greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
680 Commits 8 Branches 0 Tags
Commit Graph

680 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Erik Arvstedt
205829b91f
bitcoind: remove whitespace 2020-08-26 21:16:32 +02:00
Jonas Nick
5c99656cce
Merge #226: Improve netns-isolation and tests 
e5fb3f6a7fb0f32ec036d2eebfc239528b0345af run-tests: document how to pass extra build args (Erik Arvstedt)
df790f67661cf9e83c39701f7c8e72de0e829d8e run-tests: allow linking test build results for all scenarios (Erik Arvstedt)
91697b1427d4deb6d41dccd5561e3939e076814d test: allow for testing all scenarios (Erik Arvstedt)
28236691aa1d8323a5fb2b0fa62a79f9d88c5328 test: rename scenarios/lib.py -> base.py (Erik Arvstedt)
80da0a41bc21f3297e8223614217a76595bb9d58 test: load complete test environment in debug mode (Erik Arvstedt)
9b4cd7bd1ccb98a3cc9d0ad116dd61094c5166e1 test: simplify scenario handling (Erik Arvstedt)
0f56ea6ad1f04f281dcb2cd2c88215c7b599aa71 test: include scenario in test name (Erik Arvstedt)
9237e5dc3df54036da5ee055c3b40025bf4bb155 test: use pydoc docstring (Erik Arvstedt)
ed73627e0256c69cbaa1e1234b8a248edd7cea36 netns-exec: minor style fixes (Erik Arvstedt)
91ebc2d517bdee91f3909d8abe2c1288105de223 netns-exec: simplify installation (Erik Arvstedt)
809e75485169c4761ee438807df55eacd20731de netns: improve bridge setup (Erik Arvstedt)
b7450877a0445151fd9e9e983d436b1ca514d820 netns: rename bridge peer devices br-nb-veth* -> nb-veth-br* (Erik Arvstedt)
8bfb7bb2f878aa6ad50dd3bae3361c68af82e47f netns: rename bridge br0 -> nb-br (Erik Arvstedt)
32e70a7516a0d9602b6884c0281abc59a85d3228 netns: move webindex config for modules-only usage (Erik Arvstedt)
121301337bd81d1d8a5d7b500b58366347abd467 netns: add option 'allowedUser' for modules-only usage (Erik Arvstedt)
9715134f066fee42101f798ec347d9c3d72057ad netns: don't repeat cli definitions (Erik Arvstedt)
e385c732567a1cdf958f8b6690011e03765cd53b netns: separate implementation and service configs (Erik Arvstedt)
d0b8d77de2018207d8b2e598990ba65db499c08d netns: remove conditionals for service settings (Erik Arvstedt)
0f0f6ddbb97716de7af9a5bbd4519c0ec4e53b95 netns: add comment about undesirable algorithmic complexity (Erik Arvstedt)
a3ae8668e639159d5b63dd3fdc00d166c9c12e11 netns: use map instead of concatMap (Erik Arvstedt)
b7fc819be5cae75a1417c5afcf8376df07f8f03a netns: consistent var naming (Erik Arvstedt)
5a81693ef3e709a630d510c9fbf23c1bca89522d netns: add range check for netns ids (Erik Arvstedt)
74f1610668960dd1579f313707264d8c60b15e56 netns: clarify addressblock description (Erik Arvstedt)
4eb92df08c7ae58d27d74140742826d5fa3a28c7 netns: remove redundant filter (Erik Arvstedt)
50de54aef1e750a40f98ec5ada17e6cfe9d4047e netns: remove empty connections defs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e5fb3f6a7fb0f32ec036d2eebfc239528b0345af
  nixbitcoin:
    ACK e5fb3f6a7fb0f32ec036d2eebfc239528b0345af

Tree-SHA512: e2accf7b5ab5d4c4c07a8f9307409021809326648139424ff7ebaa7be3e628f21d5be8dafabe19b9659d09537a5b3976e2513bc287e79027376b5271006bc214
 2020-08-25 13:29:33 +00:00
Erik Arvstedt
e5fb3f6a7f
run-tests: document how to pass extra build args 2020-08-25 14:58:04 +02:00
Erik Arvstedt
df790f6766
run-tests: allow linking test build results for all scenarios 2020-08-25 14:58:04 +02:00
Erik Arvstedt
91697b1427
test: allow for testing all scenarios 
Test all scenarios by default when running 'build' (which happens
when the script is called without arguments).

