Erik Arvstedt
9662c19ab1
onionServices: use actual user name of services
...
Previously, onionAddresses definitions in onionServices were of the form
onionAddresses.access.<service> = [<service>];
This caused failures for configurations where a service user name was
overridden or for bitcoind whose default user is 'bitcoin' instead of 'bitcoind'.
Now set the equivalent of:
onionAddresses.access.<actualServiceUser> = [<service>];
Implement this via a new option `onionAddresses.services` to make things more
readable and to work around an infinite recursion error in onionServices.
2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor
2021-01-31 22:26:49 +01:00
Jonas Nick
035438d427
Merge #290 : JoinMarket Orderbook Watcher
...
8c125ec48c
joinmarket-obwatcher: add pkg & module (nixbitcoin)
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 (Erik Arvstedt)
254246cf39
joinmarket: use installPhase (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 8c125ec48c
Tree-SHA512: 5e4ba14a2a90c505b7cd7e09c33548d06ec466502c48f8d551a4437c5542dab427ec7f9cb7a15c849cc7ce11685c493b9773ec08591e1980ebe2a84abef17141
2021-01-17 20:00:13 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
kon
9480ada135
nodeinfo fix lnd
2021-01-17 17:13:09 +01:00
Jonas Nick
c6c14889eb
Merge #293 : Module refactorings, onionServices
...
e2922eb4ce
move rpc thread count setting to lightning modules (Erik Arvstedt)
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword' (Erik Arvstedt)
757a66b9bd
liquid: move rpcuser definition to module (Erik Arvstedt)
0e00c39d47
secure-node: improve layout (Erik Arvstedt)
5f7a7962f7
backups: remove redundant option 'program' (Erik Arvstedt)
04d8560f86
secure-node: remove qrencode, tor from systemPackages (Erik Arvstedt)
323a431aba
improve nodeinfo (Erik Arvstedt)
f6b883a9ac
remove webindex (Erik Arvstedt)
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver (Erik Arvstedt)
18c7842e1a
modules: show warnings for obsolete options (Erik Arvstedt)
45c40c4eb9
versioning: simplify assertion evaluation (Erik Arvstedt)
bed00fe937
lnd: use onionServices for address announcing (Erik Arvstedt)
3980cd5a41
clightning: use onionServices for address announcing (Erik Arvstedt)
bd2a46cb73
spark-wallet: use onionServices (Erik Arvstedt)
87fb9f246b
add 'enable-tor' preset (Erik Arvstedt)
05b5402bb1
add nix-bitcoin.onionServices (Erik Arvstedt)
fffe988248
onionAddresses: add readonly option 'dataDir' (Erik Arvstedt)
5f34b094d3
onionAddresses: improve script (Erik Arvstedt)
b266f23251
onionAddresses: use service 'script' option (Erik Arvstedt)
6d13b26d0a
onionAddresses: add more precise type for option 'access' (Erik Arvstedt)
93562f76dd
onionAddresses: remove redundant option 'enable' (Erik Arvstedt)
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles (Erik Arvstedt)
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses (Erik Arvstedt)
55073eee70
remove nix-bitcoin.pkgs.lib (Erik Arvstedt)
09e0042aa8
spark-wallet: add consistent address options (Erik Arvstedt)
39f16c0b4a
liquidd: add consistent address options (Erik Arvstedt)
b5d76ba1b3
electrs: add consistent address options (Erik Arvstedt)
8fa32b7f91
btcpayserver: add consistent address options (Erik Arvstedt)
e78a609687
clightning: add consistent address options (Erik Arvstedt)
b41a720c28
lnd: add consistent address options (Erik Arvstedt)
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' (Erik Arvstedt)
5b7e0d09b2
bitcoind: add consistent address options (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK e2922eb4ce
jonasnick:
ACK e2922eb4ce
Tree-SHA512: a85b33efe66048f06699b3997f83c9427f70f278fa66d30ee9a29c91f50723ff8bd1ffb9d968d7f08818742c8c6afb0b40dbfc14b95a4b8c3302caf9bede4198
2021-01-14 20:42:23 +00:00
Erik Arvstedt
e2922eb4ce
move rpc thread count setting to lightning modules
2021-01-14 13:25:12 +01:00
Erik Arvstedt
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword'
2021-01-14 13:25:11 +01:00
Erik Arvstedt
757a66b9bd
liquid: move rpcuser definition to module
2021-01-14 13:25:11 +01:00
Erik Arvstedt
0e00c39d47
secure-node: improve layout
2021-01-14 13:25:11 +01:00
Erik Arvstedt
5f7a7962f7
backups: remove redundant option 'program'
...
Not needed until we support other backup backends.
2021-01-14 13:25:11 +01:00
Erik Arvstedt
04d8560f86
secure-node: remove qrencode, tor from systemPackages
...
Keep jq which is useful for analyzing service cli output.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
323a431aba
improve nodeinfo
...
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation
2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
...
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
Jonas Nick
41a6be6552
Merge #297 : joinmarket: add enforceTor to firewall scripts on netns-level
...
