From 2c3fa63baaeb66847df983120700e702f749bc46 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 4 Feb 2023 13:21:40 +0100 Subject: [PATCH 1/3] dev/features: improve `enter_service` Read uid/gid directly from the service pid. This makes this fn work with arbitrary services, and with `bitcoind`, where, for historical reasons, the service user name (`bitcoin`) doesn't equal the service name. --- dev/dev-features.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dev/dev-features.sh b/dev/dev-features.sh index b06ce4f..76b3f6e 100644 --- a/dev/dev-features.sh +++ b/dev/dev-features.sh @@ -56,9 +56,10 @@ ls -al /var/lib/containers/nb-test # Start a shell in the context of a service process. # Must be run inside the container (enter with cmd `c`). enter_service() { - local name=$1 - nsenter --all -t "$(systemctl show -p MainPID --value "$name")" \ - --setuid "$(id -u "$name")" --setgid "$(id -g "$name")" bash + name=$1 + pid=$(systemctl show -p MainPID --value "$name") + IFS=- read -r uid gid < <(stat -c "%u-%g" "/proc/$pid") + nsenter --all -t "$pid" --setuid "$uid" --setgid "$gid" bash } enter_service clightning From c12ff6251db1f7de687c4f19767329a8340ac229 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 4 Feb 2023 13:21:41 +0100 Subject: [PATCH 2/3] README: add some module descriptions --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 1058589..1f81e9b 100644 --- a/README.md +++ b/README.md @@ -88,10 +88,10 @@ NixOS modules ([src](modules/modules.nix)) * [lndconnect](https://github.com/LN-Zap/lndconnect): connect your wallet to lnd or clightning via a REST onion service * [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning` * [spark-wallet](https://github.com/shesek/spark-wallet) - * [electrs](https://github.com/romanz/electrs) - * [fulcrum](https://github.com/cculianu/Fulcrum) (see [the module](modules/fulcrum.nix) for a comparison to electrs) + * [electrs](https://github.com/romanz/electrs): Electrum server + * [fulcrum](https://github.com/cculianu/Fulcrum): Electrum server (see [the module](modules/fulcrum.nix) for a comparison with electrs) * [btcpayserver](https://github.com/btcpayserver/btcpayserver) - * [liquid](https://github.com/elementsproject/elements) + * [liquid](https://github.com/elementsproject/elements): federated sidechain * [JoinMarket](https://github.com/joinmarket-org/joinmarket-clientserver) * [JoinMarket Orderbook Watcher](https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/master/docs/orderbook.md) * [bitcoin-core-hwi](https://github.com/bitcoin-core/HWI) @@ -99,7 +99,7 @@ NixOS modules ([src](modules/modules.nix)) * [netns-isolation](modules/netns-isolation.nix): isolates applications on the network-level via network namespaces * [nodeinfo](modules/nodeinfo.nix): script which prints info about the node's services * [backups](modules/backups.nix): duplicity backups of all your node's important files - * [operator](modules/operator.nix): adds non-root user `operator` who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`) + * [operator](modules/operator.nix): configures a non-root user who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`) Security --- From bf8de6744ed4a30984354fb8c31e7e45910e8609 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Sat, 4 Feb 2023 13:21:42 +0100 Subject: [PATCH 3/3] README: add mempool extension module --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 1f81e9b..4e6267f 100644 --- a/README.md +++ b/README.md @@ -101,6 +101,12 @@ NixOS modules ([src](modules/modules.nix)) * [backups](modules/backups.nix): duplicity backups of all your node's important files * [operator](modules/operator.nix): configures a non-root user who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`) +### Extension modules +Extension modules are maintained in separate repositories and have their own review +and release process. + +* [Mempool](https://github.com/fort-nix/nix-bitcoin-mempool): Bitcoin visualizer, explorer and API service + Security --- See [SECURITY.md](SECURITY.md) for the security policy and how to report a vulnerability.