Erik Arvstedt
b701cb5603
secrets: add option 'generateSecrets'
...
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.
Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.
Also rename option setup-secrets -> setupSecrets.
2021-03-15 12:42:52 +00:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
practicalswift
df89ceed39
Fix typos
2020-08-04 13:32:06 +00:00
Jonas Nick
9239268ab6
Merge #136 : Change the nix-bitcoin deployment from forking this repo to importing the module
...
b2e15c17b8
docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9
Add fetch-release script (Jonas Nick)
c303cd47e4
Add push-release.sh helper (Jonas Nick)
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656
docs: Remove duplicate instructions (Jonas Nick)
455c5664c9
docs: Replace tabs with spaces (Jonas Nick)
8aa4714979
docs: Update NixOS version (Jonas Nick)
9df22a2764
add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994
README: Add Example section (Jonas Nick)
44ccbb91d0
Clean up development shell.nix (Jonas Nick)
abcee651d3
add deploy-container.sh (Erik Arvstedt)
5dadea310c
add deploy-nixops.sh (Erik Arvstedt)
0c74c365de
mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef
move main module import to configuration.nix (Erik Arvstedt)
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment
2020-03-29 18:51:34 +02:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir'
2020-03-24 21:43:21 +00:00
Erik Arvstedt
ad23b508e3
{generate,setup}-secrets: remove process hardening
...
ProtectSystem=full disables writing to /etc which is the default
secrets location.
Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
2020-02-26 20:38:46 +01:00
Erik Arvstedt
89f9bedb9d
generate-secrets.nix: fix indentation
2020-02-26 20:38:46 +01:00
Erik Arvstedt
826245484e
make secrets dir location configurable
...
Users of the nix-bitcoin modules shouldn't be forced to add an extra
dir under root.
The secrets location is unchanged for the default node config.
2020-01-13 00:25:12 +01:00
Erik Arvstedt
b1e13e9415
simplify secrets file format
...
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.
Old secrets are automatically converted to the new format when running
nix-shell.
Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
2020-01-13 00:25:11 +01:00
Erik Arvstedt
b90bf6691b
add generate-secrets.service
2020-01-12 20:02:01 +01:00
Erik Arvstedt
e3b47ce18a
add setup-secrets.service
2020-01-12 20:02:01 +01:00
Erik Arvstedt
437b268433
extract make-secrets.nix
...
Needed by the next commit.
2020-01-12 20:02:00 +01:00