Commit Graph

517 Commits

Author SHA1 Message Date
Erik Arvstedt
b90bf6691b
add generate-secrets.service 2020-01-12 20:02:01 +01:00
Erik Arvstedt
6447694214
add generate-secrets pkg
generate-secrets.sh will also be used in generate-secrets.nix, so DRY
its dependency definitions.
2020-01-12 20:02:01 +01:00
Erik Arvstedt
e34093a8ac
generate_secrets.sh: add opensslConf option
Needed for the following commit.
2020-01-12 20:02:01 +01:00
Erik Arvstedt
9d14d5ba64
generate_secrets.sh: write secrets to working directory
Write to $PWD instead to ./secrets.
1. Simplifies the code
2. Easier to use in generate-secrets.service (introduced in a later commit)
2020-01-12 20:02:01 +01:00
Erik Arvstedt
51fb054001
generate_secrets.sh: extract makepw command
This makes it obvious that all passwords are generated with the same parameters
2020-01-12 20:02:01 +01:00
Erik Arvstedt
e3b47ce18a
add setup-secrets.service 2020-01-12 20:02:01 +01:00
Erik Arvstedt
437b268433
extract make-secrets.nix
Needed by the next commit.
2020-01-12 20:02:00 +01:00
Erik Arvstedt
f9c29b9318
simplify secret definitions 2020-01-12 20:02:00 +01:00
Erik Arvstedt
cd0fd6926b
don't copy secret files to store during nixops deployment 2020-01-12 20:02:00 +01:00
Erik Arvstedt
f0a36fe0c7
add 'nix-bitcoin-services' option
1. Makes the content easily accessible for module users
2. Avoids needlessly recalculating the attrset in every client module
2020-01-12 20:02:00 +01:00
Jonas Nick
a5471bfb49
Merge #132: Update assumevalid to block 605181
43507a7ce5 Update assumevalid to block 605181 (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 717b4885aad72b5ac86e1d7c9644732e6559055cef138f1a8adad0414760886ef58593fe24717cd070ce86728df9e738613f26c7f08a7c711088226f04f394f3
2020-01-09 23:36:55 +00:00
Erik Arvstedt
7aaf30501c
nix-bitcoin-services: simplify formatting 2020-01-09 10:43:30 +01:00
Erik Arvstedt
760da232e0
add nix-bitcoin pkgs namespace
Not polluting the main pkgs namespace with internal pkgs makes it
easier to integrate the nix-bitcoin modules into a larger config.

Also, by overriding the nix-bitcoin namespace, users can now easily set the
packages used by services that offer no explicit `package` option, like `clightning`.
2020-01-09 10:43:30 +01:00
Erik Arvstedt
6def181dbc
add modules.nix
Importing modules.nix enables the stand-alone use of the modules, without the
config presets of nix-bitcoin.nix.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
3b842e5fe7
add nix-bitcoin-secrets.target
Remove use of nixops-specific 'keys' group and key services.
Instead:
- Add nix-bitcoin-secrets.target, which should be required by all
  units that depend on secrets. (To keep it simple, it's okay to meet
  the secrets dependency indirectly by e.g. depending on bitcoind.)

  Various secret deployment methods can use this target by
  setting up the secrets before activating the target.
  In case of nixops we just specify that nixops' keys.target comes
  before nix-bitcoin-secrets.target.

  If the target is left undefined in the case of manual secrets
  deployment, systemd will simply ignore unit dependencies on
  the target.

