greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
654 Commits 8 Branches 0 Tags
Commit Graph

654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonas Nick
438dde84fe
Replace sks-keyservers.net with keyserver.ubuntu.com 
sks-keyservers fail most of the time.
 2020-08-25 12:39:54 +00:00
Jonas Nick
0f1f105948
Merge #225: Fix process info restriction 
44de5064cd9f8ae625997955820146b38afedf90 security: don't restrict process info by default for module users (Erik Arvstedt)
a36789b4685cad40725055f8e0a396fec7e1a03c test: move security tests to separate function (Erik Arvstedt)
588a0b240515f7c104914d5b20e3fc5fc68e2a69 security: enable full systemd-status for group 'proc' (Erik Arvstedt)
96ea2e671ca303d25b74a6e92848de3c929a7906 security: simplify and fix dbus configuration (Erik Arvstedt)
343e026030751f97bd8a364dbf3d88515178171f rename dbus.nix -> security.nix (Erik Arvstedt)
73674467616109806c8501f1357b699fadc9b342 test: rename assert_matches_exactly -> assert_full_match (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 44de5064cd9f8ae625997955820146b38afedf90

Tree-SHA512: f782cfdc81b5d6b3da968d0221bd54420791a9f5cd89cde9e62d6d04882d921b5efe9046d975133587b5c2d711c47133b3a5a2351940899a90a28bf16218a7ad
 2020-08-24 14:56:05 +00:00
Jonas Nick
b00e9b6aa3
Merge #222: Add nix-bitcoin.lib for utility functions and types 
322ba5bfff1dc250b28ee6ccffa33316fbf334ce Add nix-bitcoin.lib for utility functions and types (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 322ba5bfff1dc250b28ee6ccffa33316fbf334ce

Tree-SHA512: 61fc91d11c06883ffc15e200dfefd88b4169849c19d3073c76820910c641613e64d01439cc482792a5eaadabeca7711eb838f0f791fcfc70cfa79e2b156f4efc
 2020-08-23 20:53:45 +00:00
Jonas Nick
bfc73f2176
Merge #227: Install.md docs updates 
9e6b280fdd0ee0fa49943e89970af505a606c2a3 docs updates (jurraca)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9e6b280fdd0ee0fa49943e89970af505a606c2a3

Tree-SHA512: ae197a81e74347c7cce77899bb6fbd5397160aa27448e5e8ea43d15a181169705271abaecb4755e9d126e32d9c3eee06620430200e6c2e868d5d85cf0554bd5a
 2020-08-22 07:50:45 +00:00
jurraca
9e6b280fdd docs updates 2020-08-21 21:43:46 +00:00
Jonas Nick
322ba5bfff
Add nix-bitcoin.lib for utility functions and types 2020-08-20 21:31:24 +00:00
Erik Arvstedt
44de5064cd
security: don't restrict process info by default for module users 2020-08-20 13:12:07 +02:00
Erik Arvstedt
a36789b468
test: move security tests to separate function 2020-08-20 13:12:06 +02:00
Erik Arvstedt
588a0b2405
security: enable full systemd-status for group 'proc' 
Previously, systemd-status was broken for all users except root.

Use a 'default' deny policy, which is overridden for group 'proc'.

Add operator to group 'proc'.

Also, remove redundant XML boilerplate.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
96ea2e671c
security: simplify and fix dbus configuration 
Previously, due to the dependency on a helper service, this dbus config
was initially inactive after system boot, allowing for unrestricted use
of the problematic dbus call.
This also broke the accompanying VM test on faster systems.

Remove 'allow' policy for root because it's a no-op:
1. It's overridden by the 'mandatory' deny policy.
2. Root can use all dbus calls anyways, regardless of policy settings.

