- Adds lnd to netns-isolation.services
- Specifies listen option (defaults to localhost) as target of
hiddenService.
- Amends hardcoded lnd ip to lnd-cert
WARNING: Breaking changes for lnd cert. lnd-key and lnd-cert will have
to be deleted and redeployed.
currently, nodeinfo has presets/secure-node.nix as a strict
dependency as it requires onion-chef and the 'operatorName' option.
and nix-bitcoin-webindex.nix has nodeinfo as a dependecy.
so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
Download shesek's github spark-npm.tgz, verify signature, unpack
spark-npm.tgz, patch package.json to include qrcode-terminal in
dependencies, run node2nix with tmpdir as local source, replace tmpdir
spark-wallet source with shesek's github spark-npm.tgz in
node-packages.nix.
spark-wallet: erikarvstedt fixups
move script to pkg dir, add hint to script in pkg def
remove unneeded script deps
add extended bash error checking
rename DIR -> TMPDIR
remove TMPDIR on exit
strip whitespace, simplify comments
gpg2 -> gpg
latesttagelectrs -> latest
tmpdir: don't use XDG_RUNTIME_DIR
XDG_RUNTIME_DIR is often in RAM and shouldn't be used for larger
workloads like repo downlaods
verify fingerprint of the imported key
remove trailing '-' in output
simplify output
Hide --fetch-key output
Output is not relevant to user, looks better without it
More accurately describe ./get-sha256 function
User might think that ./get-sha256 automatically updates sha256 in default.nix
Fetch key from sks keyservers instead of keybase.io
Using --recv-key simplifies getting the right key, and only the
right key, greatly. I try to refrain from using sks keyservers,
but the certificate spamming attack shouldn't be an issue in this
case because we create a temporary keychain just for the
verificaiton.
remove unneeded cargoDepsHook
Make clang nativeBuildInput instead of buildInput
e95f5981aa Remove KN countrycode (nixbitcoin)
742aef1e0f Only set dataDirReadableByGroup if cfg.high-memory is enabled (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e95f5981aa
Tree-SHA512: e8253b934211e6fc6be11917f8acb05a05e390caafdf86f90670f9299d9c0d98596758ff021c65aae199c9a5a3f86f87854e1b8f50a53bab8ad28d9a7003d98e
It appears the pinned attrset is a bit adhoc. This generalizes
pinned.nix so that you can do:
$ nix build -f . pinned.stable.hwi
$ nix build -f . pinned.unstable.hwi
etc
Signed-off-by: William Casarin <jb55@jb55.com>
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
Use buildRustPackage instead of buildRustCrate (via crate2nix).
buildRustPackage builds the whole executable and its libraries in a
single `cargo build` process.
With the create2nix approach each library is built in a separate derivation,
directly using rustc instead of the cargo wrapper.
Benefits of buildRustPackage:
- Much simpler to maintain
- Package derivation evaluates much faster
Benefits of crate2nix:
- Build can be distributed over multiple build hosts
- Better sharing of common dependencies between different builds
- More fine-grained rebuilding on build failures
In nixpkgs buildRustPackage is used for almost all Rust pkgs, it's
also a better fit for our use case.