- set -e is implicit
- coreutils are in PATH and don't have to be explicitly referenced (echo is a shell builtin anyways)
- exit 0 is unneeded ('if' statements never fail)
This better fits the semantics of this unit and allows for easier
automated testing whether the service is active.
wantedBy = bindsTo = after = tor.service is the simplest way to ensure
that this unit is always running/restarted in lockstep with tor.
Previously, onion-chef would have stayed inactive in the case
that tor was stopped and then later restarted.
An executable is more robust to use than shell aliases.
This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.
Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
units that depend on secrets. (To keep it simple, it's okay to meet
the secrets dependency indirectly by e.g. depending on bitcoind.)
Various secret deployment methods can use this target by
setting up the secrets before activating the target.
In case of nixops we just specify that nixops' keys.target comes
before nix-bitcoin-secrets.target.
If the target is left undefined in the case of manual secrets
deployment, systemd will simply ignore unit dependencies on
the target.
- Allow all users to access the secrets dir.
The access protection for the individual secret files is unchanged.
This allows us to drop the unit dependency on the nixops 'keys' group.
Type = "simple" is the default unit type.
Being wanted by bitcoind instead of a system target is more appropriate.
By binding to bitcoind, the service is automatically stopped when
bitcoind exits. This eliminates the bitcoind liveness check in preStart.
We're now directly using Greg's unmodified banlist which
simplifies the update process.
The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.
We're now using the bitcoin-cli from `services.bitcoind.package`.
Fixes#129
0c22af03b7ae2c4b70536210b54b86814f0f9fd5 Allow AnyProtocol for bitcoin if zmq options are set (and not if lnd is enabled) (Jonas Nick)
cf39d88c63303a23e2040cc16807c04f39e6c6f4 Move zmq options from nix-bitcoin.nix to bitcoind module (Jonas Nick)
Pull request description:
... which is a better place for this. CC @cypherpunk2140
Top commit has no ACKs.
Tree-SHA512: 47d1b95fef78ee31711b5ad5a59000adfb0fcd3bbfe82c7321d87f5a6d7c998646d3428a1c86ff9b0103b167501c8cf3b16e00d4e2b5c09425ab09f732f75a57
9d029fd1afff4fe79bf8ea7d89bda64bd4c68dc5 Remove lnd explicit tor onion service config (Ștefan D. Mihăilă)
1f407ef22c88518995e6c90facbea43e618952ad Remove lnd user from onion-chef (Ștefan D. Mihăilă)
588002315882d2e94490efe33f49a209bc10f68d Increase xxd column size (Ștefan D. Mihăilă)
101ae3c37075bb4893652d7c04743fcc18d4ba36 Instruct user to backup channel.backup (Ștefan D. Mihăilă)
fccd91972aa935e9452cf63d75c40764aa1cdfaf Fix "value is a list [...]" error when lnd is not enabled (Ștefan D. Mihăilă)
700fdf6febdc6e4fff3d00482a28f3d0bebb1094 Add logdir and tor.privatekeypath to lnd.conf (Ștefan D. Mihăilă)
5a2517b926516b511bb7879d2c8f1ac5d5e8d8e8 Check for existing secrets and create them more granularly (Ștefan D. Mihăilă)
d6f961db89ab0fdc03658a643fb6b0a6969cb9d1 Reuse lnd seed (Ștefan D. Mihăilă)
9b0753135cfb0ca16df61a48fd157d84b5543a1f Add LND support (Ștefan D. Mihăilă)
4acf5cd32c3ef899fa7900c22e491b7b148b119a Remove unused nginx.csr file (Ștefan D. Mihăilă)
19b971f21f62e5f173488204110bd787c1264263 Rename nginx certificate files (Ștefan D. Mihăilă)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 9d029fd1afff4fe79bf8ea7d89bda64bd4c68dc5
Tree-SHA512: 58ee80bcab6c3a1c4642a5d40b94e10d28311557ae7c69539fee90d6f252a6afc70b8066cc7d7ddc0a45e2675978718a369b0341c518f8ce7590cbde1403eaeb
67a464d0972ce51b57b1501289a94a4b1a8b924d Mention problems with hardened kernel and NUCs in README (Jonas Nick)
7771a4c931f06c75f9f1f27091a67a28cd1cd0a8 Refer to systemd man pages for hardening options (Jonas Nick)
a5e10a82d89d3f486be61ac6902ec86fd64cb6d4 Simplify clightning preStart (Jonas Nick)
Pull request description:
CC @cypherpunk2140
Top commit has no ACKs.
Tree-SHA512: aa726f29e499cc268b21cac8cd07617be591cfdaa89dd0495cb979ebd3e49cc01164af25924c554429a1d35d14167dea276f7d61877452b69f027143cc3eee97
