docs: Replace tabs with spaces
This commit is contained in:
parent
8aa4714979
commit
455c5664c9
458
docs/install.md
458
docs/install.md
@ -18,35 +18,35 @@ The following steps are meant to be run on the machine you deploy from, not the
|
|||||||
|
|
||||||
1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch)
|
1. Add virtualbox.list to /etc/apt/sources.list.d (Debian 9 stretch)
|
||||||
|
|
||||||
```
|
```
|
||||||
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
|
echo "deb http://download.virtualbox.org/virtualbox/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Add Oracle VirtualBox public key
|
2. Add Oracle VirtualBox public key
|
||||||
|
|
||||||
```
|
```
|
||||||
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
|
wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
|
||||||
gpg2 oracle_vbox_2016.asc
|
gpg2 oracle_vbox_2016.asc
|
||||||
```
|
```
|
||||||
|
|
||||||
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
|
Proceed _only_ if fingerprint reads B9F8 D658 297A F3EF C18D 5CDF A2F6 83C5 2980 AECF
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo apt-key add oracle_vbox_2016.asc
|
sudo apt-key add oracle_vbox_2016.asc
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Install virtualbox-5.2
|
3. Install virtualbox-5.2
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get install virtualbox-5.2
|
sudo apt-get install virtualbox-5.2
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Create Host Adapter in VirtualBox
|
3. Create Host Adapter in VirtualBox
|
||||||
|
|
||||||
```
|
```
|
||||||
vboxmanage hostonlyif create
|
vboxmanage hostonlyif create
|
||||||
```
|
```
|
||||||
|
|
||||||
## 2. Nix installation
|
## 2. Nix installation
|
||||||
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
||||||
@ -54,75 +54,75 @@ You can also build Nix from source by following the instructions at https://nixo
|
|||||||
|
|
||||||
1. Install Dependencies (Debian 9 stretch)
|
1. Install Dependencies (Debian 9 stretch)
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo apt-get install curl git gnupg2 dirmngr
|
sudo apt-get install curl git gnupg2 dirmngr
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Install latest Nix in "multi-user mode" with GPG Verification
|
2. Install latest Nix in "multi-user mode" with GPG Verification
|
||||||
|
|
||||||
```
|
```
|
||||||
curl -o install-nix https://nixos.org/nix/install
|
curl -o install-nix https://nixos.org/nix/install
|
||||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||||
gpg2 --verify ./install-nix.sig
|
gpg2 --verify ./install-nix.sig
|
||||||
sh ./install-nix --daemon
|
sh ./install-nix --daemon
|
||||||
```
|
```
|
||||||
|
|
||||||
Then follow the instructions. Open a new terminal window when you're done.
|
Then follow the instructions. Open a new terminal window when you're done.
|
||||||
|
|
||||||
If you get an error similar to
|
If you get an error similar to
|
||||||
```
|
```
|
||||||
error: cloning builder process: Operation not permitted
|
error: cloning builder process: Operation not permitted
|
||||||
error: unable to start build process
|
error: unable to start build process
|
||||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||||
```
|
```
|
||||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||||
|
|
||||||
3. Optional: Disallow substitutes
|
3. Optional: Disallow substitutes
|
||||||
|
|
||||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||||
|
|
||||||
|
|
||||||
## 3. Nixops deployment
|
## 3. Nixops deployment
|
||||||
|
|
||||||
1. Clone this project
|
1. Clone this project
|
||||||
|
|
||||||
```
|
```
|
||||||
cd
|
cd
|
||||||
git clone https://github.com/fort-nix/nix-bitcoin
|
git clone https://github.com/fort-nix/nix-bitcoin
|
||||||
cd ~/nix-bitcoin
|
cd ~/nix-bitcoin
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Setup environment
|
2. Setup environment
|
||||||
|
|
||||||
```
|
```
|
||||||
nix-shell
|
nix-shell
|
||||||
```
|
```
|
||||||
|
|
||||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||||
|
|
||||||
3. Create nixops deployment in nix-shell.
|
3. Create nixops deployment in nix-shell.
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops create network/network.nix network/network-vbox.nix -d bitcoin-node
|
nixops create network/network.nix network/network-vbox.nix -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
4. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||||
|
|
||||||
5. Deploy Nixops in nix-shell
|
5. Deploy Nixops in nix-shell
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops deploy -d bitcoin-node
|
nixops deploy -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
This will now create a nix-bitcoin node on the target machine.
