Erik Arvstedt
e8b47f099c
examples: add deploy-krops.sh
2021-03-15 19:02:58 +01:00
Jonas Nick
fe118b28ff
examples: add krops deployment method
2021-03-15 18:53:07 +01:00
Erik Arvstedt
03db1a61b1
lnd, joinmarket: don't write to secrets dir
...
Keeping the secrets dir read-only is more simple and robust.
- lnd seed mnemonic creation and joinmarket wallet creation can be
run as the regular service user instead of root.
- It is easier to switch to a third-party secrets deployment
method in the future.
Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
2021-03-15 18:50:15 +01:00
Erik Arvstedt
b701cb5603
secrets: add option 'generateSecrets'
...
Move this feature from a module preset to a regular option, so that it's
easily discoverable and accessible.
Simplify the implementation of `generateSecrets` by adding it to the
existing `setup-secrets` service script.
Also rename option setup-secrets -> setupSecrets.
2021-03-15 12:42:52 +00:00
Erik Arvstedt
03515a8da6
examples/qemu: disable hardened preset
...
- Hardening is irrelevant in examples
- The decreased performance is especially noticeable in VMs
2021-03-15 12:42:52 +00:00
Erik Arvstedt
908af3bfb8
examples/deploy-qemu-vm: show progress when waiting
...
This improves the user experience on VM startup, which can take a few
seconds.
2021-03-15 12:42:51 +00:00
Erik Arvstedt
ccba86a0f0
examples: extract common features for running QEMU VMs
...
Needed by commit: "examples: add deploy-krops.sh"
2021-03-15 12:42:51 +00:00
Erik Arvstedt
cb3d5446c8
examples: use relative paths to example files
...
This ensures that the examples files from the current example dir are used.
Previously, the default examples from the nix-bitcoin source were used.
2021-03-15 12:42:51 +00:00
Jonas Nick
a4dabc7390
Remove nixops examples and documentation
2021-03-15 12:42:47 +00:00
kon
eb21012745
pool: add pkg, module & tests
2021-03-01 10:59:35 +01:00
Jonas Nick
f9683889d9
Merge #312 : Refactorings, cleanups
...
0a2c8e4864
run-tests: add option --copy-src (Erik Arvstedt)
803584a288
backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a
ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412
services: add names for systemd helper scripts (Erik Arvstedt)
6982699613
services: use consistent layout (Erik Arvstedt)
a43534dda0
services: improve config file setup (Erik Arvstedt)
18f2002cf0
joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415c
joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f
joinmarket: fix wallet creation (Erik Arvstedt)
7458350108
treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939c
treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13
treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf
treewide: remove user descriptions (Erik Arvstedt)
4f6ff408ef
treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1
treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de
treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a
defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e
README: minor improvements (Erik Arvstedt)
13fc9dfabf
examples: improve introductory comments (Erik Arvstedt)
af2040f4c4
netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e
bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1d
elementsd: minor refactoring (Erik Arvstedt)
f0850d3f23
btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 0a2c8e4864
Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:32:03 +00:00
Jonas Nick
2ebd1129a5
Merge #317 : Pkg updates
...
a0f48c9de9
examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35
secp256k1: move to top-level packages (Erik Arvstedt)
d41a843167
jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03af
extra-container: 0.5 -> 0.6 (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK a0f48c9de9
jonasnick:
ACK a0f48c9de9
Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
2021-02-07 21:44:10 +00:00
Erik Arvstedt
13fc9dfabf
examples: improve introductory comments
2021-02-07 22:39:05 +01:00
nixbitcoin
a0f48c9de9
examples: fix deploy-container interactive flag
2021-02-06 11:43:36 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService'
2021-02-05 09:17:14 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing
2021-01-31 22:26:49 +01:00
Erik Arvstedt
44546561fc
run-tests: allow defining scenarios via cmdline args
...
This simplifies running self-contained scenarios for testing and debugging.
