greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,694 Commits 8 Branches 0 Tags
Commit Graph

1694 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
nixbitcoin
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2 
- add SNICKER to default config
- update package
- ob-watcher: copy vendorized js and css dependencies
- add missing dependency to jmbase
- use cryptography from pinned.nixpkgs-unstable
 2021-03-10 13:33:49 +00:00
Jonas Nick
24b0824f4e
Merge #335: lightning-loop: 0.11.3-beta -> 0.12.0-beta 
6c9c820862516a69ec387a52443f60a279d929f6 lightning-loop: 0.11.3-beta -> 0.12.0-beta (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 6c9c820862516a69ec387a52443f60a279d929f6

Tree-SHA512: bd425e415c8a4aba370ad5bec48572d27f2d5c063b3eb88f60027acb9294fb1ddda9f5276e4930cf01342089e4fa2b7692f1b1cd6e25581879e8226fa1d74c48
 2021-03-08 07:30:59 +00:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta 2021-03-07 18:28:08 +00:00
Jonas Nick
820de2e4c9
Merge #313: Lightning pool 
eb210127455ae7de45169237ee8b8eb53585c20b pool: add pkg, module & tests (kon)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK eb210127455ae7de45169237ee8b8eb53585c20b
  nixbitcoin:
    ACK eb210127455ae7de45169237ee8b8eb53585c20b

Tree-SHA512: 0083b5f7bcc803c475cce3414923f43df0b80d6b85aaa54d6b5da637f2aaa7ea6e7525a5eff41be49921bed0214972e356c79b6e4086468c13716c925ec6f8b0
 2021-03-01 21:52:20 +00:00
kon
eb21012745 pool: add pkg, module & tests 2021-03-01 10:59:35 +01:00
Jonas Nick
f214a703a5
Merge #332: update nixpkgs-unstable 
32acaa5f48c3bbef013aa905d2d66a682c5325e7 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 32acaa5f48c3bbef013aa905d2d66a682c5325e7
  jonasnick:
    ACK 32acaa5f48c3bbef013aa905d2d66a682c5325e7

Tree-SHA512: b688c81da82ef5166fc8074471187f72188b3fb5dc455a9b24c5e3497e3406898185acd2e551356af3300578b2b98eeabf22edcbb7614f02f6ca34afa05b05b0
 2021-02-25 08:03:24 +00:00
Jonas Nick
f66b2d569b
Merge #333: electrs: v0.8.7 -> v0.8.8 
eaa58505a745228868e8521304cacec1ae4b9654 electrs: v0.8.7 -> v0.8.8 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK eaa58505a745228868e8521304cacec1ae4b9654

Tree-SHA512: 2de1bc08b4dd4ede38d8b98d58c85eb220003e491a7a16529b5a443576022b7ac067698ef8fa9336ee1af09e3e8db349291403e89ef40167b1ad46b2b0aefd01
 2021-02-24 09:01:04 +00:00
Jonas Nick
e4fda43682
Merge #334: bitcoind: secure-node remove assumevalid 
b1c9e13033e72897bd172befeee0ea5db787ca4c bitcoind: secure-node remove assumevalid (nixbitcoin)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    > ACK [b1c9e13](b1c9e13033)
  erikarvstedt:
    ACK b1c9e13033e72897bd172befeee0ea5db787ca4c

Tree-SHA512: 85ad81a8f68f9d9a40f5331604c1fdecdfde595cd13d577ede210de178a7892d8c2f47ed9755a029cbcf3f50d2afdf03661bf69e865f19e08b8150d3e4c23468
 2021-02-24 09:00:04 +00:00
nixbitcoin
b1c9e13033
bitcoind: secure-node remove assumevalid 2021-02-23 11:04:31 +00:00
nixbitcoin
32acaa5f48
update nixpkgs-unstable 
btcpayserver: 1.0.5.9 -> 1.0.6.8
nbxplorer: 2.1.46 -> 2.1.49
 2021-02-23 10:57:55 +00:00
nixbitcoin
eaa58505a7
electrs: v0.8.7 -> v0.8.8 2021-02-23 10:51:43 +00:00
nixbitcoin
f1064761d7
nixops: remove libvirtd plugin 
Fix "Package 'libvirt-5.9.0' is marked as insecure, refusing to
evaluate."
 2021-02-23 10:36:30 +00:00
Jonas Nick
e160e17dca
Merge #325: bitcoind: enable cookie-based authentication 
4e9059dc072f09e3d44c0f2a7a841981062c1f72 bitcoind: rename group bitcoinrpc -> bitcoinrpc-public (nixbitcoin)
19e401b0283e749e53261eedd5ce8ed604ad9ad5 bitcoind: enable cookie-based authentication (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 4e9059dc072f09e3d44c0f2a7a841981062c1f72

