634 Commits

Author SHA1 Message Date
nixbitcoin
ac96fd59db
assertions: make lnd.enable depend on !clightning.enable or port != 9735 2020-08-04 14:07:10 +00:00
nixbitcoin
3ed564ea06
lnd: make listen IP address only 2020-08-04 14:07:08 +00:00
nixbitcoin
716e98789c
lnd: add listenPort option 2020-08-04 14:07:06 +00:00
nixbitcoin
43da15557d
clightning: refactor bind-addr to be IP address only
With typecheck
2020-08-04 14:07:02 +00:00
nixbitcoin
d99ccc8445
clightning: add bindport option 2020-08-04 12:42:57 +00:00
Jonas Nick
b6179639fe
Merge #215: Improve abstraction in test scenarios
4ece2da8db5940fbaad73773d8f073bc08ab8fff tests: move nginx check in scenarios lib (Jonas Nick)
5c0170c6b8ea01a439a6f2bb0437d36343089243 tests: add post-clightning extra tests to scenarios (Jonas Nick)
5fa0602a1891cbdb1a7362e2d0b6ccf4b0172601 tests: add extra_tests argument to scenario lib run_tests() (Jonas Nick)
6f9349b0a4db775b9d538938573874e8a40e214c tests: create run_tests() function in the scenario lib (Jonas Nick)
3d2b3661563d4887d25f5ff1f5b57f27aca973b6 tests: move common code in tests to lib (Jonas Nick)
e13c532dbf6342c275eee95380f00b5b3eeb6d7b tests: move common code of scenarios python scripts to the top (Jonas Nick)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 4ece2da8db5940fbaad73773d8f073bc08ab8fff

Tree-SHA512: 72893ff186915dd1b1439f2a81bc75d3618f89ee21f1229448cabaced6ca10c244705a74e9f4e6f8825691df9cd351a6dc9e142ec87ecab8ee17a17e78c72292
2020-08-04 12:42:16 +00:00
Jonas Nick
4ece2da8db
tests: move nginx check in scenarios lib 2020-08-04 12:17:47 +00:00
Jonas Nick
5c0170c6b8
tests: add post-clightning extra tests to scenarios 2020-08-04 12:17:47 +00:00
Jonas Nick
5fa0602a18
tests: add extra_tests argument to scenario lib run_tests() 2020-08-04 12:17:47 +00:00
Jonas Nick
6f9349b0a4
tests: create run_tests() function in the scenario lib 2020-08-02 21:20:51 +00:00
Jonas Nick
3d2b366156
tests: move common code in tests to lib 2020-08-02 21:12:45 +00:00
Jonas Nick
e13c532dbf
tests: move common code of scenarios python scripts to the top 2020-08-02 20:59:11 +00:00
Jonas Nick
0baeb2acce
Merge #209: Lightning loop
e9204946d4071e4a5ee51e9bb0e6bc45bbb7ed6a lightning-loop: add tests (nixbitcoin)
491d83a6582dd1aac2a5a201f2c615137bd738df lightning-loop: add module (nixbitcoin)
8f3588b13f8dbe3b91f220e51b0daff677fe0beb lnd: higher attempt limit for less-powerful machines (nixbitcoin)
1bb801ad7bf7c2b09d2fe2ed888f9956e0569f57 lightning-loop: add pkg (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e9204946d4071e4a5ee51e9bb0e6bc45bbb7ed6a

Tree-SHA512: cc8bb85978350dd530c3c8d2c9aca5ddc4ab1f72cdd27d031bb303eca1d9473f18e45bc119c62bb2991faa32b3e1d42e4439f02a56ab3a6b975b0bd491195604
2020-07-28 20:02:12 +00:00
Jonas Nick
9e453bab86
Merge #202: RPC Whitelist
5086fc3234ca7b071f5886eca9fd3324e362c7a1 bitcoin: drive-by prune fix (nixbitcoin)
21c0fb440d19db6a0466c44cb09ce86d8e3e81e0 rpcwhitelist: add feature test (nixbitcoin)
1bf45a95474781b60dc65b359e65b638a960ac98 bitcoind: add rpcwhitelist feature (nixbitcoin)
5a978a2836efb4f1c593852c9d0f9001cdd600ce bitcoind: switch from rpcpassword to rpcauth (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 5086fc3234ca7b071f5886eca9fd3324e362c7a1

