Merge fort-nix/nix-bitcoin#404: Electrs 0.9.0

8938eadf0c bitcoind: don't tag all incoming connections as 'Tor' (Erik Arvstedt)
b9301ce0d9 emergency fix: lnd: 0.13.1-beta -> 0.13.3-beta (Erik Arvstedt)
265fc1911d extra-container: pin to nixpkgs-unstable (Erik Arvstedt)
75b89f3957 electrs: adapt to version 0.9.0 (Erik Arvstedt)
6f42fa8181 update nixpkgs (electrs: 0.8.11 -> 0.9.0) (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 8938eadf0c
  jonasnick:
    ACK 8938eadf0c

Tree-SHA512: 4d5dcb451e5cb50ec66121b9f9bb69bc96e45c2b2160b92f6cbc76e18d8619483a06e14fe6fa9df85d3cf6a31254953b2055229902ae861e7c1031755bc82b51

examples/configuration.nix

@@ -93,10 +93,6 @@
   ### ELECTRS
   # Set this to enable electrs, an efficient Electrum server implemented in Rust.
   # services.electrs.enable = true;
-  #
-  # If you have more than 8GB memory, enable this option so electrs will
-  # sync faster. Only available if hardware wallets are disabled.
-  # services.electrs.high-memory = true;
 
   ### BTCPayServer
   # Set this to enable BTCPayServer, a self-hosted, open-source
@@ -150,7 +146,6 @@
   ### Hardware wallets
   # Enable the following to allow using hardware wallets.
   # See https://github.com/bitcoin-core/HWI for more information.
-  # Only available if electrs.high-memory is disabled.
   #
   # Ledger must be initialized through the official ledger live app and the Bitcoin app must
   # be installed and running on the device.
@@ -264,5 +259,5 @@
   # The nix-bitcoin release version that your config is compatible with.
   # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
   # an error and provide hints for migrating your config to the new release.
-  nix-bitcoin.configVersion = "0.0.51";
+  nix-bitcoin.configVersion = "0.0.53";
 }

flake.lock

@@ -17,11 +17,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1631993469,
+        "lastModified": 1633422542,
-        "narHash": "sha256-McX1mqzbXtfyf8w9cA5gJHD2mDjen+4ze6xpHHKXuRI=",
+        "narHash": "sha256-JYz2PmVogNRO8DhcvXzL/QhZzboTspJz2YSRlnAj8aM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "6120ac5cd201f6cb593d1b80e861be0342495be9",
+        "rev": "aff647e2704fa1223994604887bb78276dc57083",
         "type": "github"
       },
       "original": {
@@ -33,16 +33,16 @@
     },
     "nixpkgsUnstable": {
       "locked": {
-        "lastModified": 1632025165,
+        "lastModified": 1633514490,
-        "narHash": "sha256-vFHkvmdwbJAFg2d60CQ4fbqpEAUFXR0SO3HRWI4+bXM=",
+        "narHash": "sha256-wQrUBgyF4EXlz9HgEHrQEj9vbgh6+nO8iXc3XCTQkLA=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a54d2e72e282f2bc68c49f82c735cf664244ec75",
+        "rev": "1c1b567985bd1be77601657562ed20299d169529",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
+        "ref": "master",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -6,7 +6,7 @@
 
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05";
-    nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    nixpkgsUnstable.url = "github:NixOS/nixpkgs/master";
     flake-utils.url = "github:numtide/flake-utils";
   };
 

helper/makeShell.nix

@@ -6,7 +6,7 @@ let
   nbPkgs = import ../pkgs { inherit pkgs; };
   cfgDir = toString configDir;
   path = lib.optionalString pkgs.stdenv.isLinux ''
-    export PATH="${lib.makeBinPath [ nbPkgs.extra-container ]}''${PATH:+:}$PATH"
+    export PATH="${lib.makeBinPath [ nbPkgs.pinned.extra-container ]}''${PATH:+:}$PATH"
   '';
 in
 pkgs.stdenv.mkDerivation {

modules/bitcoind-rpc-public-whitelist.nix

@@ -25,6 +25,7 @@
   "gettxoutsetinfo"
   "scantxoutset"
   "verifytxoutproof"
+  "waitfornewblock"
   # Mining
   "getblocktemplate"
   "getmininginfo"

modules/bitcoind.nix

@@ -253,7 +253,7 @@ let
     ${optionalString (cfg.assumevalid != null) "assumevalid=${cfg.assumevalid}"}
 
