Commit Graph

640 Commits

Author SHA1 Message Date
Jonas Nick
347a0f3aee
secure-node: add dummy option to determine if the preset is enabled
This is useful for versioning.nix.
2021-10-31 14:00:46 +00:00
Erik Arvstedt
aada35fc7b
minor improvements
- README: add matrix room

- examples/configuration.nix: explain why bitcoind is enabled by default

- btcpayserver: group lnd service settings

- clightning:
  Use public onion port only when the onion service is public

  This allows users to enable the onion service while announcing a
  non-onion public address.

- netns-isolation: move `readOnly` attr to the top

- tests: use mkDefault to allow for easier overriding

- tests/btcpayserver: test web server response
2021-10-30 15:34:48 +02:00
Erik Arvstedt
1da23cd933
bitcoind, liquidd: add whitelisted socket
This allows whitelisting local services without implicitly
whitelisting all inbound onion connections, which would happen when
setting bitcoind/liquidd option `whitelist=localhost`.

Used by electrs and nbxplorer, which requires the unsafe `mempool`
permission.
2021-10-29 18:28:31 +02:00
Erik Arvstedt
8c3a88b2e8
update nixpkgs-unstable
Switch back from nixpkgs master to unstable.

Pkg updates:
btcpayserver: 1.2.3 -> 1.2.4
electrs: 0.9.0 -> 0.9.1
elementsd: 0.18.1.12 -> 0.21.0
lightning-pool: 0.5.0-alpha -> 0.5.1-alpha
nbxplorer: 2.2.5 -> 2.2.11

- liquidd:
  add `onionPort` like in bitcoind

- tests/electrs:
  remove KillSignal workaround
2021-10-29 17:59:25 +02:00
Erik Arvstedt
cc3d43f4e9
bitcoind: set onionPort in bitcoind module
This removes the module-level dependency from onion-services to
bitcoind.
Due to the `or false` fallback, there's no dependency added in
the reverse direction.

In particular, this allows us to not add a dependency on liquidd in
the following commit.
2021-10-28 22:24:24 +02:00
Jonas Nick
20d4240919
Merge fort-nix/nix-bitcoin#410: joinmarket: 0.9.2 -> 0.9.3
d5ce1c43a8 test: make joinmarket work with regtest (nixbitcoin)
a10aa21c69 joinmarket: 0.9.2 -> 0.9.3 (nixbitcoin)
721ba1aeba python-packages: separate `specific-versions` pkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK d5ce1c43a8
  jonasnick:
    light utACK d5ce1c43a8

Tree-SHA512: 5ddccbf9a88640086d14051283b59e704364d4d5f3f6aa6c698d88d8a6634ac9a7b525b11cf1670c9aaa6a797635bc23e135972d9bc8c909ec51b58fe57e8f5c
2021-10-28 09:50:22 +00:00
nixbitcoin
d5ce1c43a8
test: make joinmarket work with regtest 2021-10-27 16:08:28 +02:00
nixbitcoin
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3 2021-10-27 16:02:59 +02:00
kon
b6d1928e90 clightning: add public port
Co-authored-by: Erik Arvstedt <erik.arvstedt@gmail.com>
2021-10-26 21:34:33 +02:00
Jonas Nick
bfe8ac972c
Merge fort-nix/nix-bitcoin#405: bitcoind: add separate p2p socket for tor connections
ec4a4dbe41 btcpayserver: fix whitelist security issue (Erik Arvstedt)
df2070b44a bitcoind: add separate p2p socket for tor connections (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK ec4a4dbe41

Tree-SHA512: 457bfb5806dca65507261c1868ca89c86a39f63bd10833b7531fd74dd779816083270c8ccc95ad08a5306e9b31c440904e3cba35464d47c0d87418d0be3e732d
2021-10-21 12:17:17 +00:00
Erik Arvstedt
ec4a4dbe41
btcpayserver: fix whitelist security issue
Whitelisting localhost implicitly whitelists all inbound onion
connections. This prevents banning misbehaving inbound onion peers
and enables message `mempool` which can cause privacy leaks.