Tree-SHA512: f456f3409b3bc22dc9ad1296fa00f7e8a442b4072cd4deda067bf2f951eb7d4302283b816ebf769abaa7017e26b19b734f66604cd435d99b810ce535735f7c08
2020-07-28 17:38:07 +00:00
nixbitcoin
e9204946d4
lightning-loop: add tests 2020-07-28 15:55:54 +00:00
nixbitcoin
491d83a658
lightning-loop: add module 2020-07-28 15:55:52 +00:00
nixbitcoin
8f3588b13f
lnd: higher attempt limit for less-powerful machines
Opening main database sometimes takes longer than 50 ExecStartPost
restPort connection attempts.
2020-07-28 15:55:50 +00:00
nixbitcoin
1bb801ad7b
lightning-loop: add pkg 2020-07-28 15:55:48 +00:00
nixbitcoin
5086fc3234
bitcoin: drive-by prune fix 2020-07-28 14:32:54 +00:00
nixbitcoin
21c0fb440d
rpcwhitelist: add feature test 2020-07-28 14:32:52 +00:00
nixbitcoin
1bf45a9547
bitcoind: add rpcwhitelist feature
Default behavior for rpc whitelisting is set to 0, which means that
rpcwhitelisting is only enforced for rpc users for whom an `rpcwhitelist`
exists.
2020-07-28 14:32:50 +00:00
nixbitcoin
5a978a2836
bitcoind: switch from rpcpassword to rpcauth
Includes bitcoind's `share/rpcauth` to convert apg generated passwords
into salted HMAC-SHA-256 hashed passwords.
2020-07-28 14:32:47 +00:00
Jonas Nick
272b8568e7
Merge #213: Fix systemd leak
6a8e29e0164bf4f4d2bf06595effa7e340f8e32f tests: add dbus-hardening and hideProcessInformation (nixbitcoin)
0248e6493f5f62fb66a53132480a4812f4e7be9c systemd: lock down systemctl status (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 6a8e29e0164bf4f4d2bf06595effa7e340f8e32f

Tree-SHA512: 1ee8ce42f71e1a8977f5a84053b10f5f7f56da395d4f801447d2d344540640fc496ef0ff341cb32ca92ac064d43d04f118bf580c42d31022e6ed84815b8f72c6
2020-07-28 12:58:07 +00:00
nixbitcoin
6a8e29e016
tests: add dbus-hardening and hideProcessInformation 2020-07-28 11:37:16 +00:00
nixbitcoin
0248e6493f
systemd: lock down systemctl status
Mitigates a security issue that allows unprivileged users to read other
unprivileged user's processes' credentials from CGroup using `systemctl
status`.
2020-07-28 11:28:09 +00:00
Jonas Nick
6e694890eb
Merge #203: Remove electrs tls
6365412312216391f58e2d4e0523ce6f4722179f test-script: remove nginx tls proxy test (nixbitcoin)
4dbc348921bffe19bd2c26f8313ace17f3e0cb61 electrs: remove TLSProxy (nixbitcoin)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 079a0c892f8e25d6ba0267cc99022550f4cfe74bad3f9270733ecda09350595a11aec8d40b89df6e6ad7cca1e26b7e480a265bf6e2d01d0fe912ca3ece00f655
2020-07-21 15:04:22 +00:00
nixbitcoin
6365412312
test-script: remove nginx tls proxy test 2020-07-21 13:58:32 +00:00
nixbitcoin
4dbc348921
electrs: remove TLSProxy
https://github.com/spesmilo/electrum/issues/5278 was resolved
2020-07-21 13:41:03 +00:00
Jonas Nick
6856b8cb42
Merge #210: bitcoind: postStart wait until bitcoind can receive rpc calls
02853067a14068b6f3b076da5a72f64658883307 bitcoind: postStart wait until bitcoind can receive rpc calls (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 02853067a14068b6f3b076da5a72f64658883307