Tree-SHA512: 9795a0fe7fdd84bc3ae94b882b106f7169205e3196ecdfc6dad01c4f2d62380711b6504f221a90f21e8cc34cda2e12df05a245d5c54f9ed7846d74835cac5e19
 2021-02-18 12:08:44 +00:00
nixbitcoin
4e9059dc07
bitcoind: rename group bitcoinrpc -> bitcoinrpc-public 
This makes it clear that services with this group can only use
public RPC calls.
 2021-02-18 10:42:21 +00:00
nixbitcoin
19e401b028
bitcoind: enable cookie-based authentication 2021-02-18 10:40:09 +00:00
Jonas Nick
bcad047757
Merge #324: Fix lnd onion 
ecc601a6d6654f782a9d6b5229ab712e9600b4fe onion-addresses: mirror nix-bitcoin.onionAddresses.access behavior (nixbitcoin)
e873326bfea093f8dcc54849ea691ecf4e21ce99 modules: use user & group options (nixbitcoin)
ccef870b74cc17c0986c5a09f66ae51ce97f1c34 spark-wallet: add user & group options (nixbitcoin)
85a1722545e039547d3f8235919b88b886225963 lnd: add user & group options (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK ecc601a6d6654f782a9d6b5229ab712e9600b4fe

Tree-SHA512: 39da5f8e01b98a676af8a073c11df64df487b5c3ab01327a227d16f215826f5bf15ca9ac21b59934edc5e2bbb87e397c53fcbf7130bd10b00f1df359ab3328ba
 2021-02-17 19:08:06 +00:00
nixbitcoin
ecc601a6d6
onion-addresses: mirror nix-bitcoin.onionAddresses.access behavior 
This commit fixes an issue with LND, in which if both
nix-bitcoin.onionServices.lnd.public &
services.lnd.restOnionService.enable were enabled, one would try to
create a file named `lnd` and the other would try to create a directory
named `lnd` with a file named `lnd-rest` inside it. This would obiously
cause an error and fail the LND service.
 2021-02-17 11:50:47 +00:00
nixbitcoin
e873326bfe
modules: use user & group options 
I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
 2021-02-17 11:50:25 +00:00
nixbitcoin
ccef870b74
spark-wallet: add user & group options 2021-02-17 11:50:07 +00:00
nixbitcoin
85a1722545
lnd: add user & group options 2021-02-17 11:49:51 +00:00
Jonas Nick
eddc48ee62
Merge #322: run-tests: Fix interrupt handling for --copy-src 
8e3feece676226164087666be000314e51ec5f86 run-tests: fix interrupt handling for --copy-src (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 8e3feece676226164087666be000314e51ec5f86

Tree-SHA512: ec4916facedb1f5988dccd0e80e08fcf1788a8425320676e6c48350aa69f29d302bb102408c52c748ac5a794735c0c00d7a95dbea91d735add40b5690817d272
 2021-02-14 19:48:09 +00:00
Jonas Nick
14f81b403a
Merge #319: joinmarket: 0.8.0-a5e8879 -> 0.8.1 
42f7e9f874efea1f75503ca740efb2311582d457 joinmarket: 0.8.0-a5e8879 -> 0.8.1 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 42f7e9f874efea1f75503ca740efb2311582d457

Tree-SHA512: 92dc19d0147a2a9fdcdaa20a78b7168e503149c1ca4bde084240628f6e09bf59f728232072eabdc8cd14146724e4b5bbf3ee2a668f27154a7169e7a9e53b94c4
 2021-02-14 19:44:05 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1 
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
 2021-02-14 16:23:53 +00:00
Jonas Nick
1302f87c70
Merge #321: Update nixpkgs 
47e54429105ef99514bd4f40f19d990dde34d4a2 Update nixpkgs (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 47e54429105ef99514bd4f40f19d990dde34d4a2

Tree-SHA512: 4bbcd7711ca3fdf3b8cca36c22b60ceed79a965b3d844dffd44299357ddedd0522c1b5835c53ac0d07b8c0c9456b390d3414017b6d98c8eff469c0039114b471
 2021-02-12 22:24:39 +00:00
Jonas Nick
fbcf367c3d
Merge #320: lightning-loop: 0.11.2-beta -> 0.11.3-beta 
b6f6b5e3723c3d044eee69b76a2941d5ac241edd lightning-loop: 0.11.2-beta -> 0.11.3-beta (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK b6f6b5e3723c3d044eee69b76a2941d5ac241edd