Instead, grant `download` as the single bitcoind whitelist permission, which
should be safe for onion peers.
Remove liquidd whitelisting because it doesn't support fine-grained permissions.

After a cursory glance at the nbxplorer code I think that nbxplorer
requires none of the other default whitelist permissions (noban, mempool,
relay).
Details: https://github.com/dgarage/NBXplorer/issues/344
2021-10-21 11:40:40 +02:00
Erik Arvstedt
df2070b44a
bitcoind: add separate p2p socket for tor connections
This re-enables onion tagging while still supporting untagged connections.

Onion sockets are not yet supported in the latest liquidd/elements
version 0.18.1.12 available on nixpkgs.
2021-10-21 11:40:40 +02:00
Jonas Nick
8b1b06311d
Merge fort-nix/nix-bitcoin#406: bitcoind: one-option i2p support
63836127c9 bitcoind: one-option i2p support (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 63836127c9
  jonasnick:
    utACK 63836127c9

Tree-SHA512: be7806657885ba455e7137dfc8c20ea4d58898b04db030a964aafbde1c505041a1f9e700654ad9c75ab2bb9267174bdbe84c9d7e4de63a09508b72fbd5c8f1a1
2021-10-15 11:02:09 +00:00
Jonas Nick
2250b9bcb7
Merge fort-nix/nix-bitcoin#408: joinmarket: 0.9.1 -> 0.9.2
3781a85c9b joinmarket: enable Agora as a third IRC server (nixbitcoin)
ced1637d07 joinmarket: share IRC server definitions between jm and ob-watcher (Erik Arvstedt)
59fc003ebd joinmarket: 0.9.1 -> 0.9.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 3781a85c9b

Tree-SHA512: 5ec919d2291ecf96fb4ca880f3dbeabff13f2bab71822db893ebbaba1b95463666b098ccc1412a1b56f327a231e10c1f2d47feb0f520fce349ab243d398bf7b4
2021-10-15 10:58:01 +00:00
nixbitcoin
3781a85c9b
joinmarket: enable Agora as a third IRC server 2021-10-13 14:45:52 +02:00
Erik Arvstedt
ced1637d07
joinmarket: share IRC server definitions between jm and ob-watcher
Also add server name comments.
2021-10-13 14:44:36 +02:00
kon
40ab4b368a add lnd TimoutSec 2021-10-12 21:56:59 +02:00
nixbitcoin
63836127c9
bitcoind: one-option i2p support 2021-10-12 10:22:09 +00:00
Erik Arvstedt
8938eadf0c
bitcoind: don't tag all incoming connections as 'Tor'
We're also accepting local, non-Tor connections.
2021-10-06 16:55:41 +02:00
Erik Arvstedt
75b89f3957
electrs: adapt to version 0.9.0
- `waitfornewblock` was previously not included in the public RPC
  whitelist because it's reserved for testing and marked as hidden
  in bitcoind.

- electrs changed its verbosity settings. `-vv` is now the best choice
  for normal usage.

- bitcoind option `dataDirReadableByGroup` is now unused.
  Because it can be valuable for other use cases and implementing
  it is intricate, we're keeping it for now.

- test: keep `nc` connection open because otherwise the electrs
  RPC server would now close the connection before sending a response.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
6d694a6269
backups: allow extraFiles to override default settings
By moving them to the top they take precedence over the remaining
filelist entries.
2021-10-06 11:27:52 +02:00
Erik Arvstedt
0c45415c86
backups: exclude bitcoind, liquidd txindex data 2021-10-06 11:27:52 +02:00
Erik Arvstedt
b73c093d3d
joinmarket-ob-watcher: require nix-bitcoin.service
This caused failures in the tests which were ignored because
ob-watcher was expected to fail for other reasons.
2021-10-06 11:27:47 +02:00
Erik Arvstedt
c8251cdad7
onion-services: don't always enable Tor
Previously, Tor was always enabled because `cfg` was always nonempty
(via definitions at `Set sensible defaults for some services`).
Now only enable Tor if there are active onion services.

