docs: Replace tabs with spaces

This commit is contained in:
Jonas Nick 2020-03-21 19:42:59 +00:00 committed by Erik Arvstedt
parent 8aa4714979
commit 455c5664c9
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
2 changed files with 366 additions and 366 deletions

View File

@ -18,35 +18,35 @@ The following steps are meant to be run on the machine you deploy from, not the
1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch) 1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch)
``` ```
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
``` ```
2. Add Oracle VirtualBox public key 2. Add Oracle VirtualBox public key
``` ```
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
gpg2 oracle_vbox_2016.asc gpg2 oracle_vbox_2016.asc
``` ```
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
``` ```
sudo apt-key add oracle_vbox_2016.asc sudo apt-key add oracle_vbox_2016.asc
``` ```
3. Install virtualbox-5.2 3. Install virtualbox-5.2
``` ```
sudo apt-get update sudo apt-get update
sudo apt-get install virtualbox-5.2 sudo apt-get install virtualbox-5.2
``` ```
3. Create Host Adapter in VirtualBox 3. Create Host Adapter in VirtualBox
``` ```
vboxmanage hostonlyif create vboxmanage hostonlyif create
``` ```
## 2. Nix installation ## 2. Nix installation
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to. The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
@ -54,75 +54,75 @@ You can also build Nix from source by following the instructions at https://nixo
1. Install Dependencies (Debian 9 stretch) 1. Install Dependencies (Debian 9 stretch)
``` ```
sudo apt-get install curl git gnupg2 dirmngr sudo apt-get install curl git gnupg2 dirmngr
``` ```
2. Install latest Nix in "multi-user mode" with GPG Verification 2. Install latest Nix in "multi-user mode" with GPG Verification
``` ```
curl -o install-nix https://nixos.org/nix/install curl -o install-nix https://nixos.org/nix/install
curl -o install-nix.sig https://nixos.org/nix/install.sig curl -o install-nix.sig https://nixos.org/nix/install.sig
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg2 --verify ./install-nix.sig gpg2 --verify ./install-nix.sig
sh ./install-nix --daemon sh ./install-nix --daemon
``` ```
Then follow the instructions. Open a new terminal window when you're done. Then follow the instructions. Open a new terminal window when you're done.
If you get an error similar to If you get an error similar to
``` ```
error: cloning builder process: Operation not permitted error: cloning builder process: Operation not permitted
error: unable to start build process error: unable to start build process
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
``` ```
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
3. Optional: Disallow substitutes 3. Optional: Disallow substitutes
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
This eliminates an attack vector where nix's build server or binary cache is compromised. This eliminates an attack vector where nix's build server or binary cache is compromised.
## 3. Nixops deployment ## 3. Nixops deployment
1. Clone this project 1. Clone this project
``` ```
cd cd
git clone https://github.com/fort-nix/nix-bitcoin git clone https://github.com/fort-nix/nix-bitcoin
cd ~/nix-bitcoin cd ~/nix-bitcoin
``` ```
2. Setup environment 2. Setup environment
``` ```
nix-shell nix-shell
``` ```
This will set up your nix-bitcoin environment and might take a while without giving an output. This will set up your nix-bitcoin environment and might take a while without giving an output.
3. Create nixops deployment in nix-shell. 3. Create nixops deployment in nix-shell.
``` ```
nixops create network/network.nix network/network-vbox.nix -d bitcoin-node nixops create network/network.nix network/network-vbox.nix -d bitcoin-node
``` ```
4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`. 4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
5. Deploy Nixops in nix-shell 5. Deploy Nixops in nix-shell
``` ```
nixops deploy -d bitcoin-node nixops deploy -d bitcoin-node
``` ```
This will now create a nix-bitcoin node on the target machine. This will now create a nix-bitcoin node on the target machine.
6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with 6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
``` ```
nixops ssh operator@bitcoin-node nixops ssh operator@bitcoin-node
``` ```
See [usage.md](usage.md) for usage instructions, such as how to update. See [usage.md](usage.md) for usage instructions, such as how to update.
