Commit Graph

176 Commits

Author SHA1 Message Date
Erik Arvstedt
03db1a61b1
lnd, joinmarket: don't write to secrets dir
Keeping the secrets dir read-only is more simple and robust.

- lnd seed mnemonic creation and joinmarket wallet creation can be
  run as the regular service user instead of root.

- It is easier to switch to a third-party secrets deployment
  method in the future.

Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
2021-03-15 18:50:15 +01:00
Erik Arvstedt
b701cb5603
secrets: add option 'generateSecrets'
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.

Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.

Also rename option setup-secrets -> setupSecrets.
2021-03-15 12:42:52 +00:00
kon
eb21012745 pool: add pkg, module & tests 2021-03-01 10:59:35 +01:00
nixbitcoin
19e401b028
bitcoind: enable cookie-based authentication 2021-02-18 10:40:09 +00:00
Jonas Nick
eddc48ee62
Merge #322: run-tests: Fix interrupt handling for --copy-src
8e3feece67 run-tests: fix interrupt handling for --copy-src (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 8e3feece67

Tree-SHA512: ec4916facedb1f5988dccd0e80e08fcf1788a8425320676e6c48350aa69f29d302bb102408c52c748ac5a794735c0c00d7a95dbea91d735add40b5690817d272
2021-02-14 19:48:09 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
2021-02-14 16:23:53 +00:00
Erik Arvstedt
8e3feece67
run-tests: fix interrupt handling for --copy-src
Previously, `run-tests.sh --copy-src ...` exited with status 0 (success) when interrupted (SIGINT).
It now exits with an error status.
2021-02-12 21:39:46 +01:00
Erik Arvstedt
ce2b445777
treewide: use runuser for dropping privileges
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
2021-02-09 12:44:01 +00:00
Jonas Nick
f9683889d9
Merge #312: Refactorings, cleanups
0a2c8e4864 run-tests: add option --copy-src (Erik Arvstedt)
803584a288 backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412 services: add names for systemd helper scripts (Erik Arvstedt)
6982699613 services: use consistent layout (Erik Arvstedt)
a43534dda0 services: improve config file setup (Erik Arvstedt)
18f2002cf0 joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6f joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415c joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f joinmarket: fix wallet creation (Erik Arvstedt)
7458350108 treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939c treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13 treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf treewide: remove user descriptions (Erik Arvstedt)
4f6ff408ef treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1 treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3 netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e README: minor improvements (Erik Arvstedt)
13fc9dfabf examples: improve introductory comments (Erik Arvstedt)
af2040f4c4 netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef1 bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1d elementsd: minor refactoring (Erik Arvstedt)
f0850d3f23 btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85 btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 0a2c8e4864

Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:32:03 +00:00
Erik Arvstedt
0a2c8e4864
run-tests: add option --copy-src 2021-02-08 12:20:20 +01:00
Jonas Nick
2ebd1129a5
Merge #317: Pkg updates
a0f48c9de9 examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35 secp256k1: move to top-level packages (Erik Arvstedt)
d41a843167 jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03af extra-container: 0.5 -> 0.6 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a0f48c9de9
  jonasnick:
    ACK a0f48c9de9

Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
2021-02-07 21:44:10 +00:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
2021-02-07 22:39:05 +01:00
Erik Arvstedt
c22adb03af
extra-container: 0.5 -> 0.6 2021-02-06 11:43:36 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService' 2021-02-05 09:17:14 +01:00
Erik Arvstedt
8f9ea61d6e
update nixpkgs-unstable
- bitcoind 0.20.1 -> 0.21.0
  Manually create a wallet in the backup test because bitcoind
  does not create a default wallet anymore

- disable the failing elementsd build on unstable
2021-01-31 22:26:30 +01:00
Erik Arvstedt
44546561fc
run-tests: allow defining scenarios via cmdline args
This simplifies running self-contained scenarios for testing and debugging.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
fc40776689
improve backup test
Only check enabled services. This allows running the backup test with a custom subset of other
tests.

Also, show a meaningful error on test failure.
Previously, just an AssertionError without a message was shown.
Because the test code is evaluated from a string and not a file, there
was also no backtrace to the tests file.
2021-01-30 11:38:47 +01:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module 2021-01-17 17:40:12 +00:00
Erik Arvstedt
323a431aba
improve nodeinfo
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
  netns-isolation is enabled
- only show enabled services
2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex
This module is outdated and incomplete. We can readd an improved version in
the future.

Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module 2021-01-01 17:37:30 +00:00
nixbitcoin
bcedf69549
readme: update and split into various parts 2020-12-30 15:59:22 +00:00
nixbitcoin
196e3c9dbb
clboss: add test todo 2020-12-22 09:54:11 +00:00
Erik Arvstedt
2bfb4efbd8
make-container: fix usage comment 2020-12-19 13:18:50 +01:00
Erik Arvstedt
3403795c86
tests: add example scripts 2020-12-18 19:56:56 +01:00
Erik Arvstedt
ff94985b8b
tests: add test 'hardened' 2020-12-18 19:56:56 +01:00
Erik Arvstedt
a5a2fc7274
make-container: fix renamed variable
The variable was only renamed in run-tests.sh, which broke containers.
2020-12-16 01:29:12 +01:00
Erik Arvstedt
9977fa69af
ci: use run-tests.sh 2020-12-11 13:27:06 +01:00
Erik Arvstedt
a82f0f5f48
add test 'pkgsUnstable'
Included in 'basic' tests.
Function 'doBuild' is needed by the following commit.
2020-12-11 13:27:05 +01:00
Erik Arvstedt
95bc1237e2
run-tests: rename testDir -> scriptDir 2020-12-11 13:27:05 +01:00
Erik Arvstedt
a70c3bf210
make-test-vm: remove unneeded leftover arg attrs 2020-12-11 13:27:05 +01:00
Erik Arvstedt
ed65e78a2b
make-test: expose test config
This is useful for programmatically exploring a test config or for building a test system
on a custom platform.
2020-12-11 13:27:04 +01:00
Erik Arvstedt
7265742655
run-tests: add 'instantiate' command
Useful for diffing test derivations.
2020-12-11 13:27:04 +01:00
Erik Arvstedt
8cbdef8bf6
run-tests: fix CLI
Restore the original behavior that was accidentally changed:
When no args are given, run the basic test suite.
Otherwise, run the given command with default scenario 'default'.
Previously, `run-tests.sh build` ran the basic test suite instead of
building the default scenario.
2020-12-11 13:27:04 +01:00
Erik Arvstedt
1c0233c0a8
use Cirrus CI
- Make more economic use of the free CI resources by removing redundant build tasks:
  - Build unstable pkgs in a single separate task ("pkgs_unstable").
  - All stable pkgs are implicitly built by the modules tests.
- The build script (ci/build.sh) can now be executed locally for easier
  debugging.
- Use an explicit 'cachix push' command instead of helper/wait-for-network-idle.rb.
  This is simpler and more reliable.
2020-12-06 19:07:54 +01:00
Ian Shipman
1d44b99340 add curated clightning plugins 2020-11-18 20:21:34 -06:00
Erik Arvstedt
4640821f96 make-test.nix: use writeText
Needed for the following commit which adds derivation outputs to `dataFile`.
2020-11-18 20:21:34 -06:00
Erik Arvstedt
7e3d2965a5
testing framework: re-add features removed in nixpkgs 20.09
Since nixpks 20.09, the test output is just an empty directory.
Restore saving the log output and linking to the driver.

Without linking to the driver, the driver is eligible for
garbage collection after running a test via `run-tests.sh --out-link-prefix`,
which implies lengthy driver rebuilds.
2020-11-11 22:27:46 +01:00
nixbitcoin
f2faf708fb
test: update joinmarket query strings
JoinMarket changed message strings in
a2aafd254d and removed P2EPDaemonServerProtocolFactory in v0.7.1
2020-11-06 08:51:27 +00:00
Erik Arvstedt
4ff88efc50
netns: add address binding test
Proposed by Jonas Nick.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
9ddf7864a4
lightning-loop regtest: fix incorrectly succeeding test
When 'loop getparams' fails, jq gets no stdin and exits with code 0.
Because -o pipefail is not enabled in the testing shell, the whole test
command succeeds, although it should fail.