2021-01-30 11:38:47 +01:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
Erik Arvstedt
f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
nixbitcoin
bcedf69549
readme: update and split into various parts
2020-12-30 15:59:22 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
3403795c86
tests: add example scripts
2020-12-18 19:56:56 +01:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
Ian Shipman
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
Jonas Nick
5ec9ea1f6d
Merge #250 : Improve examples
...
b574cb097f
examples: add deploy-container-minimal.sh (Erik Arvstedt)
e6340426c1
deploy-container.sh: fix sudo (Erik Arvstedt)
c19f7ebb01
examples: add option --interactive|-i (Erik Arvstedt)
33ff8d82be
examples: fix running outside of examples dir (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK b574cb097f
Tree-SHA512: 1cf73206af950b157c87476a205e035311416ebb801f90f573868a8c0b8437f900e8b5b85e45e3bacbd3235972b4d3d311de394c63dd93fe4c222919d3364851
2020-10-20 11:18:43 +00:00
Jonas Nick
6933b0ef47
Merge #251 : Services: Auto-enable dependencies
...
67e49fe415
services: auto-enable dependencies (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 67e49fe415
Tree-SHA512: 6e0f2e2ca4acdb7c5edd41eb3b56a9e95fc6d2ea9cfd08c1142429f88455c9d771f2f2be6339336448a289632f9768c4ae8f6c307038c5aa69c48b303043dda0
2020-10-20 11:17:10 +00:00
Erik Arvstedt
b574cb097f
examples: add deploy-container-minimal.sh
2020-10-20 12:35:23 +02:00
Erik Arvstedt
67e49fe415
services: auto-enable dependencies
2020-10-19 14:55:59 +02:00
Erik Arvstedt
d2dbad256f
shell.nix: fix failing generate-secrets
...
generate-secrets failed due to the `PYTHONPATH` env var that was set
through the nixops19_09 buildInput.
Fixes:
- Don't pull in the build environments of binaries that should be
available in PATH. Only extend PATH instead.
- Run generate-secrets in an empty environment
2020-10-19 11:35:32 +02:00
Erik Arvstedt
e6340426c1
deploy-container.sh: fix sudo
...
The 'echo sudo' approach used previously failed when PATH or
NIX_PATH contains spaces. Exec the script with sudo instead.
2020-10-18 13:42:58 +02:00
Erik Arvstedt
c19f7ebb01
examples: add option --interactive|-i
2020-10-18 13:42:58 +02:00
Erik Arvstedt
33ff8d82be
examples: fix running outside of examples dir
2020-10-18 13:42:54 +02:00
Erik Arvstedt
d3ece59919
add module 'versioning'
2020-10-16 23:23:00 +02:00
Erik Arvstedt
1cc432a136
examples/deploy-container: use new extra-container features
2020-10-16 15:53:34 +02:00
Erik Arvstedt
16b2783ae7
examples: enable running outside of working dir
2020-10-16 15:53:34 +02:00
Erik Arvstedt
ac6cee5c12
pkgs: add extra-container
2020-10-11 19:40:26 +02:00
nixbitcoin
173891fa5b
joinmarket: add module
2020-09-22 13:50:37 +00:00
nixbitcoin
15b574faa7
nbxplorer/btcpayserver: add module
2020-09-15 12:09:12 +00:00
nixbitcoin
e4fb7a52de
backups: add module
2020-08-04 15:25:37 +00:00
nixbitcoin
ac96fd59db
assertions: make lnd.enable depend on !clightning.enable or port != 9735
2020-08-04 14:07:10 +00:00
nixbitcoin
491d83a658
lightning-loop: add module
2020-07-28 15:55:52 +00:00
nixbitcoin
f3d2aaa5d4
lnd: prepare for netns and bring in line with clightning
...
- Adds bitcoind-host, and tor-socks options to allow using with
network namespaces.
- Adds listen, rpclisten, and restlisten option to specify host on which
to listen on for peer, rpc and rest connections respectively
- Adds announce-tor option and generates Tor Hidden Service with nix
instead of lnd to bring in line with clightning.
WARNING: Breaking changes for Tor Hidden Service. Manual migration
necessary.
2020-07-21 09:38:32 +00:00
nixbitcoin
65b5dab3d4
clightning: add announce-tor
...