Also rename var `services` -> `onionServices` to improve readability in
section `Set getPublicAddressCmd ...` where the same name is also used for
option `config.services`.
2021-10-05 15:11:41 +02:00
Erik Arvstedt
4d5bc810eb
secrets: fix setup-secrets in case of no secrets
Previously, the glob (*) returned '*' when no files existed in the
secrets dir, leading to error `chown: cannot access '*'`.

Now `unprocessedFiles` is empty when there are no secrets.

Also remove the unneeded sorting of `unprocessedFiles` and
remove redundant leading zero in the default mode.
2021-10-04 00:33:27 +02:00
Erik Arvstedt
a92d6a8e80
netns: expose bridgeIp as an option
Previously, this variable was not accessible to other modules.
2021-10-04 00:33:26 +02:00
Erik Arvstedt
f36df8f563
secure-node: remove redundant bitcoind settings
- `discover` is automatically disabled by bitcoind because we're
   setting `externalip` via the `nix-bitcoin.onionServices` mechanism
- `bech32` is bitcoind's default addresstype
2021-10-04 00:33:26 +02:00
Erik Arvstedt
09169365d8
liquid: remove unused features
- `hexStr` is unused
- Simplify ExecStart options
- Quote `dataDir`
- Remove unneeded `pidFile` setting
2021-10-04 00:33:26 +02:00
Erik Arvstedt
82d910e937
nbxplorer: fix bitcoind, liquidd settings
- Add nbxplorer to whitelists.
  This is recommended by the nbxplorer docs and guarantees that nbxplorer
  can always p2p-connect to bitcoind/liquidd.

- Enable bitcoind/liquidd p2p servers via `listen`.
2021-10-04 00:33:26 +02:00
Erik Arvstedt
f61e928139
services: support 0.0.0.0/:: in address options
Previously, client services didn't decode these special INADDR_ANY
addresses and failed to connect.
2021-10-04 00:33:26 +02:00
Erik Arvstedt
1848c3dd98
btcpayserver: minor improvements
- Quote datadir
- Extract liquidd service variable
- Move btcpayserver below liquid in modules list because it depends
  on liquid
2021-10-01 11:52:57 +02:00
Erik Arvstedt
e561637600
minor fixes
- bitcoind: Remove obsolete defaultText
- clightning: Fix description
  Option `address` can't be used to specify a socket path because it's
  used explicitly as an IP address in many places.
- lnd: Break up overlong line
  This is required by commit `services: support 0.0.0.0/:: in `address` options`
- nix-bitcoin.nix: Formatting
- secrets: Improve descriptions
2021-10-01 11:52:56 +02:00
Jonas Nick
5626558222
Merge fort-nix/nix-bitcoin#397: backups: make extraFiles list of strings
c483f1694d examples: correct localBackups scp command (nixbitcoin)
cb54891484 backups: make extraFiles list of strings (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK c483f1694d

Tree-SHA512: cb178382655e70aaf85f5930ec7a2c631c28e4c447d0b5d02d973eb73e3bd902ab091cc496d79efbfba5355b9574cb5ba6dd5a4d395b0cda4e3da715fd88d9c5
2021-09-25 10:34:51 +00:00
nixbitcoin
cb54891484
backups: make extraFiles list of strings 2021-09-24 11:38:47 +00:00
Jonas Nick
0c31130ac8
secure-node: remove default bitcoin addnode
Onion v2 addresses are incompatible with the upcoming bitcoind version.
2021-09-19 20:03:40 +00:00
Erik Arvstedt
9114ec669a
lnd: improve options formatting 2021-09-16 12:51:00 +02:00
Erik Arvstedt
c8774375d3
modules: use consistent service variables
Benefits of adding top-level variables for used services:
- Makes it obvious which other services are referenced by a service
- Less code

We already do this in many other places.
2021-09-13 13:41:47 +02:00
Erik Arvstedt
ad97c268c6
modules: move user/group options to bottom
These are insignificant, generic options; place them above readonly options.
We already do this in other services.