|
This will now create a nix-bitcoin node on the target machine.
|
||||||
|
|
||||||
6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
6. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops ssh operator@bitcoin-node
|
nixops ssh operator@bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
See [usage.md](usage.md) for usage instructions, such as how to update.
|
See [usage.md](usage.md) for usage instructions, such as how to update.
|
||||||
|
|
||||||
@ -138,15 +138,15 @@ Tutorial: install and configure NixOS for nix-bitcoin on VirtualBox (macOS host)
|
|||||||
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
The following steps are meant to be run on the machine you deploy from, not the machine you deploy to.
|
||||||
|
|
||||||
1. Download and install VirtualBox
|
1. Download and install VirtualBox
|
||||||
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
|
Use the official Downloads page: [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)
|
||||||
|
|
||||||
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
|
Make sure that the installer you download shows a lock icon in the top right corner to make sure it is signed by Oracle.
|
||||||
|
|
||||||
2. Create Host Adapter in VirtualBox
|
2. Create Host Adapter in VirtualBox
|
||||||
|
|
||||||
```
|
```
|
||||||
vboxmanage hostonlyif create
|
vboxmanage hostonlyif create
|
||||||
```
|
```
|
||||||
|
|
||||||
## 2. Nix installation (macOS)
|
## 2. Nix installation (macOS)
|
||||||
|
|
||||||
@ -157,20 +157,20 @@ In order to build binaries for your linux (NixOS) virtual machine on a macOS hos
|
|||||||
|
|
||||||
1. Installation
|
1. Installation
|
||||||
|
|
||||||
```
|
```
|
||||||
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
|
nix-env -i /nix/store/jgq3savsyyrpsxvjlrz41nx09z7r0lch-linuxkit-builder
|
||||||
nix-linuxkit-configure
|
nix-linuxkit-configure
|
||||||
```
|
```
|
||||||
|
|
||||||
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
|
You may want to use `nix-linuxkit-configure -c 4` to give the builder 4 CPUs.
|
||||||
|
|
||||||
2. Confirm that nix-linuxkit works
|
2. Confirm that nix-linuxkit works
|
||||||
|
|
||||||
```
|
```
|
||||||
nix-build ~/.cache/nix-linuxkit-builder/example.nix
|
nix-build ~/.cache/nix-linuxkit-builder/example.nix
|
||||||
```
|
```
|
||||||
|
|
||||||
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
|
As the installer says, run a `nix-build` to make sure that you are able to build linux binaries. The `example.nix` is specifically configured to force a x86_64-linux build. Remove the generated `result` folder afterwards.
|
||||||
|
|
||||||
## 4. Nixops deployment (macOS)
|
## 4. Nixops deployment (macOS)
|
||||||
|
|
||||||
@ -195,53 +195,53 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
|||||||
|
|
||||||
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
|
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
wget https://releases.nixos.org/nixos/19.09/nixos-19.09.2284.bf7c0f0461e/nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||||
sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
sha256sum nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso
|
||||||
# output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e
|
# output: 9768eb945bef410fccfb82cb3d2e7ce7c02c3430aed0f2f1527273cb080fff3e
|
||||||
```
|
```
|
||||||
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
||||||
|
|
||||||
2. Write NixOS iso to install media (USB/CD). For example:
|
2. Write NixOS iso to install media (USB/CD). For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX
|
cp nixos-minimal-19.09.2284.bf7c0f0461e-x86_64-linux.iso /dev/sdX
|
||||||
```
|
```
|
||||||
|
|
||||||
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
|
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
|
||||||
|
|
||||||
3. Boot the system
|
3. Boot the system
|
||||||
|
|
||||||
You will have to find out if your hardware uses UEFI or Legacy Boot for the next step.
