Commit Graph

452 Commits

Author SHA1 Message Date
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
Martin Milata
5feb9e3eae lnd: fix rpc/rest port configuration 2020-12-07 14:38:36 +01:00
Ian Shipman
1d44b99340 add curated clightning plugins 2020-11-18 20:21:34 -06:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
b1a5f5e7b9
don't add service-only pkgs to systemPackages
These packages are not useful in shell environemnts.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
e39ad358a4
lnd: remove unused bitcoind from PATH 2020-11-09 22:10:07 +01:00
nixbitcoin
59e128a994
joinmarket: add payjoin configuration 2020-11-06 08:51:25 +00:00
nixbitcoin
f29f04c0c4
secure-node: LND no longer requires ControlPort
Onion service is now generated through mkHiddenService function.
2020-11-06 08:51:23 +00:00
Erik Arvstedt
0972af55f1
netns: fix setup service restarts 2020-11-03 21:55:13 +01:00
Erik Arvstedt
63a464431b
netns: fail when netns already exists
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
2020-11-03 21:55:13 +01:00
Erik Arvstedt
b4b607dfa5
netns: simplify firewall setup 2020-10-29 22:36:20 +01:00
Erik Arvstedt
25639cec42
netns: fix error msg when starting netns
Previously, the failing initial `netns delete` resulted in a
"Cannot remove namespace file ..." error visible in the journal
and status output.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
67068afd6b
netns: fix error when stopping netns
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
d76b080b74
lightning-loop: add RPC and REST server options 2020-10-29 21:21:29 +01:00
Erik Arvstedt
e66636ef0e
liquidd: use type str for rpcbind 2020-10-29 21:21:29 +01:00
Erik Arvstedt
de23fdd377
lnd: use type str for rpclisten, restlisten 2020-10-29 21:21:28 +01:00
Erik Arvstedt
8b053326cc
bitcoind: use type str for rpcbind
Extra RPC bind addresses can still be added via extraConfig.
2020-10-29 21:21:28 +01:00
Erik Arvstedt
6903e8afcc
netns-liquidd: allow RPC access from main netns 2020-10-29 21:21:28 +01:00
Erik Arvstedt
82f4901880
netns-lnd: allow RPC access from main netns 2020-10-29 21:21:27 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns 2020-10-29 21:21:27 +01:00
Erik Arvstedt
e0675cb256
move enforceTor logic to service modules
This enables tor support for services without using secure-node.nix
2020-10-29 21:21:27 +01:00
Erik Arvstedt
0cc8caa737
lnd: only set tor.active on enforceTor
This also enables the test scenario 'netnsRegtest' introduced in a
later commit by fixing the following bug:
For unknown reasons, when tor.active=true and tor is not running, lnd
fails with a tor connection error on netns-isolation, but runs fine
without netns-isolation.
2020-10-29 21:21:26 +01:00
Erik Arvstedt
5e0e16529c
netns: fix default addressblock value type
Also remove redundant definition in secure-node.nix
2020-10-20 18:21:37 +02:00
Jonas Nick
6933b0ef47
Merge #251: Services: Auto-enable dependencies
67e49fe415 services: auto-enable dependencies (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 67e49fe415