Also move user/group config to bottom in spark-wallet.
2021-09-13 13:41:47 +02:00
Erik Arvstedt
27c45b82cc
modules: move options to the top
This greatly improves readability and makes it easier to discover options.

This commit was genereated by running the following script inside the
repo root dir:

#!/usr/bin/env ruby

def transform(src)
  return false if src.include?('inherit options;')

  success = false

  options = nil
  src.sub!(/^  options.*?^  }.*?;/m) do |match|
    options = match
    "  inherit options;"
  end
  return false if !options

  src.sub!(/^with lib;\s*let\n+/m) do |match|
    success = true
    <<~EOF
      with lib;
      let
      #{options}

    EOF
  end

  success
end

Dir['modules/**/*.nix'].each do |f|
  src = File.read(f)
  if transform(src)
    puts "Changed file #{f}"
    File.write(f, src)
  end
end
2021-09-13 13:41:47 +02:00
Erik Arvstedt
731cf647ff
modules: remove unneeded use of options module arg
Needed by the following commit.
2021-09-13 13:41:47 +02:00
Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
82a2b148d8
secrets: minor fixes
- Improve comment.
- `secretsSetupMethod` is not internal because it can be set to "manual"
  by the user.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
2c8e29b35b
lnd: extract option certPath
Improves service encapsulation.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
be12a49933
lightning-pool/loop: extract lnd variable 2021-09-11 15:07:24 +02:00
Erik Arvstedt
5087ce245f
minor cleanups
- btcpayserver: remove unneeded trailing semicolons

- krops/get-sha256:
  `tail` is unneeded because `nix-prefetch-url` just outputs a single
  line containing the hash.
2021-09-11 15:07:23 +02:00
Erik Arvstedt
0d2db4e79f
backups: add option postgresqlDatabases
This simplifies defining postgresql backups.
This change is covered by tests.py.
2021-09-11 15:07:23 +02:00
Erik Arvstedt
9730be9282
joinmarket-yieldgenerator: simplify start script 2021-08-30 13:37:05 +02:00
Erik Arvstedt
179b86d19c
joinmarket: allow recreating wallet from seed
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
Erik Arvstedt
7c5ef32b50
versioning: move list of changes to the top
Improves readability.
2021-08-30 13:37:05 +02:00
Erik Arvstedt
b15d71605e
joinmarket: fix leaking passwords
Previously, `bitcoin-rpcpassword-privileged` and `jm-wallet-password` were
passed as world readable arguments to sed and jm-genwallet subprocesses.
2021-08-30 13:37:04 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds 2021-08-30 13:37:04 +02:00
Erik Arvstedt
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
nixbitcoin
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1 2021-08-30 09:02:26 +00:00
Erik Arvstedt
a8a8b9ce4d
backups: backup NixOS uid, gid mappings
Now that service uid, gid mappings are included in the backups, along
with the service data dirs, we can remove 'chown -R' for
clightning and liquidd data dirs.

Note that we used 'chown -R' only for these two services, while this
approach would have been relevant for all services with data dirs.
2021-08-15 22:40:35 +02:00
Erik Arvstedt
ee8b83681b
modules: document module dependencies 2021-08-15 22:40:35 +02:00
Erik Arvstedt
9f7d048769
modules: move assertion to lnd.nix
nix-bitcoin.nix is now no longer dependent on clightning.nix and lnd.nix.
Due to condition '!(config.services ? clightning)' lnd.nix still
doesn't depend on clightning.nix.