|
You will have to find out if your hardware uses UEFI or Legacy Boot for the next step.
|
||||||
|
|
||||||
4. Option 1: Partition and format for UEFI
|
4. Option 1: Partition and format for UEFI
|
||||||
|
|
||||||
```
|
```
|
||||||
parted /dev/sda -- mklabel gpt
|
parted /dev/sda -- mklabel gpt
|
||||||
parted /dev/sda -- mkpart primary 512MiB -8GiB
|
parted /dev/sda -- mkpart primary 512MiB -8GiB
|
||||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||||
parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
parted /dev/sda -- mkpart ESP fat32 1MiB 512MiB
|
||||||
parted /dev/sda -- set 3 boot on
|
parted /dev/sda -- set 3 boot on
|
||||||
mkfs.ext4 -L nixos /dev/sda1
|
mkfs.ext4 -L nixos /dev/sda1
|
||||||
mkswap -L swap /dev/sda2
|
mkswap -L swap /dev/sda2
|
||||||
mkfs.fat -F 32 -n boot /dev/sda3
|
mkfs.fat -F 32 -n boot /dev/sda3
|
||||||
mount /dev/disk/by-label/nixos /mnt
|
mount /dev/disk/by-label/nixos /mnt
|
||||||
mkdir -p /mnt/boot
|
mkdir -p /mnt/boot
|
||||||
mount /dev/disk/by-label/boot /mnt/boot
|
mount /dev/disk/by-label/boot /mnt/boot
|
||||||
swapon /dev/sda2
|
swapon /dev/sda2
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Option 2: Partition and format for Legacy Boot (MBR)
|
4. Option 2: Partition and format for Legacy Boot (MBR)
|
||||||
|
|
||||||
```
|
```
|
||||||
parted /dev/sda -- mklabel msdos
|
parted /dev/sda -- mklabel msdos
|
||||||
parted /dev/sda -- mkpart primary 1MiB -8GiB
|
parted /dev/sda -- mkpart primary 1MiB -8GiB
|
||||||
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%
|
||||||
mkfs.ext4 -L nixos /dev/sda1
|
mkfs.ext4 -L nixos /dev/sda1
|
||||||
mkswap -L swap /dev/sda2
|
mkswap -L swap /dev/sda2
|
||||||
mount /dev/disk/by-label/nixos /mnt
|
mount /dev/disk/by-label/nixos /mnt
|
||||||
swapon /dev/sda2
|
swapon /dev/sda2
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Option 3: Set up encrypted partitions:
|
4. Option 3: Set up encrypted partitions:
|
||||||
|
|
||||||
@ -249,76 +249,76 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
|||||||
|
|
||||||
5. Generate NixOS config
|
5. Generate NixOS config
|
||||||
|
|
||||||
```
|
```
|
||||||
nixos-generate-config --root /mnt
|
nixos-generate-config --root /mnt
|
||||||
nano /mnt/etc/nixos/configuration.nix
|
nano /mnt/etc/nixos/configuration.nix
|
||||||
```
|
```
|
||||||
|
|
||||||
Option 1: Edit NixOS configuration for UEFI
|
Option 1: Edit NixOS configuration for UEFI
|
||||||
|
|
||||||
```
|
```
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
|
||||||
# Note: setting fileSystems is generally not
|
# Note: setting fileSystems is generally not
|
||||||
# necessary, since nixos-generate-config figures them out
|
# necessary, since nixos-generate-config figures them out
|
||||||
# automatically in hardware-configuration.nix.
|
# automatically in hardware-configuration.nix.
|
||||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||||
|
|
||||||
# Enable the OpenSSH server.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
permitRootLogin = "yes";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Option 2: Edit NixOS configuration for Legacy Boot (MBR)