Just test "loop getparams" instead and ignore its output.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns 2020-10-29 21:21:27 +01:00
Erik Arvstedt
0e2ff948d3
test: add scenario 'netnsRegtest'
The 'basic' test command now cover regtest mode and using nix-bitcoin without
the secure-node preset.
2020-10-29 21:21:27 +01:00
Erik Arvstedt
9a931483b9
netns test: remove strict dependency on clightning, electrs
This allows the netns test to be run with a reduced service set for debugging.
2020-10-29 21:21:26 +01:00
Erik Arvstedt
bae1b7f413
netns test: improve ping test
- Use fping for pinging multiple hosts in parallel.
  Significantly improves test runtime:
  >13 s -> ~200 ms for the negative ping tests.
- Only test network namespaces that are enabled.
  This allows running the netns test with a reduced service set for debugging.
- Remove deprecated services, instead add btcpayserver, spark-wallet
2020-10-29 21:21:26 +01:00
Erik Arvstedt
e61d7b1d46
test: improve lightning-loop regtest 2020-10-19 08:59:26 +00:00
Erik Arvstedt
9951f10e74
test: add scenario 'regtest' 2020-10-16 23:55:13 +02:00
Erik Arvstedt
1f96ca67c5
electrs test: make service shutdown optional
Needed for regtest scenario.
2020-10-16 18:01:52 +02:00
Erik Arvstedt
eb42fc8e06
test: extract test 'joinmarket-yieldgenerator'
Needed for regtest scenario.
2020-10-16 18:01:52 +02:00
Erik Arvstedt
bfed10b2fa
run-tests: add command 'all'
'all' includes test 'full', which now succeeds.
2020-10-16 16:46:56 +02:00
Erik Arvstedt
0a6b9beda5
run-tests: simplify setting default scenario 2020-10-16 16:46:56 +02:00
Erik Arvstedt
1a32292e07
test: speed up clightning startup when offline 2020-10-16 16:46:56 +02:00
Erik Arvstedt
c07e767889
test: add python test requirements
This allows running the Python tests without importing secure-node.
2020-10-16 16:46:55 +02:00
Erik Arvstedt
04075b108c
test: use QEMU from stable nixpkgs 2020-10-16 15:53:34 +02:00
Erik Arvstedt
03f8dbba47
test: add non-secure-node eval test
This tests that the modules work without the secure-node template.

The test currently fails at runtime, but evaluating already helps
catching module-related errors.
2020-10-16 15:53:34 +02:00
Erik Arvstedt
bb763d6a26
run-tests: add 'eval' command 2020-10-16 15:53:34 +02:00
Erik Arvstedt
c9251e72a1
README: add run-tests.sh to examples 2020-10-16 15:53:33 +02:00
Erik Arvstedt
5a565dff66
netns test: use netns ips from config 2020-10-16 15:53:33 +02:00
Erik Arvstedt
ac95fe7c82
netns test: don't test recurring-donations
This service is not enabled and its netns doesn't exist.
2020-10-16 15:53:33 +02:00
Erik Arvstedt
84744f38d7
netns test: disable backup test 2020-10-16 15:53:33 +02:00
Erik Arvstedt
fcc67da9f4
test: add container support 2020-10-16 15:53:33 +02:00
Erik Arvstedt
e99b7edb8e
run-tests: pass script args verbatim to command without word splitting
Needed for the upcoming 'container' command
2020-10-16 15:53:33 +02:00
Erik Arvstedt
e7c397a485
run-tests: rename scriptDir -> testDir
Needed for container support.
2020-10-16 15:53:32 +02:00
Erik Arvstedt
b552d17d55
run-tests: fix arg error messages
$1 was not substituted due to single quotes.
2020-10-16 15:53:32 +02:00
Erik Arvstedt
be2127ae5b
test: fix noConnections configs
- bitcoind: remove mkForce because otherwise the whole extraConfig is replaced
  by the value of mkForce.

- liquidd: don't disable 'listen' because it is entirely benign in offline
  mode, we also allow it for bitcoind.
2020-10-11 19:40:08 +02:00
Erik Arvstedt
1e18d3ea3b
test: improve modularization
This improves debugging and experimenting by making it easy to compose fine-grained
scenarios that have specific tests and features enabled.

The VM test output now includes the subtest name and duration.

Remove the 'raise Exception()' hack for interactive mode.

Run 'banlist-and-restart' test before 'backups'. This speeds up the test
by avoiding an extra shutdown of all bitcoin-related services.
2020-10-11 19:40:08 +02:00
Erik Arvstedt
14d2d97ba6
test: rename scenario withnetns -> netns
This makes the naming consistent with scenarios added in later
commits.
2020-09-30 11:26:41 +02:00
Erik Arvstedt
9bf77ee3e8
backups test: simplify and speed up 2020-09-30 11:26:41 +02:00
Erik Arvstedt
fcda69e8b6
netns test: connect from main netns
All services are reachable from the main netns, no need to enter
service network namespaces.

This allows us to remove extra_tests.
2020-09-30 11:26:41 +02:00
Erik Arvstedt
24069aa2c6
electrs: add option 'monitoringPort' 2020-09-30 11:26:41 +02:00
Erik Arvstedt
45bcbf683d
test: rename test.nix -> tests.nix
The plural is consistent with tests.py and run-tests.sh
2020-09-30 11:26:40 +02:00
Erik Arvstedt
c92e85f707
test: rename base.py -> tests.py 2020-09-30 11:26:40 +02:00
Jonas Nick
c051544d46
Merge #234: loop: v0.8.1 -> v0.9.0
a89a3e934f test: increase diskSize (nixbitcoin)
24b506ff8a tests: simplify lightning-loop test (nixbitcoin)
e7c5f956ea lightning-loop: update module (nixbitcoin)
4a503f57bd lightning-loop: v0.8.1 -> v0.9.0 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    reACK a89a3e934f
  erikarvstedt:
    I think it's okay if you would just merge 24b506ff8a, which is the direct parent of the ACK'd a89a3e934f, and removing a89a3e934f itself is totally uncontroversial.