Default to scenario 'default' in other test commands like 'debug'.
 2020-08-25 14:53:13 +02:00
Erik Arvstedt
28236691aa
test: rename scenarios/lib.py -> base.py 
This file isn't a scenario, it's also not a lib because it contains
the main share of actual tests.
 2020-08-25 14:53:13 +02:00
Erik Arvstedt
80da0a41bc
test: load complete test environment in debug mode 
Stop just before executing actual tests.
This makes all test functions accessible in debug mode.
 2020-08-25 14:53:12 +02:00
Erik Arvstedt
9b4cd7bd1c
test: simplify scenario handling 
We can switch to a more sophisticated scheme later when adding more scenarios
 2020-08-25 14:53:12 +02:00
Erik Arvstedt
0f56ea6ad1
test: include scenario in test name 2020-08-25 14:53:12 +02:00
Erik Arvstedt
9237e5dc3d
test: use pydoc docstring 2020-08-25 14:53:12 +02:00
Erik Arvstedt
ed73627e02
netns-exec: minor style fixes 
- Use inline variable declarations
- Improve messages
- Fix naming: available -> allowed
- Simplify intro comment
 2020-08-25 14:53:12 +02:00
Erik Arvstedt
91ebc2d517
netns-exec: simplify installation 2020-08-25 14:53:12 +02:00
Erik Arvstedt
809e754851
netns: improve bridge setup 
- Explain why we don't use option `networking.bridges`
- Make the bridge setup service part of NixOS' network-setup.service.
  This yields no noticable functional changes for now, but it's
  conceptually cleaner to finish the network setup before network.target
  becomes active.
- Add 'nb-' prefix to service name
 2020-08-25 14:53:12 +02:00
Erik Arvstedt
b7450877a0
netns: rename bridge peer devices br-nb-veth* -> nb-veth-br* 
This ensures a consistent 'nb-' namespace and simplifies the
dhcpcd.denyInterfaces rules.

Also rename vethName -> veth.
 2020-08-25 14:53:12 +02:00
Erik Arvstedt
8bfb7bb2f8
netns: rename bridge br0 -> nb-br 
br0 has a high risk of name clashes when nix-bitcoin used as part of a
larger config.
Use a more specific name.
 2020-08-25 14:53:08 +02:00
Erik Arvstedt
32e70a7516
netns: move webindex config for modules-only usage 
webindex is only available in secure-node.
 2020-08-25 11:40:27 +02:00
Erik Arvstedt
121301337b
netns: add option 'allowedUser' for modules-only usage 
The dependency on secure-node.nix prevented using nix-bitcoin by just
importing modules.nix.
 2020-08-25 11:40:27 +02:00
Erik Arvstedt
9715134f06
netns: don't repeat cli definitions 
1. Saves some code.
2. Guarantees that the netns and no-netns cli defs are always in sync.
 2020-08-25 11:40:27 +02:00
Erik Arvstedt
e385c73256
netns: separate implementation and service configs 
This greatly improves clarity.

Especially the bitcoind-import-banlist.serviceConfig definition was out
of place.
 2020-08-25 11:40:27 +02:00
Erik Arvstedt
d0b8d77de2
netns: remove conditionals for service settings 
Going without the conditionals (like in secure-node.nix) adds
readability and doesn't reduce evaluation performance (in fact, it
even slightly improves performance due to implementation details
of mkIf).