@ -138,15 +138,15 @@ Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox (macOS host)
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to. The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
1. Download and install VirtualBox 1. Download and install VirtualBox
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads) Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle. Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
2. Create Host Adapter in VirtualBox 2. Create Host Adapter in VirtualBox
``` ```
vboxmanage hostonlyif create vboxmanage hostonlyif create
``` ```
## 2. Nix installation (macOS) ## 2. Nix installation (macOS)
@ -157,20 +157,20 @@ In order to build binaries for your linux (NixOS) virtual machine on a macOS hos
1. Installation 1. Installation
``` ```
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
nix-linuxkit-configure nix-linuxkit-configure
``` ```
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs. You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
2. Confirm that nix-linuxkit works 2. Confirm that nix-linuxkit works
``` ```
nix-build ~/.cache/nix-linuxkit-builder/example.nix nix-build ~/.cache/nix-linuxkit-builder/example.nix
``` ```
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards. As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
## 4. Nixops deployment (macOS) ## 4. Nixops deployment (macOS)
@ -195,53 +195,53 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example: 1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
``` ```
wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
# output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e # output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e
``` ```
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd. Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
2. Write NixOS iso to install media (USB/CD). For example: 2. Write NixOS iso to install media (USB/CD). For example:
``` ```
cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX
``` ```
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l` Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
3. Boot the system 3. Boot the system
You will have to find out if your hardware uses UEFI or Legacy Boot for the next step. You will have to find out if your hardware uses UEFI or Legacy Boot for the next step.
4. Option 1: Partition and format for UEFI 4. Option 1: Partition and format for UEFI
``` ```
parted /dev/sda -- mklabel gpt parted /dev/sda -- mklabel gpt
parted /dev/sda -- mkpart primary 512MiB -8GiB parted /dev/sda -- mkpart primary 512MiB -8GiB
parted /dev/sda -- mkpart primary linux-swap -8GiB 100% parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
parted /dev/sda -- set 3 boot on parted /dev/sda -- set 3 boot on
mkfs.ext4 -L nixos /dev/sda1 mkfs.ext4 -L nixos /dev/sda1
mkswap -L swap /dev/sda2 mkswap -L swap /dev/sda2
mkfs.fat -F 32 -n boot /dev/sda3 mkfs.fat -F 32 -n boot /dev/sda3
mount /dev/disk/by-label/nixos /mnt mount /dev/disk/by-label/nixos /mnt
mkdir -p /mnt/boot mkdir -p /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot mount /dev/disk/by-label/boot /mnt/boot
swapon /dev/sda2 swapon /dev/sda2
``` ```
4. Option 2: Partition and format for Legacy Boot (MBR) 4. Option 2: Partition and format for Legacy Boot (MBR)
``` ```
parted /dev/sda -- mklabel msdos parted /dev/sda -- mklabel msdos
parted /dev/sda -- mkpart primary 1MiB -8GiB parted /dev/sda -- mkpart primary 1MiB -8GiB
parted /dev/sda -- mkpart primary linux-swap -8GiB 100% parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
mkfs.ext4 -L nixos /dev/sda1 mkfs.ext4 -L nixos /dev/sda1
mkswap -L swap /dev/sda2 mkswap -L swap /dev/sda2
mount /dev/disk/by-label/nixos /mnt mount /dev/disk/by-label/nixos /mnt
swapon /dev/sda2 swapon /dev/sda2
``` ```
4. Option 3: Set up encrypted partitions: 4. Option 3: Set up encrypted partitions:
@ -249,76 +249,76 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
5. Generate NixOS config 5. Generate NixOS config
``` ```
nixos-generate-config --root /mnt nixos-generate-config --root /mnt
nano /mnt/etc/nixos/configuration.nix nano /mnt/etc/nixos/configuration.nix
``` ```
Option 1: Edit NixOS configuration for UEFI Option 1: Edit NixOS configuration for UEFI
``` ```
{ config, pkgs, ... }: { { config, pkgs, ... }: {
imports = [ imports = [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
# Note: setting fileSystems is generally not # Note: setting fileSystems is generally not
# necessary, since nixos-generate-config figures them out # necessary, since nixos-generate-config figures them out
# automatically in hardware-configuration.nix. # automatically in hardware-configuration.nix.
#fileSystems."/".device = "/dev/disk/by-label/nixos"; #fileSystems."/".device = "/dev/disk/by-label/nixos";
# Enable the OpenSSH server.
services.openssh = {
enable = true;
permitRootLogin = "yes";
};
}
```
Option 2: Edit NixOS configuration for Legacy Boot (MBR) # Enable the OpenSSH server.
