Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation
2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
...
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK ed636dd070
Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
nixbitcoin
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
Martin Milata
5feb9e3eae
lnd: fix rpc/rest port configuration
2020-12-07 14:38:36 +01:00
Ian Shipman
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
b1a5f5e7b9
don't add service-only pkgs to systemPackages
...
These packages are not useful in shell environemnts.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
e39ad358a4
lnd: remove unused bitcoind from PATH
2020-11-09 22:10:07 +01:00
nixbitcoin
59e128a994
joinmarket: add payjoin configuration
2020-11-06 08:51:25 +00:00
nixbitcoin
f29f04c0c4
secure-node: LND no longer requires ControlPort
...
Onion service is now generated through mkHiddenService function.
2020-11-06 08:51:23 +00:00
Erik Arvstedt
0972af55f1
netns: fix setup service restarts
2020-11-03 21:55:13 +01:00
Erik Arvstedt
63a464431b
netns: fail when netns already exists
...
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
2020-11-03 21:55:13 +01:00
Erik Arvstedt
b4b607dfa5
netns: simplify firewall setup
2020-10-29 22:36:20 +01:00
Erik Arvstedt
25639cec42
netns: fix error msg when starting netns
...
Previously, the failing initial `netns delete` resulted in a
"Cannot remove namespace file ..." error visible in the journal
and status output.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
67068afd6b
netns: fix error when stopping netns
...
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
...
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
d76b080b74
lightning-loop: add RPC and REST server options
2020-10-29 21:21:29 +01:00
Erik Arvstedt
e66636ef0e
liquidd: use type str for rpcbind
2020-10-29 21:21:29 +01:00
Erik Arvstedt
de23fdd377
lnd: use type str for rpclisten, restlisten
2020-10-29 21:21:28 +01:00
Erik Arvstedt
8b053326cc
bitcoind: use type str for rpcbind
...
Extra RPC bind addresses can still be added via extraConfig.
2020-10-29 21:21:28 +01:00