ('if' statements never fail)
2020-01-12 20:02:03 +01:00
Erik Arvstedt
86167c6e6d
clightning: wait until the RPC socket appears
This fixes failures with spark-wallet which requires clightning RPC
2020-01-12 20:02:02 +01:00
Erik Arvstedt
60c732a6a1
onion-chef: set RemainAfterExit, fix tor dependency
This better fits the semantics of this unit and allows for easier
automated testing whether the service is active.

wantedBy = bindsTo = after = tor.service is the simplest way to ensure
that this unit is always running/restarted in lockstep with tor.
Previously, onion-chef would have stayed inactive in the case
that tor was stopped and then later restarted.
2020-01-12 20:02:02 +01:00
Erik Arvstedt
2b9b3ba1c5
systemPackages: improve readability with shorter service references 2020-01-12 20:02:02 +01:00
Erik Arvstedt
14ecb5511a
liquid: add cli option 2020-01-12 20:02:02 +01:00
Erik Arvstedt
cd5ed39b9c
lnd: add cli option 2020-01-12 20:02:02 +01:00
Erik Arvstedt
1833b15888
clightning: add cli option
An executable is more robust to use than shell aliases.

This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.
2020-01-12 20:02:02 +01:00
Erik Arvstedt
b90bf6691b
add generate-secrets.service 2020-01-12 20:02:01 +01:00
Erik Arvstedt
6447694214
add generate-secrets pkg
generate-secrets.sh will also be used in generate-secrets.nix, so DRY
its dependency definitions.
2020-01-12 20:02:01 +01:00
Erik Arvstedt
e34093a8ac
generate_secrets.sh: add opensslConf option
Needed for the following commit.
2020-01-12 20:02:01 +01:00
Erik Arvstedt
9d14d5ba64
generate_secrets.sh: write secrets to working directory
Write to $PWD instead to ./secrets.
1. Simplifies the code
2. Easier to use in generate-secrets.service (introduced in a later commit)
2020-01-12 20:02:01 +01:00
Erik Arvstedt
51fb054001
generate_secrets.sh: extract makepw command
This makes it obvious that all passwords are generated with the same parameters
2020-01-12 20:02:01 +01:00
Erik Arvstedt
e3b47ce18a
add setup-secrets.service 2020-01-12 20:02:01 +01:00
Erik Arvstedt
437b268433
extract make-secrets.nix
Needed by the next commit.
2020-01-12 20:02:00 +01:00
Erik Arvstedt
f9c29b9318
simplify secret definitions 2020-01-12 20:02:00 +01:00
Erik Arvstedt
cd0fd6926b
don't copy secret files to store during nixops deployment 2020-01-12 20:02:00 +01:00
Erik Arvstedt
f0a36fe0c7
add 'nix-bitcoin-services' option
1. Makes the content easily accessible for module users
2. Avoids needlessly recalculating the attrset in every client module
2020-01-12 20:02:00 +01:00
Erik Arvstedt
7aaf30501c
nix-bitcoin-services: simplify formatting 2020-01-09 10:43:30 +01:00
Erik Arvstedt
760da232e0
add nix-bitcoin pkgs namespace
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.

Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
2020-01-09 10:43:30 +01:00
Erik Arvstedt
6def181dbc
add modules.nix
Importing modules.nix enables the stand-alone use of the modules, without the
config presets of nix-bitcoin.nix.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
3b842e5fe7
add nix-bitcoin-secrets.target
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
  units that depend on secrets. (To keep it simple, it's okay to meet
  the secrets dependency indirectly by e.g. depending on bitcoind.)

  Various secret deployment methods can use this target by
  setting up the secrets before activating the target.
  In case of nixops we just specify that nixops' keys.target comes
  before nix-bitcoin-secrets.target.

  If the target is left undefined in the case of manual secrets
  deployment, systemd will simply ignore unit dependencies on
  the target.