|
# Enable the OpenSSH server.
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
permitRootLogin = "yes";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
```
|
Option 2: Edit NixOS configuration for Legacy Boot (MBR)
|
||||||
{ config, pkgs, ... }: {
|
|
||||||
imports = [
|
```
|
||||||
# Include the results of the hardware scan.
|
{ config, pkgs, ... }: {
|
||||||
./hardware-configuration.nix
|
imports = [
|
||||||
];
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
boot.loader.grub.device = "/dev/sda";
|
];
|
||||||
|
|
||||||
# Note: setting fileSystems is generally not
|
boot.loader.grub.device = "/dev/sda";
|
||||||
# necessary, since nixos-generate-config figures them out
|
|
||||||
# automatically in hardware-configuration.nix.
|
# Note: setting fileSystems is generally not
|
||||||
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
# necessary, since nixos-generate-config figures them out
|
||||||
|
# automatically in hardware-configuration.nix.
|
||||||
# Enable the OpenSSH server.
|
#fileSystems."/".device = "/dev/disk/by-label/nixos";
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
# Enable the OpenSSH server.
|
||||||
permitRootLogin = "yes";
|
services.openssh = {
|
||||||
};
|
enable = true;
|
||||||
}
|
permitRootLogin = "yes";
|
||||||
```
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
6. Do the installation
|
6. Do the installation
|
||||||
|
|
||||||
```
|
```
|
||||||
nixos-install
|
nixos-install
|
||||||
```
|
```
|
||||||
Set root password
|
Set root password
|
||||||
```
|
```
|
||||||
setting root password...
|
setting root password...
|
||||||
Enter new UNIX password:
|
Enter new UNIX password:
|
||||||
Retype new UNIX password:
|
Retype new UNIX password:
|
||||||
```
|
```
|
||||||
|
|
||||||
7. If everything went well
|
7. If everything went well
|
||||||
|
|
||||||
```
|
```
|
||||||
reboot
|
reboot
|
||||||
```
|
```
|
||||||
|
|
||||||
## 2. nix-bitcoin installation
|
## 2. nix-bitcoin installation
|
||||||
|
|
||||||
@ -327,115 +327,115 @@ You can also build Nix from source by following the instructions at https://nixo
|
|||||||
|
|
||||||
1. Install Dependencies (Debian 9 stretch)
|
1. Install Dependencies (Debian 9 stretch)
|
||||||
|
|
||||||
```
|
```
|
||||||
sudo apt-get install curl git gnupg2 dirmngr
|
sudo apt-get install curl git gnupg2 dirmngr
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Install Latest Nix with GPG Verification
|
2. Install Latest Nix with GPG Verification
|
||||||
|
|
||||||
```
|
```
|
||||||
curl -o install-nix https://nixos.org/nix/install
|
curl -o install-nix https://nixos.org/nix/install
|
||||||
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
curl -o install-nix.sig https://nixos.org/nix/install.sig
|
||||||
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
gpg2 --recv-keys B541D55301270E0BCF15CA5D8170B4726D7198DE
|
||||||
gpg2 --verify ./install-nix.sig
|
gpg2 --verify ./install-nix.sig
|
||||||
sh ./install-nix --daemon
|
sh ./install-nix --daemon
|
||||||
. /home/user/.nix-profile/etc/profile.d/nix.sh
|
. /home/user/.nix-profile/etc/profile.d/nix.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
Then follow the instructions. Open a new terminal window when you're done.
|
Then follow the instructions. Open a new terminal window when you're done.
|
||||||
|
|
||||||
If you get an error similar to
|
If you get an error similar to
|
||||||
```
|
```
|
||||||
error: cloning builder process: Operation not permitted
|
error: cloning builder process: Operation not permitted
|
||||||
error: unable to start build process
|
error: unable to start build process
|
||||||
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
/tmp/nix-binary-tarball-unpack.hqawN4uSPr/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile
|
||||||
```
|
```
|
||||||
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
you're likely not installing as multi-user because you forgot to pass the `--daemon` flag to the install script.
