Jonas Nick
a4dabc7390
Remove nixops examples and documentation
2021-03-15 12:42:47 +00:00
Jonas Nick
1377cf5147
Merge #337 : joinmarket: 0.8.1 -> 0.8.2
...
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 5ead2a7075
Tree-SHA512: 2ac87f74a1008c058adef81d11049d985a64f435d75ef61584e8debdcc985f78c1d43430c09ee71c247a93908a5ba3a1efdcf91b0666a84b3269509a99685343
2021-03-10 21:24:12 +00:00
nixbitcoin
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2
...
- add SNICKER to default config
- update package
- ob-watcher: copy vendorized js and css dependencies
- add missing dependency to jmbase
- use cryptography from pinned.nixpkgs-unstable
2021-03-10 13:33:49 +00:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta
2021-03-07 18:28:08 +00:00
kon
eb21012745
pool: add pkg, module & tests
2021-03-01 10:59:35 +01:00
Jonas Nick
f66b2d569b
Merge #333 : electrs: v0.8.7 -> v0.8.8
...
eaa58505a7
electrs: v0.8.7 -> v0.8.8 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK eaa58505a7
Tree-SHA512: 2de1bc08b4dd4ede38d8b98d58c85eb220003e491a7a16529b5a443576022b7ac067698ef8fa9336ee1af09e3e8db349291403e89ef40167b1ad46b2b0aefd01
2021-02-24 09:01:04 +00:00
nixbitcoin
b1c9e13033
bitcoind: secure-node remove assumevalid
2021-02-23 11:04:31 +00:00
nixbitcoin
eaa58505a7
electrs: v0.8.7 -> v0.8.8
2021-02-23 10:51:43 +00:00
nixbitcoin
4e9059dc07
bitcoind: rename group bitcoinrpc -> bitcoinrpc-public
...
This makes it clear that services with this group can only use
public RPC calls.
2021-02-18 10:42:21 +00:00
nixbitcoin
19e401b028
bitcoind: enable cookie-based authentication
2021-02-18 10:40:09 +00:00
nixbitcoin
ecc601a6d6
onion-addresses: mirror nix-bitcoin.onionAddresses.access behavior
...
This commit fixes an issue with LND, in which if both
nix-bitcoin.onionServices.lnd.public &
services.lnd.restOnionService.enable were enabled, one would try to
create a file named `lnd` and the other would try to create a directory
named `lnd` with a file named `lnd-rest` inside it. This would obiously
cause an error and fail the LND service.
2021-02-17 11:50:47 +00:00
nixbitcoin
e873326bfe
modules: use user & group options
...
I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
2021-02-17 11:50:25 +00:00
nixbitcoin
ccef870b74
spark-wallet: add user & group options
2021-02-17 11:50:07 +00:00
nixbitcoin
85a1722545
lnd: add user & group options
2021-02-17 11:49:51 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1
...
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
2021-02-14 16:23:53 +00:00
nixbitcoin
2ca92a34a5
services: use doas if enabled
...
- Remove sudo from recurring-donations path because it's not used by
the service
- Use doas instead of sudo in secure-node.nix
2021-02-09 12:44:04 +00:00
Erik Arvstedt
ce2b445777
treewide: use runuser for dropping privileges
...
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
2021-02-09 12:44:01 +00:00
Erik Arvstedt
803584a288
backups: don't use hardcoded secrets dir
2021-02-07 22:45:38 +01:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts
...
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
2021-02-07 22:45:36 +01:00
Erik Arvstedt
6982699613
services: use consistent layout
...
Use the following order of definitions for all services:
- assertions
- configuration of other services
- environment.systemPackages
- tmpfiles
- own service
- users
- secrets
2021-02-07 22:42:23 +01:00
Erik Arvstedt
a43534dda0
services: improve config file setup
...
- btcpayserver, nbxplorer: Add quotes to the
dataDir arg. (dataDir can contain spaces.)
- clightning, liquidd: use 'install'
2021-02-07 22:42:22 +01:00
Erik Arvstedt
18f2002cf0
joinmarket-yieldgenerator: improve systemd journal output
...
Journal entries now look like
`joinmarket-yieldgenerator[9795]: User data location: /var/lib/joinmarket`
instead of
`bash[9795]: User data location: /var/lib/joinmarket`
2021-02-07 22:41:46 +01:00
Erik Arvstedt
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser
...
DynamicUser simplifies services that don't need a persistent uid/gid,
like joinmarket-ob-watcher.
For existing installations the data dir migration to dynamic users
is automatically handled by systemd.