     # Connection options
-    ${optionalString cfg.listen "bind=${cfg.address}${optionalString cfg.enforceTor "=onion"}"}
+    ${optionalString cfg.listen "bind=${cfg.address}"}
     port=${toString cfg.port}
     ${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
     listen=${if cfg.listen then "1" else "0"}

modules/electrs.nix

@@ -19,13 +19,6 @@ let
       default = "/var/lib/electrs";
       description = "The data directory for electrs.";
     };
-    high-memory = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        If enabled, the electrs service will sync faster on high-memory systems (≥ 8GB).
-      '';
-    };
     monitoringPort = mkOption {
       type = types.port;
       default = 4224;
@@ -63,7 +56,12 @@ in {
       }
     ];
 
-    services.bitcoind.enable = true;
+    services.bitcoind = {
+      enable = true;
+      # Enable p2p connections
+      listen = true;
+      extraConfig = "whitelist=download@${nbLib.address cfg.address}";
+    };
 
     systemd.tmpfiles.rules = [
       "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
@@ -80,37 +78,31 @@ in {
       serviceConfig = nbLib.defaultHardening // {
         RuntimeDirectory = "electrs";
         RuntimeDirectoryMode = "700";
+        # electrs only uses the working directory for reading electrs.toml
         WorkingDirectory = "/run/electrs";
         ExecStart = ''
-          ${config.nix-bitcoin.pkgs.electrs}/bin/electrs -vvv \
+          ${config.nix-bitcoin.pkgs.electrs}/bin/electrs -vv \
-          ${if cfg.high-memory then
-              traceIf (!bitcoind.dataDirReadableByGroup) ''
-                Warning: For optimal electrs syncing performance, enable services.bitcoind.dataDirReadableByGroup.
-                Note that this disables wallet support in bitcoind.
-              '' ""
-            else
-              "--jsonrpc-import --index-batch-size=10"
-          } \
           --network=${bitcoind.makeNetworkName "bitcoin" "regtest"} \
           --db-dir='${cfg.dataDir}' \
           --daemon-dir='${bitcoind.dataDir}' \
           --electrum-rpc-addr=${cfg.address}:${toString cfg.port} \
           --monitoring-addr=${cfg.address}:${toString cfg.monitoringPort} \
           --daemon-rpc-addr=${nbLib.addressWithPort bitcoind.rpc.address bitcoind.rpc.port} \
+          --daemon-p2p-addr=${nbLib.addressWithPort bitcoind.address bitcoind.port} \
           ${cfg.extraArgs}
         '';
         User = cfg.user;
         Group = cfg.group;
         Restart = "on-failure";
         RestartSec = "10s";
-        ReadWritePaths = "${cfg.dataDir} ${if cfg.high-memory then "${bitcoind.dataDir}" else ""}";
+        ReadWritePaths = cfg.dataDir;
       } // nbLib.allowedIPAddresses cfg.enforceTor;
     };
 
     users.users.${cfg.user} = {
       isSystemUser = true;
       group = cfg.group;
-      extraGroups = [ "bitcoinrpc-public" ] ++ optionals cfg.high-memory [ bitcoind.user ];
+      extraGroups = [ "bitcoinrpc-public" ];
     };
     users.groups.${cfg.group} = {};
   };