|
||||||
|
|
||||||
3. Optional: Disallow substitutes
|
3. Optional: Disallow substitutes
|
||||||
|
|
||||||
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
You can put `substitute = false` to your `nix.conf` usually found in `/etc/nix/` to build the packages from source.
|
||||||
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
This eliminates an attack vector where nix's build server or binary cache is compromised.
|
||||||
|
|
||||||
4. Clone this project
|
4. Clone this project
|
||||||
|
|
||||||
```
|
```
|
||||||
cd
|
cd
|
||||||
git clone https://github.com/fort-nix/nix-bitcoin
|
git clone https://github.com/fort-nix/nix-bitcoin
|
||||||
cd ~/nix-bitcoin
|
cd ~/nix-bitcoin
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Create network file
|
5. Create network file
|
||||||
|
|
||||||
```
|
```
|
||||||
nano network/network-nixos.nix
|
nano network/network-nixos.nix
|
||||||
```
|
```
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
bitcoin-node =
|
bitcoin-node =
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{ deployment.targetHost = "1.2.3.4";
|
{ deployment.targetHost = "1.2.3.4";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Replace 1.2.3.4 with NixOS machine's IP address.
|
Replace 1.2.3.4 with NixOS machine's IP address.
|
||||||
|
|
||||||
6. Edit `configuration.nix`
|
6. Edit `configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
nano configuration.nix
|
nano configuration.nix
|
||||||
```
|
```
|
||||||
|
|
||||||
Uncomment `./hardware-configuration.nix` line by removing #.
|
Uncomment `./hardware-configuration.nix` line by removing #.
|
||||||
|
|
||||||
7. Create `hardware-configuration.nix`
|
7. Create `hardware-configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
nano hardware-configuration.nix
|
nano hardware-configuration.nix
|
||||||
```
|
```
|
||||||
Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file.
|
Copy contents of NixOS machine's `/etc/nixos/hardware-configuration.nix` to file.
|
||||||
|
|
||||||
8. Add boot option to `hardware-configuration.nix`
|
8. Add boot option to `hardware-configuration.nix`
|
||||||
|
|
||||||
Option 1: Enable systemd boot for UEFI
|
Option 1: Enable systemd boot for UEFI
|
||||||
```
|
```
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
```
|
```
|
||||||
Option 2: Set grub device for Legacy Boot (MBR)
|
Option 2: Set grub device for Legacy Boot (MBR)
|
||||||
```
|
```
|
||||||
boot.loader.grub.device = "/dev/sda";
|
boot.loader.grub.device = "/dev/sda";
|
||||||
```
|
```
|
||||||
|
|
||||||
9. Setup environment
|
9. Setup environment
|
||||||
|
|
||||||
```
|
```
|
||||||
nix-shell
|
nix-shell
|
||||||
```
|
```
|
||||||
|
|
||||||
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
This will set up your nix-bitcoin environment and might take a while without giving an output.
|
||||||
|
|
||||||
10. Create nixops deployment in nix-shell.
|
10. Create nixops deployment in nix-shell.
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
|
nixops create network/network.nix network/network-nixos.nix -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
11. Adjust configuration by opening `configuration.nix` and removing FIXMEs. Enable/disable the modules you want in `configuration.nix`.
|
||||||
|
|
||||||
12. Deploy Nixops in nix-shell
|
12. Deploy Nixops in nix-shell
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops deploy -d bitcoin-node
|
nixops deploy -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
This will now create a nix-bitcoin node on the target machine.
|
This will now create a nix-bitcoin node on the target machine.
|
||||||
|
|
||||||
13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
13. Nixops automatically creates an ssh key for use with `nixops ssh`. Access `bitcoin-node` through ssh in nix-shell with
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops ssh operator@bitcoin-node
|
nixops ssh operator@bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
See [usage.md](usage.md) for usage instructions, such as how to update.
|
See [usage.md](usage.md) for usage instructions, such as how to update.