Also, add some comments.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
343e026030
rename dbus.nix -> security.nix 
This file has a broader scope than just configuring dbus.
 2020-08-20 13:12:06 +02:00
Erik Arvstedt
7367446761
test: rename assert_matches_exactly -> assert_full_match 
More precise, needed in a later commit.
 2020-08-20 13:12:05 +02:00
Jonas Nick
72000b4a99
Merge #200: backups: add module 
22c3fd52e142879791950b4ee9a59953c294c986 backups: add feature test (nixbitcoin)
e4fb7a52de6e1f8da2c3140b2dcf53abe44072ea backups: add module (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 22c3fd52e142879791950b4ee9a59953c294c986

Tree-SHA512: 625c1fe4f12ea881b5adb04e07187eae60451402462cd3032b2f741b3f23ee73ea68b98aeb8cfd9206890e8227229cb4ab0cdb5f7935f34fc33fc50dc5df26c9
 2020-08-04 15:38:44 +00:00
nixbitcoin
22c3fd52e1
backups: add feature test 2020-08-04 15:25:39 +00:00
nixbitcoin
e4fb7a52de
backups: add module 2020-08-04 15:25:37 +00:00
Jonas Nick
62f83a71b8
Merge #218: Fix typos 
df89ceed3954b026c9521524aa07f682cddd97a8 Fix typos (practicalswift)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK df89ceed3954b026c9521524aa07f682cddd97a8

Tree-SHA512: 8cd04469dd0c46259790f00f380a840c22f10424c2504a7667e70cfdb03f30801e34f3c53aeffc9259a971484d4a12f1dbe5ceade493c8559e8c00ec011e7c73
 2020-08-04 15:13:09 +00:00
Jonas Nick
3f53d7da40
Merge #217: Concurrent LN 
e650df30d55131632d378a26c1c68ec86a72f67d bitcoind: bump rpcthread count (nixbitcoin)
46e15ee9ccd942075bd99aa2eedbf7162292d4bf tests: make lnd & clightning tests run concurrently (nixbitcoin)
ac96fd59dbcfd81c743deb9c29b4845485f1d48b assertions: make lnd.enable depend on !clightning.enable or port != 9735 (nixbitcoin)
3ed564ea06ab321b14af51e056c266af6f39b1fe lnd: make listen IP address only (nixbitcoin)
716e98789c61f42c6ac082fb32ef81f4843ef4c4 lnd: add listenPort option (nixbitcoin)
43da15557ded1ef36baef50690d5b94ab8b428e0 clightning: refactor bind-addr to be IP address only (nixbitcoin)
d99ccc8445c75f647303fe2277269e8b1fe7fe7c clightning: add bindport option (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e650df30d55131632d378a26c1c68ec86a72f67d

Tree-SHA512: 5c8c2cdd41cd57c60fc91d5752190b7ff905041b09cda32d60d1790960321a86ea5e9e1f7b4519198bcb28372034f86362778d1b960369a23d24c29d0c2ecccf
 2020-08-04 15:10:07 +00:00
nixbitcoin
e650df30d5
bitcoind: bump rpcthread count 2020-08-04 14:46:57 +00:00
nixbitcoin
46e15ee9cc
tests: make lnd & clightning tests run concurrently 2020-08-04 14:07:12 +00:00
nixbitcoin
ac96fd59db
assertions: make lnd.enable depend on !clightning.enable or port != 9735 2020-08-04 14:07:10 +00:00
nixbitcoin
3ed564ea06
lnd: make listen IP address only 2020-08-04 14:07:08 +00:00
nixbitcoin
716e98789c
lnd: add listenPort option 2020-08-04 14:07:06 +00:00
nixbitcoin
43da15557d
clightning: refactor bind-addr to be IP address only 
With typecheck
 2020-08-04 14:07:02 +00:00
practicalswift
df89ceed39 Fix typos 2020-08-04 13:32:06 +00:00
nixbitcoin
d99ccc8445
clightning: add bindport option 2020-08-04 12:42:57 +00:00
Jonas Nick
b6179639fe
Merge #215: Improve abstraction in test scenarios 
4ece2da8db5940fbaad73773d8f073bc08ab8fff tests: move nginx check in scenarios lib (Jonas Nick)
5c0170c6b8ea01a439a6f2bb0437d36343089243 tests: add post-clightning extra tests to scenarios (Jonas Nick)
5fa0602a1891cbdb1a7362e2d0b6ccf4b0172601 tests: add extra_tests argument to scenario lib run_tests() (Jonas Nick)
6f9349b0a4db775b9d538938573874e8a40e214c tests: create run_tests() function in the scenario lib (Jonas Nick)
3d2b3661563d4887d25f5ff1f5b57f27aca973b6 tests: move common code in tests to lib (Jonas Nick)
e13c532dbf6342c275eee95380f00b5b3eeb6d7b tests: move common code of scenarios python scripts to the top (Jonas Nick)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 4ece2da8db5940fbaad73773d8f073bc08ab8fff

