82a2b148d8
secrets: minor fixes
...
- Improve comment.
- `secretsSetupMethod` is not internal because it can be set to "manual"
by the user.
2021-09-11 15:07:24 +02:00
2c8e29b35b
lnd: extract option `certPath`
...
Improves service encapsulation.
2021-09-11 15:07:24 +02:00
be12a49933
lightning-pool/loop: extract lnd variable
2021-09-11 15:07:24 +02:00
5087ce245f
minor cleanups
...
- btcpayserver: remove unneeded trailing semicolons
- krops/get-sha256:
`tail` is unneeded because `nix-prefetch-url` just outputs a single
line containing the hash.
2021-09-11 15:07:23 +02:00
0d2db4e79f
backups: add option `postgresqlDatabases`
...
This simplifies defining postgresql backups.
This change is covered by tests.py.
2021-09-11 15:07:23 +02:00
9730be9282
joinmarket-yieldgenerator: simplify start script
2021-08-30 13:37:05 +02:00
179b86d19c
joinmarket: allow recreating wallet from seed
...
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
7c5ef32b50
versioning: move list of changes to the top
...
Improves readability.
2021-08-30 13:37:05 +02:00
b15d71605e
joinmarket: fix leaking passwords
...
Previously, `bitcoin-rpcpassword-privileged` and `jm-wallet-password` were
passed as world readable arguments to sed and jm-genwallet subprocesses.
2021-08-30 13:37:04 +02:00
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds
2021-08-30 13:37:04 +02:00
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
...
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1
2021-08-30 09:02:26 +00:00
a8a8b9ce4d
backups: backup NixOS uid, gid mappings
...
Now that service uid, gid mappings are included in the backups, along
with the service data dirs, we can remove 'chown -R' for
clightning and liquidd data dirs.
Note that we used 'chown -R' only for these two services, while this
approach would have been relevant for all services with data dirs.
2021-08-15 22:40:35 +02:00
ee8b83681b
modules: document module dependencies
2021-08-15 22:40:35 +02:00
9f7d048769
modules: move assertion to lnd.nix
...
nix-bitcoin.nix is now no longer dependent on clightning.nix and lnd.nix.
Due to condition '!(config.services ? clightning)' lnd.nix still
doesn't depend on clightning.nix.
Also fix the assertion message by renaming clightning.bindPort to clightning.port.
2021-08-15 22:40:35 +02:00
cce9a3f6b2
modules: move nix-bitcoin options to file 'nix-bitcoin.nix'
...
This allows modules.nix to consist only of a list of modules.
2021-08-15 22:40:35 +02:00
13b4650e84
versioning: add usage comment
2021-08-15 11:29:36 +02:00
ca3c7a281b
secrets: mark option 'secretsSetupMethod' as internal
2021-08-15 11:29:36 +02:00
f9a0fd7a17
nodeinfo: fix indentation
2021-08-15 11:29:36 +02:00
1ef8cbb384
joinmarket: fix allowRunAsUsers setting
...
This option requires user names instead of groups.
2021-08-15 11:29:35 +02:00
fb36f2abe5
joinmarket-ob-watcher: use consistent mode formatting
...
Remove redundant leading zero.
2021-08-15 11:29:34 +02:00
f14af1fc48
treewide: use consistent echo message formatting
...
Quote the echo message.
2021-08-15 11:29:34 +02:00
b8043d3db5
treewide: use consistent bash script indentation
...
Always use two spaces.
2021-08-15 11:29:34 +02:00
c758d68ea4
lib: rename privileged -> rootScript
...
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
a2454975a5
doas: fix recursive calls to doas
...
Doas was broken for recursive calls like `doas -u operator lncli`
where `lncli` internally calls doas.
2021-08-14 10:46:42 +02:00
161baa7e68
joinmarket-ob-watcher: allow required 'mbind' system call
2021-08-14 10:46:41 +02:00
a0e5894f1f
backups: remove illegal option definition
2021-08-14 10:46:41 +02:00
35fe939cf8
security: update /proc restriction mechanism
...
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.
Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
178a0dcf8f
services: use new 'tor' options
2021-08-14 10:46:41 +02:00
e44f78ebb8
services: set isSystemUser for service users
...
'isSystemUser' has to be explicitly set in NixOS 21.05.
Previously, it was the implicit default.
2021-08-14 10:46:40 +02:00
a25ceecca5
update to NixOS 21.05
2021-08-12 11:18:26 +02:00
1ecd9756f6
Merge fort-nix/nix-bitcoin#369 : BTCPayServer L-BTC Support
...
54810ce1bfb24c14ec61b7225f5d1154810ce1bf
2021-08-10 12:23:46 +00:00
881a3aa004
joinmarket: use preStart, postStart
2021-08-10 10:12:42 +00:00
e2c6eb6681
joinmarket: create bitcoind wallet
...
Starting with 0.21.0, bitcoin no longer automatically creates and loads
a default wallet.
This was being ignored because of a JoinMarket issue [1] in CI builds prior
to this version. Now a watch-only Bitcoin Core wallet is created in ExecStartPost.
[1] https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/812
2021-08-10 10:12:37 +00:00
6258d64cb6
joinmarket: run with group 'bitcoin'
...
Don't copy bitcoin-rpcpassword-privileged as root, instead run service
with group "bitcoin".
Same effect, less complexity. Note, PoLP still obeyed for joinmarket-ob-watcher.
2021-08-10 10:12:33 +00:00
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
...
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00
54810ce1bf
btcpayserver: add L-BTC support
2021-08-10 10:04:54 +00:00
b24c14ec61
liquidd: make regtest capable
2021-08-10 10:04:22 +00:00
637a58d826
lnd: improve waiting for active RPC server
...
- Simplify
- Add comment
- Avoid the unneeded default call to sleep
2021-07-29 20:27:34 +02:00
adeccce06e
lnd: simplify use of curl
2021-07-29 20:27:33 +02:00
b666bb2903
charge-lnd: add module
2021-07-12 17:36:31 +02:00
ce10003747
lnd: allow curl to retry in the create-wallet script
2021-07-08 13:10:16 +00:00
a23b9d1c2d
lnd: check that state is RPC_ACTIVE after unlocking
...
The state service is newly introduced in lnd 0.13.0.
2021-07-07 13:15:04 +00:00
c75347027b
lnd: don't wait until the RPC port is open after unlocking
...
According to the release notes of lnd 0.13.0 [0] the RPC service is available at
all times.
[0] https://github.com/lightningnetwork/lnd/releases/tag/v0.13.0-beta
2021-07-07 13:12:50 +00:00
7914405ced
clboss: add option for using custom package
2021-04-13 14:12:39 +00:00
3b938a909f
add hardened-extended preset
2021-04-02 10:59:09 +00:00
08fe9ba84a
services: add finer-grained address family restrictions
...
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.
bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.
lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.
lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
2021-03-22 14:35:29 +01:00
020433cec6
services: add helper fn setAllowedIPAddresses
...
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
cdf27d9d0c
bitcoind: improve service timeouts
...
- Improve readability by using minutes
- set `TimeoutStopSec` like in bitcoin/contrib/init/bitcoind.service.
Stopping bitcoind can exceed the default timeout during IBD.
2021-03-16 12:46:19 +01:00
09cd3ce5e4
lnd: show curl error messages
2021-03-16 12:46:19 +01:00
Erik Arvstedt
nixbitcoin
Jonas Nick
Martin Milata