210 Commits

Author SHA1 Message Date
Jonas Nick
f9683889d9
Merge #312: Refactorings, cleanups
0a2c8e4864dc30b6d1ed86a16793d37699707650 run-tests: add option --copy-src (Erik Arvstedt)
803584a28889f27ebdc57bf165edff7cec9dfc6b backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a734b3268cf49811356ff4483fb6ed2 ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412ccbd1912b97bae611c6788b2cb77f9 services: add names for systemd helper scripts (Erik Arvstedt)
69826996131d2d9169cffc2eeb019b2f43a42a9c services: use consistent layout (Erik Arvstedt)
a43534dda0c52c9d070aa30c4cc60ad3ef6a26d6 services: improve config file setup (Erik Arvstedt)
18f2002cf0a514f5fcbadb77e9318bcca7c49506 joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6fba676f9ecf61705e569e59ec16b3af joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415cc164628d7ccdacf066b8decca95afd joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f5f2649a8502e494cc2bc34397bd174 joinmarket: fix wallet creation (Erik Arvstedt)
745835010899aac6518a32dceaeace368ed2b327 treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939cc67f57ed11d270a8049483872a719b treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13d2373c685243172b0cd2a10213f745 treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf8fe7b28d4218e9fc80bd4c4a4e0341 treewide: remove user descriptions (Erik Arvstedt)
4f6ff408efef3f8550baa0a62a5a0e40570499a1 treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1d1e3b8ca85f1765edb9f1fa8df6be5 treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de5e6c9934bc1410edd5f2bc9980da17 treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3903122897badfb0b6841eef260a0f1 netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a9d611b092d76cfa0f8e225eb48e365 defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e96eb06c222ac64cc82ce99e11e9072 README: minor improvements (Erik Arvstedt)
13fc9dfabfd16f164f2dc3124a752d68f79cb9ab examples: improve introductory comments (Erik Arvstedt)
af2040f4c46547fa4bfd2e03d0f964c4b656de07 netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e700a42e452a3c486b2c3240fee0ef4 bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef19733036e93923421859d3a8b055c61 bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1dfbee8cc304a0ba923c3dcb2b4c53a0 elementsd: minor refactoring (Erik Arvstedt)
f0850d3f2346ae2b7a05e96b8c79a44b5fc8376b btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85d40d28a239f171947de1b9a1cb19ef btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 0a2c8e4864dc30b6d1ed86a16793d37699707650

Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:32:03 +00:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
2021-02-07 22:45:36 +01:00
Jonas Nick
2ebd1129a5
Merge #317: Pkg updates
a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35dffbe44f1049482759c5b552457834 secp256k1: move to top-level packages (Erik Arvstedt)
d41a84316738271ac29ddd1dfb422063cf34a2d8 jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03afaa5e6caf55ee4ab8021f50533a1fd7 extra-container: 0.5 -> 0.6 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f
  jonasnick:
    ACK a0f48c9de9d2c45e446965bdaf3ad3cf1fc1b90f

Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
2021-02-07 21:44:10 +00:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals 2021-02-07 22:41:29 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting 2021-02-07 22:40:10 +01:00
Erik Arvstedt
a587a2b02a
defaultHardening: explain where @system-service is defined 2021-02-07 22:39:06 +01:00
Erik Arvstedt
41fe9b0c1d
elementsd: minor refactoring
- Use pname
- urls -> url
2021-02-07 22:39:05 +01:00
Erik Arvstedt
a2f265cd35
secp256k1: move to top-level packages
Reason: secp256k1 is not a Python package.
2021-02-06 11:43:36 +01:00
Erik Arvstedt
d41a843167
jmbitcoin: remove secp256k1 from propagatedBuildInputs
Adding this input has no effect. jmbitcoin accesses secp256k1 via bitcointx.
2021-02-06 11:43:36 +01:00
Erik Arvstedt
c22adb03af
extra-container: 0.5 -> 0.6 2021-02-06 11:43:36 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService' 2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib 2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix 2021-02-04 12:39:48 +00:00
nixbitcoin
a33c678d3b
update nixpkgs-unstable
Includes c-lightning 0.9.3 and lnd 0.12.0-beta
2021-02-01 10:11:30 +00:00
Erik Arvstedt
8f9ea61d6e
update nixpkgs-unstable
- bitcoind 0.20.1 -> 0.21.0
  Manually create a wallet in the backup test because bitcoind
  does not create a default wallet anymore