|
||||||
|
274
docs/usage.md
274
docs/usage.md
@ -5,24 +5,24 @@ Run `git pull` in the nix-bitcoin directory, enter the nix shell with `nix-shell
|
|||||||
### Verifying GPG Signatures (recommended)
|
### Verifying GPG Signatures (recommended)
|
||||||
1. Import jonasnick's gpg key
|
1. Import jonasnick's gpg key
|
||||||
|
|
||||||
```
|
```
|
||||||
gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
gpg2 --receive-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Trust jonasnick's gpg key
|
2. Trust jonasnick's gpg key
|
||||||
|
|
||||||
```
|
```
|
||||||
gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
gpg2 --edit-key 36C71A37C9D988BDE82508D9B1A70E4F8DCD0366
|
||||||
trust
|
trust
|
||||||
4
|
4
|
||||||
quit
|
quit
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Verify commit after `git pull`
|
3. Verify commit after `git pull`
|
||||||
|
|
||||||
```
|
```
|
||||||
git verify-commit <hash of latest commit>
|
git verify-commit <hash of latest commit>
|
||||||
```
|
```
|
||||||
|
|
||||||
Nodeinfo
|
Nodeinfo
|
||||||
---
|
---
|
||||||
@ -36,45 +36,45 @@ Connect to spark-wallet
|
|||||||
* [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet)
|
* [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet)
|
||||||
|
|
||||||
1. Enable spark-wallet in `configuration.nix`
|
1. Enable spark-wallet in `configuration.nix`
|
||||||
|
|
||||||
Change
|
Change
|
||||||
```
|
```
|
||||||
# services.spark-wallet.enable = true;
|
# services.spark-wallet.enable = true;
|
||||||
```
|
```
|
||||||
to
|
to
|
||||||
```
|
```
|
||||||
services.spark-wallet.enable = true;
|
services.spark-wallet.enable = true;
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Deploy new `configuration.nix`
|
2. Deploy new `configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops deploy -d bitcoin-node
|
nixops deploy -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Enable Orbot VPN for spark-wallet
|
3. Enable Orbot VPN for spark-wallet
|
||||||
|
|
||||||
```
|
```
|
||||||
Open Orbot app
|
Open Orbot app
|
||||||
Turn on "VPN Mode"
|
Turn on "VPN Mode"
|
||||||
Select Gear icon under "Tor-Enabled Apps"
|
Select Gear icon under "Tor-Enabled Apps"
|
||||||
Toggle checkbox under Spark icon
|
Toggle checkbox under Spark icon
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Get the onion address, access key and QR access code for the spark wallet android app
|
4. Get the onion address, access key and QR access code for the spark wallet android app
|
||||||
|
|
||||||
```
|
```
|
||||||
journalctl -eu spark-wallet
|
journalctl -eu spark-wallet
|
||||||
```
|
```
|
||||||
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
|
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlightning the entire output to invert the colors.
