There's no common `nix` command argument syntax for eval'ing a nix
expression that supports both older and newer (flake support) versions of nix.
So fall back to nix-instantiate.
joinmarket-ob-watcher now makes extensive use of bitcoind because of
JoinMarket's new fidelity bond functionality. Therefore it fails on
non-synced nodes, as those in the test suite. We now test that the
service fails with the correct error, rather than asserting that it is
running.
This change is fully backwards compatible.
We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.
'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.
Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
The result of `import tests.nix {}` is now an attrset of tests.
This makes it easier and more efficient to evaluate or build multiple
tests in one call to `nix build`.
Simplify tests.nix by removing the large module args scope in favor of
self-contained scenario module definitions.
Add CPU core and memory size defaults to the test configuration to
enable building tests without `run-tests.sh`.
Add the following top-level args to tests.nix:
- `extraScenarios` to provide a nix-level way to define extra scenarios.
- `pkgs` to allow building tests with custom pkgs or systems.
1. fixedTest: Remove some unneeded layers of function calls.
2. Don't add a modified version of `black` to the global pkgs set.
Tests should not affect the pkgs of the tested system modules.
Fix the driver build script instead by adding an extra arg to the
call to `black`.
Keeping the secrets dir read-only is more simple and robust.
- lnd seed mnemonic creation and joinmarket wallet creation can be
run as the regular service user instead of root.
- It is easier to switch to a third-party secrets deployment
method in the future.
Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.
Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.
Also rename option setup-secrets -> setupSecrets.
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
- bitcoind 0.20.1 -> 0.21.0
Manually create a wallet in the backup test because bitcoind
does not create a default wallet anymore
- disable the failing elementsd build on unstable
Only check enabled services. This allows running the backup test with a custom subset of other
tests.
Also, show a meaningful error on test failure.
Previously, just an AssertionError without a message was shown.
Because the test code is evaluated from a string and not a file, there
was also no backtrace to the tests file.
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services