Erik Arvstedt
04d8560f86
secure-node: remove qrencode, tor from systemPackages
...
Keep jq which is useful for analyzing service cli output.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
323a431aba
improve nodeinfo
...
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation
2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
...
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
55073eee70
remove nix-bitcoin.pkgs.lib
...
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
Jonas Nick
0c6579b942
Merge #295 : Remove deprecated nanopos & lightning-charge
...
79f4723cda
lightning-charge: remove package and module (Jonas Nick)
58de79d401
nanopos: remove package and module (Jonas Nick)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 79f4723cda
Tree-SHA512: 853022697966159a3d1d32317b2d2e11d1f3d1f014956cf8ca72d12b30c8990a097ae17e2a11bcd666ade798695787a28f75fee1b42b21ac4bbe0d9875d112a2
2021-01-01 20:47:16 +00:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK ed636dd070
Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
Jonas Nick
ef28768221
Merge #291 : btcpayserver: add rootpath option
...
edc657d138
btcpayserver: add rootpath option (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK edc657d138
Tree-SHA512: d96e2fd58c46fe1e70c239c37bf97ac1431a1b83068728bbbbf69a91deb63e2a78404ca0b9a53315c457b87f86b3901c03d76befcf9db4e260c597f2706bba8c
2020-12-30 19:05:38 +00:00
Jonas Nick
656c6a1d67
Merge #289 : readme: update and split into various parts
...
bcedf69549
readme: update and split into various parts (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK bcedf69549
Tree-SHA512: a2c3c08c4b147225621d61ac67fd11b2ebec55bda1976a731d307a9935db23499a0f4a4d6d2c7dc27940027d8e0db42c1b02ff25554c49f81d5102c8599c2439
2020-12-30 19:02:55 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
nixbitcoin
bcedf69549
readme: update and split into various parts
2020-12-30 15:59:22 +00:00
Jonas Nick
37caf814a7
Merge #286 : Fix boot loader reference for UEFI
...
792962bb32
Fix boot loader reference for UEFI (Galder Zamarreño)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 792962bb32
Tree-SHA512: 7653518b835295e500f3bad86d8e68c70adddd7e6ee0abbfa5a1b3863a2c32cb6eba4da1b0f6984d85ccd4758b669983377e16cd379fced1bc3a1117099b5ffd
2020-12-23 14:27:21 +00:00
Galder Zamarreño
792962bb32
Fix boot loader reference for UEFI
2020-12-23 12:55:45 +01:00
Jonas Nick
4d1150a671
Merge #285 : Add CLBOSS
...
196e3c9dbb
clboss: add test todo (nixbitcoin)
f89498d4fc
clboss: add module (nixbitcoin)
9423eadcee
clboss: add pkg (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 196e3c9dbb
jonasnick:
utACK 196e3c9dbb
Tree-SHA512: 1c3e0dd23f45554cd423d1a4d57f936c1a3fd9e25b8332acef67ce6a648b38e55e780e4d393f93a1cbb1e342773e0f4aa039216c6d10641fe7436e7b155cc83f
2020-12-22 21:32:09 +00:00
nixbitcoin
196e3c9dbb
clboss: add test todo
2020-12-22 09:54:11 +00:00
nixbitcoin
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
nixbitcoin
9423eadcee
clboss: add pkg
2020-12-22 09:39:37 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Jonas Nick
4195541976
Merge #283 : joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb (nixbitcoin)
c9657305e7
temp: modify get-sha256 for hotfix commit (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK fdfafb2f40
Tree-SHA512: 510d0baf3fcb552169352fef79bcb6c8e04a68eaf4b4f6ec446a925f89d9585cdc23c20cb69748e5e0b19d8aed10c05fb47e4c0a7902d7a1cfa58844005a2f7f
2020-12-20 19:31:43 +00:00
Erik Arvstedt
2bfb4efbd8
make-container: fix usage comment
2020-12-19 13:18:50 +01:00
Erik Arvstedt
3403795c86
tests: add example scripts
2020-12-18 19:56:56 +01:00
Erik Arvstedt
ff94985b8b
tests: add test 'hardened'
2020-12-18 19:56:56 +01:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
Erik Arvstedt
44b06aea5a
extra-container: 0.5-pre -> 0.5
2020-12-18 19:56:56 +01:00
Erik Arvstedt
a359cdfb66
generate-secrets: use pwgen
...
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.
Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.
Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.
2020-12-18 19:56:56 +01:00