Tree-SHA512: 6e0f2e2ca4acdb7c5edd41eb3b56a9e95fc6d2ea9cfd08c1142429f88455c9d771f2f2be6339336448a289632f9768c4ae8f6c307038c5aa69c48b303043dda0
2020-10-20 11:17:10 +00:00
Erik Arvstedt
67e49fe415
services: auto-enable dependencies 2020-10-19 14:55:59 +02:00
nixbitcoin
486f385fdd
lightning-loop: 0.9.0 -> 0.10.0
Includes macaroon authentication
2020-10-19 08:59:14 +00:00
Jonas Nick
06cba7b519
Merge #249: Add regtest support
9951f10e74 test: add scenario 'regtest' (Erik Arvstedt)
1f96ca67c5 electrs test: make service shutdown optional (Erik Arvstedt)
eb42fc8e06 test: extract test 'joinmarket-yieldgenerator' (Erik Arvstedt)
06b2ec5b02 joinmarket: add regtest support (Erik Arvstedt)
975b30c90e joinmarket: don't hardcode bitcoind rpc port (Erik Arvstedt)
031df4231f joinmarket: move comment out of config file (Erik Arvstedt)
848c4c6eda joinmarket: add variable 'bitcoind' (Erik Arvstedt)
96b08f5d60 btcpayserver: add regtest support (Erik Arvstedt)
bd2145dc77 btcpayserver: add 'port' option (Erik Arvstedt)
001f8fe8d3 btcpayserver: use option bitcoind.rpc.port (Erik Arvstedt)
6f4715ac2a electrs: add regtest support (Erik Arvstedt)
46efd141a1 lightning-loop: add regtest support (Erik Arvstedt)
75ec85bea2 lnd: add regtest support (Erik Arvstedt)
1935c252ec lnd: remove redundant option 'bitcoind-host' (Erik Arvstedt)
b1a8629223 lnd: add variable 'bitcoind' (Erik Arvstedt)
937aee0062 spark-wallet: add regtest support (Erik Arvstedt)
47d611b5ef spark-wallet: use tor rate provider only when enforceTor (Erik Arvstedt)
127b186c3c spark-wallet: simplify start script (Erik Arvstedt)
0f32f3c99e clightning: add regtest support (Erik Arvstedt)
c24ac5d363 clightning: remove redundant option 'bitcoin-rpcconnect' (Erik Arvstedt)
abd32cde30 clightning: enable config file read access for group (Erik Arvstedt)
ddadaed3da clightning: always use bind-addr in config (Erik Arvstedt)
9e928e2097 bitcoind: add regtest support (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9951f10e74

Tree-SHA512: 42e2d95755a16b59044e400bc4c9d891bfc22eb73b920fdcf29e607f7df88de599bec99677cf49be7c275c0113a2224a45b1f47f40c029878421eae1a44f3254
2020-10-17 13:04:27 +00:00
Erik Arvstedt
d3ece59919
add module 'versioning' 2020-10-16 23:23:00 +02:00
Erik Arvstedt
06b2ec5b02
joinmarket: add regtest support 2020-10-16 18:01:52 +02:00
Erik Arvstedt
975b30c90e
joinmarket: don't hardcode bitcoind rpc port 2020-10-16 18:01:52 +02:00
Erik Arvstedt
031df4231f
joinmarket: move comment out of config file 2020-10-16 18:01:52 +02:00
Erik Arvstedt
848c4c6eda
joinmarket: add variable 'bitcoind' 2020-10-16 18:01:52 +02:00
Erik Arvstedt
96b08f5d60
btcpayserver: add regtest support 2020-10-16 18:01:52 +02:00
Erik Arvstedt
bd2145dc77
btcpayserver: add 'port' option 2020-10-16 18:01:51 +02:00
Erik Arvstedt
001f8fe8d3
btcpayserver: use option bitcoind.rpc.port 2020-10-16 18:01:51 +02:00
Erik Arvstedt
6f4715ac2a
electrs: add regtest support 2020-10-16 18:01:51 +02:00
Erik Arvstedt
46efd141a1
lightning-loop: add regtest support 2020-10-16 18:01:51 +02:00
Erik Arvstedt
75ec85bea2
lnd: add regtest support 2020-10-16 18:01:51 +02:00
Erik Arvstedt
1935c252ec
lnd: remove redundant option 'bitcoind-host'
Also set bitcoind rpc port.
2020-10-16 18:01:51 +02:00
Erik Arvstedt
b1a8629223
lnd: add variable 'bitcoind' 2020-10-16 18:01:51 +02:00
Erik Arvstedt
937aee0062
spark-wallet: add regtest support 2020-10-16 18:01:50 +02:00
Erik Arvstedt
47d611b5ef
spark-wallet: use tor rate provider only when enforceTor 2020-10-16 18:01:50 +02:00
Erik Arvstedt
127b186c3c
spark-wallet: simplify start script
Also:
- quote paths
- use long form args
2020-10-16 18:01:50 +02:00
Erik Arvstedt
0f32f3c99e
clightning: add regtest support 2020-10-16 18:01:50 +02:00
Erik Arvstedt
c24ac5d363
clightning: remove redundant option 'bitcoin-rpcconnect' 2020-10-16 18:01:50 +02:00
Erik Arvstedt
abd32cde30
clightning: enable config file read access for group
Enables lightning-cli group access when nonstandard config options are set.
2020-10-16 18:01:50 +02:00
Erik Arvstedt
ddadaed3da
clightning: always use bind-addr in config
bind-addr can't be null.
2020-10-16 18:01:50 +02:00
Erik Arvstedt
9e928e2097
bitcoind: add regtest support
Remove unsupported option 'testnet'.
2020-10-16 18:01:49 +02:00
Erik Arvstedt
7d1797cec7
clightning: add option 'extraConfig' 2020-10-16 16:46:56 +02:00
Erik Arvstedt
e0117d56d1
spark-wallet: fix always-on onion-chef setting
Previously, the service failed when onion-service was disabled.
2020-10-16 16:46:55 +02:00
Erik Arvstedt
480d0d3959
liquid: fix bitcoin rpc settings
- Remove redundant option mainchainrpchost.
  This option is already provided by bitcoind.
- Set a working default for rpcport and rpcuser.
  Enables use without secure-node.
2020-10-16 16:46:55 +02:00
Erik Arvstedt
9aa19c3fdd
extract operator module 2020-10-16 16:46:55 +02:00
Erik Arvstedt
2dd1a741f7
modules: group imports 2020-10-16 16:46:55 +02:00
Erik Arvstedt
36358066e4
spark-wallet: don't disable tor when onion-service is disabled
This fixes modules-only usage.