- Allow all users to access the secrets dir.
  The access protection for the individual secret files is unchanged.
  This allows us to drop the unit dependency on the nixops 'keys' group.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
bbf2bbc04a
network.nix: simplify import of main config 2020-01-09 10:43:29 +01:00
Erik Arvstedt
7e021a2629
simplify overlay.nix
Move pkg definitions to pkgs/default.nix.
This allows us to just import the pkgs in overlay.nix and get rid of
the filtering to exclude the modules.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
07dc3e04ac
move bitcoinrpc group definition to bitcoind
services.bitcoind has a strict dependency on the 'bitcoinrpc' group
via the 'bitcoin-rpcpassword' secret.
2019-11-27 14:05:19 +01:00
Erik Arvstedt
d61b185c3a
simplify user and group definitions 2019-11-27 14:05:19 +01:00
Jonas Nick
6c69eb8576
Merge #131: Update nixpkgs
5575878aad Update nixpkgs (Jonas Nick)
ab35dc29eb Update hwi 1.0.1 -> 1.0.3 Also remove unstable hwi build from travis because hwi requires mnemonic <0.19.0 but nixpkgs unstable has 0.19.0. (Jonas Nick)
44372e764f Update nixpkgs (Jonas Nick)

Pull request description:

  Updates clightning to 0.7.3.

Top commit has no ACKs.

Tree-SHA512: d730cb2e46f282454e483192d0f91c4b8463ca40ae9f4a5a5a5ff01861fad349a03ab780b3151937ec35e9f70a7b2d470495002bcab8d174176b7d49cce62c7d
2019-11-23 13:06:48 +00:00
Jonas Nick
5575878aad
Update nixpkgs 2019-11-18 23:25:32 +00:00
Jonas Nick
ab35dc29eb
Update hwi 1.0.1 -> 1.0.3
Also remove unstable hwi build from travis because hwi requires mnemonic
<0.19.0 but nixpkgs unstable has 0.19.0.
2019-11-17 14:20:47 +00:00
Jonas Nick
44372e764f
Update nixpkgs 2019-11-16 21:47:06 +00:00
Jonas Nick
b5321cf939
Merge #130: Improve banlist importer
c36c496507 banlist: fail on unexpected errors (Erik Arvstedt)
e0276503ed fixup! ignore banlist errors (like in master) (Erik Arvstedt)
d64156e485 banlist: don't wait in preStart until bitcoind is ready (Erik Arvstedt)
d87c50a305 banlist: simplify unit, bind to bitcoind, fix wantedBy (Erik Arvstedt)
39885d37c1 banlist: simplify script, remove package (Erik Arvstedt)
55e73f32e3 bitcoind: add cli option (Erik Arvstedt)
8807b9f6b2 bitcoind: remove 'StateDirectory' (Erik Arvstedt)

Pull request description:

  Please see the individual commit messages for more infos.

  This time I've used commit msg titles starting with lower-case letters.
  I think this style is the simplest and cleanest, especially with
  `topic:` prefixes. Let me know if I should reformat this.

  Regarding commit `banlist: simplify script, remove package`:
  I've added the current version of Greg's banlist, but it has 5600 entries instead of the previous 739. Is this ok?

  Rationale for commit `bitcoind: add cli option`:
  For some cases it can be useful when bitcoin-cli is an executable instead of a shell alias.
    - non-interactive ssh commands like `ssh mynode 'bitcoin-cli getnetworkinfo'`.
      This can also be achieved with shell aliases in `environment.shellInit`, but it's good
      practice to avoid aliases in noninteractive shells.
    - Scripts that call `bitcoin-cli`. The banlist importer which uses this is a good example.

ACKs for top commit:
  jonasnick:
    ACK c36c496507

Tree-SHA512: 31dacf5e5b051ada24151c9884a97cfd83883c2b48e3d25e16f228fb575cb915e1093d12d171a44d25064fda7d7b98a27c897cc4bdace527c52fdf652033a160
2019-11-16 20:37:43 +00:00
Erik Arvstedt
c36c496507
banlist: fail on unexpected errors
Also, don't output the 'already banned' error message
2019-11-14 13:06:21 +01:00
Erik Arvstedt
e0276503ed
fixup! ignore banlist errors (like in master) 2019-11-14 13:04:42 +01:00
Erik Arvstedt
d64156e485
banlist: don't wait in preStart until bitcoind is ready
preStart is meant for short-run scripts, but bitcoind can take a long
time until it accepts commands, especially on low-powered systems.

Fixes #122
2019-11-12 19:59:06 +01:00
Erik Arvstedt
d87c50a305
banlist: simplify unit, bind to bitcoind, fix wantedBy
Type = "simple" is the default unit type.

Being wanted by bitcoind instead of a system target is more appropriate.

By binding to bitcoind, the service is automatically stopped when
bitcoind exits. This eliminates the bitcoind liveness check in preStart.
2019-11-12 19:44:44 +01:00