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 71ee16d767
Tree-SHA512: cef089012807c90034d4b1f259bf6d81bfb83a36e7d2aadd85e817728f646948c12c25d199525d578d44366ee10389cb5081c4d86842b19b06b1066ff8feec19
2021-01-10 23:11:08 +00:00
Jonas Nick
e3a45fcc0c
joinmarket: add rpcWalletFile option
...
The joinmarket docs recommend using a separate wallet to avoid mixing up jm and
default wallet.
2021-01-10 21:52:27 +00:00
nixbitcoin
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level
2021-01-04 16:09:20 +00:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK ed636dd070
Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
nixbitcoin
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
Martin Milata
5feb9e3eae
lnd: fix rpc/rest port configuration
2020-12-07 14:38:36 +01:00
Ian Shipman
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
b1a5f5e7b9
don't add service-only pkgs to systemPackages
...
These packages are not useful in shell environemnts.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
e39ad358a4
lnd: remove unused bitcoind from PATH
2020-11-09 22:10:07 +01:00
nixbitcoin
59e128a994
joinmarket: add payjoin configuration
2020-11-06 08:51:25 +00:00
nixbitcoin
f29f04c0c4
secure-node: LND no longer requires ControlPort
...
Onion service is now generated through mkHiddenService function.
2020-11-06 08:51:23 +00:00
Erik Arvstedt
0972af55f1
netns: fix setup service restarts
2020-11-03 21:55:13 +01:00
Erik Arvstedt
63a464431b
netns: fail when netns already exists
...
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
2020-11-03 21:55:13 +01:00
Erik Arvstedt
b4b607dfa5
netns: simplify firewall setup
2020-10-29 22:36:20 +01:00
Erik Arvstedt
25639cec42
netns: fix error msg when starting netns
...
Previously, the failing initial `netns delete` resulted in a
"Cannot remove namespace file ..." error visible in the journal
and status output.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
67068afd6b
netns: fix error when stopping netns
...
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
...
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
d76b080b74
lightning-loop: add RPC and REST server options
2020-10-29 21:21:29 +01:00
Erik Arvstedt
e66636ef0e
liquidd: use type str for rpcbind
2020-10-29 21:21:29 +01:00
Erik Arvstedt
de23fdd377
lnd: use type str for rpclisten, restlisten
2020-10-29 21:21:28 +01:00
Erik Arvstedt
8b053326cc
bitcoind: use type str for rpcbind
...
Extra RPC bind addresses can still be added via extraConfig.
2020-10-29 21:21:28 +01:00
Erik Arvstedt
6903e8afcc
netns-liquidd: allow RPC access from main netns
2020-10-29 21:21:28 +01:00
Erik Arvstedt
82f4901880
netns-lnd: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
Erik Arvstedt
e0675cb256
move enforceTor logic to service modules
...
This enables tor support for services without using secure-node.nix
2020-10-29 21:21:27 +01:00
Erik Arvstedt
0cc8caa737
lnd: only set tor.active on enforceTor
...
This also enables the test scenario 'netnsRegtest' introduced in a
later commit by fixing the following bug:
For unknown reasons, when tor.active=true and tor is not running, lnd
fails with a tor connection error on netns-isolation, but runs fine
without netns-isolation.
2020-10-29 21:21:26 +01:00
Erik Arvstedt
5e0e16529c
netns: fix default addressblock value type
...
Also remove redundant definition in secure-node.nix
2020-10-20 18:21:37 +02:00
Jonas Nick
6933b0ef47
Merge #251 : Services: Auto-enable dependencies
...
67e49fe415
services: auto-enable dependencies (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 67e49fe415
Tree-SHA512: 6e0f2e2ca4acdb7c5edd41eb3b56a9e95fc6d2ea9cfd08c1142429f88455c9d771f2f2be6339336448a289632f9768c4ae8f6c307038c5aa69c48b303043dda0
2020-10-20 11:17:10 +00:00
Erik Arvstedt
67e49fe415
services: auto-enable dependencies
2020-10-19 14:55:59 +02:00
nixbitcoin
486f385fdd
lightning-loop: 0.9.0 -> 0.10.0
...
Includes macaroon authentication
2020-10-19 08:59:14 +00:00
Jonas Nick
06cba7b519
Merge #249 : Add regtest support
...
