greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge fort-nix/nix-bitcoin#539: Minor improvements

Browse Source 
67a573dae8 create-git-repo.sh: fix amend error if there's no branch checked out (Erik Arvstedt)
d9eecb7d4c nixos-search/flake: remove unused output (Erik Arvstedt)
4e70db14bc README: fix capitalization (Erik Arvstedt)
030be842c8 secrets: use fetchurl derivation (Erik Arvstedt)
1713e016a0 clightning-replication: clarify comment about FUSE mounts (Erik Arvstedt)
cd3878e357 delete modules/default.nix (Erik Arvstedt)
f2a4d1fe65 docs/security: fix typo (Erik Arvstedt)
3a65dc0dc9 docs/configuration: improve section `Remote bitcoind` (Erik Arvstedt)
af115d746b internal scripts: use pinned, cached pkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 67a573dae8

Tree-SHA512: 9ab2e9141793996eeae94cf2bb630491489a479841858187719fee9cf39e56b1db8bfc09f9466026b7409e160bb2047b374047ca4d2f7249077895c804663bd0
This commit is contained in:
Jonas Nick 2022-08-29 11:38:44 +00:00
commit 6145dc3032
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
21 changed files with 56 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cirrus.yml
View File

@ -39,4 +39,4 @@ task:
- name: shellcheck - name: shellcheck
build_script: build_script:
- nix shell --inputs-from . nixpkgs#{shellcheck,findutils,gnugrep} -c ./test/shellcheck.sh - ./test/shellcheck.sh

2
README.md
View File

@ -54,7 +54,7 @@ top left corner of the documents.
<!-- TODO-EXTERNAL: --> <!-- TODO-EXTERNAL: -->
<!-- Change query to `nix-bitcoin` when upstream search has been fixed --> <!-- Change query to `nix-bitcoin` when upstream search has been fixed -->
* [NixOS Options Search](https://search.nixos.org/flakes?channel=unstable&sort=relevance&type=options&query=bitcoin) * [NixOS options search](https://search.nixos.org/flakes?channel=unstable&sort=relevance&type=options&query=bitcoin)
* [Hardware requirements](docs/hardware.md) * [Hardware requirements](docs/hardware.md)
* [Installation](docs/install.md) * [Installation](docs/install.md)
* [Configuration and maintenance](docs/configuration.md) * [Configuration and maintenance](docs/configuration.md)

2
SECURITY.md
View File

@ -35,7 +35,7 @@ amounts.
The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold The nix-bitcoin developers [listed above](#reporting-a-vulnerability) each hold
one key to the multisig address and collectively form the nix-bitcoin developer one key to the multisig address and collectively form the nix-bitcoin developer
quorum: quorum.
### Eligible Vulnerabilities ### Eligible Vulnerabilities

4
default.nix
View File

@ -1,5 +1,3 @@
{ pkgs ? import <nixpkgs> {} }: { pkgs ? import <nixpkgs> {} }:
(import ./pkgs { inherit pkgs; }) // { import ./pkgs { inherit pkgs; }
modules = import ./modules;
}

17
docs/configuration.md
View File

@ -214,18 +214,15 @@ services.bitcoind = {
}; };
``` ```
If a `secure-node.nix` or `tor-enable.nix` preset is imported in your For each service that connects to bitcoind and has option
configuration or a `tor.enforce` option is explicitly enabled, you also need to `services.<service>.tor.enforce` enabled (either explicitly or by importing
allow remote connections for **every** service which needs to connect to the `secure-node.nix` or `enable-tor.nix`), you need to
remote bitcoind: allow the remote bitcoind connection:
```nix
``` systemd.services.<service>.serviceConfig.IPAddressAllow = [ ${services.bitcoind.rpc.address} ];
systemd.services.<service>.serviceConfig = {
IPAddressAllow = [ ${services.bitcoind.rpc.address} ];
};
``` ```
> Please note that configuration above applies only if the remote bitcoind **is > The above configuration is only required if the remote bitcoind **is
> not** accessed via Tor. > not** accessed via Tor.

20
helper/run-in-nix-env Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/env bash
# Usage:
# source "path/to/run-in-nix-env" "pkg1 pkg2 ..." "$@"
#
# Runs the calling script with pkgs1, pkg2, ... in PATH.
# The packages are sourced from the nixpkgs input of the nix-bitcoin root flake.
if [[ ${_NIX_BITCOIN_ENV_PKGS:-} != "$1" ]]; then
export _NIX_BITCOIN_ENV_PKGS=$1
shift
_shell_pkgs=()
for _pkg in $_NIX_BITCOIN_ENV_PKGS; do
_shell_pkgs+=("nixpkgs#$_pkg")
done
# BASH_SOURCE[0] is this file
# BASH_SOURCE[-1] is the root src file
exec nix shell --inputs-from "${BASH_SOURCE[0]%/*}/.." "${_shell_pkgs[@]}" -c "${BASH_SOURCE[-1]}" "$@"
fi

7
modules/clightning-replication.nix
View File

@ -143,8 +143,11 @@ in {
# We can't simply set `destDir` here because it might point to # We can't simply set `destDir` here because it might point to
# a FUSE mount. # a FUSE mount.
# FUSE mounts can only be set up as `ReadWritePaths` by systemd when they # FUSE mounts can only be set up as `ReadWritePaths` by systemd when they
# are accessible by root. This would require FUSE-mounting with option # are accessible by root.
# `allow_other`. # But FUSE mounts are only accessible by the mounting user and
# not by root.
# (This could be circumvented by FUSE-mounting `destDir` with option `allow_other`,
# but this would grant access to all users.)
(if useMounts then mountsDir else localDir) (if useMounts then mountsDir else localDir)
]; ];
}; };