services.openssh = {
enable = true;
permitRootLogin = "yes";
};
}
```
``` Option 2: Edit NixOS configuration for Legacy Boot (MBR)
{ config, pkgs, ... }: {
imports = [ ```
# Include the results of the hardware scan. { config, pkgs, ... }: {
./hardware-configuration.nix imports = [
]; # Include the results of the hardware scan.
./hardware-configuration.nix
boot.loader.grub.device = "/dev/sda"; ];
# Note: setting fileSystems is generally not boot.loader.grub.device = "/dev/sda";
# necessary, since nixos-generate-config figures them out
# automatically in hardware-configuration.nix. # Note: setting fileSystems is generally not
#fileSystems."/".device = "/dev/disk/by-label/nixos"; # necessary, since nixos-generate-config figures them out
# automatically in hardware-configuration.nix.
# Enable the OpenSSH server. #fileSystems."/".device = "/dev/disk/by-label/nixos";
services.openssh = {
enable = true; # Enable the OpenSSH server.
permitRootLogin = "yes"; services.openssh = {
}; enable = true;
} permitRootLogin = "yes";
``` };
}
```
6. Do the installation 6. Do the installation
``` ```
nixos-install nixos-install
``` ```
Set root password Set root password
``` ```
setting root password... setting root password...
Enter new UNIX password: Enter new UNIX password:
Retype new UNIX password: Retype new UNIX password:
``` ```
7. If everything went well 7. If everything went well
``` ```
reboot reboot
``` ```
## 2. nix-bitcoin installation ## 2. nix-bitcoin installation
@ -327,115 +327,115 @@ You can also build Nix from source by following the instructions at https://nixo
1. Install Dependencies (Debian 9 stretch) 1. Install Dependencies (Debian 9 stretch)
``` ```
sudo apt-get install curl git gnupg2 dirmngr sudo apt-get install curl git gnupg2 dirmngr
``` ```
2. Install Latest Nix with GPG Verification 2. Install Latest Nix with GPG Verification
``` ```
curl -o install-nix https://nixos.org/nix/install curl -o install-nix https://nixos.org/nix/install
curl -o install-nix.sig https://nixos.org/nix/install.sig curl -o install-nix.sig https://nixos.org/nix/install.sig
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
gpg2 --verify ./install-nix.sig gpg2 --verify ./install-nix.sig
sh ./install-nix --daemon sh ./install-nix --daemon
. /home/user/.nix-profile/etc/profile.d/nix.sh . /home/user/.nix-profile/etc/profile.d/nix.sh
``` ```
Then follow the instructions. Open a new terminal window when you're done. Then follow the instructions. Open a new terminal window when you're done.
If you get an error similar to If you get an error similar to
``` ```
error: cloning builder process: Operation not permitted error: cloning builder process: Operation not permitted
error: unable to start build process error: unable to start build process
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile /tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
``` ```
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script. you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
3. Optional: Disallow substitutes 3. Optional: Disallow substitutes
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source. You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
This eliminates an attack vector where nix's build server or binary cache is compromised. This eliminates an attack vector where nix's build server or binary cache is compromised.
4. Clone this project 4. Clone this project
``` ```
cd cd
git clone https://github.com/fort-nix/nix-bitcoin git clone https://github.com/fort-nix/nix-bitcoin
cd ~/nix-bitcoin cd ~/nix-bitcoin
``` ```
5. Create network file 5. Create network file
``` ```
nano network/network-nixos.nix nano network/network-nixos.nix
``` ```
``` ```
{ {
bitcoin-node = bitcoin-node =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ deployment.targetHost = "1.2.3.4"; { deployment.targetHost = "1.2.3.4";
}; };
} }
``` ```
Replace 1.2.3.4 with NixOS machine's IP address. Replace 1.2.3.4 with NixOS machine's IP address.
