Commit Graph

1139 Commits

Author SHA1 Message Date
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options 2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation 2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing 2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing 2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.

Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices 2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
- use -e to check for existence of /var/lib/tor/state, use shorter
  polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access' 2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
The service can be disabled via `onion-addresses.access = mkForce {};`

Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
55073eee70
remove nix-bitcoin.pkgs.lib
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options 2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options 2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' 2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options 2021-01-14 13:25:03 +01:00
Jonas Nick
41a6be6552
Merge #297: joinmarket: add enforceTor to firewall scripts on netns-level
71ee16d767 joinmarket: add enforceTor to firewall scripts on netns-level (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 71ee16d767

Tree-SHA512: cef089012807c90034d4b1f259bf6d81bfb83a36e7d2aadd85e817728f646948c12c25d199525d578d44366ee10389cb5081c4d86842b19b06b1066ff8feec19
2021-01-10 23:11:08 +00:00
Jonas Nick
bd9bf54471
Merge #299: joinmarket: add rpcWalletFile option
e3a45fcc0c joinmarket: add rpcWalletFile option (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK e3a45fcc0c

Tree-SHA512: 325978ca7acbf19fba3888796474c9cf45d145fcee88888f0ada7ec5aad474974bf72722e3cabd99235e044892be35599624a6248194fbfc29e8cd3e6a5d329a
2021-01-10 21:53:39 +00:00
Jonas Nick
e3a45fcc0c
joinmarket: add rpcWalletFile option
The joinmarket docs recommend using a separate wallet to avoid mixing up jm and
default wallet.
2021-01-10 21:52:27 +00:00
nixbitcoin
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level 2021-01-04 16:09:20 +00:00
Jonas Nick
0c6579b942
Merge #295: Remove deprecated nanopos & lightning-charge
79f4723cda lightning-charge: remove package and module (Jonas Nick)
58de79d401 nanopos: remove package and module (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 79f4723cda

Tree-SHA512: 853022697966159a3d1d32317b2d2e11d1f3d1f014956cf8ca72d12b30c8990a097ae17e2a11bcd666ade798695787a28f75fee1b42b21ac4bbe0d9875d112a2
2021-01-01 20:47:16 +00:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module 2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292: joinmarket: always synchronize secrets.jm-wallet-password
ed636dd070 joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK ed636dd070

Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
Jonas Nick
ef28768221
Merge #291: btcpayserver: add rootpath option
edc657d138 btcpayserver: add rootpath option (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK edc657d138

Tree-SHA512: d96e2fd58c46fe1e70c239c37bf97ac1431a1b83068728bbbbf69a91deb63e2a78404ca0b9a53315c457b87f86b3901c03d76befcf9db4e260c597f2706bba8c
2020-12-30 19:05:38 +00:00
Jonas Nick
656c6a1d67
Merge #289: readme: update and split into various parts
bcedf69549 readme: update and split into various parts (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK bcedf69549

Tree-SHA512: a2c3c08c4b147225621d61ac67fd11b2ebec55bda1976a731d307a9935db23499a0f4a4d6d2c7dc27940027d8e0db42c1b02ff25554c49f81d5102c8599c2439
2020-12-30 19:02:55 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option 2020-12-30 16:47:50 +00:00
nixbitcoin
bcedf69549
readme: update and split into various parts 2020-12-30 15:59:22 +00:00
Jonas Nick
37caf814a7
Merge #286: Fix boot loader reference for UEFI
792962bb32 Fix boot loader reference for UEFI (Galder Zamarreño)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 792962bb32

Tree-SHA512: 7653518b835295e500f3bad86d8e68c70adddd7e6ee0abbfa5a1b3863a2c32cb6eba4da1b0f6984d85ccd4758b669983377e16cd379fced1bc3a1117099b5ffd
2020-12-23 14:27:21 +00:00
Galder Zamarreño
792962bb32
Fix boot loader reference for UEFI 2020-12-23 12:55:45 +01:00
Jonas Nick
4d1150a671
Merge #285: Add CLBOSS
196e3c9dbb clboss: add test todo (nixbitcoin)
f89498d4fc clboss: add module (nixbitcoin)
9423eadcee clboss: add pkg (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 196e3c9dbb
  jonasnick:
    utACK 196e3c9dbb

Tree-SHA512: 1c3e0dd23f45554cd423d1a4d57f936c1a3fd9e25b8332acef67ce6a648b38e55e780e4d393f93a1cbb1e342773e0f4aa039216c6d10641fe7436e7b155cc83f
2020-12-22 21:32:09 +00:00
nixbitcoin
196e3c9dbb
clboss: add test todo 2020-12-22 09:54:11 +00:00
nixbitcoin
f89498d4fc
clboss: add module 2020-12-22 09:40:00 +00:00
nixbitcoin
9423eadcee
clboss: add pkg 2020-12-22 09:39:37 +00:00
Jonas Nick
7b32a78de2
Merge #284: Fix containers
2bfb4efbd8 make-container: fix usage comment (Erik Arvstedt)
3403795c86 tests: add example scripts (Erik Arvstedt)
ff94985b8b tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66 generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274 make-container: fix renamed variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 2bfb4efbd8
  jonasnick:
    utACK 2bfb4efbd8

Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Jonas Nick
4195541976
Merge #283: joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
fdfafb2f40 joinmarket: 0.7.4 -> 0.8.0-bcfa7eb (nixbitcoin)
c9657305e7 temp: modify get-sha256 for hotfix commit (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK fdfafb2f40

Tree-SHA512: 510d0baf3fcb552169352fef79bcb6c8e04a68eaf4b4f6ec446a925f89d9585cdc23c20cb69748e5e0b19d8aed10c05fb47e4c0a7902d7a1cfa58844005a2f7f
2020-12-20 19:31:43 +00:00
Erik Arvstedt
2bfb4efbd8
make-container: fix usage comment 2020-12-19 13:18:50 +01:00
Erik Arvstedt
3403795c86
tests: add example scripts 2020-12-18 19:56:56 +01:00
Erik Arvstedt
ff94985b8b
tests: add test 'hardened' 2020-12-18 19:56:56 +01:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052)
is ineffective on 20.09.

As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
Erik Arvstedt
44b06aea5a
extra-container: 0.5-pre -> 0.5 2020-12-18 19:56:56 +01:00
Erik Arvstedt
a359cdfb66
generate-secrets: use pwgen
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.

Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.

Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.
2020-12-18 19:56:56 +01:00