- Move option `rtl.nodes.{lnd,clightning}` -> `rtl.nodes.{lnd,clightning}.enable`
This is required by the next commit.
- Move option `rtl.loop` -> `rtl.nodes.lnd.loop`
- Only enable loop when `nodes.lnd` is enabled
- Rename `services.rtl.cl-rest` to `services.clightning-rest`.
`clightning-rest` is generally useful for connecting external REST clients
to clightning.
- Add a dedicated network namespace in netns-isolation.
- Add nodeinfo entry.
- Add datadir (which contains REST auth data) to backups.
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
4a74b7de084f46655b1f11f738d9e1763ccefcc7 clightning: work around unsupported seccomp syscall (Erik Arvstedt)
38a843d005698152e0d9cf0753a82f84944c40fe clightning: update python pkgs to new version (Erik Arvstedt)
6ad7107ddbd26a45b3838c38301bc4bbad40e4e4 update nixpkgs (Erik Arvstedt)
f58d67677e3179258159d0dc3145ac1aac65e1ec netns-isolation: separate host and netns setup (Erik Arvstedt)
cb6e5ef7029954a737bdb45401c573d051cf9501 netns-isolation: fix routing issues due to netns restarting (Erik Arvstedt)
7f77147b600b62326db9192c2f0c2e5ac62236be makeShell: minor improvements (Erik Arvstedt)
a5730eb736c2f71b3762621d978e38258932799a makeShell: make the help msg a shell derivation variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 4a74b7de084f46655b1f11f738d9e1763ccefcc7
Tree-SHA512: 75454b51db6d7ab41590d8579e0a5136e5ac1be78d5c2f547c6ef1982c0de679968879bb9bac57dd66413f59a4659236601ab75414486b0137c7c43d73d22759
- Improves readability
- `netns exec ...` (called via `netnsIptables`) incurs a large
overhead: In addition to netns switching, a mount namespace
is setup and populated with the contents of /etc/netns/<ns>/.
Instead, simply run `nsenter`.
Previously, restarting a service implied restarting its netns.
For unknown reasons, this sometimes caused the netns-local address
to not be routable from the root netns for up to 20 s.
I.e., the service was sometimes unreachable after restarting.
Now the netns is no longer stopped when the service is stopped.
This simplifies the host's address configuration.
This also removes unused addresses that are returned when resolving
container hostnames via nss-mymachines:
`getent ahosts nb-test`
- README: add matrix room
- examples/configuration.nix: explain why bitcoind is enabled by default
- btcpayserver: group lnd service settings
- clightning:
Use public onion port only when the onion service is public
This allows users to enable the onion service while announcing a
non-onion public address.
- netns-isolation: move `readOnly` attr to the top
- tests: use mkDefault to allow for easier overriding
- tests/btcpayserver: test web server response
This greatly improves readability and makes it easier to discover options.
This commit was genereated by running the following script inside the
repo root dir:
#!/usr/bin/env ruby
def transform(src)
return false if src.include?('inherit options;')
success = false
options = nil
src.sub!(/^ options.*?^ }.*?;/m) do |match|
options = match
" inherit options;"
end
return false if !options
src.sub!(/^with lib;\s*let\n+/m) do |match|
success = true
<<~EOF
with lib;
let
#{options}
EOF
end
success
end
Dir['modules/**/*.nix'].each do |f|
src = File.read(f)
if transform(src)
puts "Changed file #{f}"
File.write(f, src)
end
end
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
