- Adds bitcoind-host, and tor-socks options to allow using with
network namespaces.
- Adds listen, rpclisten, and restlisten option to specify host on which
to listen on for peer, rpc and rest connections respectively
- Adds announce-tor option and generates Tor Hidden Service with nix
instead of lnd to bring in line with clightning.
WARNING: Breaking changes for Tor Hidden Service. Manual migration
necessary.
From the clightning manpage:
autolisten=BOOL By default, we bind (and maybe announce) on IPv4 and
IPv6 interfaces if no addr, bind-addr or announce-addr options are
specified. Setting this to false disables that.
We already set bind-addr by default, so autolisten had no effect.
Therefore, this commit replaces autolisten with the more granular
announce-addr option.
For now we are Tor-only, so we only need to announce our hidden service
to accept incoming connections. In the future, we can add clearnet
connectivity with `addr` and route connections into our netns with NAT.
- Adds network namespace instantiation and routing architecture.
- netns-isolation disabled by default. Can be enabled with
configuration.nix FIXME.
- Uses mkMerge to toggle certain options for non netns and netns
systems.
- Adds security wrapper for netns-exec which allows operator to exec
with cap_sys_admin
- User can select the 169.254.N.0/24 addressblock netns's are created in.
- nix-bitcoin-services IpAddressAllow is amended with link-local
addresses
Remove the possible null value for bitcoind.prune and set prune = 0 in
bitcoind as a default. Remove prune = 0 in secure-node.nix and the
mkForce in configuration.nix (bitcoind.prune = lib.mkForce ).
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
nixbitcoin
Erik Arvstedt
Jonas Nick