Tree-SHA512: 601b04957a26853c04d768b074006f0716edb131698afde2afb94cb0c862dddb745b93ef39ed014f95a01545eb60d370fd82201d0a898c7dac4c19622d25dafe
2020-07-21 13:26:51 +00:00
nixbitcoin
02853067a1
bitcoind: postStart wait until bitcoind can receive rpc calls 2020-07-21 13:23:07 +00:00
Jonas Nick
aad0fe6e45
Merge #187: Network Namespaces
681728294bbebd16ab650e6542c7be3c05af6cbb tests: run scenarios as multiple Travis jobs (nixbitcoin)
43ce847e2b5c728018ac3219e29a14a36d6d25d5 tests: allow running integration tests with different configurations (nixbitcoin)
8783f38fba8ae6bc898c60b6a861c893089d5b46 tests: add netns to testing framework (nixbitcoin)
25adce29e508bf9013b5dc8096d5d1926e5f9542 secure-node: only mkHiddenServices if services are enabled (nixbitcoin)
c542b92e55d06a169e018d70565cfcf0e1b5d9a4 nginx: add netns (nixbitcoin)
ef89607704cef17566e6b9f38e1d36eab0249001 recurring-donations: add netns (nixbitcoin)
582cb86d7409bf4481fd2fa79b6d53bc136a6a6e nanopos: add netns (nixbitcoin)
7369f0a7ec5ec057a3360651bf2eab297fa829a0 lightning-charge: add netns (nixbitcoin)
c4ab73d51fc86434c8f3890e2622f522cac34481 spark-wallet: add netns (nixbitcoin)
d6296acabafdca807dcc10a9bdf71ecb7388988e electrs: add netns (nixbitcoin)
c0b02ac93a30abd606efe3f024bc2f1bb3beb33e liquid: add netns cli script (nixbitcoin)
672a416ede22fad6927ecfe3dfd9726a4ab0bc50 liquidd: add netns (nixbitcoin)
4b8ca52647accf351afd7416253576c27424e5a5 lnd: add netns cli script (nixbitcoin)
c55296433d4daff89ba8061447ec0519d801d267 lnd: add netns (nixbitcoin)
f3d2aaa5d44f93fc58738d0b6e73183b1d6919ad lnd: prepare for netns and bring in line with clightning (nixbitcoin)
3c0c4465470fb81d91e641c5a784c2008a2bc714 clightning: add netns (nixbitcoin)
ae1230e13b81bf6707ffe4572d6ccf8d6a7bef3a clightning: remove bitcoin-rpcuser option (nixbitcoin)
65b5dab3d4a453525e4d9e6a54a631c2644004b3 clightning: add announce-tor (nixbitcoin)
515aae28257a2a895044552fa9292ddc10ab501f bitcoind: add netns and nonetns cli scripts (nixbitcoin)
75ca6f186c36ed1c4c63facc3d93e24ca85177ae bitcoind: add netns (nixbitcoin)
e5e07b91f7c8babdf216931b3c770a99eee2baaf netns-isolation: netns architecture (nixbitcoin)
4a7199a3daaf0f4b9360203fd89d9e290c1d256a netns-exec: add c program to execute commands in netns (Jonas Nick)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 681728294bbebd16ab650e6542c7be3c05af6cbb