modules/hardware-wallets.nix

@@ -38,7 +38,6 @@ in {
         { assertion = (config.services.bitcoind.disablewallet == null || !config.services.bitcoind.disablewallet);
           message = ''
             Hardware-Wallets are not compatible with bitcoind.disablewallet.
-            Note that this option is active when enabling electrs.high-memory.
           '';
         }
       ];

modules/obsolete-options.nix

@@ -26,5 +26,12 @@ in {
 
     (mkRenamedAnnounceTorOption "clightning")
     (mkRenamedAnnounceTorOption "lnd")
+
+    # 0.0.53
+    (mkRemovedOptionModule [ "services" "electrs" "high-memory" ] ''
+      This option is no longer supported by electrs 0.9.0. Electrs now always uses
+      bitcoin peer connections for syncing blocks. This performs well on low and high
+      memory systems.
+    '')
   ];
 }

modules/presets/secure-node.nix

@@ -35,7 +35,6 @@ in {
     services.bitcoind = {
       enable = true;
       listen = true;
-      dataDirReadableByGroup = mkIf cfg.electrs.high-memory true;
       dbCache = 1000;
     };
 

modules/versioning.nix

@@ -138,6 +138,37 @@ let
         [1] https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/fidelity-bonds.md
       '';
     }
+    {
+      version = "0.0.53";
+      condition = config.services.electrs.enable;
+      message = let
+        dbPath = "${config.services.electrs.dataDir}/mainnet";
+      in ''
+        Electrs 0.9.0 has switched to a new, more space efficient database format,
+        reducing storage demands by ~60% [1].
+        When started, electrs will automatically reindex the bitcoin blockchain.
+        This can take a few hours, depending on your hardware. The electrs server is
+        inactive during reindexing.
+
+        To upgrade, do the following:
+
+        - If you have less than 40 GB of free space [2] on the electrs data dir volume:
+          1. Delete the database:
+             systemctl stop electrs
+             rm -r '${dbPath}'
+          2. Deploy the new system config to your node
+
+        - Otherwise:
+          1. Deploy the new system config to your node
+          2. Check that electrs works as expected and delete the old database:
+             rm -r '${dbPath}'
+
+        [1] https://github.com/romanz/electrs/blob/557911e3baf9a000f883a6f619f0518945a7678d/doc/usage.md#upgrading
+        [2] This is based on the bitcoin blockchain size as of 2021-09.
+            The general formula is, approximately, size_of(${dbPath}) * 0.6
+            This includes the final database size (0.4) plus some extra storage (0.2).
+      '';
+    }
   ];
 
   mkOnionServiceChange = service: {

pkgs/default.nix

@@ -13,7 +13,6 @@ let self = {
   nixops19_09 = pkgs.callPackage ./nixops { };
   krops = import ./krops { };
   netns-exec = pkgs.callPackage ./netns-exec { };
-  extra-container = pkgs.callPackage ./extra-container { };
   clightning-plugins = pkgs.recurseIntoAttrs (import ./clightning-plugins pkgs self.nbPython3Packages);
   clboss = pkgs.callPackage ./clboss { };
   secp256k1 = pkgs.callPackage ./secp256k1 { };

pkgs/extra-container/default.nix

@@ -1,37 +0,0 @@
-{ stdenv, lib, nixos-container, openssh
-, glibcLocales
-}:
-
-stdenv.mkDerivation rec {
-  pname = "extra-container";
-  # Update this file when changing the version: ../../test/lib/make-container.sh
-  version = "0.7";
-
-  src = builtins.fetchTarball {
-    url = "https://github.com/erikarvstedt/extra-container/archive/${version}.tar.gz";
-    sha256 = "1hcbi611vm0kn8rl7q974wcjkihpddan6m3p7hx8l8jnv18ydng8";
-  };
-
-  buildCommand = ''
-    install -D $src/extra-container $out/bin/extra-container
-    patchShebangs $out/bin
-    share=$out/share/extra-container
-    install $src/eval-config.nix -Dt $share
-
-    # Use existing PATH for systemctl and machinectl
-    scriptPath="export PATH=${lib.makeBinPath [ nixos-container openssh ]}:\$PATH"
-
-    sed -i \
-      -e "s|evalConfig=.*|evalConfig=$share/eval-config.nix|" \
-      -e "s|LOCALE_ARCHIVE=.*|LOCALE_ARCHIVE=${glibcLocales}/lib/locale/locale-archive|" \
-      -e "2i$scriptPath" \
-      $out/bin/extra-container
-  '';
-
-  meta = with lib; {
-    description = "Run declarative containers without full system rebuilds";
-    homepage = https://github.com/erikarvstedt/extra-container;
-    license = licenses.mit;
-    maintainers = [ maintainers.earvstedt ];
-  };
-}