We can leave enabling tor and tor.client to secure-node.nix, on which
spark-wallet has a strict dependency.
2020-10-16 15:53:33 +02:00
Erik Arvstedt
24069aa2c6
electrs: add option 'monitoringPort' 2020-09-30 11:26:41 +02:00
Erik Arvstedt
611cfe5a28
electrs: remove redundant daemonrpc option 2020-09-30 11:26:41 +02:00
Erik Arvstedt
a19d3b07c2
electrs: add variable 'bitcoind' 2020-09-30 11:26:41 +02:00
Erik Arvstedt
a6dde36b87
electrs: use consistent args formatting
One line per arg.
2020-09-30 11:26:40 +02:00
Jonas Nick
c051544d46
Merge #234: loop: v0.8.1 -> v0.9.0
a89a3e934f test: increase diskSize (nixbitcoin)
24b506ff8a tests: simplify lightning-loop test (nixbitcoin)
e7c5f956ea lightning-loop: update module (nixbitcoin)
4a503f57bd lightning-loop: v0.8.1 -> v0.9.0 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    reACK a89a3e934f
  erikarvstedt:
    I think it's okay if you would just merge 24b506ff8a, which is the direct parent of the ACK'd a89a3e934f, and removing a89a3e934f itself is totally uncontroversial.

Tree-SHA512: cee2a2714c714a22c35cea0fa829b42a371540983609cda6609f4d063d849f2e725643bd77cfe78eb71665725164d63f83b6c2589be9e72ba30aaecd7c8dee6c
2020-09-29 17:53:09 +00:00
nixbitcoin
73f4275d2a
backups: add btcpayserver database 2020-09-24 17:12:08 +00:00
nixbitcoin
e7c5f956ea
lightning-loop: update module
* commandlineArgs -> configFile
* introduce tls certs
* loop dataDir
* fix formatting and descriptions

Warning: Manual migration of existing loop data directory necessary
2020-09-24 16:40:11 +00:00
Jonas Nick
4cf31f8612
Merge #164: Add JoinMarket Clientserver
dd882753e6 joinmarket: add usage documentation (nixbitcoin)
d0701f518c joinmarket: automatically generate wallet (nixbitcoin)
d6d3e8ff62 joinmarket: add tests (nixbitcoin)
cce27da2ec backups: add joinmarket datadir to includelist (nixbitcoin)
173891fa5b joinmarket: add module (nixbitcoin)
263525d724 nix-bitcoin-services: add nb-services.privileged helper (nixbitcoin)
f00d1d24c5 joinmarket: add pkg and local dependencies (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK dd882753e6

