a985abcd21
187ff884dbf064ef80ebd47a3f49ca985cb0bdf5 add modules test (Erik Arvstedt)
826245484ec0af402a54f85c8f228b29c91db1f7 make secrets dir location configurable (Erik Arvstedt)
b1e13e9415f16180cdf7f2d23c209150471aa520 simplify secrets file format (Erik Arvstedt)
314272a228f974dc41c36ba2a9f3997d35ff7361 lnd, nanopos: move user and group definitions to the bottom (Erik Arvstedt)
766fa4f300511a7f0703327248bd9cc8cdbe0c3b travis: cache all build outputs with cachix (Erik Arvstedt)
b0e759160dcd29e2dfe0bd6471d39444e7d09123 travis: set NIX_PATH as early as possible (Erik Arvstedt)
c51bbcf104d3163366b91b2dfaa3e806f31cd02a travis: move comment (Erik Arvstedt)
7092dce0c77cfbb3e2a01a670c3a7618fca2a759 travis: remove use of deprecated statements (Erik Arvstedt)
190a92507cf395a359912f777c470cdd4d6dbef5 travis: split up scripts into statements (Erik Arvstedt)
10d6b04ac82226dd8c39da492ef63f1491b2dd65 support enabling clightning and lnd simultaneously (Erik Arvstedt)
ad7a519284eed218c2c9958c141f817c2abc9e93 bitcoind: wait until RPC port is open (Erik Arvstedt)
5536b64fb3c699ad0b24d165d5f3073be357e8c5 lnd: wait until wallet is created (Erik Arvstedt)
6f2a55d63ca9b4daf70a22e31285ced720697e0c lnd: wait until RPC port is open (Erik Arvstedt)
1868bef4625a2897eb03355099e5077739d07365 lnd: add option 'rpcPort' (Erik Arvstedt)
120e3e8cfea6221371ef5a939cbcb7138e3808dc lnd postStart: suppress curl response output (Erik Arvstedt)
3e86637327663ec8745294e12faf41d9fcb4f58e lnd postStart: poll for REST service availability (Erik Arvstedt)
795c51dc01efe72b58d33085490318d5991e969e lnd postStart: make more idiomatic (Erik Arvstedt)
6e58beae8a27908f9e3e6afbe0e620b5c964c791 lnd: use postStart option for script (Erik Arvstedt)
86167c6e6d3362a02055e9045981434d29c7cca5 clightning: wait until the RPC socket appears (Erik Arvstedt)
60c732a6a1cbbe8b6112f3517140f03481c97956 onion-chef: set RemainAfterExit, fix tor dependency (Erik Arvstedt)
2b9b3ba1c500e51c86c6cfb06fd49febe56e455d systemPackages: improve readability with shorter service references (Erik Arvstedt)
14ecb5511a29f61adacd0d4b45cf0c741604d138 liquid: add cli option (Erik Arvstedt)
cd5ed39b9cdde341325170c7e27b4ea0c9aca302 lnd: add cli option (Erik Arvstedt)
1833b158883cce8886cbeb21eab4e29ab267f3fb clightning: add cli option (Erik Arvstedt)
b90bf6691bf7f7bb53c1dd1ede188186bb141905 add generate-secrets.service (Erik Arvstedt)
644769421481818025419fe1f4274f9dc49fbd24 add generate-secrets pkg (Erik Arvstedt)
e34093a8aca06bbd1107bf90990869250a9de32d generate_secrets.sh: add opensslConf option (Erik Arvstedt)
9d14d5ba64a95c1154ec70c2d91440ddf16250d5 generate_secrets.sh: write secrets to working directory (Erik Arvstedt)
51fb0540017a1ae4a274ac5f24279799cde46f12 generate_secrets.sh: extract makepw command (Erik Arvstedt)
e3b47ce18a2183bc25c60072b5bf761e6ae4a51d add setup-secrets.service (Erik Arvstedt)
437b268433e7311f47de63ded2c066fe1a8c3567 extract make-secrets.nix (Erik Arvstedt)
f9c29b9318f4c20f4bf8a132f533b9b3e98886b4 simplify secret definitions (Erik Arvstedt)
cd0fd6926ba6f1223a3dc3d41dc49380853fb752 don't copy secret files to store during nixops deployment (Erik Arvstedt)
f0a36fe0c7415272db92f772733dc4d97b57cc58 add 'nix-bitcoin-services' option (Erik Arvstedt)
7aaf30501c570c31971f4a04bdfd7a9fa9217aeb nix-bitcoin-services: simplify formatting (Erik Arvstedt)
760da232e0145fed1016e1efa9bd7dca49d22631 add nix-bitcoin pkgs namespace (Erik Arvstedt)
6def181dbc28bbab431c132a475b931df4aac16a add modules.nix (Erik Arvstedt)
3b842e5fe773b9031b15ea2d0ae05749df079d02 add nix-bitcoin-secrets.target (Erik Arvstedt)
bbf2bbc04a80f951768860d7eba5b37fc067921d network.nix: simplify import of main config (Erik Arvstedt)
7e021a26295e345c6676f598448baaadc9ff33f0 simplify overlay.nix (Erik Arvstedt)
07dc3e04ac8a56b5200de64dab34ed8aac39e45e move bitcoinrpc group definition to bitcoind (Erik Arvstedt)
d61b185c3a03c67218a5b09a2e221978f82434ac simplify user and group definitions (Erik Arvstedt)
Pull request description:
The nix-bitcoin modules consist of three fundamental components:
1. a set of bitcoin-related modules for general use.