|
||||||
|
|
||||||
5. Connect to spark-wallet android app
|
5. Connect to spark-wallet android app
|
||||||
|
|
||||||
```
|
```
|
||||||
Server Settings
|
Server Settings
|
||||||
Scan QR
|
Scan QR
|
||||||
Done
|
Done
|
||||||
```
|
```
|
||||||
|
|
||||||
Connect to electrs
|
Connect to electrs
|
||||||
---
|
---
|
||||||
@ -88,90 +88,90 @@ Connect to electrs
|
|||||||
* [Electrum](https://electrum.org/#download) installed
|
* [Electrum](https://electrum.org/#download) installed
|
||||||
|
|
||||||
1. Enable electrs in `configuration.nix`
|
1. Enable electrs in `configuration.nix`
|
||||||
|
|
||||||
Change
|
Change
|
||||||
```
|
```
|
||||||
# services.electrs.enable = true;
|
# services.electrs.enable = true;
|
||||||
```
|
```
|
||||||
to
|
to
|
||||||
```
|
```
|
||||||
services.electrs.enable = true;
|
services.electrs.enable = true;
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Deploy new `configuration.nix`
|
2. Deploy new `configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops deploy -d bitcoin-node
|
nixops deploy -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Get electrs onion address
|
3. Get electrs onion address
|
||||||
|
|
||||||
```
|
```
|
||||||
nodeinfo | grep 'ELECTRS_ONION'
|
nodeinfo | grep 'ELECTRS_ONION'
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Connect to electrs
|
4. Connect to electrs
|
||||||
|
|
||||||
On electrum wallet laptop
|
On electrum wallet laptop
|
||||||
```
|
```
|
||||||
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
|
electrum --oneserver --server=<ELECTRS_ONION>:50002:s --proxy=socks5:localhost:9050
|
||||||
```
|
```
|
||||||
|
|
||||||
On electrum android phone
|
On electrum android phone
|
||||||
```
|
```
|
||||||
Three dots in the upper-right-hand corner
|
Three dots in the upper-right-hand corner
|
||||||
Network
|
Network
|
||||||
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
Proxy mode: socks5, Host: 127.0.0.1, Port: 9050
|
||||||
Ok
|
Ok
|
||||||
Server
|
Server
|
||||||
Host: <ELECTRS_ONION>, Port: 50002
|
Host: <ELECTRS_ONION>, Port: 50002
|
||||||
Ok
|
Ok
|
||||||
Auto-connect: OFF
|
Auto-connect: OFF
|
||||||
One-server mode: ON
|
One-server mode: ON
|
||||||
```
|
```
|
||||||
|
|
||||||
Connect to nix-bitcoin node through ssh Tor Hidden Service
|
Connect to nix-bitcoin node through ssh Tor Hidden Service
|
||||||
---
|
---
|
||||||
1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION`
|
1. Run `nodeinfo` on your nix-bitcoin node and note the `SSHD_ONION`
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops ssh operator@bitcoin-node
|
nixops ssh operator@bitcoin-node
|
||||||
nodeinfo | grep 'SSHD_ONION'
|
nodeinfo | grep 'SSHD_ONION'
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Create a SSH key
|
2. Create a SSH key
|
||||||
|
|
||||||
```
|
```
|
||||||
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
|
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so
|
3. Place the ed25519 key's fingerprint in the `configuration.nix` `openssh.authorizedKeys.keys` field like so
|
||||||
|
|
||||||
```
|
```
|
||||||
# FIXME: Add your SSH pubkey
|
# FIXME: Add your SSH pubkey
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
users.users.root = {
|
users.users.root = {
|
||||||
openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ];
|
openssh.authorizedKeys.keys = [ "[contents of ~/.ssh/id_ed25519.pub]" ];
|
||||||
};
|
};
|
||||||
```
|
```
|
||||||
|
|
||||||
4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server
|
4. Connect to your nix-bitcoin node's ssh Tor Hidden Service, forwarding a local port to the nix-bitcoin node's ssh server
|
||||||
|
|
||||||
```
|
```
|
||||||
ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION]
|
ssh -i ~/.ssh/id_ed25519 -L [random port of your choosing]:localhost:22 root@[your SSHD_ONION]
|
||||||
```
|
```
|
||||||
|
|
||||||
5. Edit your `network-nixos.nix` to look like this
|
5. Edit your `network-nixos.nix` to look like this
|
||||||
|
|
||||||
```
|
```
|
||||||
{
|
{
|
||||||
bitcoin-node =
|
bitcoin-node =
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
{ deployment.targetHost = "127.0.0.1";
|
{ deployment.targetHost = "127.0.0.1";
|
||||||
deployment.targetPort = [random port of your choosing];
|
deployment.targetPort = [random port of your choosing];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security.
|
6. Now you can run `nixops deploy -d bitcoin-node` and it will connect through the ssh tunnel you established in step iv. This also allows you to do more complex ssh setups that `nixops ssh` doesn't support. An example would be authenticating with [Trezor's ssh agent](https://github.com/romanz/trezor-agent), which provides extra security.