Tree-SHA512: 53083067dd94bfb38d06e9b7f0d2deaeb1b95067dc0c6e50d07073405ff5270de54fa56761e861d23eb0f0a9457f0e1e2c46ed71d732c0cfbaa09b6d425e0691
2020-07-21 12:05:50 +00:00
nixbitcoin
681728294b
tests: run scenarios as multiple Travis jobs 2020-07-21 09:39:01 +00:00
nixbitcoin
43ce847e2b
tests: allow running integration tests with different configurations 2020-07-21 09:38:59 +00:00
nixbitcoin
8783f38fba
tests: add netns to testing framework 2020-07-21 09:38:57 +00:00
nixbitcoin
25adce29e5
secure-node: only mkHiddenServices if services are enabled 2020-07-21 09:38:55 +00:00
nixbitcoin
c542b92e55
nginx: add netns
- Adds nginx to netns-isolation.services
- Adds host option (defaults to localhost) as target of hidden service
2020-07-21 09:38:53 +00:00
nixbitcoin
ef89607704
recurring-donations: add netns
- Adds recurring-donations to netns-isolation.services
- Adds cfg.enforceTor to bring recurring-donations in line with other
  services
- Removes torsocks dependency in favor of `curl --socks-hostname`
2020-07-21 09:38:51 +00:00
nixbitcoin
582cb86d74
nanopos: add netns
- Adds nanopos to netns-isolation.services
- Adds cfg.enforceTor and extraArgs to bring nanopos in line with other
  services
- Adds charged-url option to allow using nanopos with network
  namespaces.
- Modularizes nginx so webindex can be used without nanopos.
- Adds host option (defaults to localhost) as target of hidden service
- Removes unnecessary after
2020-07-21 09:38:49 +00:00
nixbitcoin
7369f0a7ec
lightning-charge: add netns
- Adds lightning-charge to netns-isolation.services
- Adds cfg.enforceTor to bring lightning-charge in line with other
  services
- Adds extraArgs option to allow using lightning-charge with network
  namespaces
- Adds host option (defaults to localhost) as target of hidden service
2020-07-21 09:38:47 +00:00
nixbitcoin
c4ab73d51f
spark-wallet: add netns
- Adds spark-wallet to netns-isolation.services
- Adds extraArgs option to allow using spark-wallet with network
  namespaces
- Adds host option (defaults to localhost) as target of hidden service
- Adds enforceTor option to bring in line with other services
2020-07-21 09:38:45 +00:00
nixbitcoin
d6296acaba
electrs: add netns
- Adds electrs to netns-isolation.services
- Adds daemonrpc option and specifies address option to allow using
  electrs with network namespaces
- Adds host option (defaults to localhost) as target of hidden service
2020-07-21 09:38:43 +00:00
nixbitcoin
c0b02ac93a
liquid: add netns cli script 2020-07-21 09:38:41 +00:00
nixbitcoin
672a416ede
liquidd: add netns
- Adds liquidd to netns-isolation.services
- Adds rpcbind, rpcallowip, and mainchainrpchost options to allow using
  liquidd with network namespaces
- Adds bind option (defaults to localhost) as target of hidden service
2020-07-21 09:38:39 +00:00
nixbitcoin
4b8ca52647
lnd: add netns cli script 2020-07-21 09:38:37 +00:00
nixbitcoin
c55296433d
lnd: add netns
- Adds lnd to netns-isolation.services
- Specifies listen option (defaults to localhost) as target of
  hiddenService.
- Amends hardcoded lnd ip to lnd-cert

WARNING: Breaking changes for lnd cert. lnd-key and lnd-cert will have
to be deleted and redeployed.
2020-07-21 09:38:35 +00:00
nixbitcoin
f3d2aaa5d4
lnd: prepare for netns and bring in line with clightning
- Adds bitcoind-host, and tor-socks options to allow using with
  network namespaces.
- Adds listen, rpclisten, and restlisten option to specify host on which
  to listen on for peer, rpc and rest connections respectively
- Adds announce-tor option and generates Tor Hidden Service with nix
  instead of lnd to bring in line with clightning.

WARNING: Breaking changes for Tor Hidden Service. Manual migration
necessary.
2020-07-21 09:38:32 +00:00
nixbitcoin
3c0c446547
clightning: add netns
- Adds clightning to netns-isolation.services
- Adds bitcoin-rpcconnect option to allow using clightning with network
  namespaces
- Uses bind-addr option (defaults to localhost) as target of hidden service
- Adds different bind-addr options depending on if netns-isolation is
  enabled or not.
2020-07-21 09:38:30 +00:00
nixbitcoin
ae1230e13b
clightning: remove bitcoin-rpcuser option
Simplifies the clightning module.
2020-07-21 09:38:28 +00:00
nixbitcoin
65b5dab3d4
clightning: add announce-tor
From the clightning manpage:

autolisten=BOOL By default, we bind (and maybe announce) on IPv4 and
IPv6 interfaces if no addr, bind-addr or  announce-addr options  are
specified. Setting this to false disables that.

We already set bind-addr by default, so autolisten had no effect.
Therefore, this commit replaces autolisten with the more granular
announce-addr option.

For now we are Tor-only, so we only need to announce our hidden service
to accept incoming connections. In the future, we can add clearnet
connectivity with `addr` and route connections into our netns with NAT.
2020-07-21 09:38:26 +00:00
nixbitcoin
515aae2825
bitcoind: add netns and nonetns cli scripts
nonetns script needed for bitcoind-import-banlist
2020-07-21 09:38:24 +00:00