From d959d5b5581a02b6faef30f876489ca1cf89c564 Mon Sep 17 00:00:00 2001 From: Erik Arvstedt Date: Thu, 3 Feb 2022 20:46:33 +0100 Subject: [PATCH] secure-node: don't set `nix-bitcoin.secretsDir` This simplifies the docs and the secure-node module. This change doesn't affect users that deploy via krops. --- docs/configuration.md | 7 +------ docs/services.md | 6 ++++-- examples/configuration.nix | 2 +- modules/presets/secure-node.nix | 3 --- modules/versioning.nix | 21 +++++++++++++++++++++ 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 4a64c57..f65446a 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -250,9 +250,4 @@ following default values: - If you're using the krops deployment method: `/var/src/secrets` -- Otherwise: - - `/secrets` (if you're using the `secure-node.nix` template) - - `/etc/nix-bitcoin-secrets` (otherwise) - - `/secrets` only exists to provide backwards compatibility for users of the - `secure-node.nix` template. +- Otherwise: `/etc/nix-bitcoin-secrets` diff --git a/docs/services.md b/docs/services.md index 350211e..28935d6 100644 --- a/docs/services.md +++ b/docs/services.md @@ -41,7 +41,8 @@ ssh -L 3000:169.254.1.29:3000 root@bitcoin-node Otherwise, you can access it via Tor Browser at `http://`. You can find the `` with command `nodeinfo`. -The default password location is `/secrets/rtl-password`. +The default password location is `$secretsDir/rtl-password`. +See: [Secrets dir](./configuration.md#secrets-dir) # Connect to spark-wallet ### Requirements @@ -305,9 +306,10 @@ If you want to manually initialize your wallet instead, follow these steps: Follow the on-screen instructions and write down your seed. In order to use nix-bitcoin's `joinmarket.yieldgenerator`, use the password - from `/secrets/jm-wallet-password` and use the suggested default wallet name + from `$secretsDir/jm-wallet-password` and use the suggested default wallet name `wallet.jmdat`. If you want to use your own `jm-wallet-password`, simply replace the password string in your local secrets directory. + See: [Secrets dir](./configuration.md#secrets-dir) ## Run the tumbler diff --git a/examples/configuration.nix b/examples/configuration.nix index 5f9e854..0c84226 100644 --- a/examples/configuration.nix +++ b/examples/configuration.nix @@ -266,5 +266,5 @@ # The nix-bitcoin release version that your config is compatible with. # When upgrading to a backwards-incompatible release, nix-bitcoin will display an # an error and provide hints for migrating your config to the new release. - nix-bitcoin.configVersion = "0.0.57"; + nix-bitcoin.configVersion = "0.0.65"; } diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix index 250034e..34d8ed5 100644 --- a/modules/presets/secure-node.nix +++ b/modules/presets/secure-node.nix @@ -18,9 +18,6 @@ in { }; config = { - # For backwards compatibility only - nix-bitcoin.secretsDir = mkDefault "/secrets"; - networking.firewall.enable = true; nix-bitcoin.security.dbusHideProcessInformation = true; diff --git a/modules/versioning.nix b/modules/versioning.nix index 5fd03d6..e1d6761 100644 --- a/modules/versioning.nix +++ b/modules/versioning.nix @@ -181,6 +181,27 @@ let once. ''; } + { + version = "0.0.65"; + condition = config.nix-bitcoin ? secure-node-preset-enabled && + config.nix-bitcoin.secretsDir == "/etc/nix-bitcoin-secrets"; + message = '' + The `secure-node.nix` preset does not set the secrets directory + to "/secrets" anymore. + Instead, the default location "/etc/nix-bitcoin-secrets" is used. + + To upgrade, choose one of the following: + + - Continue using "/secrets": + Add `nix-bitcoin.secretsDir = "/secrets";` to your configuration.nix. + + - Move your secrets to the default location: + Run the following command as root on your node: + `rsync -a /secrets/ /etc/nix-bitcoin-secrets`. + You can delete the old "/secrets" directory after deploying the new system + config to your node. + ''; + } ]; mkOnionServiceChange = service: {