9951f10e74
test: add scenario 'regtest' (Erik Arvstedt)
1f96ca67c5
electrs test: make service shutdown optional (Erik Arvstedt)
eb42fc8e06
test: extract test 'joinmarket-yieldgenerator' (Erik Arvstedt)
06b2ec5b02
joinmarket: add regtest support (Erik Arvstedt)
975b30c90e
joinmarket: don't hardcode bitcoind rpc port (Erik Arvstedt)
031df4231f
joinmarket: move comment out of config file (Erik Arvstedt)
848c4c6eda
joinmarket: add variable 'bitcoind' (Erik Arvstedt)
96b08f5d60
btcpayserver: add regtest support (Erik Arvstedt)
bd2145dc77
btcpayserver: add 'port' option (Erik Arvstedt)
001f8fe8d3
btcpayserver: use option bitcoind.rpc.port (Erik Arvstedt)
6f4715ac2a
electrs: add regtest support (Erik Arvstedt)
46efd141a1
lightning-loop: add regtest support (Erik Arvstedt)
75ec85bea2
lnd: add regtest support (Erik Arvstedt)
1935c252ec
lnd: remove redundant option 'bitcoind-host' (Erik Arvstedt)
b1a8629223
lnd: add variable 'bitcoind' (Erik Arvstedt)
937aee0062
spark-wallet: add regtest support (Erik Arvstedt)
47d611b5ef
spark-wallet: use tor rate provider only when enforceTor (Erik Arvstedt)
127b186c3c
spark-wallet: simplify start script (Erik Arvstedt)
0f32f3c99e
clightning: add regtest support (Erik Arvstedt)
c24ac5d363
clightning: remove redundant option 'bitcoin-rpcconnect' (Erik Arvstedt)
abd32cde30
clightning: enable config file read access for group (Erik Arvstedt)
ddadaed3da
clightning: always use bind-addr in config (Erik Arvstedt)
9e928e2097
bitcoind: add regtest support (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 9951f10e74
Tree-SHA512: 42e2d95755a16b59044e400bc4c9d891bfc22eb73b920fdcf29e607f7df88de599bec99677cf49be7c275c0113a2224a45b1f47f40c029878421eae1a44f3254
2020-10-17 13:04:27 +00:00
Erik Arvstedt
d3ece59919
add module 'versioning'
2020-10-16 23:23:00 +02:00
Erik Arvstedt
06b2ec5b02
joinmarket: add regtest support
2020-10-16 18:01:52 +02:00
Erik Arvstedt
975b30c90e
joinmarket: don't hardcode bitcoind rpc port
2020-10-16 18:01:52 +02:00
Erik Arvstedt
031df4231f
joinmarket: move comment out of config file
2020-10-16 18:01:52 +02:00
Erik Arvstedt
848c4c6eda
joinmarket: add variable 'bitcoind'
2020-10-16 18:01:52 +02:00
Erik Arvstedt
96b08f5d60
btcpayserver: add regtest support
2020-10-16 18:01:52 +02:00
Erik Arvstedt
bd2145dc77
btcpayserver: add 'port' option
2020-10-16 18:01:51 +02:00
Erik Arvstedt
001f8fe8d3
btcpayserver: use option bitcoind.rpc.port
2020-10-16 18:01:51 +02:00
Erik Arvstedt
6f4715ac2a
electrs: add regtest support
2020-10-16 18:01:51 +02:00
Erik Arvstedt
46efd141a1
lightning-loop: add regtest support
2020-10-16 18:01:51 +02:00
Erik Arvstedt
75ec85bea2
lnd: add regtest support
2020-10-16 18:01:51 +02:00
Erik Arvstedt
1935c252ec
lnd: remove redundant option 'bitcoind-host'
...
Also set bitcoind rpc port.
2020-10-16 18:01:51 +02:00
Erik Arvstedt
b1a8629223
lnd: add variable 'bitcoind'
2020-10-16 18:01:51 +02:00
Erik Arvstedt
937aee0062
spark-wallet: add regtest support
2020-10-16 18:01:50 +02:00
Erik Arvstedt
47d611b5ef
spark-wallet: use tor rate provider only when enforceTor
2020-10-16 18:01:50 +02:00
Erik Arvstedt
127b186c3c
spark-wallet: simplify start script
...
Also:
- quote paths
- use long form args
2020-10-16 18:01:50 +02:00
Erik Arvstedt
0f32f3c99e
clightning: add regtest support
2020-10-16 18:01:50 +02:00
Erik Arvstedt
c24ac5d363
clightning: remove redundant option 'bitcoin-rpcconnect'
2020-10-16 18:01:50 +02:00
Erik Arvstedt
abd32cde30
clightning: enable config file read access for group
...
Enables lightning-cli group access when nonstandard config options are set.
2020-10-16 18:01:50 +02:00
Erik Arvstedt
ddadaed3da
clightning: always use bind-addr in config
...
bind-addr can't be null.
2020-10-16 18:01:50 +02:00
Erik Arvstedt
9e928e2097
bitcoind: add regtest support
...
Remove unsupported option 'testnet'.
2020-10-16 18:01:49 +02:00
Erik Arvstedt
7d1797cec7
clightning: add option 'extraConfig'
2020-10-16 16:46:56 +02:00
Erik Arvstedt
e0117d56d1
spark-wallet: fix always-on onion-chef setting
...
Previously, the service failed when onion-service was disabled.
2020-10-16 16:46:55 +02:00
Erik Arvstedt
480d0d3959
liquid: fix bitcoin rpc settings
...
- Remove redundant option mainchainrpchost.
This option is already provided by bitcoind.
- Set a working default for rpcport and rpcuser.
Enables use without secure-node.
2020-10-16 16:46:55 +02:00