6. Edit `configuration.nix` 6. Edit `configuration.nix`
``` ```
nano configuration.nix nano configuration.nix
``` ```
Uncomment `./hardware-configuration.nix` line by removing #. Uncomment `./hardware-configuration.nix` line by removing #.
7. Create `hardware-configuration.nix` 7. Create `hardware-configuration.nix`
``` ```
nano hardware-configuration.nix nano hardware-configuration.nix
``` ```
Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file. Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file.
8. Add boot option to `hardware-configuration.nix` 8. Add boot option to `hardware-configuration.nix`
Option 1: Enable systemd boot for UEFI Option 1: Enable systemd boot for UEFI
``` ```
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
``` ```
Option 2: Set grub device for Legacy Boot (MBR) Option 2: Set grub device for Legacy Boot (MBR)
``` ```
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
``` ```
9. Setup environment 9. Setup environment
``` ```
nix-shell nix-shell
``` ```
This will set up your nix-bitcoin environment and might take a while without giving an output. This will set up your nix-bitcoin environment and might take a while without giving an output.
10. Create nixops deployment in nix-shell. 10. Create nixops deployment in nix-shell.
``` ```
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
``` ```
11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`. 11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
12. Deploy Nixops in nix-shell 12. Deploy Nixops in nix-shell
``` ```
nixops deploy -d bitcoin-node nixops deploy -d bitcoin-node
``` ```
This will now create a nix-bitcoin node on the target machine. This will now create a nix-bitcoin node on the target machine.
13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with 13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
``` ```
nixops ssh operator@bitcoin-node nixops ssh operator@bitcoin-node
``` ```
See [usage.md](usage.md) for usage instructions, such as how to update. See [usage.md](usage.md) for usage instructions, such as how to update.

View File

@ -5,24 +5,24 @@ Run `git pull` in the nix-bitcoin directory, enter the nix shell with `nix-shell
### Verifying GPG Signatures (recommended) ### Verifying GPG Signatures (recommended)
1. Import jonasnick's gpg key 1. Import jonasnick's gpg key
``` ```
gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
``` ```
2. Trust jonasnick's gpg key 2. Trust jonasnick's gpg key
``` ```
gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366 gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
trust trust
4 4
quit quit
``` ```
3. Verify commit after `git pull` 3. Verify commit after `git pull`
``` ```
git verify-commit <hash of latest commit> git verify-commit <hash of latest commit>
``` ```
Nodeinfo Nodeinfo
--- ---
@ -36,45 +36,45 @@ Connect to spark-wallet
* [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet) * [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet)
1. Enable spark-wallet in `configuration.nix` 1. Enable spark-wallet in `configuration.nix`
Change Change
``` ```
# services.spark-wallet.enable = true; # services.spark-wallet.enable = true;
``` ```
to to
``` ```
services.spark-wallet.enable = true; services.spark-wallet.enable = true;
``` ```
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
``` ```
nixops deploy -d bitcoin-node nixops deploy -d bitcoin-node
``` ```
3. Enable Orbot VPN for spark-wallet 3. Enable Orbot VPN for spark-wallet
``` ```
Open Orbot app Open Orbot app
Turn on "VPN Mode" Turn on "VPN Mode"
Select Gear icon under "Tor-Enabled Apps" Select Gear icon under "Tor-Enabled Apps"
Toggle checkbox under Spark icon Toggle checkbox under Spark icon
``` ```
4. Get the onion address, access key and QR access code for the spark wallet android app 4. Get the onion address, access key and QR access code for the spark wallet android app
``` ```
journalctl -eu spark-wallet journalctl -eu spark-wallet
``` ```
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors. Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
5. Connect to spark-wallet android app 5. Connect to spark-wallet android app
``` ```
Server Settings Server Settings
Scan QR Scan QR
Done Done
``` ```
Connect to electrs Connect to electrs
--- ---
@ -88,90 +88,90 @@ Connect to electrs
* [Electrum](https://electrum.org/#download) installed * [Electrum](https://electrum.org/#download) installed
1. Enable electrs in `configuration.nix` 1. Enable electrs in `configuration.nix`
Change Change
``` ```
# services.electrs.enable = true; # services.electrs.enable = true;
``` ```
to to
``` ```
services.electrs.enable = true; services.electrs.enable = true;
``` ```
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
``` ```
nixops deploy -d bitcoin-node nixops deploy -d bitcoin-node