2. an opinionated configuration of these modules (`nix-bitcoin.nix`), to be deployed on a
dedicated machine.
3. machinery for nixops deployment.
This PR removes dependencies that reach from top to bottom in the list.
This means that 1. is now usable on its own and that 2. can be used without 3.
Besides improving nix-bitcoin's general usefulness, this
- simplifies testing. This PR includes a Travis-enabled modules test using the NixOS testing framework.
- paves the way for krops deployment.
- unlocks direct deployment in NixOS containers which allows for super fast experimentation.
### Details
Here are the unnecessary inter-component dependencies and how they're resolved by the commits. I'm using the numbering from the list above.
- `1. -> 3.` The modules (1.) use the nixops-specific (3.) `keys` group.
Resolved by `add nix-bitcoin-secrets.target`.
- `1. -> 3.` 1. requires nixops-specific key services.
Resolved by `add nix-bitcoin-secrets.target`.
- `1. -> 2.` bitcoind needs the bitcoinrpc group which is defined in `nix-bitcoin.nix` (2.).
Resolved by `move bitcoinrpc group definition to bitcoind`.
Further obstacles for standalone usage of 1.:
- We can't easily import 1. as a standalone module set.
Resolved by `add modules.nix`.
- Users of 1. shouldn't be forced to import nix-bitcoin's packages as top-level items in the pkgs namespace.
Resolved by `add nix-bitcoin pkgs namespace`.
### Non-nixops deployments
Commit `add setup-secrets.service` simplifies non-nixops deployment methods like containers, NixOS VMs or krops.
Secrets can now deployed as follows:
1. create local secrets.
2. transfer secrets to machine.
3. on the machine, `setup-secrets.service` creates extra secrets from `secrets.nix` and sets owner and
permissions for all secrets.
As krops integrates step 2. we now have all ingredients for automatic krops deployment.
The service is complicated by the creation of secrets like `bitcoin-rpcpassword` that are composed of attrs from `secrets.nix` instead of being simply backed by a file like `lnd_key`. We could simplify this by creating all secret files locally.
Running nix-bitcoin in NixOS containers gives you faster rebuild cycles when developing. [Here's](https://gist.github.com/5db4fa7dd3f1137920b58e39647116f6) an example.
### Test
The last commits starting with `clightning: add cli option` are testing-related and mostly fix non-critical bugs that were exposed by the test.
All `STABLE=1` builds from the Travis build matrix are implicit in the modules test.
Should we remove these individual builds?
Regarding commit `travis: cache all build outputs with cachix`:
To replace my cache with a cache that's owned by you (maybe named `nix-bitcoin-ci`), run
```
nix-shell -p travis --run 'travis encrypt CACHIX_SIGNING_KEY=... -r fort-nix/nix-bitcoin'
```
where `...` is the value of `secretKey` in `~/.config/cachix/cachix.dhall`. Let me know the travis secret and I'll fixup the commit.
### Docs
If you like the proposed changes, I'll add another PR with updates to the docs regarding the project layout, non-nixops deployment, and how to use nix-bitcoin within a larger NixOS config.