Tree-SHA512: ad7bf56314877045bc8dc6037f966535dc3607d9e941cd03d19b610ee789307eac07447df7f93569dfa3e7553e8fc6d9757bdf8542fb123c5a2e2adec8f907a2
2020-09-22 17:16:08 +00:00
Jonas Nick
36c9c39d80
Deprecate lightning-charge and nanopos
Because we have btcpayserver now, nanopos is not really needed any more. Nanopos
was meant to be just a PoC. Lightning charge can be removed because nanopos is
the only module that depends on it.
2020-09-22 14:05:51 +00:00
nixbitcoin
d0701f518c
joinmarket: automatically generate wallet 2020-09-22 13:50:49 +00:00
nixbitcoin
cce27da2ec
backups: add joinmarket datadir to includelist 2020-09-22 13:50:43 +00:00
nixbitcoin
173891fa5b
joinmarket: add module 2020-09-22 13:50:37 +00:00
nixbitcoin
263525d724
nix-bitcoin-services: add nb-services.privileged helper 2020-09-22 13:43:15 +00:00
nixbitcoin
3cfb9d074b
btcpayserver: sqlite -> postgresql 2020-09-17 10:17:33 +00:00
nixbitcoin
f93c3c8405
backups: add nbxplorer and btcpayserver datadir to includelist 2020-09-15 12:09:33 +00:00
nixbitcoin
605b37c16e
nodeinfo: add btcpayserver onion 2020-09-15 12:09:31 +00:00
nixbitcoin
15b574faa7
nbxplorer/btcpayserver: add module 2020-09-15 12:09:12 +00:00
nixbitcoin
46d681a17e
lnd: generate custom macaroons
Create new `macaroon` option that allows any module to place its own
custom macaroon in the lnd RuntimeDirectory `/run/lnd`.
2020-09-15 12:09:02 +00:00
Erik Arvstedt
6f032e3c40
lnd: fix mnemonic file access vulnerability
Previously, the file was readable by 'other' for a short time after
creation.
2020-09-15 12:09:00 +00:00
nixbitcoin
b97584f5cb
netns: allow return traffic to outgoing connections 2020-09-15 12:08:58 +00:00
Erik Arvstedt
9d610991be
bitcoind: remove custom rpc user names
Simpler.
We've just removed option 'bitcoind.rpcuser', so we can also remove the
old name 'bitcoinrpc'.
2020-08-27 11:39:26 +02:00
Erik Arvstedt
1408403dec
bitcoind: clarify how bitcoin-cli RPC access is enabled
It's not immediately clear why rpcuser/rpcpassword are needed in addition to the rpcauth
config entries.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
4790c601a1
bitcoind: move rpc user config to bitcoind
This enables modules-only usage.
The privileged user is needed by bitcoind (cli), the public user is
needed by other services.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
876cfadf1a
bitcoind: add rpc user option 'passwordHMACFromFile'
This allows adding additional rpc users without the need for
user-specific code in preStart.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
59434e79f0
bitcoind: simplify default rpc user name config 2020-08-26 21:16:32 +02:00
Erik Arvstedt
205829b91f
bitcoind: remove whitespace 2020-08-26 21:16:32 +02:00
Erik Arvstedt
91ebc2d517
netns-exec: simplify installation 2020-08-25 14:53:12 +02:00
Erik Arvstedt
809e754851
netns: improve bridge setup
- Explain why we don't use option `networking.bridges`
- Make the bridge setup service part of NixOS' network-setup.service.
  This yields no noticable functional changes for now, but it's
  conceptually cleaner to finish the network setup before network.target
  becomes active.
- Add 'nb-' prefix to service name
2020-08-25 14:53:12 +02:00
Erik Arvstedt
b7450877a0
netns: rename bridge peer devices br-nb-veth* -> nb-veth-br*
This ensures a consistent 'nb-' namespace and simplifies the
dhcpcd.denyInterfaces rules.