Tree-SHA512: 72893ff186915dd1b1439f2a81bc75d3618f89ee21f1229448cabaced6ca10c244705a74e9f4e6f8825691df9cd351a6dc9e142ec87ecab8ee17a17e78c72292
 2020-08-04 12:42:16 +00:00
Jonas Nick
4ece2da8db
tests: move nginx check in scenarios lib 2020-08-04 12:17:47 +00:00
Jonas Nick
5c0170c6b8
tests: add post-clightning extra tests to scenarios 2020-08-04 12:17:47 +00:00
Jonas Nick
5fa0602a18
tests: add extra_tests argument to scenario lib run_tests() 2020-08-04 12:17:47 +00:00
Jonas Nick
6f9349b0a4
tests: create run_tests() function in the scenario lib 2020-08-02 21:20:51 +00:00
Jonas Nick
3d2b366156
tests: move common code in tests to lib 2020-08-02 21:12:45 +00:00
Jonas Nick
e13c532dbf
tests: move common code of scenarios python scripts to the top 2020-08-02 20:59:11 +00:00
Jonas Nick
0baeb2acce
Merge #209: Lightning loop 
e9204946d4071e4a5ee51e9bb0e6bc45bbb7ed6a lightning-loop: add tests (nixbitcoin)
491d83a6582dd1aac2a5a201f2c615137bd738df lightning-loop: add module (nixbitcoin)
8f3588b13f8dbe3b91f220e51b0daff677fe0beb lnd: higher attempt limit for less-powerful machines (nixbitcoin)
1bb801ad7bf7c2b09d2fe2ed888f9956e0569f57 lightning-loop: add pkg (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e9204946d4071e4a5ee51e9bb0e6bc45bbb7ed6a

Tree-SHA512: cc8bb85978350dd530c3c8d2c9aca5ddc4ab1f72cdd27d031bb303eca1d9473f18e45bc119c62bb2991faa32b3e1d42e4439f02a56ab3a6b975b0bd491195604
 2020-07-28 20:02:12 +00:00
Jonas Nick
9e453bab86
Merge #202: RPC Whitelist 
5086fc3234ca7b071f5886eca9fd3324e362c7a1 bitcoin: drive-by prune fix (nixbitcoin)
21c0fb440d19db6a0466c44cb09ce86d8e3e81e0 rpcwhitelist: add feature test (nixbitcoin)
1bf45a95474781b60dc65b359e65b638a960ac98 bitcoind: add rpcwhitelist feature (nixbitcoin)
5a978a2836efb4f1c593852c9d0f9001cdd600ce bitcoind: switch from rpcpassword to rpcauth (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 5086fc3234ca7b071f5886eca9fd3324e362c7a1