- disable the failing elementsd build on unstable
2021-01-31 22:26:30 +01:00
Erik Arvstedt
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable
Building with nixBitcoinPkgsUnstable was only a temporary measure to
fix build errors on stable.
2021-01-30 11:38:47 +01:00
Jonas Nick
58a88619ae
Merge #306: Update nixpkgs
f96591c0305f89333e5e233894449147bc0e7662 Update nixpkgs (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK f96591c0305f89333e5e233894449147bc0e7662

Tree-SHA512: 41e79c1660108a7f6d879a11eecdcfd01135079f664794c198eef08c542dd0e829a6033cfc0851d3d9d5fb0f154db7933efa11a3e3d808dd40ef6d89dee0c58a
2021-01-27 16:17:11 +00:00
nixbitcoin
f96591c030
Update nixpkgs
Includes CVE-2021-3156 patch
2021-01-27 15:15:47 +00:00
nixbitcoin
69da6f94f1
electrs: v0.8.6 -> v0.8.7 2021-01-20 13:20:18 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module 2021-01-17 17:40:12 +00:00
Erik Arvstedt
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 2021-01-17 17:40:01 +00:00
Erik Arvstedt
254246cf39
joinmarket: use installPhase
This simplifies the build.
2021-01-17 14:17:14 +01:00
Erik Arvstedt
55073eee70
remove nix-bitcoin.pkgs.lib
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module 2021-01-01 17:37:30 +00:00
nixbitcoin
9423eadcee
clboss: add pkg 2020-12-22 09:39:37 +00:00
Jonas Nick
7b32a78de2
Merge #284: Fix containers
2bfb4efbd8d313725f659983193e26170c2b4881 make-container: fix usage comment (Erik Arvstedt)
3403795c8600bc63a6e36011aed30fd391f7c96e tests: add example scripts (Erik Arvstedt)
ff94985b8bf11481e315980e499965443abd7d58 tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e09f8ca47e33392b6e37a5a683b4591 fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a2c3ff186279774781f03c70b8fa964 extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66bc55a64828375280b98eda12e8d0b3 generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc72747319291b5bb5ecc69d491d1a17c294 make-container: fix renamed variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 2bfb4efbd8d313725f659983193e26170c2b4881
  jonasnick:
    utACK 2bfb4efbd8d313725f659983193e26170c2b4881

Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
44b06aea5a
extra-container: 0.5-pre -> 0.5 2020-12-18 19:56:56 +01:00
Erik Arvstedt
a359cdfb66
generate-secrets: use pwgen
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.

Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.

Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
nixbitcoin
c9657305e7
temp: modify get-sha256 for hotfix commit 2020-12-14 16:55:03 +00:00
nixbitcoin
522b0000e6
lightning-loop: 0.11.1-beta -> 0.11.2-beta 2020-12-09 16:13:24 +00:00
Jonas Nick
fabe4df478
Update nixpkgs
Includes clightning: 0.9.1 -> 0.9.2 and btcpayserver: 1.0.5.5 -> 1.0.5.9
2020-12-07 12:30:11 +00:00
Jonas Nick
8e268c5ced
Fetch from the nixpkgs repo instead of nixpkgs-channels
nixpkgs-channels is deprecated.
2020-12-06 21:42:20 +00:00
Erik Arvstedt
1c0233c0a8
use Cirrus CI
- Make more economic use of the free CI resources by removing redundant build tasks:
  - Build unstable pkgs in a single separate task ("pkgs_unstable").
  - All stable pkgs are implicitly built by the modules tests.
- The build script (ci/build.sh) can now be executed locally for easier
  debugging.
- Use an explicit 'cachix push' command instead of helper/wait-for-network-idle.rb.
  This is simpler and more reliable.
2020-12-06 19:07:54 +01:00
Erik Arvstedt
a6346c2561
electrs: 0.8.5 -> 0.8.6 2020-12-01 12:51:36 +01:00
Ian Shipman
1d44b99340 add curated clightning plugins 2020-11-18 20:21:34 -06:00
Erik Arvstedt
5399f73b20 add txzmq python pkg 2020-11-18 20:21:34 -06:00
Erik Arvstedt
e62e163177 add clightning python pkgs 2020-11-18 20:21:34 -06:00
Erik Arvstedt
1a16e55237 move python packages to pkgs/python-packages
Remove obsolete passthru from joinmarket because joinmarket packages are
now accessible via pkgs/python-packages.
2020-11-18 20:21:34 -06:00
nixbitcoin
50372c9f2f
lightning-loop: 0.11.0-beta -> 0.11.1-beta 2020-11-18 15:36:38 +00:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Jonas Nick
a36957203c
Update nixpkgs (stable 20.03 -> 20.09) 2020-11-08 20:37:16 +00:00
nixbitcoin
546053511b
lightning-loop: 0.10.0-beta -> 0.11.0-beta 2020-11-06 08:51:30 +00:00
nixbitcoin
d4c0653c64
joinmarket: 0.7.0 -> 0.7.2 2020-11-06 08:51:15 +00:00
Jonas Nick
dbad828851
Merge #255: Improve netns-isolation and Tor config
b4b607dfa56eaa25a7af5eca55b3149322335db6 netns: simplify firewall setup (Erik Arvstedt)
25639cec427415a0e26d9ffcdc028edea1f11817 netns: fix error msg when starting netns (Erik Arvstedt)
67068afd6b92883df044678e18486e84d02761c5 netns: fix error when stopping netns (Erik Arvstedt)
4ff88efc500cdd7fd0a407c21087c4479390246a netns: add address binding test (Erik Arvstedt)
8da01fe8a65a7dacc9114b00a48432f2b93eea6b lightning-loop: allow RPC access from main netns (Erik Arvstedt)
d76b080b74e7f627ca7806398f716507932fc01a lightning-loop: add RPC and REST server options (Erik Arvstedt)
9ddf7864a4298df1dd996478f81a6a96d1a8af8f lightning-loop regtest: fix incorrectly succeeding test (Erik Arvstedt)
e66636ef0e2f35699516594acfb1b265377f4726 liquidd: use type str for rpcbind (Erik Arvstedt)
de23fdd37780406c9b09e9f0528d8f7ae7cf1a76 lnd: use type str for rpclisten, restlisten (Erik Arvstedt)
8b053326ccb9b08b585d65f54ad12ddbf86c1ff2 bitcoind: use type str for rpcbind (Erik Arvstedt)
6903e8afcce3af2689abe2a8c2454dc0c7774a5a netns-liquidd: allow RPC access from main netns (Erik Arvstedt)
82f4901880e5d8504c8f7d805f4597c0b2c2c6a9 netns-lnd: allow RPC access from main netns (Erik Arvstedt)
58d24e735de29fb76646b4032b53e82ae62ed9fa netns-bitcoind: allow RPC access from main netns (Erik Arvstedt)
0e2ff948d3223bf1ac9d6d6f7dbc22ab43aee60c test: add scenario 'netnsRegtest' (Erik Arvstedt)
e0675cb2564e5eeb41737554c27171c7bac0df1b move enforceTor logic to service modules (Erik Arvstedt)
0cc8caa737a6ac345af147d68f06cfa9d6bba262 lnd: only set tor.active on enforceTor (Erik Arvstedt)
9a931483b9a4be260b17b63e20eda829bad1281b netns test: remove strict dependency on clightning, electrs (Erik Arvstedt)
bae1b7f41331073d59a199cd1835e2c5a9889b49 netns test: improve ping test (Erik Arvstedt)
5e0e16529c573e8e377fe7ae87bb873a286db51b netns: fix default addressblock value type (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK b4b607dfa56eaa25a7af5eca55b3149322335db6
  nixbitcoin:
    ACK b4b607dfa56eaa25a7af5eca55b3149322335db6

Tree-SHA512: b290831d9a3fa4de56b0f19cf84a1998e830aa844532d7cba8cd8227c785a23bfa1514123a974652e8e61060e1297b6bfbcff9640580206a04c5292309b1daef
2020-11-02 16:11:34 +00:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
6903e8afcc
netns-liquidd: allow RPC access from main netns 2020-10-29 21:21:28 +01:00
Erik Arvstedt
82f4901880
netns-lnd: allow RPC access from main netns 2020-10-29 21:21:27 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns 2020-10-29 21:21:27 +01:00