2021-02-07 22:41:44 +01:00
Erik Arvstedt
e9c98f415c
joinmarket: explain need for tor control socket
2021-02-07 22:41:31 +01:00
Erik Arvstedt
d9c87b6a8f
joinmarket: fix wallet creation
...
- Fix jm-wallet-seed being globally readable.
- Handle seed extraction failures.
If seed extraction fails, remove the newly created wallet.
This guarantees that wallets always have an accompanying seed.
2021-02-07 22:41:31 +01:00
Erik Arvstedt
7458350108
treewide: remove deprecated types.loaOf
2021-02-07 22:41:31 +01:00
Erik Arvstedt
9cf038939c
treewide: use mkEnableOption
2021-02-07 22:41:31 +01:00
Erik Arvstedt
7a97304f13
treewide: remove unit descriptions
...
Systemd's `Description` option is a misnomer (as confessed by `man systemd.unit`):
Its value is used by user-facing tools in place of the unit file name, so this option
could have been more aptly named `label` or `name`.
`Description` should only be set if the unit file name is not sufficient for naming a unit.
This is not the case for our services, except for `systemd.services.nb-netns-bridge`
whose description has been kept.
As an example how this affects users, weird journal lines like
```
nb-test systemd[1]: Starting Run clightningd...
```
are now replaced by
```
nb-test systemd[1]: Starting clightning.service...
```
2021-02-07 22:41:31 +01:00
Erik Arvstedt
a942177ecf
treewide: remove user descriptions
...
User descriptions are stored in the `comment` field in /etc/passwd.
In our case, these are completely redundant and don't add any useful information.
2021-02-07 22:41:30 +01:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals
2021-02-07 22:41:29 +01:00
Erik Arvstedt
e6a6c721c1
treewide: streamline 'extraConfig' descriptions
2021-02-07 22:40:11 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting
2021-02-07 22:40:10 +01:00
Erik Arvstedt
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec
...
The new definition is equivalent to the old one.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
af2040f4c4
netns-isolation: use 'true' for systemd option
2021-02-07 22:39:05 +01:00
Erik Arvstedt
c246bbb36e
bitcoind, clightning, lnd: improve descriptions
...
bitcoind: The previous description of 'prune' didn't match the int-only
values supported by our option.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring
...
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
2021-02-07 22:39:05 +01:00
Erik Arvstedt
f0850d3f23
btcpayserver: reorder config settings
...
Move 'bind' and 'port' next to each other and to the top.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency
...
btcpayserver fails if it starts before postgresql.
2021-02-07 22:39:05 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService'
2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib
2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
Martin Milata
86d7db9940
bitcoind: add uptime to the public api whitelist
...
It is needed by lnd to check bitcoind health status since lnd-0.12.0.
2021-02-02 22:32:20 +01:00
Erik Arvstedt
b114d0c3b1
bitcoind: use systemd startup notification
2021-01-31 22:26:49 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing
2021-01-31 22:26:49 +01:00
Erik Arvstedt
9662c19ab1
onionServices: use actual user name of services
...
Previously, onionAddresses definitions in onionServices were of the form
onionAddresses.access.<service> = [<service>];
This caused failures for configurations where a service user name was
overridden or for bitcoind whose default user is 'bitcoin' instead of 'bitcoind'.
Now set the equivalent of:
onionAddresses.access.<actualServiceUser> = [<service>];
Implement this via a new option `onionAddresses.services` to make things more
readable and to work around an infinite recursion error in onionServices.
2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor
2021-01-31 22:26:49 +01:00
Jonas Nick
035438d427
Merge #290 : JoinMarket Orderbook Watcher
...
8c125ec48c
joinmarket-obwatcher: add pkg & module (nixbitcoin)
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 (Erik Arvstedt)
254246cf39
joinmarket: use installPhase (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 8c125ec48c
Tree-SHA512: 5e4ba14a2a90c505b7cd7e09c33548d06ec466502c48f8d551a4437c5542dab427ec7f9cb7a15c849cc7ce11685c493b9773ec08591e1980ebe2a84abef17141
2021-01-17 20:00:13 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
kon
9480ada135
nodeinfo fix lnd
2021-01-17 17:13:09 +01:00
Jonas Nick
c6c14889eb
Merge #293 : Module refactorings, onionServices
...