Tree-SHA512: f456f3409b3bc22dc9ad1296fa00f7e8a442b4072cd4deda067bf2f951eb7d4302283b816ebf769abaa7017e26b19b734f66604cd435d99b810ce535735f7c08
 2020-07-28 17:38:07 +00:00
nixbitcoin
e9204946d4
lightning-loop: add tests 2020-07-28 15:55:54 +00:00
nixbitcoin
491d83a658
lightning-loop: add module 2020-07-28 15:55:52 +00:00
nixbitcoin
8f3588b13f
lnd: higher attempt limit for less-powerful machines 
Opening main database sometimes takes longer than 50 ExecStartPost
restPort connection attempts.
 2020-07-28 15:55:50 +00:00
nixbitcoin
1bb801ad7b
lightning-loop: add pkg 2020-07-28 15:55:48 +00:00
nixbitcoin
5086fc3234
bitcoin: drive-by prune fix 2020-07-28 14:32:54 +00:00
nixbitcoin
21c0fb440d
rpcwhitelist: add feature test 2020-07-28 14:32:52 +00:00
nixbitcoin
1bf45a9547
bitcoind: add rpcwhitelist feature 
Default behavior for rpc whitelisting is set to 0, which means that
rpcwhitelisting is only enforced for rpc users for whom an `rpcwhitelist`
exists.
 2020-07-28 14:32:50 +00:00
nixbitcoin
5a978a2836
bitcoind: switch from rpcpassword to rpcauth 
Includes bitcoind's `share/rpcauth` to convert apg generated passwords
into salted HMAC-SHA-256 hashed passwords.
 2020-07-28 14:32:47 +00:00
Jonas Nick
272b8568e7
Merge #213: Fix systemd leak 
6a8e29e0164bf4f4d2bf06595effa7e340f8e32f tests: add dbus-hardening and hideProcessInformation (nixbitcoin)
0248e6493f5f62fb66a53132480a4812f4e7be9c systemd: lock down systemctl status (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 6a8e29e0164bf4f4d2bf06595effa7e340f8e32f

Tree-SHA512: 1ee8ce42f71e1a8977f5a84053b10f5f7f56da395d4f801447d2d344540640fc496ef0ff341cb32ca92ac064d43d04f118bf580c42d31022e6ed84815b8f72c6
 2020-07-28 12:58:07 +00:00
nixbitcoin
6a8e29e016
tests: add dbus-hardening and hideProcessInformation 2020-07-28 11:37:16 +00:00
nixbitcoin
0248e6493f
systemd: lock down systemctl status 
Mitigates a security issue that allows unprivileged users to read other
unprivileged user's processes' credentials from CGroup using `systemctl
status`.
 2020-07-28 11:28:09 +00:00
Jonas Nick
6e694890eb
Merge #203: Remove electrs tls 
6365412312216391f58e2d4e0523ce6f4722179f test-script: remove nginx tls proxy test (nixbitcoin)
4dbc348921bffe19bd2c26f8313ace17f3e0cb61 electrs: remove TLSProxy (nixbitcoin)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 079a0c892f8e25d6ba0267cc99022550f4cfe74bad3f9270733ecda09350595a11aec8d40b89df6e6ad7cca1e26b7e480a265bf6e2d01d0fe912ca3ece00f655
 2020-07-21 15:04:22 +00:00
nixbitcoin
6365412312
test-script: remove nginx tls proxy test 2020-07-21 13:58:32 +00:00
nixbitcoin
4dbc348921
electrs: remove TLSProxy 
https://github.com/spesmilo/electrum/issues/5278 was resolved
 2020-07-21 13:41:03 +00:00
Jonas Nick
6856b8cb42
Merge #210: bitcoind: postStart wait until bitcoind can receive rpc calls 
02853067a14068b6f3b076da5a72f64658883307 bitcoind: postStart wait until bitcoind can receive rpc calls (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 02853067a14068b6f3b076da5a72f64658883307

Tree-SHA512: 601b04957a26853c04d768b074006f0716edb131698afde2afb94cb0c862dddb745b93ef39ed014f95a01545eb60d370fd82201d0a898c7dac4c19622d25dafe
 2020-07-21 13:26:51 +00:00
nixbitcoin
02853067a1
bitcoind: postStart wait until bitcoind can receive rpc calls 2020-07-21 13:23:07 +00:00