|
||||||
|
|
||||||
@ -180,64 +180,64 @@ Initialize a Trezor for Bitcoin Core's Hardware Wallet Interface
|
|||||||
|
|
||||||
1. Enable Trezor in `configuration.nix`
|
1. Enable Trezor in `configuration.nix`
|
||||||
|
|
||||||
Change
|
Change
|
||||||
```
|
```
|
||||||
# services.hardware-wallets.trezor = true;
|
# services.hardware-wallets.trezor = true;
|
||||||
```
|
```
|
||||||
to
|
to
|
||||||
```
|
```
|
||||||
services.hardware-wallets.trezor = true;
|
services.hardware-wallets.trezor = true;
|
||||||
```
|
```
|
||||||
|
|
||||||
2. Deploy new `configuration.nix`
|
2. Deploy new `configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops deploy -d bitcoin-node
|
nixops deploy -d bitcoin-node
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Check that your nix-bitcoin node recognizes your Trezor
|
3. Check that your nix-bitcoin node recognizes your Trezor
|
||||||
|
|
||||||
```
|
```
|
||||||
nixops ssh operator@bitcoin-node
|
nixops ssh operator@bitcoin-node
|
||||||
lsusb
|
lsusb
|
||||||
```
|
```
|
||||||
Should show something relating to your Trezor
|
Should show something relating to your Trezor
|
||||||
|
|
||||||
4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode
|
4. If your Trezor has outdated firmware or is not yet initialized: Start your Trezor in bootloader mode
|
||||||
|
|
||||||
Trezor v1
|
Trezor v1
|
||||||
```
|
```
|
||||||
Plug in your Trezor with both buttons depressed
|
Plug in your Trezor with both buttons depressed
|
||||||
```
|
```
|
||||||
|
|
||||||
Trezor v2
|
Trezor v2
|
||||||
```
|
```
|
||||||
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
|
Start swiping your finger across your Trezor's touchscreen and plug in the USB cable when your finger is halfway through
|
||||||
```
|
```
|
||||||
|
|
||||||
5. If your Trezor's firmware is outdated: Update your Trezor's firmware
|
5. If your Trezor's firmware is outdated: Update your Trezor's firmware
|
||||||
|
|
||||||
```
|
```
|
||||||
trezorctl firmware-update
|
trezorctl firmware-update
|
||||||
```
|
```
|
||||||
Follow the on-screen instructions
|
Follow the on-screen instructions
|
||||||
|
|
||||||
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
|
**Caution: This command _will_ wipe your Trezor. If you already store Bitcoin on it, only do this with the recovery seed nearby.**
|
||||||
|
|
||||||
6. If your Trezor is not yet initialized: Set up your Trezor
|
6. If your Trezor is not yet initialized: Set up your Trezor
|
||||||
|
|
||||||
```
|
```
|
||||||
trezorctl reset-device -p
|
trezorctl reset-device -p
|
||||||
```
|
```
|
||||||
Follow the on-screen instructions
|
Follow the on-screen instructions
|
||||||
|
|
||||||
7. Find your Trezor
|
7. Find your Trezor
|
||||||
|
|
||||||
```
|
```
|
||||||
hwi enumerate
|
hwi enumerate
|
||||||
hwi -t trezor -d <path from previous command> promptpin
|
hwi -t trezor -d <path from previous command> promptpin
|
||||||
hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen>
|
hwi -t trezor -d <path> sendpin <number positions for the PIN as displayed on your device's screen>
|
||||||
hwi enumerate
|
hwi enumerate
|
||||||
```
|
```
|
||||||
|
|
||||||
8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node
|
8. Follow Bitcoin Core's instructions on [Using Bitcoin Core with Hardware Wallets](https://github.com/bitcoin-core/HWI/blob/master/docs/bitcoin-core-usage.md) to use your Trezor with `bitcoin-cli` on your nix-bitcoin node
|
||||||
|
Loading…
Reference in New Issue
Block a user