Commit Graph

306 Commits

Author SHA1 Message Date
nixbitcoin
048b49edae
pyln-proto: add copy of base58 2.1.0 2021-12-08 12:38:35 +00:00
nixbitcoin
b5984a603c
joinmarket: 0.9.3 -> 0.9.4
Ilita IRC server & use upstream twisted again
2021-12-08 12:38:28 +00:00
nixbitcoin
8433933251
node2nix composition: add writeShellScript 2021-12-08 12:38:22 +00:00
nixbitcoin
6b725157e1
clboss: sslSupport -> opensslSupport 2021-12-08 12:38:15 +00:00
nixbitcoin
16f5aa0561
update to NixOS 21.11 2021-12-08 12:38:00 +00:00
Jonas Nick
8a7ec27e6d
Merge fort-nix/nix-bitcoin#427: cl-rest: 0.5.2 -> 0.6.0
d3788e141d cl-rest: 0.5.2 -> 0.6.0 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK d3788e141d

Tree-SHA512: 48acb8c7dbabf15c6b0c595a9a5e6210ebd0314c219eb5e229045d794e01eb0fa4f0f5882b9d4a7c2170b6adb85463fa66fbfe828a39dcca0cc6c73ecd894ccf
2021-11-29 18:08:01 +00:00
Erik Arvstedt
def64a73b8
treewide: use TODO-EXTERNAL
Use TODO-EXTERNAL for TODOs that depend on external factors like
upstream fixes.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
9bda7305fd
services: add tor.* options
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
2021-11-29 13:22:43 +01:00
nixbitcoin
d3788e141d
cl-rest: 0.5.2 -> 0.6.0 2021-11-29 11:39:47 +00:00
Jonas Nick
9a31cc7d5a
Merge fort-nix/nix-bitcoin#424: spark-wallet: 0.2.17 -> 0.3.1
f739bc5174 spark-wallet: 0.2.17 -> 0.3.1 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK f739bc5174

Tree-SHA512: bfcc5bc076f90037d76757a23f26936f5a1c7331695a0ad31f5e4f69ee3b2cf8f46c984aa8a79926cafc6f195d81e6bd457e88768bd0e657e7300c2614ec556f
2021-11-10 21:58:40 +00:00
Jonas Nick
6673c8245c
Merge fort-nix/nix-bitcoin#423: Misc. improvements
4a74b7de08 clightning: work around unsupported seccomp syscall (Erik Arvstedt)
38a843d005 clightning: update python pkgs to new version (Erik Arvstedt)
6ad7107ddb update nixpkgs (Erik Arvstedt)
f58d67677e netns-isolation: separate host and netns setup (Erik Arvstedt)
cb6e5ef702 netns-isolation: fix routing issues due to netns restarting (Erik Arvstedt)
7f77147b60 makeShell: minor improvements (Erik Arvstedt)
a5730eb736 makeShell: make the help msg a shell derivation variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 4a74b7de08

Tree-SHA512: 75454b51db6d7ab41590d8579e0a5136e5ac1be78d5c2f547c6ef1982c0de679968879bb9bac57dd66413f59a4659236601ab75414486b0137c7c43d73d22759
2021-11-10 21:57:16 +00:00
Erik Arvstedt
38a843d005
clightning: update python pkgs to new version 2021-11-10 21:26:11 +01:00
nixbitcoin
f739bc5174
spark-wallet: 0.2.17 -> 0.3.1 2021-11-09 15:19:14 +00:00
nixbitcoin
0e1e2a1b3c
cl-rest: init at 0.5.2 2021-11-09 13:07:27 +00:00
nixbitcoin
83196f5545
rtl: init at 0.11.2 2021-11-09 13:07:16 +00:00
nixbitcoin
852c112603
Use HTTPS URL for spark-wallet GitHub node packages
Manually patch spark-wallet until
https://github.com/svanderburg/node2nix/pull/269 is merged
2021-11-02 14:07:28 +00:00
nixbitcoin
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3 2021-10-27 16:02:59 +02:00
Erik Arvstedt
721ba1aeba
python-packages: separate specific-versions pkgs
This simplifies maintenance.
2021-10-24 21:18:56 +02:00
nixbitcoin
59fc003ebd
joinmarket: 0.9.1 -> 0.9.2
Remove "improve-genwallet" patch
2021-10-13 11:52:42 +00:00
Erik Arvstedt
265fc1911d
extra-container: pin to nixpkgs-unstable
extra-container is now part of nixpkgs.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
f61e928139
services: support 0.0.0.0/:: in address options
Previously, client services didn't decode these special INADDR_ANY
addresses and failed to connect.
2021-10-04 00:33:26 +02:00
Jonas Nick
e94e071ad6
update nixpkgs
bitcoin: 0.21.1 -> 22.0
bitcoind: 0.21.1 -> 22.0
electrs: 0.8.10 -> 0.8.11
2021-09-19 20:07:55 +00:00
Erik Arvstedt
0186b2a764
examples/shell.nix: Add upgrade note for NixOps users 2021-09-15 12:01:37 +02:00
nixbitcoin
3e146512d7
joinmarket: add copy of twisted 20.3.0 2021-09-14 20:06:35 +00:00
Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
24fd1e9bdc
improve examples/shell.nix
The user's local node configuration directory usually contains a copy of
examples/shell.nix.