ACKs for top commit:
jonasnick:
ACK 187ff884dbf064ef80ebd47a3f49ca985cb0bdf5
Tree-SHA512: f4be65215c592a4f41bb7fa991a6d8d7c463cf631b88bf53051ca57ba280e7a60b8b09d0d1521345d5b656f844daa2166fff5d00a3105077c9e263465eacfb0a
nix-bitcoin
Nix packages and nixos modules for easily installing Bitcoin nodes and higher layer protocols with an emphasis on security. This is a work in progress - don't expect it to be bug free or secure.
The default configuration sets up a Bitcoin Core node and c-lightning. The user can enable spark-wallet in configuration.nix to make c-lightning accessible with a smartphone using spark-wallet.
A simple webpage shows the lightning nodeid and links to nanopos letting the user receive donations.
It also includes elements-daemon.
Outbound peer-to-peer traffic is forced through Tor, and listening services are bound to onion addresses.
A demo installation is running at http://6tr4dg3f2oa7slotdjp4syvnzzcry2lqqlcvqkfxdavxo6jsuxwqpxad.onion. The following screen cast shows a fresh deployment of a nix-bitcoin node.
The goal is to make it easy to deploy a reasonably secure Bitcoin node with a usable wallet. It should allow managing bitcoin (the currency) effectively and providing public infrastructure. It should be a reproducible and extensible platform for applications building on Bitcoin.
Available modules
By default the configuration.nix provides:
- bitcoind with outbound connections through Tor and inbound connections through a hidden service. By default loaded with banlist of spy nodes.
- clightning with outbound connections through Tor, not listening
- includes "nodeinfo" script which prints basic info about the node
- adds non-root user "operator" which has access to bitcoin-cli and lightning-cli
In configuration.nix the user can enable:
- a clightning hidden service
- liquid
- lightning charge
- nanopos
- an index page using nginx to display node information and link to nanopos
- spark-wallet
- electrs
- recurring-donations, a module to repeatedly send lightning payments to recipients specified in the configuration.
- bitcoin-core-hwi.
- You no longer need extra software to connect your hardware wallet to Bitcoin Core. Use Bitcoin Core's own Hardware Wallet Interface with one
configuration.nixsetting.
- You no longer need extra software to connect your hardware wallet to Bitcoin Core. Use Bitcoin Core's own Hardware Wallet Interface with one
The data directories of the services can be found in /var/lib on the deployed machines.
Installation
The easiest way is to run nix-shell (on a Linux machine) in the nix-bitcoin directory and then create a NixOps deployment with the provided network.nix in the network directory.
Fix the FIXMEs in configuration.nix and deploy with nixops in nix-shell.
See install.md for a detailed tutorial.
Security
- Simplicity: Only services you select in
configuration.nixand their dependencies are installed, packages and dependencies are pinned, most packages are built from the nixos stable channel, with a few exceptions that are built from the nixpkgs unstable channel, builds happen in a sandboxed environment, code is continiously reviewed and refined. - Integrity: Nix package manager, NixOS and packages can be built from source to reduce reliance on binary caches, nix-bitcoin merge commits are signed, all commits are approved by multiple nix-bitcoin developers, upstream packages are cryptographically verified where possible, we use this software ourselves.
- Principle of Least Privilege: Services operate with least privileges; they each have their own user and are restricted further with systemd options, there's a non-root user operator to interact with the various services.
- Defense-in-depth: nix-bitcoin is built with a hardened kernel by default, services are confined through discretionary access control, Linux namespaces, and seccomp-bpf with continuous improvements.
Note that nix-bitcoin is still experimental. Also, by design if the machine you're deploying from is insecure, there is nothing nix-bitcoin can do to protect itself.
Hardware requirements
- Disk space: 300 GB (235GB for Bitcoin blockchain + some room)
- Bitcoin Core pruning is not supported at the moment because it's not supported by c-lightning. It's possible to use pruning but you need to know what you're doing.
- RAM: 2GB of memory. ECC memory is better. Additionally, it's recommended to use DDR4 memory with targeted row refresh (TRR) enabled (https://rambleed.com/).
Tested hardware includes pcengine's apu2c4, GB-BACE-3150, GB-BACE-3160. Some hardware (including Intel NUCs) may not be compatible with the hardened kernel turned on by default (see https://github.com/fort-nix/nix-bitcoin/issues/39#issuecomment-517366093 for a workaround).
Usage
For usage instructions, such as how to connect to spark-wallet, electrs and the ssh Tor Hidden Service, see usage.md.
Troubleshooting
If you are having problems with nix-bitcoin check the FAQ or submit an issue.
There's also a #nix-bitcoin IRC channel on freenode.
We are always happy to help.