pkgs/pinned.nix

@@ -12,6 +12,7 @@ pkgs: pkgsUnstable:
     clightning
     electrs
     elementsd
+    extra-container
     hwi
     lightning-loop
     lightning-pool

test/lib/make-container.sh

@@ -77,9 +77,10 @@ while [[ $# > 0 ]]; do
 done
 
 containerBin=$(type -P extra-container) || true
-if [[ ! ($containerBin && $(realpath $containerBin) == *extra-container-0.7*) ]]; then
+if [[ ! ($containerBin && $(realpath $containerBin) == *extra-container-0.8*) ]]; then
-    echo "Building extra-container. Skip this step by adding extra-container 0.7 to PATH."
+    echo "Building extra-container. Skip this step by adding extra-container 0.8 to PATH."
-    nix-build --out-link /tmp/extra-container "$scriptDir"/../pkgs -A extra-container >/dev/null
+    nix-build --out-link /tmp/extra-container "$scriptDir"/../pkgs \
+      -A pinned.extra-container >/dev/null
     export PATH="/tmp/extra-container/bin${PATH:+:}$PATH"
 fi
 

test/tests.nix

@@ -74,6 +74,8 @@ let
       tests.charge-lnd = cfg.charge-lnd.enable;
 
       tests.electrs = cfg.electrs.enable;
+      # Sigterm is broken during IBD in version 0.9.0 https://github.com/romanz/electrs/issues/532
+      systemd.services.electrs.serviceConfig.KillSignal = "SIGKILL";
 
       tests.liquidd = cfg.liquidd.enable;
       services.liquidd.extraConfig = mkIf config.test.noConnections "connect=0";

test/tests.py

@@ -106,10 +106,13 @@ def _():
     assert_running("electrs")
     wait_for_open_port(ip("electrs"), 4224)  # prometeus metrics provider
     # Check RPC connection to bitcoind
-    machine.wait_until_succeeds(log_has_string("electrs", "NetworkInfo"))
+    if not "regtest" in enabled_tests:
+        machine.wait_until_succeeds(
+            log_has_string("electrs", "waiting for 0 blocks to download")
+        )
 
 # Impure: Stops electrs
-# Stop electrs from spamming the test log with 'WARN - wait until IBD is over' messages
+# Stop electrs from spamming the test log with 'waiting for 0 blocks to download' messages
 @test("stop-electrs")
 def _():
     succeed("systemctl stop electrs")
@@ -353,10 +356,10 @@ def _():
 
     if enabled("electrs"):
         machine.wait_for_unit("onion-addresses")
-        machine.wait_until_succeeds(log_has_string("electrs", "BlockchainInfo"))
+        machine.wait_until_succeeds(log_has_string("electrs", "serving Electrum RPC"))
         get_block_height_cmd = (
             """echo '{"method": "blockchain.headers.subscribe", "id": 0, "params": []}'"""
-            f" | nc -N {ip('electrs')} 50001 | jq -M .result.height"
+            f" | nc {ip('electrs')} 50001 | head -1 | jq -M .result.height"
         )
         assert_full_match(get_block_height_cmd, "10\n")
     if enabled("clightning"):