Also fix the assertion message by renaming clightning.bindPort to clightning.port.
2021-08-15 22:40:35 +02:00
Erik Arvstedt
cce9a3f6b2
modules: move nix-bitcoin options to file 'nix-bitcoin.nix'
This allows modules.nix to consist only of a list of modules.
2021-08-15 22:40:35 +02:00
Erik Arvstedt
13b4650e84
versioning: add usage comment 2021-08-15 11:29:36 +02:00
Erik Arvstedt
ca3c7a281b
secrets: mark option 'secretsSetupMethod' as internal 2021-08-15 11:29:36 +02:00
Erik Arvstedt
f9a0fd7a17
nodeinfo: fix indentation 2021-08-15 11:29:36 +02:00
Erik Arvstedt
1ef8cbb384
joinmarket: fix allowRunAsUsers setting
This option requires user names instead of groups.
2021-08-15 11:29:35 +02:00
Erik Arvstedt
fb36f2abe5
joinmarket-ob-watcher: use consistent mode formatting
Remove redundant leading zero.
2021-08-15 11:29:34 +02:00
Erik Arvstedt
f14af1fc48
treewide: use consistent echo message formatting
Quote the echo message.
2021-08-15 11:29:34 +02:00
Erik Arvstedt
b8043d3db5
treewide: use consistent bash script indentation
Always use two spaces.
2021-08-15 11:29:34 +02:00
Erik Arvstedt
c758d68ea4
lib: rename privileged -> rootScript
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
Erik Arvstedt
a2454975a5
doas: fix recursive calls to doas
Doas was broken for recursive calls like `doas -u operator lncli`
where `lncli` internally calls doas.
2021-08-14 10:46:42 +02:00
Erik Arvstedt
161baa7e68
joinmarket-ob-watcher: allow required 'mbind' system call 2021-08-14 10:46:41 +02:00
Erik Arvstedt
a0e5894f1f
backups: remove illegal option definition 2021-08-14 10:46:41 +02:00
Erik Arvstedt
35fe939cf8
security: update /proc restriction mechanism
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.

Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
Erik Arvstedt
e44f78ebb8
services: set isSystemUser for service users
'isSystemUser' has to be explicitly set in NixOS 21.05.
Previously, it was the implicit default.
2021-08-14 10:46:40 +02:00
Erik Arvstedt
a25ceecca5
update to NixOS 21.05 2021-08-12 11:18:26 +02:00
Jonas Nick
1ecd9756f6
Merge fort-nix/nix-bitcoin#369: BTCPayServer L-BTC Support
54810ce1bf btcpayserver: add L-BTC support (nixbitcoin)
b24c14ec61 liquidd: make regtest capable (nixbitcoin)
b7225f5d11 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 54810ce1bf

Tree-SHA512: 363165d3b977cd4425191bce4246dd9e83daf914bf2adcaf3cf42d0c170f5730e7e79934a97e5f9c071d0f52bf9ee75a3aa710c4c52135ea58bcdd898babcc74
2021-08-10 12:23:46 +00:00
Erik Arvstedt
881a3aa004
joinmarket: use preStart, postStart 2021-08-10 10:12:42 +00:00
nixbitcoin
e2c6eb6681
joinmarket: create bitcoind wallet
Starting with 0.21.0, bitcoin no longer automatically creates and loads
a default wallet.
This was being ignored because of a JoinMarket issue [1] in CI builds prior
to this version. Now a watch-only Bitcoin Core wallet is created in ExecStartPost.

[1] https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/812
2021-08-10 10:12:37 +00:00
nixbitcoin
6258d64cb6
joinmarket: run with group 'bitcoin'
Don't copy bitcoin-rpcpassword-privileged as root, instead run service
with group "bitcoin".
Same effect, less complexity. Note, PoLP still obeyed for joinmarket-ob-watcher.
2021-08-10 10:12:33 +00:00
nixbitcoin
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00
nixbitcoin
54810ce1bf
btcpayserver: add L-BTC support 2021-08-10 10:04:54 +00:00
nixbitcoin
b24c14ec61
liquidd: make regtest capable 2021-08-10 10:04:22 +00:00
Erik Arvstedt
637a58d826
lnd: improve waiting for active RPC server
- Simplify
- Add comment
- Avoid the unneeded default call to sleep
2021-07-29 20:27:34 +02:00
Erik Arvstedt
adeccce06e
lnd: simplify use of curl 2021-07-29 20:27:33 +02:00
Martin Milata
b666bb2903 charge-lnd: add module 2021-07-12 17:36:31 +02:00
Jonas Nick
ce10003747
lnd: allow curl to retry in the create-wallet script 2021-07-08 13:10:16 +00:00
Jonas Nick
a23b9d1c2d
lnd: check that state is RPC_ACTIVE after unlocking
The state service is newly introduced in lnd 0.13.0.
2021-07-07 13:15:04 +00:00
Jonas Nick
c75347027b
lnd: don't wait until the RPC port is open after unlocking
According to the release notes of lnd 0.13.0 [0] the RPC service is available at
all times.