14
modules/default.nix
View File

@ -1,14 +0,0 @@
{
modules = ./modules.nix;
bitcoind = ./bitcoind.nix;
clightning = ./clightning.nix;
default = ./default.nix;
electrs = ./electrs.nix;
liquid = ./liquid.nix;
presets.secure-node = ./presets/secure-node.nix;
rtl = ./rtl.nix;
spark-wallet = ./spark-wallet.nix;
lnd = ./lnd.nix;
charge-lnd = ./charge-lnd.nix;
joinmarket = ./joinmarket.nix;
}

2
modules/secrets/secrets.nix
View File

@ -73,7 +73,7 @@ let
generateSecretsScript = mkOption { generateSecretsScript = mkOption {
internal = true; internal = true;
default = let default = let
rpcauthSrc = builtins.fetchurl { rpcauthSrc = pkgs.fetchurl {
url = "https://raw.githubusercontent.com/bitcoin/bitcoin/d6cde007db9d3e6ee93bd98a9bbfdce9bfa9b15b/share/rpcauth/rpcauth.py"; url = "https://raw.githubusercontent.com/bitcoin/bitcoin/d6cde007db9d3e6ee93bd98a9bbfdce9bfa9b15b/share/rpcauth/rpcauth.py";
sha256 = "189mpplam6yzizssrgiyv70c9899ggh8cac76j4n7v0xqzfip07n"; sha256 = "189mpplam6yzizssrgiyv70c9899ggh8cac76j4n7v0xqzfip07n";
}; };

4
pkgs/clightning-plugins/get-sha256.sh
View File

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p git
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git" "$@"
archive_hash () { archive_hash () {
repo=$1 repo=$1

4
pkgs/clightning-rest/generate.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p gnupg wget gnused
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
version="0.9.0" version="0.9.0"
repo=https://github.com/Ride-The-Lightning/c-lightning-REST repo=https://github.com/Ride-The-Lightning/c-lightning-REST

4
pkgs/joinmarket/get-sha256.sh
View File

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p git gnupg
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
TMPDIR="$(mktemp -d -p /tmp)" TMPDIR="$(mktemp -d -p /tmp)"
trap 'rm -rf $TMPDIR' EXIT trap 'rm -rf $TMPDIR' EXIT

4
pkgs/krops/fetch-release.sh
View File

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p git
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git" "$@"
archive_hash () { archive_hash () {
repo=$1 repo=$1

4
pkgs/lndinit/get-sha256.sh
View File

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p git gnupg curl jq
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg curl jq" "$@"
TMPDIR=$(mktemp -d -p /tmp) TMPDIR=$(mktemp -d -p /tmp)
trap 'rm -rf $TMPDIR' EXIT trap 'rm -rf $TMPDIR' EXIT

4
pkgs/python-packages/python-bitcointx/get-sha256.sh
View File

@ -1,6 +1,6 @@
#! /usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p git gnupg
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../../helper/run-in-nix-env" "git gnupg" "$@"
TMPDIR=$(mktemp -d -p /tmp) TMPDIR=$(mktemp -d -p /tmp)
trap 'rm -rf $TMPDIR' EXIT trap 'rm -rf $TMPDIR' EXIT

4
pkgs/rtl/generate.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p gnupg wget gnused
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
version="0.13.1" version="0.13.1"
repo=https://github.com/Ride-The-Lightning/RTL repo=https://github.com/Ride-The-Lightning/RTL

4
pkgs/spark-wallet/generate.sh
View File

@ -1,6 +1,6 @@
#!/usr/bin/env nix-shell #!/usr/bin/env bash
#! nix-shell -i bash -p nodePackages.node2nix gnupg wget jq moreutils gnused
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "nodePackages.node2nix gnupg wget jq moreutils gnused" "$@"
TMPDIR=$(mktemp -d -p /tmp) TMPDIR=$(mktemp -d -p /tmp)
trap 'rm -rf $TMPDIR' EXIT trap 'rm -rf $TMPDIR' EXIT

2
test/lib/create-git-repo.sh
View File

@ -4,7 +4,7 @@
cd "$scriptDir/.." cd "$scriptDir/.."
amend=--amend amend=--amend
if [[ ! -e .git ]]; then if [[ ! -e .git ]] || ! git rev-parse HEAD 2>/dev/null; then
git init git init
amend= amend=
fi fi

1
test/nixos-search/flake.nix
View File

@ -8,6 +8,5 @@
# Used by ./ci-test.sh # Used by ./ci-test.sh
inherit (nixos-search.inputs.nixpkgs) legacyPackages; inherit (nixos-search.inputs.nixpkgs) legacyPackages;
nixpkgsPath = toString nixos-search.inputs.nixpkgs;
}; };
} }

2
test/run-tests.sh
View File

@ -322,7 +322,7 @@ examples() {
shellcheck() { shellcheck() {
if ! checkFlakeSupport "shellcheck"; then return; fi if ! checkFlakeSupport "shellcheck"; then return; fi
nix shell --inputs-from "$scriptDir/.." nixpkgs#shellcheck -c "$scriptDir/shellcheck.sh" "$scriptDir/shellcheck.sh"
} }
all() { all() {

1
test/shellcheck.sh
View File

@ -1,5 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../helper/run-in-nix-env" "shellcheck findutils gnugrep" "$@"
cd "${BASH_SOURCE[0]%/*}/.." cd "${BASH_SOURCE[0]%/*}/.."
{ {