Tree-SHA512: cee2a2714c714a22c35cea0fa829b42a371540983609cda6609f4d063d849f2e725643bd77cfe78eb71665725164d63f83b6c2589be9e72ba30aaecd7c8dee6c
2020-09-29 17:53:09 +00:00
nixbitcoin
73f4275d2a
backups: add btcpayserver database 2020-09-24 17:12:08 +00:00
nixbitcoin
a89a3e934f
test: increase diskSize 2020-09-24 16:54:54 +00:00
nixbitcoin
24b506ff8a
tests: simplify lightning-loop test 2020-09-24 16:40:50 +00:00
nixbitcoin
d0701f518c
joinmarket: automatically generate wallet 2020-09-22 13:50:49 +00:00
nixbitcoin
d6d3e8ff62
joinmarket: add tests 2020-09-22 13:50:45 +00:00
nixbitcoin
c9c844de80
btcpayserver: add tests 2020-09-15 12:09:35 +00:00
nixbitcoin
fc15d507ff
loop: adjust test to new message 2020-08-30 08:07:02 +00:00
Erik Arvstedt
4d6127bb76
bitcoind: clarify RPC whitelist test
- Remove redundant comment
- Test with obviously unsafe RPC call 'stop'
- No need to test privileged user who has no whitelist
2020-08-27 12:19:49 +02:00
Erik Arvstedt
9d610991be
bitcoind: remove custom rpc user names
Simpler.
We've just removed option 'bitcoind.rpcuser', so we can also remove the
old name 'bitcoinrpc'.
2020-08-27 11:39:26 +02:00
Erik Arvstedt
e5fb3f6a7f
run-tests: document how to pass extra build args 2020-08-25 14:58:04 +02:00
Erik Arvstedt
df790f6766
run-tests: allow linking test build results for all scenarios 2020-08-25 14:58:04 +02:00
Erik Arvstedt
91697b1427
test: allow for testing all scenarios
Test all scenarios by default when running 'build' (which happens
when the script is called without arguments).

Default to scenario 'default' in other test commands like 'debug'.
2020-08-25 14:53:13 +02:00
Erik Arvstedt
28236691aa
test: rename scenarios/lib.py -> base.py
This file isn't a scenario, it's also not a lib because it contains
the main share of actual tests.
2020-08-25 14:53:13 +02:00
Erik Arvstedt
80da0a41bc
test: load complete test environment in debug mode
Stop just before executing actual tests.
This makes all test functions accessible in debug mode.
2020-08-25 14:53:12 +02:00
Erik Arvstedt
9b4cd7bd1c
test: simplify scenario handling
We can switch to a more sophisticated scheme later when adding more scenarios
2020-08-25 14:53:12 +02:00
Erik Arvstedt
0f56ea6ad1
test: include scenario in test name 2020-08-25 14:53:12 +02:00
Erik Arvstedt
9237e5dc3d
test: use pydoc docstring 2020-08-25 14:53:12 +02:00
Erik Arvstedt
a36789b468
test: move security tests to separate function 2020-08-20 13:12:06 +02:00
Erik Arvstedt
588a0b2405
security: enable full systemd-status for group 'proc'
Previously, systemd-status was broken for all users except root.

Use a 'default' deny policy, which is overridden for group 'proc'.

Add operator to group 'proc'.

Also, remove redundant XML boilerplate.
2020-08-20 13:12:06 +02:00
Erik Arvstedt
7367446761
test: rename assert_matches_exactly -> assert_full_match
More precise, needed in a later commit.
2020-08-20 13:12:05 +02:00
nixbitcoin
22c3fd52e1
backups: add feature test 2020-08-04 15:25:39 +00:00
Jonas Nick
62f83a71b8
Merge #218: Fix typos
df89ceed39 Fix typos (practicalswift)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK df89ceed39

Tree-SHA512: 8cd04469dd0c46259790f00f380a840c22f10424c2504a7667e70cfdb03f30801e34f3c53aeffc9259a971484d4a12f1dbe5ceade493c8559e8c00ec011e7c73
2020-08-04 15:13:09 +00:00
nixbitcoin
46e15ee9cc
tests: make lnd & clightning tests run concurrently 2020-08-04 14:07:12 +00:00
practicalswift
df89ceed39 Fix typos 2020-08-04 13:32:06 +00:00