To avoid errors, remove use of disabled services in secure-node.nix and
nix-bitcoin-webindex.nix.
 2020-08-25 11:40:27 +02:00
Erik Arvstedt
0f0f6ddbb9
netns: add comment about undesirable algorithmic complexity 
We don't want to be Accidentally Quadratic™
 2020-08-25 11:40:26 +02:00
Erik Arvstedt
a3ae8668e6
netns: use map instead of concatMap 2020-08-25 11:40:26 +02:00
Erik Arvstedt
b7fc819be5
netns: consistent var naming 
n is used elsewhere in similar contexts.
 2020-08-25 11:40:26 +02:00
Erik Arvstedt
5a81693ef3
netns: add range check for netns ids 2020-08-25 11:40:26 +02:00
Erik Arvstedt
74f1610668
netns: clarify addressblock description 2020-08-25 11:40:26 +02:00
Erik Arvstedt
4eb92df08c
netns: remove redundant filter 
The 'availableNetns' connection matrix only consists of enabled entries,
so no extra filtering is needed.
Reason: availableNetns starts with the filtered 'base' and is then symmetrised.
 2020-08-25 11:40:26 +02:00
Erik Arvstedt
50de54aef1
netns: remove empty connections defs 
Like in the netns defintion for bitcoind.
 2020-08-25 11:40:26 +02:00
Jonas Nick
0f1f105948
Merge #225: Fix process info restriction 
44de5064cd9f8ae625997955820146b38afedf90 security: don't restrict process info by default for module users (Erik Arvstedt)
a36789b4685cad40725055f8e0a396fec7e1a03c test: move security tests to separate function (Erik Arvstedt)
588a0b240515f7c104914d5b20e3fc5fc68e2a69 security: enable full systemd-status for group 'proc' (Erik Arvstedt)
96ea2e671ca303d25b74a6e92848de3c929a7906 security: simplify and fix dbus configuration (Erik Arvstedt)
343e026030751f97bd8a364dbf3d88515178171f rename dbus.nix -> security.nix (Erik Arvstedt)
73674467616109806c8501f1357b699fadc9b342 test: rename assert_matches_exactly -> assert_full_match (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 44de5064cd9f8ae625997955820146b38afedf90

Tree-SHA512: f782cfdc81b5d6b3da968d0221bd54420791a9f5cd89cde9e62d6d04882d921b5efe9046d975133587b5c2d711c47133b3a5a2351940899a90a28bf16218a7ad
 2020-08-24 14:56:05 +00:00
Jonas Nick
b00e9b6aa3
Merge #222: Add nix-bitcoin.lib for utility functions and types 
322ba5bfff1dc250b28ee6ccffa33316fbf334ce Add nix-bitcoin.lib for utility functions and types (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 322ba5bfff1dc250b28ee6ccffa33316fbf334ce

Tree-SHA512: 61fc91d11c06883ffc15e200dfefd88b4169849c19d3073c76820910c641613e64d01439cc482792a5eaadabeca7711eb838f0f791fcfc70cfa79e2b156f4efc
 2020-08-23 20:53:45 +00:00
Jonas Nick
bfc73f2176
Merge #227: Install.md docs updates 
9e6b280fdd0ee0fa49943e89970af505a606c2a3 docs updates (jurraca)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9e6b280fdd0ee0fa49943e89970af505a606c2a3

Tree-SHA512: ae197a81e74347c7cce77899bb6fbd5397160aa27448e5e8ea43d15a181169705271abaecb4755e9d126e32d9c3eee06620430200e6c2e868d5d85cf0554bd5a
 2020-08-22 07:50:45 +00:00
jurraca
9e6b280fdd docs updates 2020-08-21 21:43:46 +00:00
Jonas Nick
322ba5bfff
Add nix-bitcoin.lib for utility functions and types 2020-08-20 21:31:24 +00:00
Erik Arvstedt
44de5064cd
security: don't restrict process info by default for module users 2020-08-20 13:12:07 +02:00
Erik Arvstedt
a36789b468
test: move security tests to separate function 2020-08-20 13:12:06 +02:00
Erik Arvstedt
588a0b2405
security: enable full systemd-status for group 'proc' 
Previously, systemd-status was broken for all users except root.

Use a 'default' deny policy, which is overridden for group 'proc'.

Add operator to group 'proc'.

Also, remove redundant XML boilerplate.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
96ea2e671c
security: simplify and fix dbus configuration 
Previously, due to the dependency on a helper service, this dbus config
was initially inactive after system boot, allowing for unrestricted use
of the problematic dbus call.
This also broke the accompanying VM test on faster systems.