e2922eb4ce
move rpc thread count setting to lightning modules (Erik Arvstedt)
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword' (Erik Arvstedt)
757a66b9bd
liquid: move rpcuser definition to module (Erik Arvstedt)
0e00c39d47
secure-node: improve layout (Erik Arvstedt)
5f7a7962f7
backups: remove redundant option 'program' (Erik Arvstedt)
04d8560f86
secure-node: remove qrencode, tor from systemPackages (Erik Arvstedt)
323a431aba
improve nodeinfo (Erik Arvstedt)
f6b883a9ac
remove webindex (Erik Arvstedt)
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver (Erik Arvstedt)
18c7842e1a
modules: show warnings for obsolete options (Erik Arvstedt)
45c40c4eb9
versioning: simplify assertion evaluation (Erik Arvstedt)
bed00fe937
lnd: use onionServices for address announcing (Erik Arvstedt)
3980cd5a41
clightning: use onionServices for address announcing (Erik Arvstedt)
bd2a46cb73
spark-wallet: use onionServices (Erik Arvstedt)
87fb9f246b
add 'enable-tor' preset (Erik Arvstedt)
05b5402bb1
add nix-bitcoin.onionServices (Erik Arvstedt)
fffe988248
onionAddresses: add readonly option 'dataDir' (Erik Arvstedt)
5f34b094d3
onionAddresses: improve script (Erik Arvstedt)
b266f23251
onionAddresses: use service 'script' option (Erik Arvstedt)
6d13b26d0a
onionAddresses: add more precise type for option 'access' (Erik Arvstedt)
93562f76dd
onionAddresses: remove redundant option 'enable' (Erik Arvstedt)
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles (Erik Arvstedt)
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses (Erik Arvstedt)
55073eee70
remove nix-bitcoin.pkgs.lib (Erik Arvstedt)
09e0042aa8
spark-wallet: add consistent address options (Erik Arvstedt)
39f16c0b4a
liquidd: add consistent address options (Erik Arvstedt)
b5d76ba1b3
electrs: add consistent address options (Erik Arvstedt)
8fa32b7f91
btcpayserver: add consistent address options (Erik Arvstedt)
e78a609687
clightning: add consistent address options (Erik Arvstedt)
b41a720c28
lnd: add consistent address options (Erik Arvstedt)
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' (Erik Arvstedt)
5b7e0d09b2
bitcoind: add consistent address options (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK e2922eb4ce
jonasnick:
ACK e2922eb4ce
Tree-SHA512: a85b33efe66048f06699b3997f83c9427f70f278fa66d30ee9a29c91f50723ff8bd1ffb9d968d7f08818742c8c6afb0b40dbfc14b95a4b8c3302caf9bede4198
2021-01-14 20:42:23 +00:00
Erik Arvstedt
e2922eb4ce
move rpc thread count setting to lightning modules
2021-01-14 13:25:12 +01:00
Erik Arvstedt
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword'
2021-01-14 13:25:11 +01:00
Erik Arvstedt
757a66b9bd
liquid: move rpcuser definition to module
2021-01-14 13:25:11 +01:00
Erik Arvstedt
0e00c39d47
secure-node: improve layout
2021-01-14 13:25:11 +01:00
Erik Arvstedt
5f7a7962f7
backups: remove redundant option 'program'
...
Not needed until we support other backup backends.
2021-01-14 13:25:11 +01:00
Erik Arvstedt
04d8560f86
secure-node: remove qrencode, tor from systemPackages
...
Keep jq which is useful for analyzing service cli output.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
323a431aba
improve nodeinfo
...
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation
2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
...
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
Jonas Nick
41a6be6552
Merge #297 : joinmarket: add enforceTor to firewall scripts on netns-level
...
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 71ee16d767
Tree-SHA512: cef089012807c90034d4b1f259bf6d81bfb83a36e7d2aadd85e817728f646948c12c25d199525d578d44366ee10389cb5081c4d86842b19b06b1066ff8feec19
2021-01-10 23:11:08 +00:00
Jonas Nick
e3a45fcc0c
joinmarket: add rpcWalletFile option
...
The joinmarket docs recommend using a separate wallet to avoid mixing up jm and
default wallet.
2021-01-10 21:52:27 +00:00
nixbitcoin
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level
2021-01-04 16:09:20 +00:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK ed636dd070
Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
nixbitcoin
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
Martin Milata
5feb9e3eae
lnd: fix rpc/rest port configuration
2020-12-07 14:38:36 +01:00
Ian Shipman
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
b1a5f5e7b9
don't add service-only pkgs to systemPackages
...
These packages are not useful in shell environemnts.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
e39ad358a4
lnd: remove unused bitcoind from PATH
2020-11-09 22:10:07 +01:00
nixbitcoin
59e128a994
joinmarket: add payjoin configuration
2020-11-06 08:51:25 +00:00
nixbitcoin
f29f04c0c4
secure-node: LND no longer requires ControlPort
...
Onion service is now generated through mkHiddenService function.
2020-11-06 08:51:23 +00:00