This replaces minimal-configuration.nix.
importable-configuration.nix can be directly added to an existing
NixOS configuration. This makes it easy for users to get started quickly.
- Don't overwrite `nix-bitcoin-release.nix` on errors
- Show a message to indicate whether `nix-bitcoin-release.nix` was
updated
- Don't start a shell when called noninteractively
Also, update `usage.md` and reformat `shell.nix`.
Previously, when used to update `nix-bitcoin-release`, the error
wasn't displayed but instead written to `nix-bitcoin-release`.
Also, show curl error messages.
Benefits of adding top-level variables for used services:
- Makes it obvious which other services are referenced by a service
- Less code
We already do this in many other places.
These are insignificant, generic options; place them above readonly options.
We already do this in other services.
Also move user/group config to bottom in spark-wallet.
This greatly improves readability and makes it easier to discover options.
This commit was genereated by running the following script inside the
repo root dir:
#!/usr/bin/env ruby
def transform(src)
return false if src.include?('inherit options;')
success = false
options = nil
src.sub!(/^ options.*?^ }.*?;/m) do |match|
options = match
" inherit options;"
end
return false if !options
src.sub!(/^with lib;\s*let\n+/m) do |match|
success = true
<<~EOF
with lib;
let
#{options}
EOF
end
success
end
Dir['modules/**/*.nix'].each do |f|
src = File.read(f)
if transform(src)
puts "Changed file #{f}"
File.write(f, src)
end
end
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.
This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.
Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
The user's local node configuration directory usually contains a copy of
examples/shell.nix.
1. Move the shell implementation from shell.nix to nix-bitcoin/helper/makeShell.nix
Because the shell is no longer defined locally in the user's config
directory, we can now ship new shell features via nix-bitcoin updates.
2. Simplify examples/nix-bitcoin-release.nix
nix-bitcoin-release.nix, as generated via `fetch-release`, now
contains a simple fetchTarball statement which can be directly imported.
This allows us to get rid of the extra `nix-bitcoin-unpacked` derivation
which adds a dependency on the user's local nixpkgs.
To keep `fetch-release` as simple as possible for easy auditing, we just
fetch and verify a `nar-hash.txt` file that is now uploaded
via `push-release.sh`.
A migration guide for updating the user's local `shell.nix` is
automatically printed when the user starts a new shell after updating
nix-bitcoin.
This is achieved by throwing an error in `generate-secrets`, which is called
on shell startup.
This commit is required to deploy the new extensible `generate-secrets`
mechanism introduced in the next commit.
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
- Option `-nodes` ("no DES") disables encryption of the key file.
- Option `-addext` is used to specify `subjectAltName` settings
that were previously defined by openssl.cnf.
The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
lightning-loop to simplify the code.
For reference, the org. name in auto-generated loop certs is
"loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
These were previously restricted to just `subjectAltName` by openssl.cnf.
We now use the openssl defaults for simplicity.
- btcpayserver: remove unneeded trailing semicolons
- krops/get-sha256:
`tail` is unneeded because `nix-prefetch-url` just outputs a single
line containing the hash.
There's no common `nix` command argument syntax for eval'ing a nix
expression that supports both older and newer (flake support) versions of nix.
So fall back to nix-instantiate.
joinmarket-ob-watcher now makes extensive use of bitcoind because of
JoinMarket's new fidelity bond functionality. Therefore it fails on
non-synced nodes, as those in the test suite. We now test that the
service fails with the correct error, rather than asserting that it is
running.
This change is fully backwards compatible.
We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.
'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)