Tree-SHA512: 1f0b83032f021af12223edb7487f1bebd4555f73223a567c09c6a0f50bcaae3b1fdf12c5dc10dd81292dfe7c0c3d9d8c2066918017ab3aaa691bc39269f2ea6a
 2021-02-12 22:20:53 +00:00
Erik Arvstedt
8e3feece67
run-tests: fix interrupt handling for --copy-src 
Previously, `run-tests.sh --copy-src ...` exited with status 0 (success) when interrupted (SIGINT).
It now exits with an error status.
 2021-02-12 21:39:46 +01:00
nixbitcoin
47e5442910
Update nixpkgs 
Includes CVE-2019-25016 patch
 2021-02-12 09:59:55 +00:00
Jonas Nick
81503ebc83
Merge #315: Use doas instead of sudo 
47d257ad3a68dd2f6b0e53f5088f9ef33f5bb8fa docs: add rationale for doas to README and FAQ (nixbitcoin)
b0039d68a076c9d954faedb798f142694133b660 docs: discourage users from ssh'ing into the root user (nixbitcoin)
2ca92a34a5a48b75a6c79d659086664749d04581 services: use doas if enabled (nixbitcoin)
ce2b44577728d437b3df05be88be32420a0d9d46 treewide: use runuser for dropping privileges (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 47d257ad3a68dd2f6b0e53f5088f9ef33f5bb8fa

Tree-SHA512: 84bab7de1cc6fb3d405a4fc4589f2be825275f69e48dede6ff62d1a27e3a386fea530c91a234d006ec6305a46d0ec54ca836f52f197541a3df215369c9b7c1e2
 2021-02-11 21:28:59 +00:00
nixbitcoin
b6f6b5e372
lightning-loop: 0.11.2-beta -> 0.11.3-beta 2021-02-10 15:37:29 +00:00
nixbitcoin
47d257ad3a
docs: add rationale for doas to README and FAQ 2021-02-09 12:44:08 +00:00
nixbitcoin
b0039d68a0
docs: discourage users from ssh'ing into the root user 
Instead recommend using the operator user for all normal system
management tasks.
 2021-02-09 12:44:06 +00:00
nixbitcoin
2ca92a34a5
services: use doas if enabled 
- Remove sudo from recurring-donations path because it's not used by
  the service

- Use doas instead of sudo in secure-node.nix
 2021-02-09 12:44:04 +00:00
Erik Arvstedt
ce2b445777
treewide: use runuser for dropping privileges 
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
 2021-02-09 12:44:01 +00:00
Jonas Nick
f9683889d9
Merge #312: Refactorings, cleanups 
0a2c8e4864dc30b6d1ed86a16793d37699707650 run-tests: add option --copy-src (Erik Arvstedt)
803584a28889f27ebdc57bf165edff7cec9dfc6b backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a734b3268cf49811356ff4483fb6ed2 ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412ccbd1912b97bae611c6788b2cb77f9 services: add names for systemd helper scripts (Erik Arvstedt)
69826996131d2d9169cffc2eeb019b2f43a42a9c services: use consistent layout (Erik Arvstedt)
a43534dda0c52c9d070aa30c4cc60ad3ef6a26d6 services: improve config file setup (Erik Arvstedt)
18f2002cf0a514f5fcbadb77e9318bcca7c49506 joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6fba676f9ecf61705e569e59ec16b3af joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415cc164628d7ccdacf066b8decca95afd joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f5f2649a8502e494cc2bc34397bd174 joinmarket: fix wallet creation (Erik Arvstedt)
745835010899aac6518a32dceaeace368ed2b327 treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939cc67f57ed11d270a8049483872a719b treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13d2373c685243172b0cd2a10213f745 treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf8fe7b28d4218e9fc80bd4c4a4e0341 treewide: remove user descriptions (Erik Arvstedt)
4f6ff408efef3f8550baa0a62a5a0e40570499a1 treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1d1e3b8ca85f1765edb9f1fa8df6be5 treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de5e6c9934bc1410edd5f2bc9980da17 treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3903122897badfb0b6841eef260a0f1 netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a9d611b092d76cfa0f8e225eb48e365 defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e96eb06c222ac64cc82ce99e11e9072 README: minor improvements (Erik Arvstedt)
13fc9dfabfd16f164f2dc3124a752d68f79cb9ab examples: improve introductory comments (Erik Arvstedt)
af2040f4c46547fa4bfd2e03d0f964c4b656de07 netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e700a42e452a3c486b2c3240fee0ef4 bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef19733036e93923421859d3a8b055c61 bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1dfbee8cc304a0ba923c3dcb2b4c53a0 elementsd: minor refactoring (Erik Arvstedt)
f0850d3f2346ae2b7a05e96b8c79a44b5fc8376b btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85d40d28a239f171947de1b9a1cb19ef btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 0a2c8e4864dc30b6d1ed86a16793d37699707650

Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
 2021-02-08 20:32:03 +00:00
Erik Arvstedt
0a2c8e4864
run-tests: add option --copy-src 2021-02-08 12:20:20 +01:00
Erik Arvstedt
803584a288
backups: don't use hardcoded secrets dir 2021-02-07 22:45:38 +01:00
Erik Arvstedt
c29d44b49a
ci: use 'cachix watch-exec' 
Simplifies the build script.
This feature appeared in a recent cachix update.
 2021-02-07 22:45:37 +01:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts 
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
 2021-02-07 22:45:36 +01:00
Jonas Nick
2ebd1129a5
Merge #317: Pkg updates 
a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35dffbe44f1049482759c5b552457834 secp256k1: move to top-level packages (Erik Arvstedt)
d41a84316738271ac29ddd1dfb422063cf34a2d8 jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03afaa5e6caf55ee4ab8021f50533a1fd7 extra-container: 0.5 -> 0.6 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f
  jonasnick:
    ACK a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f

Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
 2021-02-07 21:44:10 +00:00
Erik Arvstedt
6982699613
services: use consistent layout 
Use the following order of definitions for all services:
- assertions
- configuration of other services
- environment.systemPackages
- tmpfiles
- own service
- users
- secrets
 2021-02-07 22:42:23 +01:00
Erik Arvstedt
a43534dda0
services: improve config file setup 
- btcpayserver, nbxplorer: Add quotes to the
  dataDir arg. (dataDir can contain spaces.)

- clightning, liquidd: use 'install'
 2021-02-07 22:42:22 +01:00
Erik Arvstedt
18f2002cf0
joinmarket-yieldgenerator: improve systemd journal output 
Journal entries now look like
`joinmarket-yieldgenerator[9795]: User data location: /var/lib/joinmarket`
instead of
`bash[9795]: User data location: /var/lib/joinmarket`
 2021-02-07 22:41:46 +01:00
Erik Arvstedt
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser 
DynamicUser simplifies services that don't need a persistent uid/gid,
like joinmarket-ob-watcher.

For existing installations the data dir migration to dynamic users
is automatically handled by systemd.
 2021-02-07 22:41:44 +01:00
Erik Arvstedt
e9c98f415c
joinmarket: explain need for tor control socket 2021-02-07 22:41:31 +01:00
Erik Arvstedt
d9c87b6a8f
joinmarket: fix wallet creation 
- Fix jm-wallet-seed being globally readable.

- Handle seed extraction failures.
  If seed extraction fails, remove the newly created wallet.
  This guarantees that wallets always have an accompanying seed.
 2021-02-07 22:41:31 +01:00
Erik Arvstedt
7458350108
treewide: remove deprecated types.loaOf 2021-02-07 22:41:31 +01:00
Erik Arvstedt
9cf038939c
treewide: use mkEnableOption 2021-02-07 22:41:31 +01:00
Erik Arvstedt
7a97304f13
treewide: remove unit descriptions 
Systemd's `Description` option is a misnomer (as confessed by `man systemd.unit`):
Its value is used by user-facing tools in place of the unit file name, so this option
could have been more aptly named `label` or `name`.
`Description` should only be set if the unit file name is not sufficient for naming a unit.
This is not the case for our services, except for `systemd.services.nb-netns-bridge`
whose description has been kept.

As an example how this affects users, weird journal lines like
```
nb-test systemd[1]: Starting Run clightningd...
```
are now replaced by
```
nb-test systemd[1]: Starting clightning.service...
```
 2021-02-07 22:41:31 +01:00
Erik Arvstedt
a942177ecf
treewide: remove user descriptions 
User descriptions are stored in the `comment` field in /etc/passwd.
In our case, these are completely redundant and don't add any useful information.
 2021-02-07 22:41:30 +01:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals 2021-02-07 22:41:29 +01:00