- set -e is implicit
- coreutils are in PATH and don't have to be explicitly referenced (echo is a shell builtin anyways)
- exit 0 is unneeded ('if' statements never fail)
This better fits the semantics of this unit and allows for easier
automated testing whether the service is active.
wantedBy = bindsTo = after = tor.service is the simplest way to ensure
that this unit is always running/restarted in lockstep with tor.
Previously, onion-chef would have stayed inactive in the case
that tor was stopped and then later restarted.
An executable is more robust to use than shell aliases.
This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.
Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
units that depend on secrets. (To keep it simple, it's okay to meet
the secrets dependency indirectly by e.g. depending on bitcoind.)
Various secret deployment methods can use this target by
setting up the secrets before activating the target.
In case of nixops we just specify that nixops' keys.target comes
before nix-bitcoin-secrets.target.
If the target is left undefined in the case of manual secrets
deployment, systemd will simply ignore unit dependencies on
the target.
- Allow all users to access the secrets dir.
The access protection for the individual secret files is unchanged.
This allows us to drop the unit dependency on the nixops 'keys' group.
c36c496507405bfcd059b1fc8b117897a6850b9a banlist: fail on unexpected errors (Erik Arvstedt)
e0276503edc16fb2048f871cb66aae607726430c fixup! ignore banlist errors (like in master) (Erik Arvstedt)
d64156e485f12e99bc9a51d8693221656f9889b7 banlist: don't wait in preStart until bitcoind is ready (Erik Arvstedt)
d87c50a30526fb75b2de225b42eba5c7a37de81e banlist: simplify unit, bind to bitcoind, fix wantedBy (Erik Arvstedt)
39885d37c1e7fbe5c6e3668bd5cf74e8029f3d15 banlist: simplify script, remove package (Erik Arvstedt)
55e73f32e3fb3809e56f8f770334c654d56739e5 bitcoind: add cli option (Erik Arvstedt)
8807b9f6b296f7ab36382c4bda94fc2fbc1b4828 bitcoind: remove 'StateDirectory' (Erik Arvstedt)
Pull request description:
Please see the individual commit messages for more infos.
This time I've used commit msg titles starting with lower-case letters.
I think this style is the simplest and cleanest, especially with
`topic:` prefixes. Let me know if I should reformat this.
Regarding commit `banlist: simplify script, remove package`:
I've added the current version of Greg's banlist, but it has 5600 entries instead of the previous 739. Is this ok?
Rationale for commit `bitcoind: add cli option`:
For some cases it can be useful when bitcoin-cli is an executable instead of a shell alias.
- non-interactive ssh commands like `ssh mynode 'bitcoin-cli getnetworkinfo'`.
This can also be achieved with shell aliases in `environment.shellInit`, but it's good
practice to avoid aliases in noninteractive shells.
- Scripts that call `bitcoin-cli`. The banlist importer which uses this is a good example.
ACKs for top commit:
jonasnick:
ACK c36c496507405bfcd059b1fc8b117897a6850b9a
Tree-SHA512: 31dacf5e5b051ada24151c9884a97cfd83883c2b48e3d25e16f228fb575cb915e1093d12d171a44d25064fda7d7b98a27c897cc4bdace527c52fdf652033a160
Type = "simple" is the default unit type.
Being wanted by bitcoind instead of a system target is more appropriate.
By binding to bitcoind, the service is automatically stopped when
bitcoind exits. This eliminates the bitcoind liveness check in preStart.
We're now directly using Greg's unmodified banlist which
simplifies the update process.
The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.
We're now using the bitcoin-cli from `services.bitcoind.package`.
Fixes#129
46edb39d2f33d0386b683f7a2112b5fe801e4cc7 Add content hashes for pinned channels (Erik Arvstedt)
961e8217a92efd9f92f01a56231dd63bbf947b8d Rename contrib/ to helper/ (Erik Arvstedt)
Pull request description:
Unhashed external content is bad for security and performance (due to
re-fetches when the cache times out).
Use this simple fix until https://github.com/fort-nix/nix-bitcoin/pull/78 is fleshed out.
For testing, run this in the repo root dir:
```bash
nix eval '(import ./pkgs/nixpkgs-pinned.nix)'
```
ACKs for top commit:
jonasnick:
ACK 46edb39d2f33d0386b683f7a2112b5fe801e4cc7
Tree-SHA512: cb098a4714aecf00e8d0f9fe6d388b6322416c1d2f8d55b54dc16328145331a87a71fbf68e2faa85105727cbd6370542799f1c2d84ac2bee90a6710b96eba9bd
6ba4a43193ddb9e486d9194c088a5ca910ab7598 Fix release.nix.patch for our nixops (Jonas Nick)
Pull request description:
Otherwise nix-shell doesn't start up:
```
building '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv'...
patching file release.nix
Hunk #3 FAILED at 83.
1 out of 3 hunks FAILED -- saving rejects to file release.nix.rej
builder for '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv' failed with exit code 1
error: build of '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv' failed
(use '--show-trace' to show detailed location information)
```
CC @erikarvstedt
Top commit has no ACKs.
Tree-SHA512: fd92325f9cf6f44592a0733131efc147669140402fb87a9efb6e407520048b8e84a58ccbf12c9c3a637a24f3d381cfaa54a34e2341e6542eb1e3769447de0f8f