- Allow all users to access the secrets dir.
  The access protection for the individual secret files is unchanged.
  This allows us to drop the unit dependency on the nixops 'keys' group.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
bbf2bbc04a
network.nix: simplify import of main config 2020-01-09 10:43:29 +01:00
Erik Arvstedt
7e021a2629
simplify overlay.nix
Move pkg definitions to pkgs/default.nix.
This allows us to just import the pkgs in overlay.nix and get rid of
the filtering to exclude the modules.
2020-01-09 10:43:29 +01:00
Erik Arvstedt
07dc3e04ac
move bitcoinrpc group definition to bitcoind
services.bitcoind has a strict dependency on the 'bitcoinrpc' group
via the 'bitcoin-rpcpassword' secret.
2019-11-27 14:05:19 +01:00
Erik Arvstedt
d61b185c3a
simplify user and group definitions 2019-11-27 14:05:19 +01:00
Jonas Nick
43507a7ce5
Update assumevalid to block 605181 2019-11-24 05:19:19 +00:00
Jonas Nick
6c69eb8576
Merge #131: Update nixpkgs
5575878aad Update nixpkgs (Jonas Nick)
ab35dc29eb Update hwi 1.0.1 -> 1.0.3 Also remove unstable hwi build from travis because hwi requires mnemonic <0.19.0 but nixpkgs unstable has 0.19.0. (Jonas Nick)
44372e764f Update nixpkgs (Jonas Nick)

Pull request description:

  Updates clightning to 0.7.3.

Top commit has no ACKs.

Tree-SHA512: d730cb2e46f282454e483192d0f91c4b8463ca40ae9f4a5a5a5ff01861fad349a03ab780b3151937ec35e9f70a7b2d470495002bcab8d174176b7d49cce62c7d
2019-11-23 13:06:48 +00:00
Jonas Nick
5575878aad
Update nixpkgs 2019-11-18 23:25:32 +00:00
Jonas Nick
ab35dc29eb
Update hwi 1.0.1 -> 1.0.3
Also remove unstable hwi build from travis because hwi requires mnemonic
<0.19.0 but nixpkgs unstable has 0.19.0.
2019-11-17 14:20:47 +00:00
Jonas Nick
44372e764f
Update nixpkgs 2019-11-16 21:47:06 +00:00
Jonas Nick
b5321cf939
Merge #130: Improve banlist importer
c36c496507 banlist: fail on unexpected errors (Erik Arvstedt)
e0276503ed fixup! ignore banlist errors (like in master) (Erik Arvstedt)
d64156e485 banlist: don't wait in preStart until bitcoind is ready (Erik Arvstedt)
d87c50a305 banlist: simplify unit, bind to bitcoind, fix wantedBy (Erik Arvstedt)
39885d37c1 banlist: simplify script, remove package (Erik Arvstedt)
55e73f32e3 bitcoind: add cli option (Erik Arvstedt)
8807b9f6b2 bitcoind: remove 'StateDirectory' (Erik Arvstedt)

Pull request description:

  Please see the individual commit messages for more infos.

  This time I've used commit msg titles starting with lower-case letters.
  I think this style is the simplest and cleanest, especially with
  `topic:` prefixes. Let me know if I should reformat this.

  Regarding commit `banlist: simplify script, remove package`:
  I've added the current version of Greg's banlist, but it has 5600 entries instead of the previous 739. Is this ok?

  Rationale for commit `bitcoind: add cli option`:
  For some cases it can be useful when bitcoin-cli is an executable instead of a shell alias.
    - non-interactive ssh commands like `ssh mynode 'bitcoin-cli getnetworkinfo'`.
      This can also be achieved with shell aliases in `environment.shellInit`, but it's good
      practice to avoid aliases in noninteractive shells.
    - Scripts that call `bitcoin-cli`. The banlist importer which uses this is a good example.

ACKs for top commit:
  jonasnick:
    ACK c36c496507

Tree-SHA512: 31dacf5e5b051ada24151c9884a97cfd83883c2b48e3d25e16f228fb575cb915e1093d12d171a44d25064fda7d7b98a27c897cc4bdace527c52fdf652033a160
2019-11-16 20:37:43 +00:00
Erik Arvstedt
c36c496507
banlist: fail on unexpected errors
Also, don't output the 'already banned' error message
2019-11-14 13:06:21 +01:00
Erik Arvstedt
e0276503ed
fixup! ignore banlist errors (like in master) 2019-11-14 13:04:42 +01:00
Erik Arvstedt
d64156e485
banlist: don't wait in preStart until bitcoind is ready
preStart is meant for short-run scripts, but bitcoind can take a long
time until it accepts commands, especially on low-powered systems.