Remove 'allow' policy for root because it's a no-op:
1. It's overridden by the 'mandatory' deny policy.
2. Root can use all dbus calls anyways, regardless of policy settings.

Also, add some comments.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
343e026030
rename dbus.nix -> security.nix 
This file has a broader scope than just configuring dbus.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
7367446761
test: rename assert_matches_exactly -> assert_full_match 
More precise, needed in a later commit.
 2020-08-20 13:12:05 +02:00
Jonas Nick
72000b4a99
Merge #200: backups: add module 
22c3fd52e142879791950b4ee9a59953c294c986 backups: add feature test (nixbitcoin)
e4fb7a52de6e1f8da2c3140b2dcf53abe44072ea backups: add module (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 22c3fd52e142879791950b4ee9a59953c294c986

Tree-SHA512: 625c1fe4f12ea881b5adb04e07187eae60451402462cd3032b2f741b3f23ee73ea68b98aeb8cfd9206890e8227229cb4ab0cdb5f7935f34fc33fc50dc5df26c9
 2020-08-04 15:38:44 +00:00
nixbitcoin
22c3fd52e1
backups: add feature test 2020-08-04 15:25:39 +00:00
nixbitcoin
e4fb7a52de
backups: add module 2020-08-04 15:25:37 +00:00
Jonas Nick
62f83a71b8
Merge #218: Fix typos 
df89ceed3954b026c9521524aa07f682cddd97a8 Fix typos (practicalswift)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK df89ceed3954b026c9521524aa07f682cddd97a8

Tree-SHA512: 8cd04469dd0c46259790f00f380a840c22f10424c2504a7667e70cfdb03f30801e34f3c53aeffc9259a971484d4a12f1dbe5ceade493c8559e8c00ec011e7c73
 2020-08-04 15:13:09 +00:00
Jonas Nick
3f53d7da40
Merge #217: Concurrent LN 
e650df30d55131632d378a26c1c68ec86a72f67d bitcoind: bump rpcthread count (nixbitcoin)
46e15ee9ccd942075bd99aa2eedbf7162292d4bf tests: make lnd & clightning tests run concurrently (nixbitcoin)
ac96fd59dbcfd81c743deb9c29b4845485f1d48b assertions: make lnd.enable depend on !clightning.enable or port != 9735 (nixbitcoin)
3ed564ea06ab321b14af51e056c266af6f39b1fe lnd: make listen IP address only (nixbitcoin)
716e98789c61f42c6ac082fb32ef81f4843ef4c4 lnd: add listenPort option (nixbitcoin)
43da15557ded1ef36baef50690d5b94ab8b428e0 clightning: refactor bind-addr to be IP address only (nixbitcoin)
d99ccc8445c75f647303fe2277269e8b1fe7fe7c clightning: add bindport option (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e650df30d55131632d378a26c1c68ec86a72f67d

Tree-SHA512: 5c8c2cdd41cd57c60fc91d5752190b7ff905041b09cda32d60d1790960321a86ea5e9e1f7b4519198bcb28372034f86362778d1b960369a23d24c29d0c2ecccf
 2020-08-04 15:10:07 +00:00
nixbitcoin
e650df30d5
bitcoind: bump rpcthread count 2020-08-04 14:46:57 +00:00
nixbitcoin
46e15ee9cc
tests: make lnd & clightning tests run concurrently 2020-08-04 14:07:12 +00:00
nixbitcoin
ac96fd59db
assertions: make lnd.enable depend on !clightning.enable or port != 9735 2020-08-04 14:07:10 +00:00
nixbitcoin
3ed564ea06
lnd: make listen IP address only 2020-08-04 14:07:08 +00:00
nixbitcoin
716e98789c
lnd: add listenPort option 2020-08-04 14:07:06 +00:00
nixbitcoin
43da15557d
clightning: refactor bind-addr to be IP address only 
With typecheck
 2020-08-04 14:07:02 +00:00
practicalswift
df89ceed39 Fix typos 2020-08-04 13:32:06 +00:00