``` ```
3. Get electrs onion address 3. Get electrs onion address
``` ```
nodeinfo | grep 'ELECTRS_ONION' nodeinfo | grep 'ELECTRS_ONION'
``` ```
4. Connect to electrs 4. Connect to electrs
On electrum wallet laptop On electrum wallet laptop
``` ```
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050 electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
``` ```
On electrum android phone On electrum android phone
``` ```
Three dots in the upper-right-hand corner Three dots in the upper-right-hand corner
Network Network
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050 Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
Ok Ok
Server Server
Host: <ELECTRS_ONION>, Port: 50002 Host: <ELECTRS_ONION>, Port: 50002
Ok Ok
Auto-connect: OFF Auto-connect: OFF
One-server mode: ON One-server mode: ON
``` ```
Connect to nix-bitcoin node through ssh Tor Hidden Service Connect to nix-bitcoin node through ssh Tor Hidden Service
--- ---
1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION` 1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION`
``` ```
nixops ssh operator@bitcoin-node nixops ssh operator@bitcoin-node
nodeinfo | grep 'SSHD_ONION' nodeinfo | grep 'SSHD_ONION'
``` ```
2. Create a SSH key 2. Create a SSH key
``` ```
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
``` ```
3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so 3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so
``` ```
# FIXME: Add your SSH pubkey # FIXME: Add your SSH pubkey
services.openssh.enable = true; services.openssh.enable = true;
users.users.root = { users.users.root = {
openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ]; openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ];
}; };
``` ```
4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server 4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server
``` ```
ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION] ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION]
``` ```
5. Edit your `network-nixos.nix` to look like this 5. Edit your `network-nixos.nix` to look like this
``` ```
{ {
bitcoin-node = bitcoin-node =
{ config, pkgs, ... }: { config, pkgs, ... }:
{ deployment.targetHost = "127.0.0.1"; { deployment.targetHost = "127.0.0.1";
deployment.targetPort = [random port of your choosing]; deployment.targetPort = [random port of your choosing];
}; };
} }
``` ```
6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security. 6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security.
@ -180,64 +180,64 @@ Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
1. Enable Trezor in `configuration.nix` 1. Enable Trezor in `configuration.nix`
Change Change
``` ```
# services.hardware-wallets.trezor = true; # services.hardware-wallets.trezor = true;
``` ```
to to
``` ```
services.hardware-wallets.trezor = true; services.hardware-wallets.trezor = true;
``` ```
2. Deploy new `configuration.nix` 2. Deploy new `configuration.nix`
``` ```
nixops deploy -d bitcoin-node nixops deploy -d bitcoin-node
``` ```
3. Check that your nix-bitcoin node recognizes your Trezor 3. Check that your nix-bitcoin node recognizes your Trezor
``` ```
nixops ssh operator@bitcoin-node nixops ssh operator@bitcoin-node
lsusb lsusb
``` ```
Should show something relating to your Trezor Should show something relating to your Trezor
4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode 4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode
Trezor v1 Trezor v1
``` ```
Plug in your Trezor with both buttons depressed Plug in your Trezor with both buttons depressed
``` ```
Trezor v2 Trezor v2
``` ```
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
``` ```
5. If your Trezor's firmware is outdated: Update your Trezor's firmware 5. If your Trezor's firmware is outdated: Update your Trezor's firmware
``` ```
trezorctl firmware-update trezorctl firmware-update
``` ```
Follow the on-screen instructions Follow the on-screen instructions
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.** **Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
6. If your Trezor is not yet initialized: Set up your Trezor 6. If your Trezor is not yet initialized: Set up your Trezor
``` ```
trezorctl reset-device -p trezorctl reset-device -p
``` ```
Follow the on-screen instructions Follow the on-screen instructions
7. Find your Trezor 7. Find your Trezor
``` ```
hwi enumerate hwi enumerate
hwi -t trezor -d <path from previous command> promptpin hwi -t trezor -d <path from previous command> promptpin
hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen> hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen>
hwi enumerate hwi enumerate
``` ```
8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node 8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node