Fixes #122
2019-11-12 19:59:06 +01:00
Erik Arvstedt
d87c50a305
banlist: simplify unit, bind to bitcoind, fix wantedBy
Type = "simple" is the default unit type.

Being wanted by bitcoind instead of a system target is more appropriate.

By binding to bitcoind, the service is automatically stopped when
bitcoind exits. This eliminates the bitcoind liveness check in preStart.
2019-11-12 19:44:44 +01:00
Erik Arvstedt
39885d37c1
banlist: simplify script, remove package
We're now directly using Greg's unmodified banlist which
simplifies the update process.

The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.

We're now using the bitcoin-cli from `services.bitcoind.package`.

Fixes #129
2019-11-12 19:42:33 +01:00
Erik Arvstedt
55e73f32e3
bitcoind: add cli option 2019-11-12 19:41:29 +01:00
Erik Arvstedt
8807b9f6b2
bitcoind: remove 'StateDirectory'
This option is useless because we're doing our own state dir management
via 'dataDir'.
2019-11-12 19:41:29 +01:00
Jonas Nick
bea9a87aae
Merge #128: Add content hashes for pinned channels
46edb39d2f Add content hashes for pinned channels (Erik Arvstedt)
961e8217a9 Rename contrib/ to helper/ (Erik Arvstedt)

Pull request description:

  Unhashed external content is bad for security and performance (due to
  re-fetches when the cache times out).
  Use this simple fix until https://github.com/fort-nix/nix-bitcoin/pull/78 is fleshed out.

  For testing, run this in the repo root dir:
  ```bash
  nix eval '(import ./pkgs/nixpkgs-pinned.nix)'
  ```

ACKs for top commit:
  jonasnick:
    ACK 46edb39d2f

Tree-SHA512: cb098a4714aecf00e8d0f9fe6d388b6322416c1d2f8d55b54dc16328145331a87a71fbf68e2faa85105727cbd6370542799f1c2d84ac2bee90a6710b96eba9bd
2019-11-11 19:50:26 +00:00
Erik Arvstedt
46edb39d2f
Add content hashes for pinned channels 2019-11-11 18:45:17 +01:00
Erik Arvstedt
961e8217a9
Rename contrib/ to helper/ 2019-11-11 18:45:17 +01:00
Jonas Nick
903ab4a4a8
Merge #127: Fix release.nix.patch for our nixops
6ba4a43193 Fix release.nix.patch for our nixops (Jonas Nick)

Pull request description:

  Otherwise nix-shell doesn't start up:

  ```
  building '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv'...
  patching file release.nix
  Hunk #3 FAILED at 83.
  1 out of 3 hunks FAILED -- saving rejects to file release.nix.rej
  builder for '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv' failed with exit code 1
  error: build of '/nix/store/c03b0sb0b822m7n1j0rhg8bfbmqv2vv2-src.drv' failed
  (use '--show-trace' to show detailed location information)
  ```
  CC @erikarvstedt

Top commit has no ACKs.

Tree-SHA512: fd92325f9cf6f44592a0733131efc147669140402fb87a9efb6e407520048b8e84a58ccbf12c9c3a637a24f3d381cfaa54a34e2341e6542eb1e3769447de0f8f
2019-11-11 08:52:34 +00:00
Jonas Nick
6ba4a43193
Fix release.nix.patch for our nixops 2019-11-10 21:33:26 +00:00
Jonas Nick
a47f1e12c8
Merge #125: Fix virtualbox deployment for 19.09
cfafcb5d32 Fix virtualbox deployment for 19.09 (Erik Arvstedt)

Pull request description:

  Without this, starting the virtualbox guest service fails during machine activation.
  This is due to an incompatible NixOS machine base image.
  Fix this by using an updated version of nixops.

  I've already reported [this issue](https://github.com/NixOS/nixops/issues/1207) upstream.

  @jonasnick, could you check if this new nixops version works
  correctly for your non-virtualbox deployments?

Top commit has no ACKs.