Also rename vethName -> veth.
2020-08-25 14:53:12 +02:00
Erik Arvstedt
8bfb7bb2f8
netns: rename bridge br0 -> nb-br
br0 has a high risk of name clashes when nix-bitcoin used as part of a
larger config.
Use a more specific name.
2020-08-25 14:53:08 +02:00
Erik Arvstedt
32e70a7516
netns: move webindex config for modules-only usage
webindex is only available in secure-node.
2020-08-25 11:40:27 +02:00
Erik Arvstedt
121301337b
netns: add option 'allowedUser' for modules-only usage
The dependency on secure-node.nix prevented using nix-bitcoin by just
importing modules.nix.
2020-08-25 11:40:27 +02:00
Erik Arvstedt
9715134f06
netns: don't repeat cli definitions
1. Saves some code.
2. Guarantees that the netns and no-netns cli defs are always in sync.
2020-08-25 11:40:27 +02:00
Erik Arvstedt
e385c73256
netns: separate implementation and service configs
This greatly improves clarity.

Especially the bitcoind-import-banlist.serviceConfig definition was out
of place.
2020-08-25 11:40:27 +02:00
Erik Arvstedt
d0b8d77de2
netns: remove conditionals for service settings
Going without the conditionals (like in secure-node.nix) adds
readability and doesn't reduce evaluation performance (in fact, it
even slightly improves performance due to implementation details
of mkIf).

To avoid errors, remove use of disabled services in secure-node.nix and
nix-bitcoin-webindex.nix.
2020-08-25 11:40:27 +02:00
Erik Arvstedt
0f0f6ddbb9
netns: add comment about undesirable algorithmic complexity
We don't want to be Accidentally Quadratic™
2020-08-25 11:40:26 +02:00
Erik Arvstedt
a3ae8668e6
netns: use map instead of concatMap 2020-08-25 11:40:26 +02:00
Erik Arvstedt
b7fc819be5
netns: consistent var naming
n is used elsewhere in similar contexts.
2020-08-25 11:40:26 +02:00
Erik Arvstedt
5a81693ef3
netns: add range check for netns ids 2020-08-25 11:40:26 +02:00
Erik Arvstedt
74f1610668
netns: clarify addressblock description 2020-08-25 11:40:26 +02:00
Erik Arvstedt
4eb92df08c
netns: remove redundant filter
The 'availableNetns' connection matrix only consists of enabled entries,
so no extra filtering is needed.
Reason: availableNetns starts with the filtered 'base' and is then symmetrised.
2020-08-25 11:40:26 +02:00
Erik Arvstedt
50de54aef1
netns: remove empty connections defs
Like in the netns defintion for bitcoind.
2020-08-25 11:40:26 +02:00
Jonas Nick
0f1f105948
Merge #225: Fix process info restriction
44de5064cd security: don't restrict process info by default for module users (Erik Arvstedt)
a36789b468 test: move security tests to separate function (Erik Arvstedt)
588a0b2405 security: enable full systemd-status for group 'proc' (Erik Arvstedt)
96ea2e671c security: simplify and fix dbus configuration (Erik Arvstedt)
343e026030 rename dbus.nix -> security.nix (Erik Arvstedt)
7367446761 test: rename assert_matches_exactly -> assert_full_match (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 44de5064cd

Tree-SHA512: f782cfdc81b5d6b3da968d0221bd54420791a9f5cd89cde9e62d6d04882d921b5efe9046d975133587b5c2d711c47133b3a5a2351940899a90a28bf16218a7ad
2020-08-24 14:56:05 +00:00
Jonas Nick
322ba5bfff
Add nix-bitcoin.lib for utility functions and types 2020-08-20 21:31:24 +00:00
Erik Arvstedt
44de5064cd
security: don't restrict process info by default for module users 2020-08-20 13:12:07 +02:00