From the clightning manpage:
autolisten=BOOL By default, we bind (and maybe announce) on IPv4 and
IPv6 interfaces if no addr, bind-addr or announce-addr options are
specified. Setting this to false disables that.
We already set bind-addr by default, so autolisten had no effect.
Therefore, this commit replaces autolisten with the more granular
announce-addr option.
For now we are Tor-only, so we only need to announce our hidden service
to accept incoming connections. In the future, we can add clearnet
connectivity with `addr` and route connections into our netns with NAT.
2020-07-21 09:38:26 +00:00
nixbitcoin
e5e07b91f7
netns-isolation: netns architecture
...
- Adds network namespace instantiation and routing architecture.
- netns-isolation disabled by default. Can be enabled with
configuration.nix FIXME.
- Uses mkMerge to toggle certain options for non netns and netns
systems.
- Adds security wrapper for netns-exec which allows operator to exec
with cap_sys_admin
- User can select the 169.254.N.0/24 addressblock netns's are created in.
- nix-bitcoin-services IpAddressAllow is amended with link-local
addresses
2020-07-21 09:38:20 +00:00
nixbitcoin
23cd323ad1
assertions: add lnd, clightning exclusivity
2020-06-15 13:02:58 +00:00
nixbitcoin
0ad524ca2d
example config: clarify nix-bitcoin will auto-detect invalid settings
2020-06-15 10:56:01 +00:00
nixbitcoin
c16924b850
example config: change hwi excluding dependency to high-memory
...
HWI can be enabled if electrs is enabled as long as electrs.high-memory
is disabled.
2020-06-15 10:55:59 +00:00
nixbitcoin
0fd99c4cc0
bitcoind: simplify pruning
...
Remove the possible null value for bitcoind.prune and set prune = 0 in
bitcoind as a default. Remove prune = 0 in secure-node.nix and the
mkForce in configuration.nix (bitcoind.prune = lib.mkForce ).
2020-06-15 10:55:57 +00:00
nixbitcoin
b9a7a71873
example config: document enabling pruning
2020-06-15 10:55:55 +00:00
Erik Arvstedt
0f1ee5f533
examples: improve shell session usability
...
- Add usage prompt when starting shell sessions
- Give all examples an uniform interface ("c") for running commands
or starting a shell on the node.
2020-05-17 23:53:32 +02:00
Erik Arvstedt
719dcd77bb
examples: execute bash sessions in script environment
...
Previously, the sessions contained only explicitly exported variables
and functions.
This was fragile and in part buggy due to lacking exports.
Interactive features like user-defined aliases and functions are still
working as before.
2020-05-17 14:30:39 +02:00
nixbitcoin
742aef1e0f
Only set dataDirReadableByGroup if cfg.high-memory is enabled
2020-04-24 16:21:12 +02:00
Erik Arvstedt
ade3f84317
examples: add shell session snippets
2020-04-15 18:55:02 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
...
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix
2020-04-08 17:35:12 +02:00
Jonas Nick
5ed0284db9
Add fetch-release script
...
This allows getting the hash of the latest (or some other) release
using github releases and gpg verification.
2020-04-08 07:01:35 +00:00
Erik Arvstedt
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells
...
This avoids an extra delay and the unexpected creation of secrets when
run in another dir.
Needed for the 'fetch-release' script introduced in a later commit.
2020-03-30 11:00:31 +02:00
Erik Arvstedt
9df22a2764
add deploy-qemu-vm.sh example
2020-03-30 10:56:57 +02:00
Erik Arvstedt
abcee651d3
add deploy-container.sh
2020-03-30 10:49:15 +02:00
Erik Arvstedt
5dadea310c
add deploy-nixops.sh
2020-03-24 21:43:22 +00:00
Erik Arvstedt
0c74c365de
mention performance loss with hardened kernel profile
2020-03-24 21:43:22 +00:00
Erik Arvstedt
f3121892ef
move main module import to configuration.nix
2020-03-24 21:43:21 +00:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir'
2020-03-24 21:43:21 +00:00
Jonas Nick
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module
...
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
2020-03-24 21:43:17 +00:00