Tree-SHA512: ac8a86ec11739c4bd527c45438bbbd92cb8a5b94509d45a56a22c3294419a78e01cdfa9a9cac17be84b9a1dd79eee35150eb182904265c3fbf387be59d8d85d3
2019-11-10 20:31:18 +00:00
Erik Arvstedt
cfafcb5d32
Fix virtualbox deployment for 19.09
Without this, starting the virtualbox guest service fails during machine activation.
This is due to an incompatible NixOS machine base image.
Fix this by using an updated version of nixops.
2019-11-10 21:06:17 +01:00
Jonas Nick
6c6716e2b3
Merge #126: Set default size of the virtualbox machine disk
6e26453689 Set default size of the virtualbox machine disk (Erik Arvstedt)

Pull request description:

  This eliminates the manual resize step in vbox deployment

ACKs for top commit:
  jonasnick:
    ACK 6e26453689

Tree-SHA512: 31521de732ad891af94c007bf6a9947131b476c904c84c8cad35786e95b08a26b29eacc58041877f4ef80ebebd1bf1c2e863694022c72e56130c02d7417332b4
2019-11-09 19:55:54 +00:00
Jonas Nick
6157a79956
Merge #118: Move zmq options from nix-bitcoin.nix to bitcoind module
0c22af03b7 Allow AnyProtocol for bitcoin if zmq options are set (and not if lnd is enabled) (Jonas Nick)
cf39d88c63 Move zmq options from nix-bitcoin.nix to bitcoind module (Jonas Nick)

Pull request description:

  ... which is a better place for this. CC @cypherpunk2140

Top commit has no ACKs.

Tree-SHA512: 47d1b95fef78ee31711b5ad5a59000adfb0fcd3bbfe82c7321d87f5a6d7c998646d3428a1c86ff9b0103b167501c8cf3b16e00d4e2b5c09425ab09f732f75a57
2019-11-09 19:47:47 +00:00
Jonas Nick
0c22af03b7
Allow AnyProtocol for bitcoin if zmq options are set (and not if lnd is enabled) 2019-11-09 19:44:06 +00:00
Erik Arvstedt
6e26453689
Set default size of the virtualbox machine disk
This eliminates the manual resize step in vbox deployment
2019-11-08 16:01:47 +01:00
Jonas Nick
a50dc981af
Merge #124: Update to NixOS 19.09
664c5c6762 Switch from python 3.5 to python 3.x for trezor (Jonas Nick)
8dd27b6334 Use types.str instead of types.string to avoid warning (Jonas Nick)
09d2df1a81 Use stable tor module instead of unstable which we had to use because stable didn't support v3 onion services (Jonas Nick)
b2fb83c910 Use our own bitcoind module instead of nixpkgs' (Jonas Nick)
26d2e11a6b Update to NixOS 19.09 (Jonas Nick)
1d022f2017 Remove PyQt dependency from liquid-swap tool because it doesn't work with NixOs 19.09 and we don't need it anyway (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    Tested ACK 664c5c6762

Tree-SHA512: eecbb15011ce8849b8c54788e296109a7f0529286b5a38cd2dd90268cbd03ca396555296ac2018e7e82d88cace18d97ab69201a252b30b3b87db0ae136c410c5
2019-11-07 22:36:32 +00:00
Jonas Nick
664c5c6762
Switch from python 3.5 to python 3.x for trezor 2019-10-28 20:59:15 +00:00
Jonas Nick
8dd27b6334
Use types.str instead of types.string to avoid warning 2019-10-28 20:59:15 +00:00
Jonas Nick
09d2df1a81
Use stable tor module instead of unstable which we had to use because stable didn't support v3 onion services 2019-10-28 20:59:15 +00:00
Jonas Nick
b2fb83c910
Use our own bitcoind module instead of nixpkgs' 2019-10-28 20:59:07 +00:00
Jonas Nick
26d2e11a6b
Update to NixOS 19.09 2019-10-28 20:58:57 +00:00
Jonas Nick
1d022f2017
Remove PyQt dependency from liquid-swap tool because it doesn't work with NixOs 19.09 and we don't need it anyway 2019-10-27 16:48:26 +00:00