1. Move the shell implementation from shell.nix to nix-bitcoin/helper/makeShell.nix
   Because the shell is no longer defined locally in the user's config
   directory, we can now ship new shell features via nix-bitcoin updates.

2. Simplify examples/nix-bitcoin-release.nix
   nix-bitcoin-release.nix, as generated via `fetch-release`, now
   contains a simple fetchTarball statement which can be directly imported.
   This allows us to get rid of the extra `nix-bitcoin-unpacked` derivation
   which adds a dependency on the user's local nixpkgs.

   To keep `fetch-release` as simple as possible for easy auditing, we just
   fetch and verify a `nar-hash.txt` file that is now uploaded
   via `push-release.sh`.

A migration guide for updating the user's local `shell.nix` is
automatically printed when the user starts a new shell after updating
nix-bitcoin.
This is achieved by throwing an error in `generate-secrets`, which is called
on shell startup.

This commit is required to deploy the new extensible `generate-secrets`
mechanism introduced in the next commit.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
e1e3d8a92b
secrets: simplify cert generation
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
  - Option `-nodes` ("no DES") disables encryption of the key file.
  - Option `-addext` is used to specify `subjectAltName` settings
    that were previously defined by openssl.cnf.

The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
  lightning-loop to simplify the code.
  For reference, the org. name in auto-generated loop certs is
  "loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
  These were previously restricted to just `subjectAltName` by openssl.cnf.
  We now use the openssl defaults for simplicity.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
5087ce245f
minor cleanups
- btcpayserver: remove unneeded trailing semicolons

- krops/get-sha256:
  `tail` is unneeded because `nix-prefetch-url` just outputs a single
  line containing the hash.
2021-09-11 15:07:23 +02:00
Jonas Nick
faa7831708
Merge fort-nix/nix-bitcoin#384: joinmarket: Update patch hash
c35e96a553 joinmarket: update patch hash (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK c35e96a553

Tree-SHA512: 40f1bbe6990fa940c0153e00719d2e56e20ce9dc01a5975c48e0da070544b873cafa6cb9aeb860498aad8c104c379f3e368496c96cc569966963a707f478178c
2021-09-06 11:39:40 +00:00
Erik Arvstedt
c35e96a553
joinmarket: update patch hash
The patch hash has changed due to an update of the PR branch.
The PR has now been merged.
2021-09-05 22:33:17 +02:00
Erik Arvstedt
926f1febb7
make-container: update extra-container version
Keep this file in sync with the latest extra-container update.
2021-09-04 08:17:38 +02:00
Erik Arvstedt
179b86d19c
joinmarket: allow recreating wallet from seed
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds 2021-08-30 13:37:04 +02:00
Erik Arvstedt
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
nixbitcoin
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1 2021-08-30 09:02:26 +00:00
Erik Arvstedt
dde04f8cbe
update nixpkgs-unstable
Includes:
btcpayserver: 1.1.2 -> 1.2.0
lightning-loop: 0.14.2-beta -> 0.15.0-beta
nbxplorer: 2.1.52 -> 2.1.58
2021-08-26 12:45:10 +02:00
Erik Arvstedt
f7c2133250
add flake support
This change is fully backwards compatible.

We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.

'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)
2021-08-26 12:45:10 +02:00
Erik Arvstedt
de77281cba
pkgs: import pinned nixpkgs in default.nix
pkgs/default.nix now explicitly specifies all its dependencies as arguments.
This is required for flake support.

Also simplify pinned.nix and python-packages by removing unused attrs.
2021-08-16 10:43:07 +02:00
Erik Arvstedt
fdc278a0b8
lib: fix comment 2021-08-15 11:29:36 +02:00
Erik Arvstedt
c758d68ea4
lib: rename privileged -> rootScript
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
Jonas Nick
8a49b41bb4
update nixpkgs-{stable,unstable}
Includes
- clightning 0.10.1
- lightning-loop 0.14.2
2021-08-14 17:57:49 +00:00
Erik Arvstedt
c4c2b03e19
extra-container: 0.6 -> 0.7
Version 0.7 adds support for NixOS 21.05.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
ca64a4a64f
clightning-plugins.prometheus: use current nixpkgs version of prometheus-client 2021-08-14 10:46:41 +02:00
Erik Arvstedt
3aab1fc267
spark-wallet: update to new node-env 2021-08-14 10:46:41 +02:00
Erik Arvstedt
35fe939cf8
security: update /proc restriction mechanism
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.

Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
Erik Arvstedt
a25ceecca5
update to NixOS 21.05 2021-08-12 11:18:26 +02:00
Erik Arvstedt
b758150c9e
pinned: expose nixpkgsStable, nixpkgsUnstable
This allows accessing the pinned nixpkgs.
E.g., this is useful for comparing package versions between stable
and unstable.
2021-08-12 11:18:08 +02:00
Jonas Nick
1ecd9756f6
Merge fort-nix/nix-bitcoin#369: BTCPayServer L-BTC Support
54810ce1bf btcpayserver: add L-BTC support (nixbitcoin)
b24c14ec61 liquidd: make regtest capable (nixbitcoin)
b7225f5d11 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 54810ce1bf

Tree-SHA512: 363165d3b977cd4425191bce4246dd9e83daf914bf2adcaf3cf42d0c170f5730e7e79934a97e5f9c071d0f52bf9ee75a3aa710c4c52135ea58bcdd898babcc74
2021-08-10 12:23:46 +00:00
nixbitcoin
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00