[0] https://github.com/lightningnetwork/lnd/releases/tag/v0.13.0-beta
2021-07-07 13:12:50 +00:00
Jonas Nick
7914405ced
clboss: add option for using custom package 2021-04-13 14:12:39 +00:00
nixbitcoin
3b938a909f
add hardened-extended preset 2021-04-02 10:59:09 +00:00
Erik Arvstedt
08fe9ba84a
services: add finer-grained address family restrictions
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.

bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.

lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.

lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
2021-03-22 14:35:29 +01:00
Erik Arvstedt
020433cec6
services: add helper fn setAllowedIPAddresses
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
Erik Arvstedt
cdf27d9d0c
bitcoind: improve service timeouts
- Improve readability by using minutes
- set `TimeoutStopSec` like in bitcoin/contrib/init/bitcoind.service.
  Stopping bitcoind can exceed the default timeout during IBD.
2021-03-16 12:46:19 +01:00
Erik Arvstedt
09cd3ce5e4
lnd: show curl error messages 2021-03-16 12:46:19 +01:00
Jonas Nick
fe118b28ff
examples: add krops deployment method 2021-03-15 18:53:07 +01:00
Erik Arvstedt
03db1a61b1
lnd, joinmarket: don't write to secrets dir
Keeping the secrets dir read-only is more simple and robust.

- lnd seed mnemonic creation and joinmarket wallet creation can be
  run as the regular service user instead of root.

- It is easier to switch to a third-party secrets deployment
  method in the future.

Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
2021-03-15 18:50:15 +01:00
Erik Arvstedt
55d87490ec
secrets: make configuration more robust
- Fail at evaluation when secrets setup is not configured.
  Previously, bitcoind failed at runtime due to the missing secrets target.

- Fail at evaluation when conflicting secrets setup methods are used.
  This happens when `secretsSetupMethod` has more than one definition.
2021-03-15 12:42:52 +00:00
Erik Arvstedt
b0c223e716
secrets: don't stop services when the secrets target stops
With krops or nixops the secrets target is always restarted during
the deployment process.
This previously caused unnecessary restarts of all nix-bitcoin services.
2021-03-15 12:42:52 +00:00
Erik Arvstedt
b701cb5603
secrets: add option 'generateSecrets'
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.

Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.

Also rename option setup-secrets -> setupSecrets.
2021-03-15 12:42:52 +00:00
Jonas Nick
a4dabc7390
Remove nixops examples and documentation 2021-03-15 12:42:47 +00:00
Jonas Nick
1377cf5147
Merge #337: joinmarket: 0.8.1 -> 0.8.2
5ead2a7075 joinmarket: 0.8.1 -> 0.8.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 5ead2a7075

Tree-SHA512: 2ac87f74a1008c058adef81d11049d985a64f435d75ef61584e8debdcc985f78c1d43430c09ee71c247a93908a5ba3a1efdcf91b0666a84b3269509a99685343
2021-03-10 21:24:12 +00:00
nixbitcoin
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2
- add SNICKER to default config
- update package
- ob-watcher: copy vendorized js and css dependencies
- add missing dependency to jmbase
- use cryptography from pinned.nixpkgs-unstable
2021-03-10 13:33:49 +00:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta 2021-03-07 18:28:08 +00:00